package com.boxer.email.smime;

import android.content.Context;
import android.database.Cursor;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.WorkerThread;
import com.airwatch.crypto.openssl.OpenSSLWrapper;
import com.boxer.common.logging.LogUtils;
import com.boxer.common.logging.Logging;
import com.boxer.email.smime.storage.CertificateManager;
import com.boxer.email.smime.storage.CertificateUtility;
import com.boxer.injection.ObjectGraphController;
import com.boxer.model.api.AccountPolicy;
import com.boxer.model.api.AccountSettings;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes2.dex */
public class SMIMECertRevocationChecker {
    public static final int a = 0;
    static final int b = 1;
    public static final int c = 0;
    static final int d = 7;
    public static final int e = -1;
    public static final int f = 0;
    public static final int g = 0;
    public static final int h = 1;
    public static final int i = 0;
    public static final int j = 1;
    static final int k = -1;
    static final int l = 1;
    static final int m = 2;
    static final int n = -2;
    static final int o = -3;
    static final int p = -4;
    private static final String q = Logging.a(SMIMECryptoUtil.a.concat("RevChkr"));
    private static final int r = 1;
    private static final int s = 1;
    private static final int t = 2;
    private final AccountPolicy u;
    private final AccountSettings v;
    private final CertificateManager w;

    @Retention(RetentionPolicy.SOURCE)
    /* loaded from: classes2.dex */
    @interface REVOCATION_STATUS_RESULT {
    }

    @Retention(RetentionPolicy.SOURCE)
    /* loaded from: classes2.dex */
    public @interface RevocationCheckPolicy {
    }

    SMIMECertRevocationChecker(@NonNull AccountPolicy accountPolicy, @NonNull AccountSettings accountSettings, @NonNull CertificateManager certificateManager) {
        this.u = accountPolicy;
        this.v = accountSettings;
        this.w = certificateManager;
    }

    @Nullable
    private RecipientCertificateList a(@NonNull X509Certificate x509Certificate) {
        List<X509Certificate> a2 = this.w.a(x509Certificate);
        if (a2.size() <= 1) {
            return null;
        }
        RecipientCertificateList recipientCertificateList = new RecipientCertificateList();
        Iterator<X509Certificate> it = a2.iterator();
        while (it.hasNext()) {
            recipientCertificateList.addCertificate(it.next());
        }
        return recipientCertificateList;
    }

    @NonNull
    public static SMIMECertRevocationChecker a() {
        return new SMIMECertRevocationChecker(ObjectGraphController.a().e().s(), ObjectGraphController.a().e().t(), ObjectGraphController.a().y());
    }

    private String d() {
        if (this.v.G() != 2) {
            return this.v.D();
        }
        return null;
    }

    private int e() {
        int i2 = this.v.H() ? 1 : 0;
        if (this.v.G() == 1) {
            i2 |= 2;
        }
        return this.v.E() == 1 ? i2 | 4 : i2;
    }

    @WorkerThread
    public int a(@NonNull Context context, @NonNull OpenSSLWrapper openSSLWrapper) {
        Cursor cursor;
        if (!b()) {
            return -4;
        }
        try {
            Cursor query = context.getContentResolver().query(CertificateManager.f, new String[]{"data", CertificateManager.k, CertificateManager.o}, "emailAddress IS NOT NULL AND emailAddress!=? AND revocationCheckRetryCount < ?", new String[]{"", String.valueOf(3)}, null);
            if (query != null) {
                try {
                    if (query.getCount() != 0) {
                        int i2 = -1;
                        while (query.moveToNext()) {
                            Date date = new Date();
                            if (date.getTime() < query.getLong(1) && !new Date(query.getLong(2)).after(date)) {
                                if (i2 != 1) {
                                    LogUtils.b(q, "Attempting to update the revocation status of certificates with stale revocation status.", new Object[0]);
                                    i2 = 1;
                                }
                                try {
                                    i2 = a(CertificateUtility.c(query.getBlob(0)), openSSLWrapper);
                                    if (i2 != 2) {
                                        break;
                                    }
                                } catch (CertificateException e2) {
                                    LogUtils.e(q, "Invalid cert data in the database.", e2);
                                }
                            }
                        }
                        if (query == null) {
                            return i2;
                        }
                        query.close();
                        return i2;
                    }
                } catch (Throwable th) {
                    th = th;
                    cursor = query;
                    if (cursor != null) {
                        cursor.close();
                    }
                    throw th;
                }
            }
            if (query != null) {
                query.close();
            }
            return -1;
        } catch (Throwable th2) {
            th = th2;
            cursor = null;
        }
    }

    @WorkerThread
    public int a(@NonNull X509Certificate x509Certificate, @NonNull OpenSSLWrapper openSSLWrapper) {
        int i2 = -2;
        try {
            CertificateAlias a2 = CertificateUtility.a(x509Certificate.getEncoded());
            CertRevocationCheckResult a3 = this.w.a(a2, this.v.F());
            if (a3.getRetryCount() >= 3) {
                LogUtils.c(q, "Max limit reached. Not retrying to update the revocation status for cert with alias: " + a2, new Object[0]);
            } else {
                i2 = a(x509Certificate, openSSLWrapper, a3);
                this.w.a(a2, a3);
            }
        } catch (CertificateEncodingException e2) {
            LogUtils.e(q, e2, "Error in getting alias of the certificate.", new Object[0]);
        }
        return i2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @WorkerThread
    public int a(@NonNull X509Certificate x509Certificate, @NonNull OpenSSLWrapper openSSLWrapper, @NonNull CertRevocationCheckResult certRevocationCheckResult) {
        RecipientCertificateList a2 = a(x509Certificate);
        if (a2 == null) {
            LogUtils.e(q, "No issuer cert(s) found in certificate db.", new Object[0]);
            certRevocationCheckResult.setCertRevocation(2);
            return -3;
        }
        int awSMIMECertValidityCheck = openSSLWrapper.awSMIMECertValidityCheck(a2, e(), d(), certRevocationCheckResult);
        LogUtils.c(q, "OCSP check return value: " + awSMIMECertValidityCheck, new Object[0]);
        if (awSMIMECertValidityCheck != 0) {
            certRevocationCheckResult.setCertRevocation(2);
            certRevocationCheckResult.incrementRetryCount();
            return -2;
        }
        LogUtils.c(q, "IsCertRevoked? " + (certRevocationCheckResult.getRevocationStatus() == 1), new Object[0]);
        certRevocationCheckResult.resetRetryCount();
        if (this.v.H() && !certRevocationCheckResult.isNonceVerified()) {
            LogUtils.d(q, "ocsp nonce verification unsuccessful.", new Object[0]);
        }
        if (!certRevocationCheckResult.isResponseVerified()) {
            LogUtils.d(q, "ocsp response signing cert verification unsuccessful.", new Object[0]);
        }
        return 2;
    }

    public boolean b() {
        return this.u.D() == 1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int c() {
        return this.v.F();
    }
}
