package com.samsung.android.email.sync.emailsecurity.smime.Certificate;

import android.content.ContentProviderOperation;
import android.content.Context;
import android.os.Build;
import android.os.Process;
import android.os.UserHandle;
import com.samsung.android.email.sync.emailsecurity.smime.PemWriter;
import com.samsung.android.emailcommon.log.SemSMIMELog;
import com.samsung.android.emailcommon.preferences.DebugSettingPreference;
import com.samsung.android.emailcommon.provider.EmailContent;
import com.samsung.android.emailcommon.utility.Utility;
import com.samsung.android.knox.util.SemCertAndroidKeyStore;
import com.samsung.android.knox.util.SemCertByte;
import com.samsung.android.knox.util.SemKeyStoreManager;
import com.sec.android.smimeutil.SecCertificateMgr;
import com.sec.android.smimeutil.SemCertificateMgr;
import com.sec.android.smimeutil.SemNativeSMIMEHelper;
import com.sec.enterprise.knox.EnterpriseKnoxManager;
import com.sec.enterprise.knox.ccm.CertificateProfile;
import com.sec.enterprise.knox.ccm.ClientCertificateManager;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;

/* loaded from: classes22.dex */
public class CertificateMgr {
    public static final String CERTIFICATE_ALIAS = "CERTIFICATE_ALIAS";
    static final String CERTIFICATE_NOT_SUPPORTED = "Certificate not supported of device secure storage";
    public static final String CERTIFICATE_TYPE = "CERTIFICATE_TYPE";
    public static final String KEYSTORE_PASSWORD = "KEYSTORE_PASSWORD";
    private static final String KEYSTORE_PROXY_CERT_INSTALL_ERROR = "KeyStore proxy install cert error";
    private static final String KEYSTORE_PROXY_SERVICE_CONNECTION_ERROR = "KeyStore proxy service connection error";
    private static final String TAG = CertificateMgr.class.getSimpleName();
    private static final String TYPE_ANDROID_KEYSTORE = "AndroidKeyStore";
    private static SemKeyStoreManager sRemoteServiceKeystore;
    private boolean DEBUG_SMIME;
    private Context mContext;
    private KeyStore mKeyStore;
    private String mKeyStoreType = TYPE_ANDROID_KEYSTORE;
    private String mPassword;

    public CertificateMgr(String str, Context context) throws CertificateManagerException {
        this.DEBUG_SMIME = false;
        this.mContext = context;
        if (str == null) {
            throw new CertificateManagerException("CertificateMgr is unable to intialize without password");
        }
        this.mPassword = str;
        DebugSettingPreference debugSettingPreference = DebugSettingPreference.getInstance(context);
        if (debugSettingPreference != null) {
            this.DEBUG_SMIME = debugSettingPreference.getEnableSMIMELog();
            if (Build.VERSION.SDK_INT >= 27) {
                try {
                    SemNativeSMIMEHelper.setDebug(this.DEBUG_SMIME);
                } catch (NoClassDefFoundError | UnsatisfiedLinkError e) {
                    e.printStackTrace();
                }
            }
        }
    }

    private boolean bindKeyStoreProxy() {
        if (sRemoteServiceKeystore == null) {
            sRemoteServiceKeystore = SemKeyStoreManager.getInstance();
        }
        if (sRemoteServiceKeystore == null) {
            return false;
        }
        SemSMIMELog.v("%s::bindKeyStoreProxy() - SCEP Bind [%s]", TAG, sRemoteServiceKeystore.getClass().getName());
        return true;
    }

    private static byte[] convertToPem(Certificate... certificateArr) throws CertificateEncodingException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream, StandardCharsets.US_ASCII));
        for (Certificate certificate : certificateArr) {
            pemWriter.writeObject("CERTIFICATE", certificate.getEncoded());
        }
        pemWriter.close();
        return byteArrayOutputStream.toByteArray();
    }

    public static boolean isCCMEnabled(Context context) {
        ClientCertificateManager clientCertificateManagerPolicy = EnterpriseKnoxManager.getInstance().getClientCertificateManagerPolicy(context);
        return (clientCertificateManagerPolicy == null || clientCertificateManagerPolicy.getCCMVersion() == null || !clientCertificateManagerPolicy.isCCMPolicyEnabledForPackage("com.samsung.android.email.provider")) ? false : true;
    }

    private boolean isCa(X509Certificate x509Certificate) {
        return Build.VERSION.SDK_INT <= 26 ? SecCertificateMgr.isCa(x509Certificate) : SemCertificateMgr.isCa(x509Certificate);
    }

    public Enumeration<String> getAliases() throws CertificateManagerException {
        try {
            if (this.mKeyStore != null) {
                return this.mKeyStore.aliases();
            }
            return null;
        } catch (Exception e) {
            throw new CertificateManagerException(e.getMessage(), e);
        }
    }

