package com.samsung.android.email.common.util;

import android.content.ActivityNotFoundException;
import android.content.ContentProviderOperation;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.os.Bundle;
import android.os.RemoteException;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.text.TextUtils;
import android.util.Base64;
import com.samsung.android.email.common.util.smime.SMIMEMessage;
import com.samsung.android.email.ui.messagelist.common.MessageListConst;
import com.samsung.android.emailcommon.basic.constant.IntentConst;
import com.samsung.android.emailcommon.basic.crypto.DeviceWrapper;
import com.samsung.android.emailcommon.basic.exception.CertificateManagerException;
import com.samsung.android.emailcommon.basic.general.VersionChecker;
import com.samsung.android.emailcommon.basic.log.EmailLog;
import com.samsung.android.emailcommon.basic.log.LogUtility;
import com.samsung.android.emailcommon.basic.log.SemProtocolLog;
import com.samsung.android.emailcommon.basic.log.SemSMIMELog;
import com.samsung.android.emailcommon.basic.service.ProxyArgs;
import com.samsung.android.emailcommon.preferences.DebugSettingPreference;
import com.samsung.android.emailcommon.preferences.InternalSettingPreference;
import com.samsung.android.emailcommon.provider.Account;
import com.samsung.android.emailcommon.provider.MDMCertificates;
import com.samsung.android.emailcommon.provider.SdpHelper;
import com.samsung.android.emailcommon.provider.columns.AccountColumns;
import com.samsung.android.emailcommon.security.BCConst;
import com.samsung.android.knox.util.SemKeyStoreManager;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.jce.PrincipalUtil;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes2.dex */
public class SemCertificateUtil {
    private static final String TAG = SemCertificateUtil.class.getSimpleName();

    public static boolean canAccessToKeyStoreWithAlias(Context context, String str) {
        return SemKeyStoreUtil.isUcmAlias(str) || SemKeyStoreUtil.isCCMEnabled(context) || !SemKeyStoreUtil.isAndroidKeyStoreLocked(context);
    }

    public static boolean canInstallCertificate(Context context) {
        return VersionChecker.isQOrAbove() || SemKeyStoreUtil.isCCMEnabled(context) || !SemKeyStoreUtil.isAndroidKeyStoreLocked(context);
    }

    /* JADX WARN: Removed duplicated region for block: B:21:0x003f  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static boolean[] checkCertAliasExistence(android.content.Context r6, java.lang.String[] r7) {
        /*
            r0 = 1
            java.lang.Object[] r1 = new java.lang.Object[r0]
            java.lang.String r2 = com.samsung.android.email.common.util.SemCertificateUtil.TAG
            r3 = 0
            r1[r3] = r2
            java.lang.String r2 = "%s::checkCertAliasExistence() - Start"
            com.samsung.android.emailcommon.basic.log.SemSMIMELog.d(r2, r1)
            int r1 = r7.length
            boolean[] r2 = new boolean[r1]
            java.lang.String r4 = com.samsung.android.emailcommon.basic.crypto.DeviceWrapper.getDeviceId(r6)     // Catch: java.io.IOException -> L2f java.lang.NullPointerException -> L31 com.samsung.android.emailcommon.basic.exception.CertificateManagerException -> L33
            com.samsung.android.email.common.util.CertificateMgr r5 = new com.samsung.android.email.common.util.CertificateMgr     // Catch: java.io.IOException -> L2f java.lang.NullPointerException -> L31 com.samsung.android.emailcommon.basic.exception.CertificateManagerException -> L33
            r5.<init>(r4, r6)     // Catch: java.io.IOException -> L2f java.lang.NullPointerException -> L31 com.samsung.android.emailcommon.basic.exception.CertificateManagerException -> L33
            r6 = r3
        L1a:
            int r4 = r7.length     // Catch: java.io.IOException -> L2f java.lang.NullPointerException -> L31 com.samsung.android.emailcommon.basic.exception.CertificateManagerException -> L33
            if (r6 >= r4) goto L37
            r4 = r7[r6]     // Catch: java.io.IOException -> L2f java.lang.NullPointerException -> L31 com.samsung.android.emailcommon.basic.exception.CertificateManagerException -> L33
            java.security.cert.X509Certificate r4 = r5.getCertificate(r4)     // Catch: com.samsung.android.emailcommon.basic.exception.CertificateManagerException -> L28 java.io.IOException -> L2f java.lang.NullPointerException -> L31
            if (r4 == 0) goto L2c
            r2[r6] = r0     // Catch: com.samsung.android.emailcommon.basic.exception.CertificateManagerException -> L28 java.io.IOException -> L2f java.lang.NullPointerException -> L31
            goto L2c
        L28:
            r4 = move-exception
            r4.printStackTrace()     // Catch: java.io.IOException -> L2f java.lang.NullPointerException -> L31 com.samsung.android.emailcommon.basic.exception.CertificateManagerException -> L33
        L2c:
            int r6 = r6 + 1
            goto L1a
        L2f:
            r6 = move-exception
            goto L34
        L31:
            r6 = move-exception
            goto L34
        L33:
            r6 = move-exception
        L34:
            r6.printStackTrace()
        L37:
            java.lang.StringBuilder r6 = new java.lang.StringBuilder
            r6.<init>()
            r7 = r3
        L3d:
            if (r7 >= r1) goto L50
            boolean r4 = r2[r7]
            r6.append(r4)
            int r4 = r1 + (-1)
            if (r7 >= r4) goto L4d
            java.lang.String r4 = ", "
            r6.append(r4)
        L4d:
            int r7 = r7 + 1
            goto L3d
        L50:
            r7 = 2
            java.lang.Object[] r7 = new java.lang.Object[r7]
            java.lang.String r1 = com.samsung.android.email.common.util.SemCertificateUtil.TAG
            r7[r3] = r1
            java.lang.String r6 = r6.toString()
            r7[r0] = r6
            java.lang.String r6 = "%s::checkCertAliasExistence() - success[%s]"
            com.samsung.android.emailcommon.basic.log.SemSMIMELog.d(r6, r7)
            return r2
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.email.common.util.SemCertificateUtil.checkCertAliasExistence(android.content.Context, java.lang.String[]):boolean[]");
    }

