package com.samsung.android.email.sync.emailsecurity.smime.Certificate;

import android.content.Context;
import android.net.Uri;
import android.os.Build;
import android.os.Bundle;
import android.util.Base64;
import com.android.sec.org.bouncycastle.asn1.ASN1Encodable;
import com.android.sec.org.bouncycastle.asn1.ASN1InputStream;
import com.android.sec.org.bouncycastle.asn1.ASN1OctetString;
import com.android.sec.org.bouncycastle.asn1.ASN1Sequence;
import com.android.sec.org.bouncycastle.asn1.DEROctetString;
import com.android.sec.org.bouncycastle.asn1.DERPrintableString;
import com.android.sec.org.bouncycastle.asn1.DERTaggedObject;
import com.android.sec.org.bouncycastle.asn1.x509.Extension;
import com.android.sec.org.bouncycastle.util.io.pem.PemObject;
import com.android.sec.org.bouncycastle.util.io.pem.PemWriter;
import com.samsung.android.email.commonutil.DeviceWrapper;
import com.samsung.android.email.provider.R;
import com.samsung.android.email.provider.notification.SemNotificationManager;
import com.samsung.android.email.sync.emailsecurity.cac.CACManager;
import com.samsung.android.email.sync.emailsecurity.smime.DatabaseUtils;
import com.samsung.android.email.sync.emailsecurity.smime.FIPSAlgorithmUtils;
import com.samsung.android.email.sync.emailsecurity.smime.ISemSMIMEConst;
import com.samsung.android.email.sync.emailsecurity.smime.Recipient.SemRecipientUtil;
import com.samsung.android.email.sync.restrictions.RestrictionsProviderUtils;
import com.samsung.android.emailcommon.crypto.AESEncryptionUtil;
import com.samsung.android.emailcommon.exception.MessagingException;
import com.samsung.android.emailcommon.log.SemSMIMELog;
import com.samsung.android.emailcommon.mail.Address;
import com.samsung.android.emailcommon.preferences.DebugSettingPreference;
import com.samsung.android.emailcommon.provider.EmailContent;
import com.samsung.android.emailcommon.service.ProxyArgs;
import com.samsung.android.emailcommon.utility.Utility;
import com.sec.android.smimeutil.NativeSMIMEHelper;
import com.sec.android.smimeutil.SecCertificateMgr;
import com.sec.android.smimeutil.SemCertificateMgr;
import com.sec.android.smimeutil.SemNativeSMIMEHelper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes22.dex */
public class SemCertificateUtil implements ISemSMIMEConst {
    public static final int CERTIFICATE_COMMON = 1;
    public static final int CERTIFICATE_ENCRYPTION = 2;
    public static final int CERTIFICATE_SIGNING = 3;
    private static final int CERTIFICATE_UNKNOWN = 4;
    private static final String EMAIL_LDAP_AUTHORITY = "com.samsung.android.email.directory.provider";
    private static final boolean USE_EXCHANGE_CERTIFICATE = true;
    private static final boolean USE_LDAP_CERTIFICATE = true;
    private static final int VALIDATE_STATUS_INVALID_FOR_SINING = 6;
    private static final int VALIDATE_STATUS_OK = 1;
    private static final int VALIDATE_STATUS_REVOCATION_SERVER_IS_OFFLINE = 14;
    private static final int VALIDATE_STATUS_UNKNOWN_SERVER_ERROR = 17;
    public static final String TAG = SemCertificateUtil.class.getSimpleName();
    private static String CRL_DIR_PATH = null;
    private static final Uri CRL_CONTENT_URI = Uri.parse(EmailContent.CONTENT_URI + "/crlCache");
    private static final Uri CERTIFICATE_SEARCH_URI = Uri.parse("content://com.samsung.android.email.directory.provider/certificate/*");
    private static boolean isRevocationEnabled = false;
    private static boolean isOCSPEnabled = false;
    private static final char[] HEX_DIGITS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
    private static final char[] HEX_LOWER_CASE_DIGITS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    /* loaded from: classes22.dex */
    public static class RevocationInfo {
        String emailAddress;
        int resourceID = -1;
        String genericMessage = null;
        int revocationStatus = 1;