    public X509Certificate getCertificate(String str) throws CertificateManagerException {
        X509Certificate x509Certificate;
        SemSMIMELog.d("%s::getCertificate() - mKeyStoreType[%s], alias[%s]", TAG, this.mKeyStoreType, str);
        if (str.toLowerCase().startsWith("__bulk")) {
            SemSMIMELog.w("%s::getCertificate() - this is __bulk!", TAG);
            return null;
        }
        try {
            if (!TYPE_ANDROID_KEYSTORE.equals(this.mKeyStoreType)) {
                x509Certificate = (X509Certificate) this.mKeyStore.getCertificate(str);
            } else {
                if (!bindKeyStoreProxy()) {
                    throw new CertificateManagerException(KEYSTORE_PROXY_SERVICE_CONNECTION_ERROR);
                }
                if (sRemoteServiceKeystore != null && (Utility.isAfwMode() || UserHandle.semGetMyUserId() != 0 || sRemoteServiceKeystore.hasAlias(str, false))) {
                    sRemoteServiceKeystore.grantAccess(this.mContext.getPackageManager().getApplicationInfo("com.samsung.android.email.provider", 128).uid, str);
                }
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(null, this.mPassword.toCharArray());
                keyStore.setKeyEntry(str, SemCertificateUtil.getPrivateKey(this.mContext, str), this.mPassword.toCharArray(), SemCertificateUtil.getCertificateChain(this.mContext, str));
                x509Certificate = (X509Certificate) keyStore.getCertificate(str);
            }
            if (!this.DEBUG_SMIME) {
                SemSMIMELog.d("%s::getCertificate() - End", TAG);
                return x509Certificate;
            }
            SemSMIMELog.sysI("%s::getCertificate() - alias[%s], cert : Subject DN[%s], Issuer DN[%s]", TAG, str, x509Certificate != null ? x509Certificate.getSubjectDN().getName() : "", x509Certificate != null ? x509Certificate.getIssuerDN().getName() : "");
            SemSMIMELog.d("%s::getCertificate() - cert[%s] End", TAG, x509Certificate);
            return x509Certificate;
        } catch (Exception e) {
            e.printStackTrace();
            throw new CertificateManagerException(e.getMessage(), e);
        }
    }

    public Key getPrivateKey(String str) throws CertificateManagerException {
        try {
            if (TYPE_ANDROID_KEYSTORE.equals(this.mKeyStoreType)) {
                return SemCertificateUtil.getPrivateKey(this.mContext, str);
            }
            if (this.mKeyStore == null) {
                return null;
            }
            Key key = this.mKeyStore.getKey(str, this.mPassword.toCharArray());
            if (key instanceof PrivateKey) {
                return key;
            }
            return null;
        } catch (Exception e) {
            SemSMIMELog.sysE("%s::getPrivateKey() - occur exception[%s]", TAG, e.toString());
            e.printStackTrace();
            throw new CertificateManagerException(e.getMessage());
        }
    }

    public String getSubject(String str) throws CertificateManagerException {
        if (getCertificate(str) != null) {
            return getCertificate(str).getSubjectDN().getName();
        }
        return null;
    }

    public String importCertificate(File file, String str) throws CertificateManagerException {
        try {
            return importCertificate(new FileInputStream(file), str, null);
        } catch (FileNotFoundException e) {
            e.printStackTrace();
            throw new CertificateManagerException(e.getMessage(), 1);
        }
    }

