package com.samsung.android.email.newsecurity.smime;

import android.content.Context;
import android.net.Uri;
import com.samsung.android.email.common.newsecurity.manager.EmailPolicyManager;
import com.samsung.android.email.common.newsecurity.manager.SemNotificationManager;
import com.samsung.android.email.common.newsecurity.smime.BCSMIMEException;
import com.samsung.android.email.common.util.FIPSAlgorithmUtil;
import com.samsung.android.email.common.util.SemCryptoUtil;
import com.samsung.android.email.common.util.smime.CRLLocation;
import com.samsung.android.email.common.util.smime.DatabaseUtil;
import com.samsung.android.email.common.util.smime.RevocationInfo;
import com.samsung.android.email.common.util.smime.SemRecipientCertificateInfo;
import com.samsung.android.email.provider.R;
import com.samsung.android.emailcommon.basic.exception.SemException;
import com.samsung.android.emailcommon.basic.log.SemSMIMELog;
import com.samsung.android.emailcommon.preferences.DebugSettingPreference;
import com.samsung.android.emailcommon.provider.EmailContent;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes2.dex */
public abstract class SemRevocation {
    private boolean mIsOCSPEnabled;
    private boolean mIsRevocationEnabled;
    public String TAG = SemRevocation.class.getName();
    private String CRL_DIR_PATH = null;
    private final Uri CRL_CONTENT_URI = Uri.parse(EmailContent.CONTENT_URI + "/crlCache");
    final int X509_V_OK = 1;
    int SPC_OCSPRESULT_CERTIFICATE_VALID = 1001;

    private RevocationInfo doRevocationCheck(Context context, long j, X509Certificate x509Certificate, boolean z) {
        if (context == null) {
            SemSMIMELog.sysE("%s::doRevocationCheck() - context is null!!!", this.TAG);
            return null;
        }
        SemSMIMELog.d("%s::doRevocationCheck() - start.", this.TAG);
        SemSMIMELog.d("%s::doRevocationCheck() - Signature algorithm OID od the certificate is FIPS approved? = [%s]", this.TAG, Boolean.valueOf(FIPSAlgorithmUtil.isFIPSApproved(x509Certificate)));
        SemSMIMELog.d("%s::doRevocationCheck() - start.", this.TAG);
        RevocationInfo revocationInfo = new RevocationInfo();
        try {
            Certificate[] certificateChain = getCertificateChain(context, j, x509Certificate, z);
            certificateChain[0] = x509Certificate;
            List<? extends Certificate> asList = Arrays.asList(certificateChain);
            CertificateFactory certificateFactory = getCertificateFactory();
            CertPath generateCertPath = certificateFactory != null ? certificateFactory.generateCertPath(asList) : null;
            if (generateCertPath == null || asList.size() <= 1) {
                return revocationInfo;
            }
            SemSMIMELog.d("%s::doRevocationCheck() - certList.size() > 1", this.TAG);
            List<? extends Certificate> certificates = generateCertPath.getCertificates();
            Certificate[] certificateArr = new X509Certificate[certificates.size()];
            for (int i = 0; i < certificates.size(); i++) {
                certificateArr[i] = certificates.get(i);
            }
            return performCertValidation(context, j, certificateArr);
        } catch (BCSMIMEException e) {
            revocationInfo.setRevocationStatus(0);
            if (e.getType() == 9998) {
                revocationInfo.setGenericMessage("Root CA certificate not installed.");
                revocationInfo.setResourceID(R.string.revocation_could_not_be_performed_root_certificate_not_installed);
            } else if (e.getType() == 9997) {
                revocationInfo.setGenericMessage("User certificate not installed.");
                revocationInfo.setResourceID(R.string.revocation_could_not_be_performed_user_certificate_not_installed);
            } else if (e.getType() == 9996) {
                revocationInfo.setRevocationStatus(0);
                revocationInfo.setGenericMessage("Account not found");
            }
            e.printStackTrace();
            SemSMIMELog.d("%s::doRevocationCheck() - Certificate chain could not be fetched. Error code: %s", this.TAG, Integer.valueOf(e.getType()));
            return revocationInfo;
        } catch (Exception e2) {
            revocationInfo.setRevocationStatus(0);
            revocationInfo.setGenericMessage(e2.getMessage());
            e2.printStackTrace();
            SemSMIMELog.d("%s::doRevocationCheck() - Failed to perform revocation check. %s", this.TAG, e2.getMessage());
            return revocationInfo;
        } catch (NoClassDefFoundError e3) {
            e = e3;
            SemNotificationManager.getInstance().createUpdateNotification(context, j);
            revocationInfo.setRevocationStatus(0);
            revocationInfo.setGenericMessage(e.getMessage());
            e.printStackTrace();
            SemSMIMELog.d("%s::doRevocationCheck() - Failed to perform revocation check. %s", this.TAG, e.getMessage());
            return revocationInfo;
        } catch (UnsatisfiedLinkError e4) {
            e = e4;
            SemNotificationManager.getInstance().createUpdateNotification(context, j);
            revocationInfo.setRevocationStatus(0);
            revocationInfo.setGenericMessage(e.getMessage());
            e.printStackTrace();
            SemSMIMELog.d("%s::doRevocationCheck() - Failed to perform revocation check. %s", this.TAG, e.getMessage());
            return revocationInfo;
        }
    }