        RevocationInfo() {
        }

        public String getEmailAddress() {
            return this.emailAddress;
        }

        String getGenericMessage() {
            return this.genericMessage;
        }

        int getResourceID() {
            return this.resourceID;
        }

        int getRevocationStatus() {
            return this.revocationStatus;
        }

        public void setEmailAddress(String str) {
            this.emailAddress = str;
        }
    }

    private static StringBuilder appendByteAsHex(StringBuilder sb, byte b, boolean z) {
        char[] cArr = z ? HEX_DIGITS : HEX_LOWER_CASE_DIGITS;
        sb.append(cArr[(b >> 4) & 15]);
        sb.append(cArr[b & 15]);
        return sb;
    }

    /* JADX WARN: Removed duplicated region for block: B:25:0x0047  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static boolean[] checkCertAliasExistence(android.content.Context r14, java.lang.String[] r15) {
        /*
            r13 = 1
            r12 = 0
            java.lang.String r9 = "%s::checkCertAliasExistence() - Start"
            java.lang.Object[] r10 = new java.lang.Object[r13]
            java.lang.String r11 = com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.TAG
            r10[r12] = r11
            com.samsung.android.emailcommon.log.SemSMIMELog.d(r9, r10)
            int r9 = r15.length
            boolean[] r8 = new boolean[r9]
            r4 = 0
        L12:
            int r9 = r8.length
            if (r4 >= r9) goto L1a
            r8[r4] = r12
            int r4 = r4 + 1
            goto L12
        L1a:
            java.lang.String r6 = com.samsung.android.email.commonutil.DeviceWrapper.getDeviceId(r14)     // Catch: com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateManagerException -> L3a java.lang.NullPointerException -> L6e java.io.IOException -> L70
            com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateMgr r5 = new com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateMgr     // Catch: com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateManagerException -> L3a java.lang.NullPointerException -> L6e java.io.IOException -> L70
            r5.<init>(r6, r14)     // Catch: com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateManagerException -> L3a java.lang.NullPointerException -> L6e java.io.IOException -> L70
            r4 = 0
        L24:
            int r9 = r15.length     // Catch: com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateManagerException -> L3a java.lang.NullPointerException -> L6e java.io.IOException -> L70
            if (r4 >= r9) goto L3e
            r0 = r15[r4]     // Catch: com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateManagerException -> L3a java.lang.NullPointerException -> L6e java.io.IOException -> L70
            java.security.cert.X509Certificate r1 = r5.getCertificate(r0)     // Catch: com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateManagerException -> L35 java.lang.NullPointerException -> L6e java.io.IOException -> L70
            if (r1 == 0) goto L32
            r9 = 1
            r8[r4] = r9     // Catch: com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateManagerException -> L35 java.lang.NullPointerException -> L6e java.io.IOException -> L70
        L32:
            int r4 = r4 + 1
            goto L24
        L35:
            r3 = move-exception
            r3.printStackTrace()     // Catch: com.samsung.android.email.sync.emailsecurity.smime.Certificate.CertificateManagerException -> L3a java.lang.NullPointerException -> L6e java.io.IOException -> L70
            goto L32
        L3a:
            r2 = move-exception
        L3b:
            r2.printStackTrace()
        L3e:
            java.lang.StringBuilder r7 = new java.lang.StringBuilder
            r7.<init>()
            r4 = 0
        L44:
            int r9 = r8.length
            if (r4 >= r9) goto L5a
            boolean r9 = r8[r4]
            r7.append(r9)
            int r9 = r8.length
            int r9 = r9 + (-1)
            if (r4 >= r9) goto L57
            java.lang.String r9 = ", "
            r7.append(r9)
        L57:
            int r4 = r4 + 1
            goto L44
        L5a:
            java.lang.String r9 = "%s::checkCertAliasExistence() - success[%s]"
            r10 = 2
            java.lang.Object[] r10 = new java.lang.Object[r10]
            java.lang.String r11 = com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.TAG
            r10[r12] = r11
            java.lang.String r11 = r7.toString()
            r10[r13] = r11
            com.samsung.android.emailcommon.log.SemSMIMELog.d(r9, r10)
            return r8
        L6e:
            r2 = move-exception
            goto L3b
        L70:
            r2 = move-exception
            goto L3b
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.checkCertAliasExistence(android.content.Context, java.lang.String[]):boolean[]");
    }

