package com.boxer.email.smime.storage;

import android.content.Context;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.WorkerThread;
import com.boxer.certificate.X509CertificateVerifierFactory;
import com.boxer.common.logging.t;
import com.boxer.common.logging.w;
import com.boxer.e.ad;
import com.boxer.email.smime.CertificateAlias;
import com.boxer.email.smime.m;
import com.boxer.email.smime.z;
import com.boxer.emailcommon.provider.EmailContent;
import com.boxer.f.a.j;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.commons.lang3.SerializationUtils;

/* loaded from: classes2.dex */
public class c {

    /* renamed from: a, reason: collision with root package name */
    private static final String f6432a = w.a(m.f6410a.concat("CertUtility"));

    /* renamed from: b, reason: collision with root package name */
    private static final int f6433b = 0;
    private static final int c = 1;
    private static final int d = 2;
    private static final int e = 3;
    private static final int f = 4;
    private static final int g = 5;

    /* loaded from: classes2.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        private final byte[] f6434a;

        /* renamed from: b, reason: collision with root package name */
        private final byte[] f6435b;
        private final byte[] c;

        a(@Nullable byte[] bArr, @Nullable byte[] bArr2, @Nullable byte[] bArr3) {
            this.f6434a = bArr;
            this.f6435b = bArr2;
            this.c = bArr3;
        }

        @Nullable
        public byte[] a() {
            return this.f6434a;
        }

        @Nullable
        public byte[] b() {
            return this.f6435b;
        }

        @Nullable
        public byte[] c() {
            return this.c;
        }
    }

    @WorkerThread
    public static CertificateAlias a(@NonNull byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_1);
            messageDigest.reset();
            messageDigest.update(bArr);
            return new CertificateAlias(new BigInteger(1, messageDigest.digest()).toString(16));
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:31:0x0042 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Type inference failed for: r3v0, types: [com.boxer.email.smime.storage.CertificateManager$CertType] */
    /* JADX WARN: Type inference failed for: r3v1, types: [java.io.BufferedInputStream] */
    /* JADX WARN: Type inference failed for: r3v2 */
    /* JADX WARN: Type inference failed for: r4v16, types: [java.io.Serializable] */
    /* JADX WARN: Type inference failed for: r4v19 */
    /* JADX WARN: Type inference failed for: r4v20 */
    @androidx.annotation.Nullable
    @androidx.annotation.WorkerThread
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.boxer.email.smime.storage.c.a a(@androidx.annotation.NonNull com.boxer.email.smime.storage.CertificateManager.CertType r3, @androidx.annotation.NonNull byte[] r4, char[] r5) throws java.security.cert.CertificateException, java.security.KeyStoreException, java.security.NoSuchAlgorithmException, java.security.UnrecoverableEntryException {
        /*
            com.boxer.email.smime.storage.CertificateManager$CertType r0 = com.boxer.email.smime.storage.CertificateManager.CertType.PKCS12
            r1 = 0
            if (r0 != r3) goto L4d
            java.io.BufferedInputStream r3 = new java.io.BufferedInputStream     // Catch: java.lang.Throwable -> L2b java.io.IOException -> L2e java.security.cert.CertificateException -> L30 java.security.NoSuchAlgorithmException -> L32 java.security.KeyStoreException -> L34
            java.io.ByteArrayInputStream r0 = new java.io.ByteArrayInputStream     // Catch: java.lang.Throwable -> L2b java.io.IOException -> L2e java.security.cert.CertificateException -> L30 java.security.NoSuchAlgorithmException -> L32 java.security.KeyStoreException -> L34
            r0.<init>(r4)     // Catch: java.lang.Throwable -> L2b java.io.IOException -> L2e java.security.cert.CertificateException -> L30 java.security.NoSuchAlgorithmException -> L32 java.security.KeyStoreException -> L34
            r3.<init>(r0)     // Catch: java.lang.Throwable -> L2b java.io.IOException -> L2e java.security.cert.CertificateException -> L30 java.security.NoSuchAlgorithmException -> L32 java.security.KeyStoreException -> L34
            java.security.KeyStore r4 = a(r3, r5)     // Catch: java.io.IOException -> L23 java.security.cert.CertificateException -> L25 java.security.NoSuchAlgorithmException -> L27 java.security.KeyStoreException -> L29 java.lang.Throwable -> L46
            r3.close()     // Catch: java.io.IOException -> L16
        L16:
            java.security.cert.X509Certificate r3 = a(r4)
            java.security.PrivateKey r0 = b(r4, r5)
            java.security.cert.X509Certificate[] r4 = c(r4, r5)
            goto L60
        L23:
            r4 = move-exception
            goto L36
        L25:
            r4 = move-exception
            goto L36
        L27:
            r4 = move-exception
            goto L36
        L29:
            r4 = move-exception
            goto L36
        L2b:
            r4 = move-exception
            r3 = r1
            goto L47
        L2e:
            r4 = move-exception
            goto L35
        L30:
            r4 = move-exception
            goto L35
        L32:
            r4 = move-exception
            goto L35
        L34:
            r4 = move-exception
        L35:
            r3 = r1
        L36:
            java.lang.String r5 = com.boxer.email.smime.storage.c.f6432a     // Catch: java.lang.Throwable -> L46
            java.lang.String r0 = "Error parsing pkcs12 cert"
            r2 = 0
            java.lang.Object[] r2 = new java.lang.Object[r2]     // Catch: java.lang.Throwable -> L46
            com.boxer.common.logging.t.d(r5, r4, r0, r2)     // Catch: java.lang.Throwable -> L46
            if (r3 == 0) goto L45
            r3.close()     // Catch: java.io.IOException -> L45
        L45:
            return r1
        L46:
            r4 = move-exception
        L47:
            if (r3 == 0) goto L4c
            r3.close()     // Catch: java.io.IOException -> L4c
        L4c:
            throw r4
        L4d:
            java.io.ByteArrayInputStream r3 = new java.io.ByteArrayInputStream
            r3.<init>(r4)
            java.lang.String r4 = "X509"
            java.security.cert.CertificateFactory r4 = java.security.cert.CertificateFactory.getInstance(r4)
            java.security.cert.Certificate r3 = r4.generateCertificate(r3)
            java.security.cert.X509Certificate r3 = (java.security.cert.X509Certificate) r3
            r4 = r1
            r0 = r4
        L60:
            com.boxer.email.smime.storage.c$a r5 = new com.boxer.email.smime.storage.c$a
            if (r0 == 0) goto L69
            byte[] r0 = org.apache.commons.lang3.SerializationUtils.serialize(r0)
            goto L6a
        L69:
            r0 = r1
        L6a:
            if (r3 == 0) goto L71
            byte[] r3 = org.apache.commons.lang3.SerializationUtils.serialize(r3)
            goto L72
        L71:
            r3 = r1
        L72:
            if (r4 == 0) goto L78
            byte[] r1 = org.apache.commons.lang3.SerializationUtils.serialize(r4)
        L78:
            r5.<init>(r0, r3, r1)
            return r5
        */
        throw new UnsupportedOperationException("Method not decompiled: com.boxer.email.smime.storage.c.a(com.boxer.email.smime.storage.CertificateManager$CertType, byte[], char[]):com.boxer.email.smime.storage.c$a");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Nullable
    @WorkerThread
    public static a a(@Nullable KeyStore keyStore, @Nullable char[] cArr) {
        X509Certificate x509Certificate;
        PrivateKey privateKey;
        Serializable serializable;
        if (keyStore == null) {
            t.e(f6432a, "getKeystoreForP12 Invalid arguments", new Object[0]);
            return null;
        }
        try {
            x509Certificate = a(keyStore);
        } catch (KeyStoreException e2) {
            t.d(f6432a, e2, "Could not parse X509 certificate", new Object[0]);
            x509Certificate = null;
        }
        try {
            privateKey = b(keyStore, cArr);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e3) {
            t.d(f6432a, e3, "Could not parse private key", new Object[0]);
            privateKey = null;
        }
        try {
            serializable = c(keyStore, null);
        } catch (UnsupportedOperationException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e4) {
            t.d(f6432a, e4, "Could not parse certificate chain", new Object[0]);
            serializable = null;
        }
        return new a(privateKey != null ? SerializationUtils.serialize(privateKey) : null, x509Certificate != null ? SerializationUtils.serialize(x509Certificate) : null, serializable != null ? SerializationUtils.serialize(serializable) : null);
    }