    public static void checkCertificatesForInstall(Context context) {
        Intent intent = new Intent();
        intent.setAction(IntentConst.ACTION_INSTALL_MDM_CERTIFICATES);
        if (containsMDMPushedCertificates(context)) {
            try {
                context.startActivity(intent);
            } catch (ActivityNotFoundException e) {
                e.printStackTrace();
            }
        }
    }

    private static boolean containsMDMPushedCertificates(Context context) {
        InternalSettingPreference internalSettingPreference = InternalSettingPreference.getInstance(context);
        return (internalSettingPreference.getMDMSmimeCertsAcc() == null || internalSettingPreference.getMDMSmimeCertsAcc().equals("") || internalSettingPreference.getMDMSmimeCertsAcc().split(MessageListConst.DELIMITER_1).length <= 0 || SemKeyStoreUtil.isCCMEnabled(context)) ? false : true;
    }

    public static String getAlias(SMIMEMessage sMIMEMessage, Account account) {
        String aliasForEncryption = CACManager.isSCAuthEnabled() ? sMIMEMessage.mEncrypted ? CACManager.getAliasForEncryption(account.getEmailAddress()) : CACManager.getAliasForSignature(account.getEmailAddress()) : account.mSmimeOwnSignCertAlias;
        if (aliasForEncryption != null && sMIMEMessage.mSigned && CACManager.isSCAuthEnabled()) {
            aliasForEncryption = getURIAlias(aliasForEncryption);
        }
        EmailLog.vnf(TAG, "alias= " + aliasForEncryption);
        return aliasForEncryption;
    }

    public static String getAliasNameFromUri(String str) {
        if (str == null) {
            return "";
        }
        try {
            String path = new URI(str).getPath();
            if (path == null) {
                return str;
            }
            String[] split = path.split("/");
            if (split.length <= 0) {
                return str;
            }
            str = split[split.length - 1];
            SemSMIMELog.d("%s::getAliasNameFromUri() - extracted name : ", TAG, str);
            return str;
        } catch (URISyntaxException unused) {
            SemSMIMELog.e("%s::getAliasNameFromUri() - URISyntaxException, Not UCM alias", TAG);
            return str;
        }
    }