    public static SemResolveRecipientResult checkCertificateOfRecipient(Context context, long j, Address[] addressArr) {
        int i;
        if (addressArr == null) {
            return new SemResolveRecipientResult(-1);
        }
        DebugSettingPreference debugSettingPreference = DebugSettingPreference.getInstance(context);
        boolean z = debugSettingPreference != null && debugSettingPreference.getEnableSMIMELog();
        int length = addressArr.length;
        int i2 = 0;
        int i3 = 0;
        while (i2 < length) {
            Address address = addressArr[i2];
            if (z) {
                i = i3 + 1;
                SemSMIMELog.sysD("%s::getCertCount() - emailAddresses[%s] = %s", TAG, Integer.valueOf(i3), address);
            } else {
                i = i3 + 1;
                SemSMIMELog.d("%s::getCertCount() - emailAddresses[%s] = %s", TAG, Integer.valueOf(i3), Utility.getSecureAddress(address.toString()));
            }
            i2++;
            i3 = i;
        }
        return getCertificates(context, j, addressArr, z);
    }

    private static ArrayList<RevocationInfo> checkRevocationStatus(Context context, long j, boolean z, ArrayList<SemRecipientCertificateInfo> arrayList) {
        ArrayList<RevocationInfo> arrayList2 = new ArrayList<>();
        SemSMIMELog.d("%s::checkRevocationStatus() - start.", TAG);
        if (context != null) {
            try {
                DatabaseUtils.setContext(context);
                if (!z) {
                    loadAllMdmCertificatePolicies(context);
                }
                DatabaseUtils.setDATABASE_PATH(context.getDatabasePath("EmailProvider.db").getAbsolutePath());
                try {
                    File file = new File(context.getFilesDir() + File.separator + "crls");
                    if (!file.exists()) {
                        file.mkdir();
                    }
                    if (!file.isDirectory()) {
                        file.mkdir();
                    }
                    CRL_DIR_PATH = file.getAbsolutePath();
                } catch (Exception e) {
                    e.printStackTrace();
                }
                DatabaseUtils.setCRL_DIR_PATH(CRL_DIR_PATH);
                DatabaseUtils.setCONTENT_URI(CRL_CONTENT_URI);
                Iterator<SemRecipientCertificateInfo> it = arrayList.iterator();
                while (it.hasNext()) {
                    SemRecipientCertificateInfo next = it.next();
                    Iterator<X509Certificate> it2 = next.mX509CertificateList.iterator();
                    while (it2.hasNext()) {
                        X509Certificate next2 = it2.next();
                        SemSMIMELog.d("%s::checkRevocationStatus() - cert.mCertificate instanceof X509Certificate.", TAG);
                        SemSMIMELog.d("%s::checkRevocationStatus() - Signature algorithm OID od the certificate is FIPS approved? = [%s]", TAG, Boolean.valueOf(FIPSAlgorithmUtils.isFIPSApproved(next2)));
                        RevocationInfo doRevocationChk = doRevocationChk(context, j, next2, "AndroidOpenSSL");
                        doRevocationChk.setEmailAddress(next.mEmail);
                        arrayList2.add(doRevocationChk);
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                return null;
            }
        }
        SemSMIMELog.d("%s::checkRevocationStatus() - return resultList.", TAG);
        return arrayList2;
    }

    public static byte[] convertToPem(Certificate... certificateArr) throws CertificateEncodingException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream, StandardCharsets.US_ASCII));
        for (Certificate certificate : certificateArr) {
            pemWriter.writeObject(new PemObject("CERTIFICATE", certificate.getEncoded()));
        }
        pemWriter.close();
        return byteArrayOutputStream.toByteArray();
    }