    @Nullable
    @WorkerThread
    public static i a(@NonNull Context context, @NonNull String str, @NonNull CertificateAlias certificateAlias, @NonNull X509Certificate x509Certificate) {
        z zVar = new z(context, x509Certificate);
        try {
            return new i(str, false, x509Certificate, certificateAlias, zVar.g().getTime(), zVar.k().getTime(), x509Certificate.getSigAlgName(), b(x509Certificate), a(x509Certificate));
        } catch (CertificateEncodingException e2) {
            t.d(f6432a, e2, "Error getting encoded form of cert", new Object[0]);
            return null;
        }
    }

    @WorkerThread
    public static String a(@NonNull Context context, @NonNull X509Certificate x509Certificate) {
        return new z(context, x509Certificate).b(null);
    }

    @WorkerThread
    public static KeyStore a(@NonNull BufferedInputStream bufferedInputStream, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(bufferedInputStream, cArr);
        return keyStore;
    }

    @WorkerThread
    public static KeyStore a(@NonNull byte[] bArr, @NonNull char[] cArr) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
        BufferedInputStream bufferedInputStream = null;
        try {
            BufferedInputStream bufferedInputStream2 = new BufferedInputStream(new ByteArrayInputStream(bArr));
            try {
                KeyStore a2 = a(bufferedInputStream2, cArr);
                try {
                    bufferedInputStream2.close();
                } catch (IOException unused) {
                }
                return a2;
            } catch (Throwable th) {
                th = th;
                bufferedInputStream = bufferedInputStream2;
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException unused2) {
                    }
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    @WorkerThread
    public static X509Certificate a(@NonNull ByteArrayInputStream byteArrayInputStream) throws CertificateException {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        if (x509Certificate != null) {
            return x509Certificate;
        }
        throw new CertificateException("Could not create X509Cert from supplied string");
    }

