package com.boxer.email.smime.storage;

import android.content.Context;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.WorkerThread;
import com.boxer.common.logging.LogUtils;
import com.boxer.common.logging.Logging;
import com.boxer.email.smime.CertificateAlias;
import com.boxer.email.smime.SMIMECryptoUtil;
import com.boxer.email.smime.X509CertificateProperties;
import com.boxer.email.smime.X509CertificateVerifier;
import com.boxer.emailcommon.provider.EmailContent;
import com.boxer.injection.ObjectGraphController;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import org.apache.commons.lang3.SerializationUtils;

/* loaded from: classes2.dex */
public class CertificateUtility {
    private static final String a = Logging.a(SMIMECryptoUtil.a.concat("CertUtility"));
    private static final String b = "1.3.6.1.5.5.7.3.4";
    private static final int c = 0;
    private static final int d = 1;
    private static final int e = 2;
    private static final int f = 3;
    private static final int g = 4;
    private static final int h = 5;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class CertificateKeys {
        private final byte[] a;
        private final byte[] b;
        private final byte[] c;

        CertificateKeys(@Nullable byte[] bArr, @Nullable byte[] bArr2, @Nullable byte[] bArr3) {
            this.a = bArr;
            this.b = bArr2;
            this.c = bArr3;
        }

