package com.boxer.certificate;

import android.content.Context;
import android.text.TextUtils;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import androidx.annotation.WorkerThread;
import com.boxer.common.logging.t;
import com.boxer.common.logging.w;
import com.boxer.e.ac;
import com.boxer.e.ad;
import com.boxer.email.smime.CertificateAlias;
import com.boxer.email.smime.m;
import com.boxer.email.smime.y;
import com.boxer.emailcommon.provider.EmailContent;
import com.boxer.f.a.j;
import com.boxer.sdk.a.a.k;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/* loaded from: classes2.dex */
public abstract class c {
    private static final String d = w.a(m.f6410a.concat("X509CertVer"));
    private static final int e = 1;
    private static final char f = 0;

    /* renamed from: a, reason: collision with root package name */
    protected final X509Certificate f3905a;

    /* renamed from: b, reason: collision with root package name */
    protected final j f3906b;
    protected final k c;
    private final Context g;

    /* loaded from: classes2.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public EmailContent.CertTrustStatus f3907a = EmailContent.CertTrustStatus.UNKNOWN_TRUST;

        /* renamed from: b, reason: collision with root package name */
        public boolean f3908b;
        public boolean c;
        public boolean d;
        private final X509Certificate e;
        private int f;

        public a(@NonNull X509Certificate x509Certificate) {
            this.e = x509Certificate;
        }

        @NonNull
        public Certificate a() {
            return this.e;
        }

        public void a(int i) {
            this.f = i;
        }

        public boolean b() {
            return this.f3908b && this.c && !this.d;
        }

        public int c() {
            return this.f;
        }
    }

    public c(@NonNull X509Certificate x509Certificate) {
        this.f3905a = x509Certificate;
        ac a2 = ad.a();
        this.g = a2.g();
        this.f3906b = a2.e();
        this.c = a2.ae();
    }

    public c(@NonNull X509Certificate x509Certificate, @NonNull j jVar) {
        this.f3905a = x509Certificate;
        ac a2 = ad.a();
        this.g = a2.g();
        this.f3906b = jVar;
        this.c = a2.ae();
    }

    @VisibleForTesting
    public c(@NonNull X509Certificate x509Certificate, @NonNull k kVar) {
        this.f3905a = x509Certificate;
        ac a2 = ad.a();
        this.g = a2.g();
        this.f3906b = a2.e();
        this.c = kVar;
    }

    public c(@NonNull X509Certificate x509Certificate, @NonNull k kVar, @NonNull j jVar) {
        this.f3905a = x509Certificate;
        this.g = ad.a().g();
        this.f3906b = jVar;
        this.c = kVar;
    }

    @Nullable
    private String a(@NonNull Map<String, String> map, @NonNull X509Certificate x509Certificate) {
        String b2 = new y(this.g, x509Certificate).b();
        if (b2 != null) {
            return map.get(b2);
        }
        return null;
    }

    private boolean a(@NonNull String str) {
        return str.indexOf(0) >= 0 || str.contains(System.lineSeparator()) || !com.boxer.common.utils.ac.a((CharSequence) str);
    }

    private boolean a(@NonNull KeyStore keyStore, @NonNull Map<String, String> map, @NonNull X509Certificate x509Certificate) {
        String a2 = a(map, x509Certificate);
        if (TextUtils.isEmpty(a2)) {
            t.d(d, "Could not find issuer cert in device keystore", new Object[0]);
        } else {
            try {
                X509Certificate x509Certificate2 = (X509Certificate) keyStore.getCertificate(a2);
                if (a(x509Certificate, x509Certificate2.getPublicKey())) {
                    if (!com.boxer.email.smime.storage.c.d(x509Certificate2)) {
                        if (!a(keyStore, map, x509Certificate2)) {
                            return false;
                        }
                    }
                    return true;
                }
            } catch (KeyStoreException e2) {
                t.d(d, e2, "Error verifying certificate", new Object[0]);
            }
        }
        return false;
    }

    private boolean a(@NonNull X509Certificate x509Certificate, @NonNull PublicKey publicKey) {
        try {
            x509Certificate.verify(publicKey);
            return true;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
            return false;
        }
    }

    private boolean a(@NonNull Map<String, X509Certificate> map, @NonNull Map<String, String> map2, @NonNull X509Certificate x509Certificate) {
        String a2 = a(map2, x509Certificate);
        if (TextUtils.isEmpty(a2)) {
            t.d(d, "Could not find issuer cert in sdk keystore", new Object[0]);
        } else {
            X509Certificate x509Certificate2 = map.get(a2);
            if (a(x509Certificate, x509Certificate2.getPublicKey())) {
                return com.boxer.email.smime.storage.c.d(x509Certificate2) || a(map, map2, x509Certificate2);
            }
        }
        return false;
    }

    private boolean g() {
        return f() == 1 ? c() : b() || c();
    }

    private boolean h() {
        String name = this.f3905a.getSubjectDN().getName();
        if (!TextUtils.isEmpty(name) && a(name)) {
            t.e(d, "Certificate is spoofed considering the subject distinguished name in the cert.", new Object[0]);
            return true;
        }
        try {
            Collection<List<?>> subjectAlternativeNames = this.f3905a.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    if (((Integer) list.get(0)).intValue() == 1) {
                        String str = (String) list.get(1);
                        if (!TextUtils.isEmpty(str) && a(str)) {
                            t.e(d, "Certificate is spoofed considering the subject alternative name in the cert..", new Object[0]);
                            return true;
                        }
                    }
                }
            }
        } catch (CertificateParsingException e2) {
            t.e(d, e2, "Unable to get SAN to check for spoofing attack.", new Object[0]);
        }
        return false;
    }