    public static X509Certificate convertToX509(String str) throws CertificateUtilException {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            if (!str.startsWith("-----BEGIN CERTIFICATE-----")) {
                str = "-----BEGIN CERTIFICATE-----\n" + str + "\n-----END CERTIFICATE-----";
            }
            return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            throw new CertificateUtilException("error while converting certificate. " + e.getMessage());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static RevocationInfo doRevocationChk(Context context, long j, X509Certificate x509Certificate, String str) {
        SemSMIMELog.d("%s::doRevocationChk() - start.", TAG);
        RevocationInfo revocationInfo = new RevocationInfo();
        Certificate[] certificateArr = null;
        try {
            List<X509Certificate> certificateChain = Build.VERSION.SDK_INT <= 26 ? NativeSMIMEHelper.getCertificateChain(x509Certificate) : SemNativeSMIMEHelper.getCertificateChain(x509Certificate);
            if (certificateChain != null) {
                if (certificateChain.size() == 1) {
                    throw new CertPathValidatorException("Trust anchor not found,");
                }
                certificateArr = new X509Certificate[certificateChain.size()];
                SemSMIMELog.i("%s::doRevocationChk() - size[%s]", TAG, Integer.valueOf(certificateChain.size()));
                for (int i = 0; i < certificateChain.size(); i++) {
                    certificateArr[i] = certificateChain.get(i);
                }
            }
            if (certificateArr == null) {
                SemSMIMELog.i("%s::doRevocationChk() - Nothing found from OpenSSL trusted store.", TAG);
                certificateArr = new Certificate[1];
            }
            certificateArr[0] = x509Certificate;
            List<? extends Certificate> asList = Arrays.asList(certificateArr);
            CertificateFactory certificateFactory = null;
            try {
                certificateFactory = CertificateFactory.getInstance("X.509", str);
            } catch (CertificateException e) {
                e.printStackTrace();
                SemSMIMELog.e("%s::doRevocationChk() - Failed to make factory for %s", TAG, str);
            }
            CertPath generateCertPath = certificateFactory != null ? certificateFactory.generateCertPath(asList) : null;
            if (generateCertPath == null || asList.size() <= 1) {
                return revocationInfo;
            }
            SemSMIMELog.d("%s::doRevocationChk() - certList.size() > 1", TAG);
            List<? extends Certificate> certificates = generateCertPath.getCertificates();
            X509Certificate[] x509CertificateArr = new X509Certificate[certificates.size()];
            for (int i2 = 0; i2 < certificates.size(); i2++) {
                x509CertificateArr[i2] = certificates.get(i2);
            }
            return performCertValidation(context, j, x509CertificateArr);
        } catch (Exception e2) {
            revocationInfo.revocationStatus = 0;
            revocationInfo.genericMessage = e2.getMessage();
            e2.printStackTrace();
            return revocationInfo;
        } catch (NoClassDefFoundError e3) {
            e = e3;
            SemNotificationManager.createUpdateNotification(context, j);
            revocationInfo.revocationStatus = 0;
            revocationInfo.genericMessage = e.getMessage();
            e.printStackTrace();
            return revocationInfo;
        } catch (UnsatisfiedLinkError e4) {
            e = e4;
            SemNotificationManager.createUpdateNotification(context, j);
            revocationInfo.revocationStatus = 0;
            revocationInfo.genericMessage = e.getMessage();
            e.printStackTrace();
            return revocationInfo;
        }
    }

    public static String fingerprint(byte[] bArr) {
        if (bArr == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < bArr.length; i++) {
            appendByteAsHex(sb, bArr[i], true);
            if (i + 1 != bArr.length) {
                sb.append(':');
            }
        }
        return sb.toString();
    }

    private static String getAKId(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId());
        if (extensionValue == null || extensionValue.length == 0) {
            return "";
        }
        try {
            return getByteArrayFromAsn1(getAsn1SequenceFromBytes(extensionValue).getObjectAt(0));
        } catch (CertificateParsingException e) {
            e.printStackTrace();
            return "";
        }
    }