    @Nullable
    @WorkerThread
    public static X509Certificate a(@NonNull KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                return (X509Certificate) keyStore.getCertificate(nextElement);
            }
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
            if (x509Certificate != null) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static boolean a(@NonNull X509Certificate x509Certificate) {
        return a(x509Certificate, ad.a().e());
    }

    private static boolean a(@NonNull X509Certificate x509Certificate, @NonNull j jVar) {
        boolean z;
        if (jVar.w().E()) {
            try {
                com.boxer.certificate.a.f3901a.b(x509Certificate);
                z = true;
            } catch (CertPathValidatorException e2) {
                t.e(f6432a, e2, "SMIME certificate does not have a valid extendedKeyUsage.", new Object[0]);
                z = false;
            }
            if (!z) {
                return false;
            }
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null) {
            return keyUsage[2] || keyUsage[3];
        }
        t.d(f6432a, "no key usage extensions in digital signature", new Object[0]);
        return false;
    }

    public static boolean a(@NonNull X509Certificate x509Certificate, @NonNull X509Certificate x509Certificate2) {
        return x509Certificate.getIssuerX500Principal().hashCode() == x509Certificate2.getSubjectX500Principal().hashCode();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NonNull
    @WorkerThread
    public static X509Certificate[] a(@NonNull InputStream inputStream) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<? extends Certificate> it = CertificateFactory.getInstance("X.509").generateCertificates(inputStream).iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate = (X509Certificate) it.next();
                if (a(x509Certificate)) {
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } finally {
            try {
                inputStream.close();
            } catch (IOException unused) {
            }
        }
    }

    @Nullable
    @WorkerThread
    public static PrivateKey b(@NonNull KeyStore keyStore, @NonNull char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                return (PrivateKey) keyStore.getKey(nextElement, cArr);
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @WorkerThread
    public static X509Certificate b(@NonNull byte[] bArr) throws CertificateException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        } finally {
            byteArrayInputStream.close();
        }
    }

    public static boolean b(@NonNull X509Certificate x509Certificate) {
        return b(x509Certificate, ad.a().e());
    }

    private static boolean b(@NonNull X509Certificate x509Certificate, @NonNull j jVar) {
        boolean z;
        if (jVar.w().E()) {
            try {
                com.boxer.certificate.a.f3901a.b(x509Certificate);
                z = true;
            } catch (CertPathValidatorException e2) {
                t.e(f6432a, e2, "SMIME certificate does not have a valid extendedKeyUsage.", new Object[0]);
                z = false;
            }
            if (!z) {
                return false;
            }
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null) {
            return keyUsage[1] || keyUsage[0];
        }
        t.d(f6432a, "no key usage extensions in digital signature", new Object[0]);
        return false;
    }

    @WorkerThread
    public static X509Certificate c(@NonNull byte[] bArr) throws CertificateException {
        return a(new ByteArrayInputStream(bArr));
    }

    public static boolean c(@NonNull X509Certificate x509Certificate) {
        boolean z = x509Certificate.getBasicConstraints() != -1;
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        boolean z2 = keyUsage != null && keyUsage[5];
        String str = f6432a;
        Object[] objArr = new Object[1];
        objArr[0] = Boolean.valueOf(z && z2);
        t.b(str, "Verifying CA Certificate using basic constraints extensions and key usage: %s", objArr);
        return z && z2;
    }

    @WorkerThread
    static X509Certificate[] c(@NonNull KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        Enumeration<String> aliases = keyStore.aliases();
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(cArr);
        Iterator it = Collections.list(aliases).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (keyStore.isKeyEntry(str)) {
                if (keyStore.getEntry(str, cArr == null ? null : passwordProtection) instanceof KeyStore.PrivateKeyEntry) {
                    Certificate[] certificateChain = keyStore.getCertificateChain(str);
                    if (certificateChain == null || certificateChain.length <= 0) {
                        return null;
                    }
                    if (certificateChain instanceof X509Certificate[]) {
                        return (X509Certificate[]) certificateChain;
                    }
                    X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
                    for (int i = 0; i < certificateChain.length; i++) {
                        x509CertificateArr[i] = (X509Certificate) certificateChain[i];
                    }
                    return x509CertificateArr;
                }
            }
        }
        return null;
    }

    public static boolean d(@NonNull X509Certificate x509Certificate) {
        return x509Certificate.getIssuerX500Principal().hashCode() == x509Certificate.getSubjectX500Principal().hashCode();
    }

    @NonNull
    @WorkerThread
    public static EmailContent.CertTrustStatus e(@NonNull X509Certificate x509Certificate) {
        com.boxer.certificate.c a2 = ad.a().ak().a(x509Certificate, X509CertificateVerifierFactory.CertificateCategory.CATEGORY_SMIME_USER_CERTIFICATE);
        return a2 == null ? EmailContent.CertTrustStatus.UNKNOWN_TRUST : a2.d();
    }
}