        @Nullable
        public byte[] a() {
            return this.a;
        }

        @Nullable
        public byte[] b() {
            return this.b;
        }

        @Nullable
        public byte[] c() {
            return this.c;
        }
    }

    @WorkerThread
    public static CertificateAlias a(@NonNull byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            messageDigest.update(bArr);
            return new CertificateAlias(new BigInteger(1, messageDigest.digest()).toString(16));
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Not initialized variable reg: 2, insn: 0x0079: MOVE (r1 I:??[OBJECT, ARRAY]) = (r2 I:??[OBJECT, ARRAY]), block:B:58:0x0079 */
    /* JADX WARN: Removed duplicated region for block: B:31:0x004d A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:37:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Type inference failed for: r0v17, types: [java.io.Serializable] */
    /* JADX WARN: Type inference failed for: r0v21 */
    /* JADX WARN: Type inference failed for: r0v22 */
    @android.support.annotation.WorkerThread
    @android.support.annotation.Nullable
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.boxer.email.smime.storage.CertificateUtility.CertificateKeys a(@android.support.annotation.NonNull com.boxer.email.smime.storage.CertificateManager.CertType r6, @android.support.annotation.NonNull byte[] r7, char[] r8) throws java.security.cert.CertificateException, java.security.KeyStoreException, java.security.NoSuchAlgorithmException, java.security.UnrecoverableEntryException {
        /*
            r1 = 0
            com.boxer.email.smime.storage.CertificateManager$CertType r0 = com.boxer.email.smime.storage.CertificateManager.CertType.PKCS12
            if (r0 != r6) goto L5a
            java.io.BufferedInputStream r2 = new java.io.BufferedInputStream     // Catch: java.security.KeyStoreException -> L3e java.lang.Throwable -> L53 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L82 java.io.IOException -> L87
            java.io.ByteArrayInputStream r0 = new java.io.ByteArrayInputStream     // Catch: java.security.KeyStoreException -> L3e java.lang.Throwable -> L53 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L82 java.io.IOException -> L87
            r0.<init>(r7)     // Catch: java.security.KeyStoreException -> L3e java.lang.Throwable -> L53 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L82 java.io.IOException -> L87
            r2.<init>(r0)     // Catch: java.security.KeyStoreException -> L3e java.lang.Throwable -> L53 java.security.NoSuchAlgorithmException -> L7d java.security.cert.CertificateException -> L82 java.io.IOException -> L87
            java.security.KeyStore r0 = a(r2, r8)     // Catch: java.lang.Throwable -> L78 java.security.KeyStoreException -> L7b java.security.NoSuchAlgorithmException -> L80 java.security.cert.CertificateException -> L85 java.io.IOException -> L8a
            if (r2 == 0) goto L18
            r2.close()     // Catch: java.io.IOException -> L74
        L18:
            java.security.cert.X509Certificate r3 = a(r0)
            java.security.PrivateKey r2 = b(r0, r8)
            java.security.cert.X509Certificate[] r0 = c(r0, r8)
        L24:
            com.boxer.email.smime.storage.CertificateUtility$CertificateKeys r4 = new com.boxer.email.smime.storage.CertificateUtility$CertificateKeys
            if (r2 == 0) goto L70
            byte[] r2 = org.apache.commons.lang3.SerializationUtils.serialize(r2)
            r5 = r2
        L2d:
            if (r3 == 0) goto L72
            byte[] r2 = org.apache.commons.lang3.SerializationUtils.serialize(r3)
        L33:
            if (r0 == 0) goto L39
            byte[] r1 = org.apache.commons.lang3.SerializationUtils.serialize(r0)
        L39:
            r4.<init>(r5, r2, r1)
            r1 = r4
        L3d:
            return r1
        L3e:
            r0 = move-exception
            r2 = r1
        L40:
            java.lang.String r3 = com.boxer.email.smime.storage.CertificateUtility.a     // Catch: java.lang.Throwable -> L78
            java.lang.String r4 = "Error parsing pkcs12 cert"
            r5 = 0
            java.lang.Object[] r5 = new java.lang.Object[r5]     // Catch: java.lang.Throwable -> L78
            com.boxer.common.logging.LogUtils.d(r3, r0, r4, r5)     // Catch: java.lang.Throwable -> L78
            if (r2 == 0) goto L3d
            r2.close()     // Catch: java.io.IOException -> L51
            goto L3d
        L51:
            r0 = move-exception
            goto L3d
        L53:
            r0 = move-exception
        L54:
            if (r1 == 0) goto L59
            r1.close()     // Catch: java.io.IOException -> L76
        L59:
            throw r0
        L5a:
            java.io.ByteArrayInputStream r0 = new java.io.ByteArrayInputStream
            r0.<init>(r7)
            java.lang.String r2 = "X509"
            java.security.cert.CertificateFactory r2 = java.security.cert.CertificateFactory.getInstance(r2)
            java.security.cert.Certificate r0 = r2.generateCertificate(r0)
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
            r2 = r1
            r3 = r0
            r0 = r1
            goto L24
        L70:
            r5 = r1
            goto L2d
        L72:
            r2 = r1
            goto L33
        L74:
            r2 = move-exception
            goto L18
        L76:
            r1 = move-exception
            goto L59
        L78:
            r0 = move-exception
            r1 = r2
            goto L54
        L7b:
            r0 = move-exception
            goto L40
        L7d:
            r0 = move-exception
            r2 = r1
            goto L40
        L80:
            r0 = move-exception
            goto L40
        L82:
            r0 = move-exception
            r2 = r1
            goto L40
        L85:
            r0 = move-exception
            goto L40
        L87:
            r0 = move-exception
            r2 = r1
            goto L40
        L8a:
            r0 = move-exception
            goto L40
        */
        throw new UnsupportedOperationException("Method not decompiled: com.boxer.email.smime.storage.CertificateUtility.a(com.boxer.email.smime.storage.CertificateManager$CertType, byte[], char[]):com.boxer.email.smime.storage.CertificateUtility$CertificateKeys");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @WorkerThread
    @Nullable
    public static CertificateKeys a(@Nullable KeyStore keyStore, @Nullable char[] cArr) {
        X509Certificate x509Certificate;
        PrivateKey privateKey;
        Serializable serializable;
        if (keyStore == null) {
            LogUtils.e(a, "getKeystoreForP12 Invalid arguments", new Object[0]);
            return null;
        }
        try {
            x509Certificate = a(keyStore);
        } catch (KeyStoreException e2) {
            LogUtils.d(a, e2, "Could not parse X509 certificate", new Object[0]);
            x509Certificate = null;
        }
        try {
            privateKey = b(keyStore, cArr);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e3) {
            LogUtils.d(a, e3, "Could not parse private key", new Object[0]);
            privateKey = null;
        }
        try {
            serializable = c(keyStore, null);
        } catch (UnsupportedOperationException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e4) {
            LogUtils.d(a, e4, "Could not parse certificate chain", new Object[0]);
            serializable = null;
        }
        return new CertificateKeys(privateKey != null ? SerializationUtils.serialize(privateKey) : null, x509Certificate != null ? SerializationUtils.serialize(x509Certificate) : null, serializable != null ? SerializationUtils.serialize(serializable) : null);
    }

    @WorkerThread
    @Nullable
    public static SMIMECertificate a(@NonNull Context context, @NonNull String str, @NonNull CertificateAlias certificateAlias, @NonNull X509Certificate x509Certificate) {
        X509CertificateProperties x509CertificateProperties = new X509CertificateProperties(context, x509Certificate);
        try {
            return new SMIMECertificate(str, false, x509Certificate, certificateAlias, x509CertificateProperties.f().getTime(), x509CertificateProperties.j().getTime(), x509Certificate.getSigAlgName(), b(x509Certificate), a(x509Certificate));
        } catch (CertificateEncodingException e2) {
            LogUtils.d(a, e2, "Error getting encoded form of cert", new Object[0]);
            return null;
        }
    }

    @WorkerThread
    public static String a(@NonNull Context context, @NonNull X509Certificate x509Certificate) {
        return new X509CertificateProperties(context, x509Certificate).a((String) null);
    }

    @WorkerThread
    public static KeyStore a(@NonNull BufferedInputStream bufferedInputStream, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(bufferedInputStream, cArr);
        return keyStore;
    }

