package com.samsung.android.email.sync.exchange.common.ssl;

import android.app.ActivityManager;
import android.content.ContentValues;
import android.content.Context;
import android.content.SharedPreferences;
import android.database.Cursor;
import android.database.MatrixCursor;
import android.os.Bundle;
import android.text.TextUtils;
import com.google.common.base.Ascii;
import com.samsung.android.email.common.newsecurity.manager.EmailPolicyManager;
import com.samsung.android.email.common.newsecurity.manager.SemNotificationManager;
import com.samsung.android.email.common.util.IntentUtils;
import com.samsung.android.emailcommon.basic.constant.CarrierValues;
import com.samsung.android.emailcommon.basic.constant.SSLConst;
import com.samsung.android.emailcommon.basic.crypto.FBEDataPreferences;
import com.samsung.android.emailcommon.basic.exception.SyncServiceLogger;
import com.samsung.android.emailcommon.basic.general.ConnectivityUtil;
import com.samsung.android.emailcommon.basic.log.EmailLog;
import com.samsung.android.emailcommon.basic.log.LogUtility;
import com.samsung.android.emailcommon.basic.thread.ThreadPoolUtility;
import com.samsung.android.emailcommon.fbe.FBEAccountInfo;
import com.samsung.android.emailcommon.fbe.FBEDataPreferencesUtil;
import com.samsung.android.emailcommon.preferences.InternalSettingPreference;
import com.samsung.android.emailcommon.provider.Account;
import com.samsung.android.emailcommon.provider.utils.Utility;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.json.JSONException;

/* loaded from: classes2.dex */
public class SSLUtils {
    private static final String TAG = "SSLUtils";

    private static StringBuilder appendByteAsHex(StringBuilder sb, byte b, boolean z) {
        EmailLog.dnf(TAG, "appendByteAsHex");
        char[] cArr = z ? SSLConst.UPPER_CASE_DIGITS : SSLConst.LOWER_CASE_DIGITS;
        sb.append(cArr[(b >> 4) & 15]);
        sb.append(cArr[b & Ascii.SI]);
        return sb;
    }

    public static boolean clearWhiteListCertificate(Context context, String str) {
        String str2 = TAG;
        EmailLog.inf(str2, "clearWhiteListCertificate emailAddress=" + LogUtility.getSecureAddress(str));
        if (context == null || TextUtils.isEmpty(str)) {
            EmailLog.enf(str2, "Invalid params");
            return false;
        }
        int deleteWhiteListCertificateInfo = deleteWhiteListCertificateInfo(context, new String[]{str});
        EmailLog.inf(str2, "deleted " + deleteWhiteListCertificateInfo + " record");
        return deleteWhiteListCertificateInfo > 0;
    }

    private static int deleteWhiteListCertificateInfo(Context context, String[] strArr) {
        if (!EmailPolicyManager.getInstance().isUntrustedCertificateFeatureEnabled(context)) {
            return -1;
        }
        String str = TAG;
        EmailLog.dnf(str, "Clear whitelist certificate from pref");
        if (strArr == null || strArr.length < 1) {
            EmailLog.enf(str, "Invalid args");
            return -1;
        }
        String str2 = strArr[0];
        SharedPreferences.Editor edit = context.getSharedPreferences(str2 + "_" + SSLConst.WHITE_LIST_PREFERENCE, 0).edit();
        edit.clear();
        edit.apply();
        deleteWhitelistPreferenceFile(context, str2 + "_" + SSLConst.WHITE_LIST_PREFERENCE);
        FBEAccountInfo fBEAccountInfo = null;
        try {
            fBEAccountInfo = FBEDataPreferencesUtil.getAccountWithEmailAddress(FBEDataPreferences.getPreferences(context), str2);
        } catch (JSONException e) {
            e.printStackTrace();
        }
        if (fBEAccountInfo != null) {
            SharedPreferences.Editor edit2 = context.createDeviceProtectedStorageContext().getSharedPreferences(str2 + "_" + SSLConst.WHITE_LIST_PREFERENCE, 0).edit();
            edit2.clear();
            edit2.apply();
            deleteWhitelistPreferenceFile(context.createDeviceProtectedStorageContext(), str2 + "_" + SSLConst.WHITE_LIST_PREFERENCE);
        }
        return 1;
    }