    public String importCertificate(InputStream inputStream, String str, String str2) throws CertificateManagerException {
        int i;
        String str3 = null;
        try {
            try {
                try {
                    if (!bindKeyStoreProxy()) {
                        throw new CertificateManagerException(KEYSTORE_PROXY_SERVICE_CONNECTION_ERROR);
                    }
                    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
                    keyStore.load(inputStream, str.toCharArray());
                    Enumeration<String> aliases = keyStore.aliases();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    KeyStore keyStore2 = KeyStore.getInstance("PKCS12", "BC");
                    keyStore2.load(null, str.toCharArray());
                    while (aliases != null && aliases.hasMoreElements() && 0 == 0) {
                        String nextElement = aliases.nextElement();
                        if (str2 != null) {
                            nextElement = str2;
                        }
                        Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                        Key key = keyStore.getKey(nextElement, str.toCharArray());
                        if (key instanceof PrivateKey) {
                            String replace = nextElement.trim().replace(' ', '_');
                            X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length - 1];
                            X509Certificate x509Certificate = null;
                            int length = certificateChain.length;
                            int i2 = 0;
                            int i3 = 0;
                            while (i2 < length) {
                                Certificate certificate = certificateChain[i2];
                                if (isCa((X509Certificate) certificate)) {
                                    i = i3 + 1;
                                    x509CertificateArr[i3] = (X509Certificate) certificate;
                                } else {
                                    x509Certificate = (X509Certificate) certificate;
                                    i = i3;
                                }
                                i2++;
                                i3 = i;
                            }
                            ClientCertificateManager clientCertificateManagerPolicy = EnterpriseKnoxManager.getInstance().getClientCertificateManagerPolicy(this.mContext);
                            if (!isCCMEnabled(this.mContext)) {
                                keyStore2.setKeyEntry(replace, key, str.toCharArray(), new Certificate[]{x509Certificate});
                                keyStore2.store(byteArrayOutputStream, str.toCharArray());
                                SemCertByte semCertByte = new SemCertByte();
                                semCertByte.certsize = byteArrayOutputStream.size();
                                semCertByte.certBytes = byteArrayOutputStream.toByteArray();
                                byte[] convertToPem = convertToPem(x509CertificateArr);
                                semCertByte.caSize = convertToPem.length;
                                semCertByte.caCertBytes = convertToPem;
                                int installCertInAndroidKeyStore = sRemoteServiceKeystore.installCertInAndroidKeyStore(semCertByte, replace, str.toCharArray(), false, Process.myUid());
                                SemSMIMELog.d("%s::Status code from SCEP proxy for cert installation statusCode[%s]", TAG, Integer.valueOf(installCertInAndroidKeyStore));
                                if (installCertInAndroidKeyStore != 0) {
                                    SemSMIMELog.sysW("%s::EMAIL Key Installation alias[%s] FAILURE", TAG, replace);
                                    throw new CertificateManagerException(KEYSTORE_PROXY_CERT_INSTALL_ERROR);
                                }
                                SemSMIMELog.d("%s::EMAIL Key Installation alias[%s] SUCCESS", TAG, replace);
                                sRemoteServiceKeystore.grantAccess(this.mContext.getPackageManager().getApplicationInfo("com.samsung.android.email.provider", 128).uid, replace);
                                str3 = replace;
                            } else {
                                if (!"RSA".equals(key.getAlgorithm())) {
                                    throw new CertificateManagerException(CERTIFICATE_NOT_SUPPORTED);
                                }
                                keyStore2.setKeyEntry(replace, key, str.toCharArray(), certificateChain);
                                keyStore2.store(byteArrayOutputStream, str.toCharArray());
                                CertificateProfile certificateProfile = new CertificateProfile();
                                certificateProfile.alias = replace;
                                certificateProfile.allowAllPackages = true;
                                if (clientCertificateManagerPolicy != null) {
                                    if (!clientCertificateManagerPolicy.installCertificate(certificateProfile, byteArrayOutputStream.toByteArray(), str)) {
                                        SemSMIMELog.sysE("%s::importCertificate() - EMAIL CCM Key Installation alias[%s] FAILURE", TAG, replace);
                                        throw new CertificateManagerException(KEYSTORE_PROXY_CERT_INSTALL_ERROR);
                                    }
                                    SemSMIMELog.d("%s::importCertificate() - EMAIL CCM Key Installation alias[%s] SUCCESS", TAG, replace);
                                    str3 = replace;
                                }
                            }
                            if (x509CertificateArr.length > 0) {
                                SemCertAndroidKeyStore semCertAndroidKeyStore = new SemCertAndroidKeyStore();
                                semCertAndroidKeyStore.certs = x509CertificateArr;
                                SemSMIMELog.d("%s::Status code from SCEP proxy for CA cert installation statusCode[%s]", TAG, Integer.valueOf(sRemoteServiceKeystore.installCaCert(semCertAndroidKeyStore)));
                            }
                        }
                    }
                    return str3;