    public static X509Certificate[] getCertificateChain(Context context, String str) {
        SemSMIMELog.i("%s::getCertificateChain() - start", TAG);
        try {
            return KeyChain.getCertificateChain(context, str);
        } catch (KeyChainException | InterruptedException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String getEmailAddressByAlias(Context context, String str) {
        DebugSettingPreference debugSettingPreference = DebugSettingPreference.getInstance(context);
        boolean z = debugSettingPreference != null && debugSettingPreference.getEnableSMIMELog();
        if (context == null) {
            SemSMIMELog.sysE("%s::getEmailAddressByAlias() - Context is null!!", TAG);
            return "";
        }
        if (TextUtils.isEmpty(str)) {
            SemSMIMELog.sysE("%s::getEmailAddressByAlias() - Alias is empty!!", TAG);
            return "";
        }
        try {
            X509Certificate certificate = new CertificateMgr(DeviceWrapper.getDeviceId(context), context).getCertificate(str);
            if (certificate == null) {
                SemSMIMELog.sysE("%s::getEmailAddressByAlias() - Failed getting certificate from given alias[%s]!!", TAG, str);
                return "";
            }
            String emailAddressFromCert = getEmailAddressFromCert(certificate);
            if (z) {
                SemSMIMELog.sysD("%s::getEmailAddressByAlias() - emailAddress[%s]", TAG, emailAddressFromCert);
            } else {
                SemSMIMELog.sysD("%s::getEmailAddressByAlias() - emailAddress[%s]", TAG, LogUtility.getSecureAddress(emailAddressFromCert));
            }
            return emailAddressFromCert;
        } catch (CertificateManagerException | IOException | CertificateEncodingException e) {
            e.printStackTrace();
            return "";
        }
    }

    public static String getEmailAddressFromCert(X509Certificate x509Certificate) throws CertificateEncodingException {
        if (x509Certificate == null) {
            return "";
        }
        Set emailAddresses = getEmailAddresses(x509Certificate);
        if (emailAddresses.isEmpty()) {
            return "";
        }
        Iterator it = emailAddresses.iterator();
        StringBuilder sb = new StringBuilder(60);
        boolean z = true;
        while (it.hasNext()) {
            sb.append((String) it.next());
            if (z) {
                z = false;
            } else {
                sb.append(", ");
            }
        }
        return sb.toString();
    }

    private static Set getEmailAddresses(X509Certificate x509Certificate) throws CertificateEncodingException {
        HashSet hashSet = new HashSet();
        X509Principal subjectX509Principal = PrincipalUtil.getSubjectX509Principal(x509Certificate);
        Vector oIDs = subjectX509Principal.getOIDs();
        Vector values = subjectX509Principal.getValues();
        SemSMIMELog.sysD("%s::getEmailAddresses() - oids size = %s", TAG, Integer.valueOf(oIDs.size()));
        int i = 0;
        while (true) {
            if (i >= oIDs.size()) {
                break;
            }
            if (oIDs.get(i).equals(PKCSObjectIdentifiers.pkcs_9_at_emailAddress)) {
                hashSet.add(((String) values.get(i)).toLowerCase());
                break;
            }
            i++;
        }
        SemSMIMELog.sysD("%s::getEmailAddresses() - addresses size = %s", TAG, Integer.valueOf(hashSet.size()));
        return hashSet;
    }

    private static String getEncryptAlgorithmByObjectIdentifier(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return aSN1ObjectIdentifier == CMSAlgorithm.DES_CBC ? "-des" : aSN1ObjectIdentifier == CMSAlgorithm.AES128_CBC ? "-aes-128" : aSN1ObjectIdentifier == CMSAlgorithm.AES256_CBC ? "-aes-256" : "-des3";
    }

    public static PrivateKey getPrivateKey(Context context, String str) {
        SemSMIMELog.i("%s::getCertificateChain() - start", TAG);
        try {
            return KeyChain.getPrivateKey(context, str);
        } catch (KeyChainException | InterruptedException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String getURIAlias(String str) {
        Exception e;
        String str2;
        try {
            Class<?> cls = Class.forName("com.sec.enterprise.knox.ucm.core.UniversalCredentialUtil");
            str2 = (String) cls.getDeclaredMethod("getKeychainUri", String.class, String.class).invoke(cls.getMethod("getInstance", new Class[0]).invoke(cls, new Object[0]), "com.sec.smartcard.manager:com.samsung.ucs.agent.baiMobile", str);
        } catch (Exception e2) {
            e = e2;
            str2 = null;
        }
        try {
            EmailLog.inf(TAG, " ALIAS from reflection == " + str2);
        } catch (Exception e3) {
            e = e3;
            EmailLog.enf(TAG, "*********** Reflection doesn't work ***************");
            EmailLog.dumpException(TAG, e);
            return str2;
        }
        return str2;
    }