    private static void deleteWhitelistPreferenceFile(Context context, String str) {
        String str2 = TAG;
        EmailLog.dnf(str2, "deleteWhitelistPreferenceFile emailAddress=" + LogUtility.getSecureAddress(str));
        File file = new File((context.getFilesDir().getParent() + "/shared_prefs/") + str + ".xml");
        if (!file.exists()) {
            EmailLog.enf(str2, "can't delete - doesn't exist");
        } else if (file.delete()) {
            EmailLog.dnf(str2, "deleted " + LogUtility.getSecureAddress(str));
        } else {
            EmailLog.enf(str2, "can't delete " + LogUtility.getSecureAddress(str));
        }
    }

    private static final String fingerprint(byte[] bArr) {
        EmailLog.dnf(TAG, "fingerprint");
        if (bArr == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        int i = 0;
        while (i < bArr.length) {
            appendByteAsHex(sb, bArr[i], true);
            i++;
            if (i != bArr.length) {
                sb.append(':');
            }
        }
        return sb.toString();
    }

    public static String getDigest(X509Certificate x509Certificate, String str) {
        EmailLog.dnf(TAG, "getDigest algorithm=" + str);
        if (x509Certificate == null) {
            return "";
        }
        try {
            return fingerprint(MessageDigest.getInstance(str).digest(x509Certificate.getEncoded()));
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return "";
        } catch (CertificateEncodingException e2) {
            e2.printStackTrace();
            return "";
        }
    }

    public static String getSignature(X509Certificate x509Certificate) {
        return new BigInteger(x509Certificate.getSignature()).toString(16);
    }

    public static String getStringFingerprint(X509Certificate x509Certificate, String str) {
        try {
            byte[] encoded = x509Certificate.getEncoded();
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(encoded);
            return hexString(messageDigest.digest());
        } catch (NoSuchAlgorithmException | CertificateEncodingException unused) {
            return "";
        }
    }

    private static Cursor getWhiteListCertificateInfo(Context context, String[] strArr) {
        if (!EmailPolicyManager.getInstance().isUntrustedCertificateFeatureEnabled(context)) {
            return null;
        }
        EmailLog.dnf(TAG, "getWhiteListCertificateInfo");
        MatrixCursor matrixCursor = new MatrixCursor(new String[]{"result"});
        Iterator<Map.Entry<String, ?>> it = context.getSharedPreferences(strArr[0] + "_" + SSLConst.WHITE_LIST_PREFERENCE, 0).getAll().entrySet().iterator();
        while (it.hasNext()) {
            String key = it.next().getKey();
            EmailLog.dnf(TAG, "certificateInfoInPref=" + key);
            matrixCursor.newRow().add(key);
        }
        return matrixCursor;
    }

    public static X509Certificate getX509CertificateFromBundle(Context context, Bundle bundle) {
        String str = TAG;
        EmailLog.dnf(str, "getX509CertificateFromBundle");
        if (!EmailPolicyManager.getInstance().isUntrustedCertificateFeatureEnabled(context)) {
            return null;
        }
        if (bundle == null) {
            EmailLog.enf(str, "bundle null");
            return null;
        }
        byte[] byteArray = bundle.getByteArray(SSLConst.X509_CERTIFICATE);
        if (byteArray == null) {
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
        } catch (CertificateException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static synchronized void handleCertPathValidationFailed(Context context, Account account, IOException iOException) {
        synchronized (SSLUtils.class) {
            if (context == null || account == null || iOException == null) {
                EmailLog.dnf(TAG, "handleCertPathValidationFailed : null parameters");
                return;
            }
            if (EmailPolicyManager.getInstance().isUntrustedCertificateFeatureEnabled(context) && CarrierValues.IS_CARRIER_ATT && (ConnectivityUtil.isCaptivePortalNetwork(context) || ConnectivityUtil.checkATTWifiSsid(context))) {
                SyncServiceLogger.logCaptivePortalStats(context, "Connected to Captive portal", account.mId);
            }
        }
    }