                } finally {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                            e.printStackTrace();
                        }
                    }
                }
            } catch (IOException e2) {
                e2.printStackTrace();
                throw new CertificateManagerException(e2.getMessage(), 2);
            }
        } catch (Exception e3) {
            e3.printStackTrace();
            throw new CertificateManagerException(e3.getMessage(), 0);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:33:0x0084  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void refresh() throws com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateManagerException {
        /*
            r9 = this;
            r7 = 1
            r6 = 0
            android.content.Context r3 = r9.mContext     // Catch: java.lang.Exception -> L61
            android.content.ContentResolver r3 = r3.getContentResolver()     // Catch: java.lang.Exception -> L61
            android.net.Uri r4 = com.samsung.android.emailcommon.provider.EmailContent.CONTENT_URI     // Catch: java.lang.Exception -> L61
            java.io.InputStream r2 = r3.openInputStream(r4)     // Catch: java.lang.Exception -> L61
            r4 = 0
            java.security.KeyStore r3 = r9.mKeyStore     // Catch: java.lang.Throwable -> L7c java.lang.Throwable -> L93
            java.lang.String r5 = r9.mPassword     // Catch: java.lang.Throwable -> L7c java.lang.Throwable -> L93
            char[] r5 = r5.toCharArray()     // Catch: java.lang.Throwable -> L7c java.lang.Throwable -> L93
            r3.load(r2, r5)     // Catch: java.lang.Throwable -> L7c java.lang.Throwable -> L93
            if (r2 == 0) goto L21
            if (r4 == 0) goto L78
            r2.close()     // Catch: java.lang.Throwable -> L5c java.lang.Exception -> L61
        L21:
            java.security.KeyStore r3 = r9.mKeyStore     // Catch: java.lang.Exception -> L57
            java.util.Enumeration r1 = r3.aliases()     // Catch: java.lang.Exception -> L57
            boolean r3 = r1.hasMoreElements()     // Catch: java.lang.Exception -> L57
            if (r3 != 0) goto L3b
            java.lang.String r3 = "%s::refresh() - Empty Keystore!!!"
            r4 = 1
            java.lang.Object[] r4 = new java.lang.Object[r4]     // Catch: java.lang.Exception -> L57
            r5 = 0
            java.lang.String r6 = com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateMgr.TAG     // Catch: java.lang.Exception -> L57
            r4[r5] = r6     // Catch: java.lang.Exception -> L57
            com.samsung.android.emailcommon.log.SemSMIMELog.sysW(r3, r4)     // Catch: java.lang.Exception -> L57
        L3b:
            boolean r3 = r1.hasMoreElements()     // Catch: java.lang.Exception -> L57
            if (r3 == 0) goto L5b
            java.lang.String r3 = "%s::refresh() - alias[%s]"
            r4 = 2
            java.lang.Object[] r4 = new java.lang.Object[r4]     // Catch: java.lang.Exception -> L57
            r5 = 0
            java.lang.String r6 = com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateMgr.TAG     // Catch: java.lang.Exception -> L57
            r4[r5] = r6     // Catch: java.lang.Exception -> L57
            r5 = 1
            java.lang.Object r6 = r1.nextElement()     // Catch: java.lang.Exception -> L57
            r4[r5] = r6     // Catch: java.lang.Exception -> L57
            com.samsung.android.emailcommon.log.SemSMIMELog.d(r3, r4)     // Catch: java.lang.Exception -> L57
            goto L3b
        L57:
            r0 = move-exception
            r0.printStackTrace()
        L5b:
            return
        L5c:
            r3 = move-exception
            r4.addSuppressed(r3)     // Catch: java.lang.Exception -> L61
            goto L21
        L61:
            r0 = move-exception
            java.lang.String r3 = "%s::refresh() - error while loading certificate"
            java.lang.Object[] r4 = new java.lang.Object[r7]
            java.lang.String r5 = com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateMgr.TAG
            r4[r6] = r5
            com.samsung.android.emailcommon.log.SemSMIMELog.sysE(r3, r4)
            com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateManagerException r3 = new com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateManagerException
            java.lang.String r4 = r0.getMessage()
            r3.<init>(r4, r0)
            throw r3
        L78:
            r2.close()     // Catch: java.lang.Exception -> L61
            goto L21
        L7c:
            r3 = move-exception
            throw r3     // Catch: java.lang.Throwable -> L7e
        L7e:
            r4 = move-exception
            r8 = r4
            r4 = r3
            r3 = r8
        L82:
            if (r2 == 0) goto L89
            if (r4 == 0) goto L8f
            r2.close()     // Catch: java.lang.Exception -> L61 java.lang.Throwable -> L8a
        L89:
            throw r3     // Catch: java.lang.Exception -> L61
        L8a:
            r5 = move-exception
            r4.addSuppressed(r5)     // Catch: java.lang.Exception -> L61
            goto L89
        L8f:
            r2.close()     // Catch: java.lang.Exception -> L61
            goto L89
        L93:
            r3 = move-exception
            goto L82
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateMgr.refresh():void");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeCertificate(String str) throws CertificateManagerException {
        if (str != null) {
            try {
                ArrayList<ContentProviderOperation> arrayList = new ArrayList<>();
                arrayList.add(ContentProviderOperation.newUpdate(EmailContent.Account.CONTENT_URI).withSelection("smimeOwnCertificateAlias=?", new String[]{str}).withValue(EmailContent.AccountColumns.SMIME_OWN_ENCRYPT_CERT_ALIAS, null).build());
                arrayList.add(ContentProviderOperation.newUpdate(EmailContent.Account.CONTENT_URI).withSelection("smimeOwnSignCertAlias=?", new String[]{str}).withValue(EmailContent.AccountColumns.SMIME_OWN_SIGN_CERT_ALIAS, null).build());
                this.mContext.getContentResolver().applyBatch("com.samsung.android.email.provider", arrayList);
            } catch (Exception e) {
                e.printStackTrace();
                throw new CertificateManagerException(e.getMessage());
            }
        }
    }
}