    @WorkerThread
    public static KeyStore a(@NonNull byte[] bArr, @NonNull char[] cArr) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
        BufferedInputStream bufferedInputStream;
        try {
            bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(bArr));
            try {
                KeyStore a2 = a(bufferedInputStream, cArr);
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException e2) {
                    }
                }
                return a2;
            } catch (Throwable th) {
                th = th;
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException e3) {
                    }
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
            bufferedInputStream = null;
        }
    }

    @WorkerThread
    public static X509Certificate a(@NonNull ByteArrayInputStream byteArrayInputStream) throws CertificateException {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        if (x509Certificate == null) {
            throw new CertificateException("Could not create X509Cert from supplied string");
        }
        return x509Certificate;
    }

    @WorkerThread
    @Nullable
    public static X509Certificate a(@NonNull KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                return (X509Certificate) keyStore.getCertificate(nextElement);
            }
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
            if (x509Certificate != null) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static boolean a(@NonNull X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null) {
            return keyUsage[2] || keyUsage[3];
        }
        LogUtils.d(a, "no key usage extensions in digital signature", new Object[0]);
        return false;
    }

    public static boolean a(@NonNull X509Certificate x509Certificate, @NonNull X509Certificate x509Certificate2) {
        return x509Certificate.getIssuerX500Principal().hashCode() == x509Certificate2.getSubjectX500Principal().hashCode();
    }

    public static boolean a(@NonNull Date date) {
        return date.after(new Date());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @WorkerThread
    @NonNull
    public static X509Certificate[] a(@NonNull InputStream inputStream) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<? extends Certificate> it = CertificateFactory.getInstance("X.509").generateCertificates(inputStream).iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate = (X509Certificate) it.next();
                if (a(x509Certificate)) {
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } finally {
            try {
                inputStream.close();
            } catch (IOException e2) {
            }
        }
    }

    @WorkerThread
    @Nullable
    public static EmailContent.CertTrustStatus b(@NonNull Context context, @NonNull X509Certificate x509Certificate) {
        try {
            return new X509CertificateVerifier(context, x509Certificate).f();
        } catch (CertificateEncodingException e2) {
            LogUtils.d(a, e2, "Error fetching trust status", new Object[0]);
            return null;
        }
    }

    @WorkerThread
    @Nullable
    public static PrivateKey b(@NonNull KeyStore keyStore, @NonNull char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                return (PrivateKey) keyStore.getKey(nextElement, cArr);
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @WorkerThread
    public static X509Certificate b(@NonNull byte[] bArr) throws CertificateException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        } finally {
            byteArrayInputStream.close();
        }
    }

    public static boolean b(@NonNull X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null) {
            return keyUsage[1] || keyUsage[0];
        }
        LogUtils.d(a, "no key usage extensions in digital signature", new Object[0]);
        return false;
    }

    @WorkerThread
    public static X509Certificate c(@NonNull byte[] bArr) throws CertificateException {
        return a(new ByteArrayInputStream(bArr));
    }

    public static boolean c(@NonNull X509Certificate x509Certificate) {
        boolean z = x509Certificate.getBasicConstraints() != -1;
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        boolean z2 = keyUsage != null && keyUsage[5];
        LogUtils.b(a, "Verifying CA Certificate using basic constraints extensions and key usage: " + (z && z2), new Object[0]);
        return z && z2;
    }

    @WorkerThread
    static X509Certificate[] c(@NonNull KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        Enumeration<String> aliases = keyStore.aliases();
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(cArr);
        Iterator it = Collections.list(aliases).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (keyStore.isKeyEntry(str)) {
                if (keyStore.getEntry(str, cArr == null ? null : passwordProtection) instanceof KeyStore.PrivateKeyEntry) {
                    Certificate[] certificateChain = keyStore.getCertificateChain(str);
                    if (certificateChain == null || certificateChain.length <= 0) {
                        return null;
                    }
                    if (certificateChain instanceof X509Certificate[]) {
                        return (X509Certificate[]) certificateChain;
                    }
                    X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
                    int i = 0;
                    while (true) {
                        int i2 = i;
                        if (i2 >= certificateChain.length) {
                            return x509CertificateArr;
                        }
                        x509CertificateArr[i2] = (X509Certificate) certificateChain[i2];
                        i = i2 + 1;
                    }
                }
            }
        }
        return null;
    }

    public static boolean d(@NonNull X509Certificate x509Certificate) {
        return x509Certificate.getIssuerX500Principal().hashCode() == x509Certificate.getSubjectX500Principal().hashCode();
    }

    public static int e(@NonNull X509Certificate x509Certificate) {
        if (ObjectGraphController.a().e().s().D() == 0) {
            return 0;
        }
        try {
            return ObjectGraphController.a().y().a(a(x509Certificate.getEncoded()), ObjectGraphController.a().e().t().F()).getRevocationStatus();
        } catch (CertificateEncodingException e2) {
            LogUtils.d(a, "Exception in getting alias.", new Object[0]);
            return 2;
        }
    }
}