    private boolean isForceOCSP(Context context) {
        DebugSettingPreference debugSettingPreference = DebugSettingPreference.getInstance(context);
        return debugSettingPreference != null && debugSettingPreference.getOCSPCheck();
    }

    private boolean isForceRevocation(Context context) {
        DebugSettingPreference debugSettingPreference = DebugSettingPreference.getInstance(context);
        return debugSettingPreference != null && debugSettingPreference.getRevocationCheck();
    }

    private void updateDatabasePathForCRL(Context context) {
        DatabaseUtil.setContext(context);
        String absolutePath = context.getDatabasePath("EmailProvider.db").getAbsolutePath();
        DatabaseUtil.setDATABASE_PATH(absolutePath);
        try {
            File file = new File(context.getFilesDir() + File.separator + "crls");
            if (!file.exists()) {
                file.mkdir();
            }
            if (!file.isDirectory()) {
                file.mkdir();
            }
            this.CRL_DIR_PATH = file.getAbsolutePath();
        } catch (Exception e) {
            e.printStackTrace();
        }
        DatabaseUtil.setCRL_DIR_PATH(this.CRL_DIR_PATH);
        DatabaseUtil.setCONTENT_URI(this.CRL_CONTENT_URI);
        SemSMIMELog.d("%s::updateDatabasePathForCRL() - EMAIL_DATABASE_PATH[%s], CRL_DIR_PATH[%s], CRL_CONTENT_URI[%s]", this.TAG, absolutePath, this.CRL_DIR_PATH, this.CRL_CONTENT_URI);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RevocationInfo checkCRL(Context context, Certificate[] certificateArr) {
        RevocationInfo revocationInfo = new RevocationInfo();
        revocationInfo.setRevocationStatus(0);
        ArrayList arrayList = new ArrayList();
        try {
        } catch (IOException e) {
            e.printStackTrace();
            revocationInfo.setRevocationStatus(0);
            Throwable cause = e.getCause();
            revocationInfo.setGenericMessage("IOException: " + (cause != null ? cause.getMessage() : e.getMessage()));
        } catch (GeneralSecurityException e2) {
            e2.printStackTrace();
            revocationInfo.setRevocationStatus(0);
            Throwable cause2 = e2.getCause();
            revocationInfo.setGenericMessage("GeneralSecurityException: " + (cause2 != null ? cause2.getMessage() : e2.getMessage()));
        } catch (Exception e3) {
            e3.printStackTrace();
            revocationInfo.setRevocationStatus(0);
            Throwable cause3 = e3.getCause();
            revocationInfo.setGenericMessage("Exception: " + (cause3 != null ? cause3.getMessage() : e3.getMessage()));
        }
        if (certificateArr.length <= 0) {
            throw new SemException("Certificate Chain not found...");
        }
        String[] strArr = new String[certificateArr.length - 1];
        String[] strArr2 = new String[certificateArr.length - 1];
        for (int i = 0; i < certificateArr.length - 1; i++) {
            CRLLocation cRLLocation = SMIMEInstanceFactory.getCRLLocation((X509Certificate) certificateArr[i], SemCryptoUtil.isDebugSMIME(context));
            if (!cRLLocation.downloadCRL()) {
                throw new SemException("CRL location not found in Certificate.");
            }
            strArr[i] = cRLLocation.getCRLFileLocation();
            strArr2[i] = cRLLocation.getDeltaCRLFileLocation();
            arrayList.add(SemCryptoUtil.convertToPem(certificateArr[i]));
        }
        arrayList.add(SemCryptoUtil.convertToPem(certificateArr[certificateArr.length - 1]));
        validateCertificate(context, certificateArr, revocationInfo, strArr, strArr2, arrayList);
        return revocationInfo;
    }