    public static ArrayList<String> getUnSupportedAlgorithmList(PrivateKey privateKey, int i) {
        if (i == 3) {
            return getUnsupportedSignAlgorithms(privateKey);
        }
        if (i == 2) {
            return getUnsupportedEncryptAlgorithms();
        }
        SemProtocolLog.sysW("%s::getUnSupportedAlgorithms() - certType is wrong");
        return null;
    }

    private static ArrayList<String> getUnsupportedEncryptAlgorithms() {
        ArrayList arrayList = new ArrayList();
        ArrayList<String> arrayList2 = new ArrayList<>();
        arrayList.add(CMSAlgorithm.DES_CBC);
        arrayList.add(CMSAlgorithm.AES128_CBC);
        arrayList.add(CMSAlgorithm.AES256_CBC);
        arrayList.add(CMSAlgorithm.DES_EDE3_CBC);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) it.next();
            try {
                new JceCMSContentEncryptorBuilder(aSN1ObjectIdentifier).build();
            } catch (CMSException unused) {
                arrayList2.add(getEncryptAlgorithmByObjectIdentifier(aSN1ObjectIdentifier));
            }
        }
        return arrayList2;
    }

    private static ArrayList<String> getUnsupportedSignAlgorithms(PrivateKey privateKey) {
        ArrayList arrayList = new ArrayList();
        ArrayList<String> arrayList2 = new ArrayList<>();
        arrayList.add(BCConst.BC_SIGNATURE_ALGORITHM_SHA1_WITH_RSA);
        arrayList.add(BCConst.BC_SIGNATURE_ALGORITHM_SHA256_WITH_RSA);
        arrayList.add(BCConst.BC_SIGNATURE_ALGORITHM_SHA384_WITH_RSA);
        arrayList.add(BCConst.BC_SIGNATURE_ALGORITHM_SHA512_WITH_RSA);
        arrayList.add(BCConst.BC_SIGNATURE_ALGORITHM_MD5_WITH_RSA);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            try {
                new JcaContentSignerBuilder(str).build(privateKey);
            } catch (OperatorCreationException unused) {
                arrayList2.add(str);
            }
        }
        return arrayList2;
    }

    public static void grantAccessForAKS(Context context, String str) throws RemoteException, PackageManager.NameNotFoundException {
        int i = context.getPackageManager().getApplicationInfo("com.samsung.android.email.provider", 128).uid;
        SemKeyStoreManager semKeyStoreManager = SemKeyStoreManager.getInstance();
        if (semKeyStoreManager == null) {
            SemProtocolLog.sysW("%s::grantAccessForAllEmailAliases() - remoteAKSSvc is null");
            return;
        }
        try {
            if (!SdpHelper.isAfwMode() && !semKeyStoreManager.hasAlias(str, false)) {
                SemProtocolLog.sysW("%s::grantAccessForAKS() - alias[%s] isn't in remoteAKSSvc, uid[%s]", TAG, str, Integer.valueOf(i));
            }
            semKeyStoreManager.grantAccess(i, str);
            SemProtocolLog.sysI("%s::grantAccessForAKS() - success to grant access for aks for alias[%s], uid[%s]", TAG, str, Integer.valueOf(i));
        } catch (NullPointerException e) {
            SemProtocolLog.sysW("%s::grantAccessForAKS() - exception occurred during grantAccess", TAG);
            e.printStackTrace();
        }
    }