    private static ASN1Sequence getAsn1SequenceFromBytes(byte[] bArr) throws CertificateParsingException {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
            Throwable th = null;
            try {
                ASN1Sequence asn1SequenceFromStream = getAsn1SequenceFromStream(aSN1InputStream);
                if (aSN1InputStream != null) {
                    if (0 != 0) {
                        try {
                            aSN1InputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        aSN1InputStream.close();
                    }
                }
                return asn1SequenceFromStream;
            } finally {
            }
        } catch (IOException e) {
            throw new CertificateParsingException("Failed to parse SEQUENCE", e);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:29:0x0069  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static com.android.sec.org.bouncycastle.asn1.ASN1Sequence getAsn1SequenceFromStream(com.android.sec.org.bouncycastle.asn1.ASN1InputStream r7) throws java.io.IOException, java.security.cert.CertificateParsingException {
        /*
            com.android.sec.org.bouncycastle.asn1.ASN1Primitive r0 = r7.readObject()
            boolean r2 = r0 instanceof com.android.sec.org.bouncycastle.asn1.ASN1OctetString
            if (r2 != 0) goto L2a
            java.security.cert.CertificateParsingException r2 = new java.security.cert.CertificateParsingException
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            r3.<init>()
            java.lang.String r4 = "Expected octet stream, found "
            java.lang.StringBuilder r3 = r3.append(r4)
            java.lang.Class r4 = r0.getClass()
            java.lang.String r4 = r4.getName()
            java.lang.StringBuilder r3 = r3.append(r4)
            java.lang.String r3 = r3.toString()
            r2.<init>(r3)
            throw r2
        L2a:
            com.android.sec.org.bouncycastle.asn1.ASN1InputStream r1 = new com.android.sec.org.bouncycastle.asn1.ASN1InputStream
            r2 = r0
            com.android.sec.org.bouncycastle.asn1.ASN1OctetString r2 = (com.android.sec.org.bouncycastle.asn1.ASN1OctetString) r2
            byte[] r2 = r2.getOctets()
            r1.<init>(r2)
            r3 = 0
            com.android.sec.org.bouncycastle.asn1.ASN1Primitive r0 = r1.readObject()     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
            boolean r2 = r0 instanceof com.android.sec.org.bouncycastle.asn1.ASN1Sequence     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
            if (r2 != 0) goto L6f
            java.security.cert.CertificateParsingException r2 = new java.security.cert.CertificateParsingException     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
            java.lang.StringBuilder r4 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
            r4.<init>()     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
            java.lang.String r5 = "Expected sequence, found "
            java.lang.StringBuilder r4 = r4.append(r5)     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
            java.lang.Class r5 = r0.getClass()     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
            java.lang.String r5 = r5.getName()     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
            java.lang.StringBuilder r4 = r4.append(r5)     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
            java.lang.String r4 = r4.toString()     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
            r2.<init>(r4)     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
            throw r2     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
        L61:
            r2 = move-exception
            throw r2     // Catch: java.lang.Throwable -> L63
        L63:
            r3 = move-exception
            r6 = r3
            r3 = r2
            r2 = r6
        L67:
            if (r1 == 0) goto L6e
            if (r3 == 0) goto L87
            r1.close()     // Catch: java.lang.Throwable -> L82
        L6e:
            throw r2
        L6f:
            com.android.sec.org.bouncycastle.asn1.ASN1Sequence r0 = (com.android.sec.org.bouncycastle.asn1.ASN1Sequence) r0     // Catch: java.lang.Throwable -> L61 java.lang.Throwable -> L8b
            if (r1 == 0) goto L78
            if (r3 == 0) goto L7e
            r1.close()     // Catch: java.lang.Throwable -> L79
        L78:
            return r0
        L79:
            r2 = move-exception
            r3.addSuppressed(r2)
            goto L78
        L7e:
            r1.close()
            goto L78
        L82:
            r4 = move-exception
            r3.addSuppressed(r4)
            goto L6e
        L87:
            r1.close()
            goto L6e
        L8b:
            r2 = move-exception
            goto L67
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.getAsn1SequenceFromStream(com.android.sec.org.bouncycastle.asn1.ASN1InputStream):com.android.sec.org.bouncycastle.asn1.ASN1Sequence");
    }