    private static String hexString(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (byte b : bArr) {
            stringBuffer.append(cArr[(b & 240) >> 4]);
            stringBuffer.append(cArr[b & Ascii.SI]);
        }
        return stringBuffer.toString();
    }

    public static boolean isAcceptedCertificate(Context context, String str, X509Certificate x509Certificate) {
        String str2 = TAG;
        EmailLog.dnf(str2, "isAcceptedCertificate emailAddress=" + LogUtility.getSecureAddress(str));
        if (context == null) {
            EmailLog.dnf(str2, "isAcceptedCertificate : null context");
            return false;
        }
        if (!EmailPolicyManager.getInstance().isUntrustedCertificateFeatureEnabled(context)) {
            return false;
        }
        if (TextUtils.isEmpty(str) || x509Certificate == null) {
            EmailLog.enf(str2, "Invalid params");
            return false;
        }
        if (EmailPolicyManager.getInstance().isDualDarMode(context)) {
            FBEAccountInfo fBEAccountInfo = null;
            try {
                fBEAccountInfo = FBEDataPreferencesUtil.getAccountWithEmailAddress(FBEDataPreferences.getPreferences(context), str);
            } catch (JSONException e) {
                e.printStackTrace();
            }
            if (fBEAccountInfo == null || TextUtils.isEmpty(fBEAccountInfo.mAlias)) {
                return false;
            }
        }
        String str3 = x509Certificate.getIssuerDN().toString() + SSLConst.FIRST_LEVEL_DELIMITER + x509Certificate.getSerialNumber() + SSLConst.FIRST_LEVEL_DELIMITER + getSignature(x509Certificate) + SSLConst.FIRST_LEVEL_DELIMITER + getStringFingerprint(x509Certificate, "SHA-1") + SSLConst.FIRST_LEVEL_DELIMITER + getStringFingerprint(x509Certificate, MessageDigestAlgorithms.MD5);
        String str4 = x509Certificate.getIssuerDN().toString() + SSLConst.FIRST_LEVEL_DELIMITER + x509Certificate.getSubjectDN();
        String str5 = TAG;
        EmailLog.dnf(str5, "certificateFromServer=" + str3 + " serverCertificateSecondFormat=" + str4);
        Cursor whiteListCertificateInfo = getWhiteListCertificateInfo(context, new String[]{str});
        if (whiteListCertificateInfo != null) {
            try {
                if (!whiteListCertificateInfo.isClosed()) {
                    boolean z = false;
                    while (whiteListCertificateInfo.moveToNext()) {
                        String string = whiteListCertificateInfo.getString(0);
                        if (str3.equals(string) || str4.equals(string)) {
                            EmailLog.dnf(TAG, "isAcceptedCertificate got a match!! certificate=" + string);
                            z = true;
                        }
                    }
                    if (whiteListCertificateInfo != null) {
                        whiteListCertificateInfo.close();
                    }
                    return z;
                }
            } catch (Throwable th) {
                if (whiteListCertificateInfo != null) {
                    try {
                        whiteListCertificateInfo.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (whiteListCertificateInfo != null) {
            whiteListCertificateInfo.close();
        }
        EmailLog.dnf(str5, "isAcceptedCertificate - invalid Certificate!!!");
        return false;
    }

    public static boolean postSSLErrorNotification(Context context, long j) {
        if (!EmailPolicyManager.getInstance().isUntrustedCertificateFeatureEnabled(context)) {
            return false;
        }
        boolean isEmailAppForeground = Utility.isEmailAppForeground(context);
        EmailLog.dnf(TAG, "isEmailAppForeground: " + isEmailAppForeground);
        if (isEmailAppForeground) {
            return false;
        }
        if (!InternalSettingPreference.getInstance(context).addUntrustedCertificateNoti(j)) {
            return true;
        }
        SemNotificationManager.getInstance().addUntrustedCertificateNotification(context, j);
        return true;
    }