    public static Bundle importCertificate(Context context, String str, String str2) {
        String str3;
        String str4;
        String str5 = null;
        try {
            CertificateMgr certificateMgr = new CertificateMgr(DeviceWrapper.getDeviceId(context), context);
            File file = new File(str);
            str4 = file.exists() ? certificateMgr.importCertificate(file, str2) : certificateMgr.importCertificate(MDMCertificates.getCertificateData(context, str), str2, null);
            try {
                SemSMIMELog.d("%s::installCertificate() : Alias[%s]", TAG, str4);
            } catch (CertificateManagerException e) {
                str5 = str4;
                e = e;
                e.printStackTrace();
                Bundle bundle = new Bundle();
                bundle.putString(ProxyArgs.ARG_ALIAS, str5);
                bundle.putString(ProxyArgs.ARG_EXCEPTION_STRING, "CERT_IMPORT_NOT_SUCCESSFULL");
                bundle.putInt(ProxyArgs.ARG_CERT_ERROR_CODE, e.getErrorCode());
                return bundle;
            } catch (FileNotFoundException e2) {
                str5 = str4;
                e = e2;
                e.printStackTrace();
                Bundle bundle2 = new Bundle();
                bundle2.putString(ProxyArgs.ARG_ALIAS, str5);
                bundle2.putString(ProxyArgs.ARG_EXCEPTION_STRING, "CERT_IMPORT_NOT_SUCCESSFULL");
                bundle2.putInt(ProxyArgs.ARG_CERT_ERROR_CODE, 1);
                return bundle2;
            } catch (IOException e3) {
                str3 = str4;
                e = e3;
                e.printStackTrace();
                str4 = str3;
                Bundle bundle3 = new Bundle();
                bundle3.putString(ProxyArgs.ARG_ALIAS, str4);
                bundle3.putString(ProxyArgs.ARG_EXCEPTION_STRING, null);
                return bundle3;
            }
        } catch (CertificateManagerException e4) {
            e = e4;
        } catch (FileNotFoundException e5) {
            e = e5;
        } catch (IOException e6) {
            e = e6;
            str3 = null;
        }
        Bundle bundle32 = new Bundle();
        bundle32.putString(ProxyArgs.ARG_ALIAS, str4);
        bundle32.putString(ProxyArgs.ARG_EXCEPTION_STRING, null);
        return bundle32;
    }

    /* JADX WARN: Removed duplicated region for block: B:37:0x00b4  */
    /* JADX WARN: Removed duplicated region for block: B:42:0x00cf  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static android.os.Bundle importCertificate(android.content.Context r9, java.lang.String r10, java.lang.String r11, java.lang.String r12, java.lang.String r13) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 277
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.email.common.util.SemCertificateUtil.importCertificate(android.content.Context, java.lang.String, java.lang.String, java.lang.String, java.lang.String):android.os.Bundle");
    }

    public static Bundle importCertificate(Context context, byte[] bArr, String str, String str2, String str3) {
        SemSMIMELog.i("%s::importCertificate() - start, data", TAG);
        try {
            return importCertificate(context, new String(Base64.encode(bArr, 2), StandardCharsets.UTF_8), str, str2, str3);
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        }
    }

    private static void removeCertificate(Context context, String str) throws CertificateManagerException {
        if (TextUtils.isEmpty(str)) {
            SemSMIMELog.sysW("%s::removeCertificates() - alias is null", TAG);
            return;
        }
        try {
            ArrayList<ContentProviderOperation> arrayList = new ArrayList<>();
            arrayList.add(ContentProviderOperation.newUpdate(Account.CONTENT_URI).withSelection("smimeOwnCertificateAlias=?", new String[]{str}).withValue(AccountColumns.SMIME_OWN_ENCRYPT_CERT_ALIAS, null).build());
            arrayList.add(ContentProviderOperation.newUpdate(Account.CONTENT_URI).withSelection("smimeOwnSignCertAlias=?", new String[]{str}).withValue(AccountColumns.SMIME_OWN_SIGN_CERT_ALIAS, null).build());
            context.getContentResolver().applyBatch("com.samsung.android.email.provider", arrayList);
        } catch (Exception e) {
            e.printStackTrace();
            throw new CertificateManagerException(e.getMessage());
        }
    }

    public static int removeCertificates(Context context, String[] strArr) throws CertificateManagerException, IOException {
        if (context == null || strArr == null || strArr.length == 0) {
            SemSMIMELog.sysW("%s::removeCertificates() - context or aliases is null", TAG);
            return 0;
        }
        int i = 0;
        for (String str : strArr) {
            removeCertificate(context, str);
            i++;
        }
        return i;
    }
}