    public RevocationInfo checkRevocation(Context context, long j, X509Certificate x509Certificate, boolean z) {
        if (context == null) {
            SemSMIMELog.sysE("%s::checkRevocation() - context is null!!!", this.TAG);
            return null;
        }
        SemSMIMELog.d("%s::checkRevocation() - start.", this.TAG);
        try {
            updateDatabasePathForCRL(context);
            return doRevocationCheck(context, j, x509Certificate, z);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public ArrayList<RevocationInfo> checkRevocation(Context context, long j, boolean z, ArrayList<SemRecipientCertificateInfo> arrayList, boolean z2) {
        SemSMIMELog.d("%s::checkRevocation() - start.", this.TAG);
        ArrayList<RevocationInfo> arrayList2 = new ArrayList<>();
        if (context != null) {
            if (!z) {
                try {
                    checkRevocationPolicy(context, j);
                } catch (Exception e) {
                    e.printStackTrace();
                    return null;
                }
            }
            updateDatabasePathForCRL(context);
            Iterator<SemRecipientCertificateInfo> it = arrayList.iterator();
            while (it.hasNext()) {
                SemRecipientCertificateInfo next = it.next();
                Iterator<X509Certificate> it2 = next.mX509CertificateList.iterator();
                while (it2.hasNext()) {
                    RevocationInfo doRevocationCheck = doRevocationCheck(context, j, it2.next(), z2);
                    if (doRevocationCheck != null) {
                        doRevocationCheck.setEmailAddress(next.mEmail);
                        arrayList2.add(doRevocationCheck);
                    }
                }
            }
        }
        SemSMIMELog.d("%s::checkRevocation() - return resultList.", this.TAG);
        return arrayList2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkRevocationPolicy(Context context, long j) {
        try {
            isRevocationEnabled(context, j);
            isOCSPEnabled(context, j);
            SemSMIMELog.d("%s::checkRevocationPolicy() - mIsRevocationEnabled[%s], mIsOCSPEnabled[%s]", this.TAG, Boolean.valueOf(this.mIsRevocationEnabled), Boolean.valueOf(this.mIsOCSPEnabled));
        } catch (Exception e) {
            SemSMIMELog.sysE("%s::checkRevocationPolicy() - Fail.", this.TAG);
            e.printStackTrace();
        }
    }

    abstract Certificate[] getCertificateChain(Context context, long j, X509Certificate x509Certificate, boolean z) throws Exception;

    abstract CertificateFactory getCertificateFactory();

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isOCSPEnabled(Context context, long j) {
        boolean z;
        try {
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (!isForceOCSP(context) && !EmailPolicyManager.getInstance().isCertificateOcspCheck(context, j)) {
            z = false;
            this.mIsOCSPEnabled = z;
            return this.mIsOCSPEnabled;
        }
        z = true;
        this.mIsOCSPEnabled = z;
        return this.mIsOCSPEnabled;
    }

    public boolean isRevocationEnabled(Context context, long j) {
        boolean z = isForceRevocation(context) || EmailPolicyManager.getInstance().isCertificateRevocationCheck(context, j);
        this.mIsRevocationEnabled = z;
        return z;
    }

    abstract RevocationInfo performCertValidation(Context context, long j, Certificate[] certificateArr);

    abstract void validateCertificate(Context context, Certificate[] certificateArr, RevocationInfo revocationInfo, String[] strArr, String[] strArr2, List<byte[]> list) throws Exception;
}
