package com.djigzo.android.application.other;

import com.djigzo.android.application.R;
import com.djigzo.android.application.settings.AccountSettings;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertPath;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Set;
import mitm.common.properties.HierarchicalPropertiesException;
import mitm.common.security.KeyAndCertStore;
import mitm.common.security.KeyAndCertificate;
import mitm.common.security.PKISecurityServicesFactory;
import mitm.common.security.certificate.X509CertificateInspector;
import mitm.common.security.certificate.validator.IsValidForSMIMESigning;
import mitm.common.security.certificate.validator.PKITrustCheckCertificateValidator;
import mitm.common.security.certificate.validator.PKITrustCheckCertificateValidatorFactory;
import mitm.common.security.certstore.X509CertStoreEntry;
import mitm.common.security.smime.selector.SigningKeyAndCertificateSelector;
import org.apache.commons.io.IOExceptionWithCause;
import org.apache.commons.lang.StringUtils;

/* loaded from: classes.dex */
public class PersonalCertificateManager {
    private final AccountSettings accountSettings;
    private final KeyAndCertStore keyAndCertStore;
    private final PKISecurityServicesFactory securityServicesFactory;
    private final PKITrustCheckCertificateValidatorFactory trustCheckCertificateValidatorFactory;

    /* loaded from: classes.dex */
    public static class Signer {
        private final CertPath certPath;
        private final KeyAndCertificate keyAndCertificate;

        Signer(KeyAndCertificate keyAndCertificate, CertPath certPath) {
            this.keyAndCertificate = keyAndCertificate;
            this.certPath = certPath;
        }

        public CertPath getCertPath() {
            return this.certPath;
        }

        public KeyAndCertificate getKeyAndCertificate() {
            return this.keyAndCertificate;
        }
    }

    /* loaded from: classes.dex */
    public static class SigningCertificateException extends Exception {
        final int resId;

        SigningCertificateException(int i) {
            this.resId = i;
        }

        public int getResId() {
            return this.resId;
        }
    }

    public PersonalCertificateManager(AccountSettings accountSettings, PKISecurityServicesFactory pKISecurityServicesFactory, PKITrustCheckCertificateValidatorFactory pKITrustCheckCertificateValidatorFactory, KeyAndCertStore keyAndCertStore) {
        this.accountSettings = accountSettings;
        this.securityServicesFactory = pKISecurityServicesFactory;
        this.trustCheckCertificateValidatorFactory = pKITrustCheckCertificateValidatorFactory;
        this.keyAndCertStore = keyAndCertStore;
    }

    private void autoSelectSigningCertificate() throws CertificateEncodingException, NoSuchAlgorithmException, NoSuchProviderException, HierarchicalPropertiesException {
        if (StringUtils.isEmpty(this.accountSettings.getSender())) {
            return;
        }
        Set<KeyAndCertificate> matchingKeyAndCertificates = new SigningKeyAndCertificateSelector(this.securityServicesFactory.createPKISecurityServices()).getMatchingKeyAndCertificates(this.accountSettings.getSender());
        if (matchingKeyAndCertificates.size() > 0) {
            this.accountSettings.setSignerThumbprint(X509CertificateInspector.getThumbprint(matchingKeyAndCertificates.iterator().next().getCertificate()));
            this.accountSettings.save();
        }
    }

    public X509Certificate getPersonalEncryptionCertificate(boolean z) throws IOException {
        X509CertStoreEntry byThumbprint;
        try {
            String signerThumbprint = this.accountSettings.getSignerThumbprint();
            if (z) {
                if (StringUtils.isEmpty(signerThumbprint)) {
                    autoSelectSigningCertificate();
                }
                signerThumbprint = this.accountSettings.getSignerThumbprint();
            }
            if (!StringUtils.isNotEmpty(signerThumbprint) || (byThumbprint = this.keyAndCertStore.getByThumbprint(signerThumbprint)) == null) {
                return null;
            }
            return byThumbprint.getCertificate();
        } catch (NoSuchAlgorithmException e) {
            throw new IOExceptionWithCause(e);
        } catch (NoSuchProviderException e2) {
            throw new IOExceptionWithCause(e2);
        } catch (CertStoreException e3) {
            throw new IOExceptionWithCause(e3);
        } catch (CertificateEncodingException e4) {
            throw new IOExceptionWithCause(e4);
        } catch (HierarchicalPropertiesException e5) {
            throw new IOExceptionWithCause(e5);
        }
    }

    public Object[] getPersonalEncryptionCertificateAndFilename(boolean z) throws IOException {
        X509Certificate personalEncryptionCertificate = getPersonalEncryptionCertificate(z);
        if (personalEncryptionCertificate == null) {
            return null;
        }
        String sender = this.accountSettings.getSender();
        if (StringUtils.isBlank(sender)) {
            sender = "certificate";
        }
        return new Object[]{personalEncryptionCertificate, sender + ".cer"};
    }

    public Signer getSigner() throws IOException, SigningCertificateException {
        try {
            if (StringUtils.isEmpty(this.accountSettings.getSignerThumbprint())) {
                autoSelectSigningCertificate();
            }
            String signerThumbprint = this.accountSettings.getSignerThumbprint();
            if (StringUtils.isEmpty(signerThumbprint)) {
                throw new SigningCertificateException(R.string.compose_message_signer_certificate_not_set);
            }
            X509CertStoreEntry byThumbprint = this.keyAndCertStore.getByThumbprint(signerThumbprint);
            if (byThumbprint == null) {
                throw new SigningCertificateException(R.string.compose_message_signer_certificate_not_found);
            }
            X509Certificate certificate = byThumbprint.getCertificate();
            PKITrustCheckCertificateValidator createValidator = this.trustCheckCertificateValidatorFactory.createValidator(null);
            try {
                if (!createValidator.isValid(certificate)) {
                    throw new SigningCertificateException(R.string.compose_message_signer_certificate_not_valid);
                }
                if (!new IsValidForSMIMESigning().isValid(certificate)) {
                    throw new SigningCertificateException(R.string.compose_message_signer_certificate_not_for_smime);
                }
                KeyAndCertificate keyAndCertificate = this.keyAndCertStore.getKeyAndCertificate(byThumbprint);
                if (keyAndCertificate == null) {
                    throw new IllegalStateException("KeyAndCertificate is found");
                }
                if (keyAndCertificate.getPrivateKey() != null) {
                    return new Signer(keyAndCertificate, createValidator.getCertPath());
                }
                throw new SigningCertificateException(R.string.compose_message_signer_certificate_no_key);
            } catch (Exception unused) {
                throw new SigningCertificateException(R.string.compose_message_signer_certificate_not_valid);
            }
        } catch (KeyStoreException e) {
            throw new IOExceptionWithCause(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IOExceptionWithCause(e2);
        } catch (NoSuchProviderException e3) {
            throw new IOExceptionWithCause(e3);
        } catch (CertStoreException e4) {
            throw new IOExceptionWithCause(e4);
        } catch (CertificateEncodingException e5) {
            throw new IOExceptionWithCause(e5);
        } catch (HierarchicalPropertiesException e6) {
            throw new IOExceptionWithCause(e6);
        }
    }
}