    private static String getByteArrayFromAsn1(ASN1Encodable aSN1Encodable) throws CertificateParsingException {
        byte[] octets;
        if (aSN1Encodable == null) {
            throw new CertificateParsingException("Expected DEROctetString");
        }
        if (aSN1Encodable instanceof DERTaggedObject) {
            aSN1Encodable = ((DERTaggedObject) aSN1Encodable).getObject();
        }
        if (aSN1Encodable instanceof DEROctetString) {
            octets = ((ASN1OctetString) aSN1Encodable).getOctets();
        } else {
            if (!(aSN1Encodable instanceof DERPrintableString)) {
                throw new CertificateParsingException("Expected DEROctetString");
            }
            octets = ((DERPrintableString) aSN1Encodable).getOctets();
        }
        return Arrays.toString(octets);
    }

    public static int getCertType(Certificate certificate) {
        boolean[] keyUsage;
        if (!(certificate instanceof X509Certificate) || (keyUsage = ((X509Certificate) certificate).getKeyUsage()) == null) {
            return 4;
        }
        if (keyUsage[0] && keyUsage[2]) {
            return 1;
        }
        if (keyUsage[0]) {
            return 3;
        }
        return keyUsage[2] ? 2 : 4;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:39:0x0088  */
    /* JADX WARN: Removed duplicated region for block: B:49:? A[Catch: Exception -> 0x0065, SYNTHETIC, TRY_ENTER, TryCatch #7 {Exception -> 0x0065, blocks: (B:5:0x0033, B:28:0x005c, B:25:0x006b, B:32:0x0061, B:15:0x0073, B:13:0x007c, B:18:0x0078, B:43:0x008a, B:40:0x0093, B:47:0x008f, B:44:0x008d), top: B:4:0x0033, inners: #4, #5, #8 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.security.cert.X509Certificate[] getCertificateChain(@android.support.annotation.NonNull android.content.Context r11, @android.support.annotation.NonNull java.lang.String r12) {
        /*
            r2 = 1
            r4 = 0
            r9 = 0
            java.lang.String r0 = "%s::getCertificateChain() - start"
            java.lang.Object[] r2 = new java.lang.Object[r2]
            java.lang.String r3 = com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.TAG
            r2[r4] = r3
            com.samsung.android.emailcommon.log.SemSMIMELog.i(r0, r2)
            boolean r0 = com.samsung.android.emailcommon.EmailFeature.isUseCertificateProvider()
            if (r0 == 0) goto L97
            android.net.Uri$Builder r0 = new android.net.Uri$Builder
            r0.<init>()
            java.lang.String r2 = "content"
            android.net.Uri$Builder r0 = r0.scheme(r2)
            java.lang.String r2 = "com.samsung.android.email.SemCertificateProvider"
            android.net.Uri$Builder r0 = r0.authority(r2)
            java.lang.String r2 = "getCertificateChain"
            android.net.Uri$Builder r0 = r0.appendEncodedPath(r2)
            android.net.Uri r1 = r0.build()
            android.content.ContentResolver r0 = r11.getContentResolver()     // Catch: java.lang.Exception -> L65
            r2 = 0
            r3 = 0
            r4 = 1
            java.lang.String[] r4 = new java.lang.String[r4]     // Catch: java.lang.Exception -> L65
            r5 = 0
            r4[r5] = r12     // Catch: java.lang.Exception -> L65
            r5 = 0
            android.database.Cursor r7 = r0.query(r1, r2, r3, r4, r5)     // Catch: java.lang.Exception -> L65
            r2 = 0
            if (r7 == 0) goto L6f
            android.os.Bundle r6 = r7.getExtras()     // Catch: java.lang.Throwable -> L80 java.lang.Throwable -> La4
            if (r6 == 0) goto L6f
            java.lang.String r0 = "email.cert.certificate"