    @NonNull
    @WorkerThread
    public a a() {
        a aVar = new a(this.f3905a);
        try {
            this.f3905a.checkValidity();
            aVar.c = true;
            aVar.d = h();
            if (aVar.d) {
                t.e(d, "Certificate with subject %s is spoofed", this.f3905a.getSubjectDN().getName());
                aVar.f3907a = EmailContent.CertTrustStatus.NOT_TRUSTED;
                return aVar;
            }
            if (e()) {
                a(aVar);
            }
            if (aVar.f3907a != EmailContent.CertTrustStatus.NOT_TRUSTED) {
                b(aVar);
            }
            return aVar;
        } catch (CertificateExpiredException e2) {
            t.d(d, "certificate expired", e2);
            aVar.f3907a = EmailContent.CertTrustStatus.NOT_TRUSTED;
            return aVar;
        } catch (CertificateNotYetValidException e3) {
            t.d(d, "certificate not yet valid", e3);
            aVar.f3907a = EmailContent.CertTrustStatus.NOT_TRUSTED;
            return aVar;
        }
    }

    @VisibleForTesting(otherwise = 4)
    @WorkerThread
    public void a(@NonNull a aVar) {
        com.airwatch.revocationcheck.e b2 = this.c.b(this.f3905a);
        if (this.c.a(b2.getCertUsagePolicy())) {
            aVar.f3907a = EmailContent.CertTrustStatus.NOT_TRUSTED;
        }
        aVar.a(b2.getCertUsagePolicy().b());
    }

    @VisibleForTesting
    boolean a(@NonNull KeyStore keyStore) {
        HashMap hashMap = new HashMap();
        try {
            keyStore.load(null, null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (!keyStore.entryInstanceOf(nextElement, KeyStore.SecretKeyEntry.class)) {
                    y yVar = new y(this.g, (X509Certificate) keyStore.getCertificate(nextElement));
                    if (yVar.a() != null) {
                        hashMap.put(yVar.a(), nextElement);
                    } else {
                        t.d(d, "Skipping %s because of null subject key ID", nextElement);
                    }
                }
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            t.d(d, e2, "Keystore has not been initialized (loaded)", new Object[0]);
        }
        return a(keyStore, hashMap, this.f3905a);
    }

    @VisibleForTesting(otherwise = 4)
    public abstract void b(@NonNull a aVar);

    protected boolean b() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            if (keyStore != null) {
                return a(keyStore);
            }
        } catch (KeyStoreException e2) {
            t.d(d, e2, "Exception in getting a keystore object of the type: AndroidCAStore.", new Object[0]);
        }
        return false;
    }

    @WorkerThread
    protected boolean c() {
        HashMap hashMap = new HashMap();
        Map<String, X509Certificate> c = ad.a().y().c();
        if (c.isEmpty()) {
            t.d(d, "SDKKeyStore is empty.", new Object[0]);
            return false;
        }
        for (X509Certificate x509Certificate : c.values()) {
            y yVar = new y(this.g, x509Certificate);
            CertificateAlias certificateAlias = null;
            try {
                certificateAlias = com.boxer.email.smime.storage.c.a(x509Certificate.getEncoded());
            } catch (CertificateException e2) {
                t.d(d, e2, "Exception in encoding a certificate in SDKKeyStore", new Object[0]);
            }
            if (certificateAlias != null) {
                if (yVar.a() != null) {
                    hashMap.put(yVar.a(), certificateAlias.toString());
                } else {
                    t.d(d, "Skipping %s because of null subject key ID", certificateAlias);
                }
            }
        }
        return a(c, hashMap, this.f3905a);
    }

    @WorkerThread
    public EmailContent.CertTrustStatus d() {
        CertificateAlias certificateAlias;
        try {
            certificateAlias = com.boxer.email.smime.storage.c.a(this.f3905a.getEncoded());
        } catch (CertificateEncodingException unused) {
            t.e(d, "Unable to get the SHA-1 alias of the certificate.", new Object[0]);
            certificateAlias = null;
        }
        if (certificateAlias == null) {
            return EmailContent.CertTrustStatus.UNKNOWN_TRUST;
        }
        EmailContent.CertTrustStatus i = ad.a().y().i(certificateAlias);
        if (i != EmailContent.CertTrustStatus.UNKNOWN_TRUST) {
            return i;
        }
        if (g()) {
            i = EmailContent.CertTrustStatus.TRUSTED;
        } else {
            t.d(d, "Certificate not trusted: " + this.f3905a.getSubjectDN().toString(), new Object[0]);
        }
        return i == EmailContent.CertTrustStatus.UNKNOWN_TRUST ? EmailContent.CertTrustStatus.NOT_TRUSTED : i;
    }

    @VisibleForTesting(otherwise = 4)
    public abstract boolean e();

    @VisibleForTesting(otherwise = 4)
    public abstract int f();
}