    private static boolean saveCertificateInfo(Context context, String str, String str2, long j) {
        String str3 = TAG;
        EmailLog.inf(str3, "saveCertificateInfo emailAddress=" + LogUtility.getSecureAddress(str) + " certificateInfo=" + str2);
        if (context == null || TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            EmailLog.enf(str3, "Invalid params");
            return false;
        }
        SyncServiceLogger.logUntrustedCertificateStats(context, "adding certificate emailAddress=" + LogUtility.getSecureAddress(str) + " certificateInfo=" + str2, j);
        ContentValues contentValues = new ContentValues();
        contentValues.put("certificate", str2);
        contentValues.put("emailAddress", str);
        int updateWhiteListCertificateInfo = updateWhiteListCertificateInfo(context, contentValues);
        EmailLog.inf(str3, "saveCertificateInfo=" + str2 + " val=" + updateWhiteListCertificateInfo);
        return updateWhiteListCertificateInfo > 0;
    }

    public static boolean saveX509CertificateToWhiteList(Context context, X509Certificate x509Certificate, String str, long j) {
        String str2 = TAG;
        EmailLog.inf(str2, "saveCertificateToWhiteList");
        if (!EmailPolicyManager.getInstance().isUntrustedCertificateFeatureEnabled(context)) {
            return false;
        }
        if (TextUtils.isEmpty(str) || x509Certificate == null) {
            EmailLog.enf(str2, "Invalid params");
            return false;
        }
        Principal issuerDN = x509Certificate.getIssuerDN();
        return saveCertificateInfo(context, str, issuerDN.toString() + SSLConst.FIRST_LEVEL_DELIMITER + x509Certificate.getSerialNumber() + SSLConst.FIRST_LEVEL_DELIMITER + getSignature(x509Certificate) + SSLConst.FIRST_LEVEL_DELIMITER + getStringFingerprint(x509Certificate, "SHA-1") + SSLConst.FIRST_LEVEL_DELIMITER + getStringFingerprint(x509Certificate, MessageDigestAlgorithms.MD5), j);
    }

    public static void showSSLCertificationWarning(Context context, X509Certificate x509Certificate, String str, String str2) {
        if (x509Certificate == null) {
            return;
        }
        showSSLCertificationWarning(context, x509Certificate, str, str2, false);
    }

    public static void showSSLCertificationWarning(final Context context, final X509Certificate x509Certificate, final String str, final String str2, final boolean z) {
        ThreadPoolUtility.runAsyncOnUIThreadPool(new Runnable() { // from class: com.samsung.android.email.sync.exchange.common.ssl.SSLUtils.1
            @Override // java.lang.Runnable
            public void run() {
                long j;
                Account restoreAccountWithEmailAddress;
                EmailLog.dnf(SSLUtils.TAG, "showSSLCertificationWarning");
                if (z || (restoreAccountWithEmailAddress = Account.restoreAccountWithEmailAddress(context, str)) == null || restoreAccountWithEmailAddress.mId <= 0) {
                    j = -1;
                } else {
                    j = restoreAccountWithEmailAddress.mId;
                    if (SSLUtils.postSSLErrorNotification(context, restoreAccountWithEmailAddress.mId)) {
                        return;
                    }
                }
                IntentUtils.actionStart((ActivityManager) context.getSystemService("activity"), context, x509Certificate, str, str2, j, z);
            }
        });
    }

    private static int updateWhiteListCertificateInfo(Context context, ContentValues contentValues) {
        if (!EmailPolicyManager.getInstance().isUntrustedCertificateFeatureEnabled(context) || contentValues == null) {
            return -1;
        }
        EmailLog.dnf(TAG, "Put whitelist certificate to pref");
        String asString = contentValues.getAsString("certificate");
        String asString2 = contentValues.getAsString("emailAddress");
        SharedPreferences.Editor edit = context.getSharedPreferences(asString2 + "_" + SSLConst.WHITE_LIST_PREFERENCE, 0).edit();
        edit.putString(asString, asString2);
        boolean commit = edit.commit();
        SharedPreferences.Editor edit2 = context.createDeviceProtectedStorageContext().getSharedPreferences(asString2 + "_" + SSLConst.WHITE_LIST_PREFERENCE, 0).edit();
        edit2.putString(asString, asString2);
        edit2.apply();
        return commit ? 1 : 0;
    }
}