            java.io.Serializable r0 = r6.getSerializable(r0)     // Catch: java.lang.Throwable -> L80 java.lang.Throwable -> La4
            java.security.cert.X509Certificate[] r0 = (java.security.cert.X509Certificate[]) r0     // Catch: java.lang.Throwable -> L80 java.lang.Throwable -> La4
            java.security.cert.X509Certificate[] r0 = (java.security.cert.X509Certificate[]) r0     // Catch: java.lang.Throwable -> L80 java.lang.Throwable -> La4
            if (r7 == 0) goto L5f
            if (r9 == 0) goto L6b
            r7.close()     // Catch: java.lang.Throwable -> L60 java.lang.Exception -> L65
        L5f:
            return r0
        L60:
            r3 = move-exception
            r2.addSuppressed(r3)     // Catch: java.lang.Exception -> L65
            goto L5f
        L65:
            r8 = move-exception
            r8.printStackTrace()
        L69:
            r0 = r9
            goto L5f
        L6b:
            r7.close()     // Catch: java.lang.Exception -> L65
            goto L5f
        L6f:
            if (r7 == 0) goto L69
            if (r9 == 0) goto L7c
            r7.close()     // Catch: java.lang.Exception -> L65 java.lang.Throwable -> L77
            goto L69
        L77:
            r0 = move-exception
            r2.addSuppressed(r0)     // Catch: java.lang.Exception -> L65
            goto L69
        L7c:
            r7.close()     // Catch: java.lang.Exception -> L65
            goto L69
        L80:
            r0 = move-exception
            throw r0     // Catch: java.lang.Throwable -> L82
        L82:
            r2 = move-exception
            r10 = r2
            r2 = r0
            r0 = r10
        L86:
            if (r7 == 0) goto L8d
            if (r2 == 0) goto L93
            r7.close()     // Catch: java.lang.Exception -> L65 java.lang.Throwable -> L8e
        L8d:
            throw r0     // Catch: java.lang.Exception -> L65
        L8e:
            r3 = move-exception
            r2.addSuppressed(r3)     // Catch: java.lang.Exception -> L65
            goto L8d
        L93:
            r7.close()     // Catch: java.lang.Exception -> L65
            goto L8d
        L97:
            java.security.cert.X509Certificate[] r0 = android.security.KeyChain.getCertificateChain(r11, r12)     // Catch: android.security.KeyChainException -> L9c java.lang.InterruptedException -> La2
            goto L5f
        L9c:
            r8 = move-exception
        L9d:
            r8.printStackTrace()
            r0 = r9
            goto L5f
        La2:
            r8 = move-exception
            goto L9d
        La4:
            r0 = move-exception
            r2 = r9
            goto L86
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.getCertificateChain(android.content.Context, java.lang.String):java.security.cert.X509Certificate[]");
    }

    /* JADX WARN: Code restructure failed: missing block: B:100:0x026e, code lost:
    
        com.samsung.android.emailcommon.log.SemSMIMELog.d("%s::getCertificates() - Ldap search success : address[%s]", com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.TAG, com.samsung.android.emailcommon.utility.Utility.getSecureAddress(r2));
     */
    /* JADX WARN: Code restructure failed: missing block: B:88:0x01e0, code lost:
    
        if (r16.moveToFirst() != false) goto L62;
     */
    /* JADX WARN: Code restructure failed: missing block: B:90:0x01f7, code lost:
    
        if (r2.equals(r16.getString(r16.getColumnIndex("email"))) == false) goto L89;
     */
    /* JADX WARN: Code restructure failed: missing block: B:92:0x0298, code lost:
    
        if (r16.moveToNext() != false) goto L152;
     */
    /* JADX WARN: Code restructure failed: missing block: B:97:0x01f9, code lost:
    
