package com.samsung.android.email.newsecurity.smime;

import android.content.Context;
import android.os.RemoteException;
import com.samsung.android.email.common.util.SemCryptoUtil;
import com.samsung.android.emailcommon.basic.exception.CertificateManagerException;
import com.samsung.android.emailcommon.basic.log.SemSMIMELog;
import com.samsung.android.emailcommon.newsecurity.CertificateConst;
import com.samsung.android.knox.keystore.CertificateProfile;
import com.samsung.android.knox.keystore.ClientCertificateManager;
import com.samsung.android.knox.util.SemCertAndroidKeyStore;
import com.samsung.android.knox.util.SemKeyStoreManager;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/* loaded from: classes2.dex */
public class CCMCertificateInstaller implements CertificateInstaller {
    private final String TAG = CCMCertificateInstaller.class.getSimpleName();
    private final Context mContext;
    private SemCertAndroidKeyStore mSemCertAndroidKeyStoreForCA;
    private final SemKeyStoreManager mSemKeyStoreManager;

    public CCMCertificateInstaller(Context context, SemKeyStoreManager semKeyStoreManager) {
        this.mContext = context;
        this.mSemKeyStoreManager = semKeyStoreManager;
    }

    private CertificateProfile getCertificateProfile(String str) {
        CertificateProfile certificateProfile = SMIMEInstanceFactory.getCertificateProfile();
        certificateProfile.alias = str;
        certificateProfile.allowAllPackages = true;
        return certificateProfile;
    }

    private X509Certificate[] getX509CaCertificates(Certificate[] certificateArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length - 1];
        int i = 0;
        for (Certificate certificate : certificateArr) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (SemCryptoUtil.isCa(x509Certificate)) {
                x509CertificateArr[i] = x509Certificate;
                i++;
            }
        }
        return x509CertificateArr;
    }

    @Override // com.samsung.android.email.newsecurity.smime.CertificateInstaller
    public void install(InputStream inputStream, String str, String str2) throws CertificateManagerException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, KeyStoreException, IOException, UnrecoverableKeyException, RemoteException {
        Certificate[] certificateChain = KeyStoreManager.getCertificateChain(inputStream, str, str2);
        Key key = KeyStoreManager.getKey(inputStream, str, str2);
        installCa(getX509CaCertificates(certificateChain));
        CertificateProfile certificateProfile = getCertificateProfile(str2);
        String replace = str2.trim().replace(' ', '_');
        ByteArrayOutputStream certByteArrayOutputStream = KeyStoreManager.getCertByteArrayOutputStream(str, replace, key, certificateChain);
        ClientCertificateManager knoxClientCertificateManager = SMIMEInstanceFactory.getKnoxClientCertificateManager(this.mContext);
        if (knoxClientCertificateManager != null) {
            if (knoxClientCertificateManager.installCertificate(certificateProfile, certByteArrayOutputStream.toByteArray(), str)) {
                SemSMIMELog.d("%s::importCertificate() - EMAIL CCM Key Installation alias[%s] SUCCESS", this.TAG, replace);
            } else {
                SemSMIMELog.sysE("%s::importCertificate() - EMAIL CCM Key Installation alias[%s] FAILURE", this.TAG, replace);
                throw new CertificateManagerException(CertificateConst.KEYSTORE_PROXY_CERT_INSTALL_ERROR);
            }
        }
    }

    @Override // com.samsung.android.email.newsecurity.smime.CertificateInstaller
    public void installCa(Certificate[] certificateArr) throws RemoteException {
        if (certificateArr.length > 0) {
            if (this.mSemCertAndroidKeyStoreForCA == null) {
                this.mSemCertAndroidKeyStoreForCA = new SemCertAndroidKeyStore();
            }
            this.mSemCertAndroidKeyStoreForCA.certs = certificateArr;
            SemSMIMELog.d("%s::Status code for CA cert installation statusCode[%s]", this.TAG, Integer.valueOf(this.mSemKeyStoreManager.installCaCert(this.mSemCertAndroidKeyStoreForCA)));
        }
    }

    void setSemCertAndroidKeyStore(SemCertAndroidKeyStore semCertAndroidKeyStore) {
        this.mSemCertAndroidKeyStoreForCA = semCertAndroidKeyStore;
    }
}