        r14 = new java.util.ArrayList();
        r14.add(convertToX509(r16.getString(r16.getColumnIndex("certificate"))));
        r23.addLdapRecipientInfo(new com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemRecipientCertificateInfo(r2, r14));
        r6.remove(r2.toLowerCase());
     */
    /* JADX WARN: Code restructure failed: missing block: B:98:0x0225, code lost:
    
        if (r29 == false) goto L79;
     */
    /* JADX WARN: Code restructure failed: missing block: B:99:0x0227, code lost:
    
        com.samsung.android.emailcommon.log.SemSMIMELog.sysD("%s::getCertificates() - Ldap search success : address[%s], certificateList%s", com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.TAG, r2, r14.toString());
     */
    /* JADX WARN: Removed duplicated region for block: B:110:0x028e  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemResolveRecipientResult getCertificates(android.content.Context r25, long r26, com.samsung.android.emailcommon.mail.Address[] r28, boolean r29) {
        /*
            Method dump skipped, instructions count: 771
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.getCertificates(android.content.Context, long, com.samsung.android.emailcommon.mail.Address[], boolean):com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemResolveRecipientResult");
    }

    public static ArrayList<X509Certificate> getCertificatesOfRecipient(Context context, long j, Address[] addressArr) {
        DebugSettingPreference debugSettingPreference = DebugSettingPreference.getInstance(context);
        return getCertificates(context, j, addressArr, debugSettingPreference != null && debugSettingPreference.getEnableSMIMELog()).getX509CertificateList();
    }

    public static String getMailAddrByAlias(Context context, Bundle bundle) {
        String string;
        if (bundle == null || (string = bundle.getString(ProxyArgs.ARG_ALIAS)) == null) {
            return "";
        }
        try {
            X509Certificate certificate = new CertificateMgr(DeviceWrapper.getDeviceId(context), context).getCertificate(string);
            if (certificate == null) {
                return "";
            }
            Set emailAddresses = Build.VERSION.SDK_INT <= 26 ? SecCertificateMgr.getEmailAddresses(certificate) : SemCertificateMgr.getEmailAddresses(certificate);
            if (emailAddresses == null || emailAddresses.isEmpty()) {
                return "";
            }
            Iterator it = emailAddresses.iterator();
            StringBuilder sb = new StringBuilder(60);
            boolean z = true;
            while (it.hasNext()) {
                sb.append((String) it.next());
                if (z) {
                    z = false;
                } else {
                    sb.append(", ");
                }
            }
            return sb.toString();
        } catch (CertificateManagerException | IOException | CertificateEncodingException e) {
            e.printStackTrace();
            return "";
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:39:0x0086  */
    /* JADX WARN: Removed duplicated region for block: B:49:? A[Catch: Exception -> 0x0063, SYNTHETIC, TRY_ENTER, TryCatch #8 {Exception -> 0x0063, blocks: (B:5:0x0033, B:28:0x005a, B:25:0x0069, B:32:0x005f, B:15:0x0071, B:13:0x007a, B:18:0x0076, B:43:0x0088, B:40:0x0091, B:47:0x008d, B:44:0x008b), top: B:4:0x0033, inners: #2, #3, #6 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.security.PrivateKey getPrivateKey(@android.support.annotation.NonNull android.content.Context r11, @android.support.annotation.NonNull java.lang.String r12) {
        /*
            r2 = 1
            r4 = 0
            r9 = 0
            java.lang.String r0 = "%s::getCertificateChain() - start"
            java.lang.Object[] r2 = new java.lang.Object[r2]
            java.lang.String r3 = com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.TAG
            r2[r4] = r3
            com.samsung.android.emailcommon.log.SemSMIMELog.i(r0, r2)
            boolean r0 = com.samsung.android.emailcommon.EmailFeature.isUseCertificateProvider()
            if (r0 == 0) goto L95
            android.net.Uri$Builder r0 = new android.net.Uri$Builder
            r0.<init>()
            java.lang.String r2 = "content"
            android.net.Uri$Builder r0 = r0.scheme(r2)
            java.lang.String r2 = "com.samsung.android.email.SemCertificateProvider"
            android.net.Uri$Builder r0 = r0.authority(r2)
            java.lang.String r2 = "getPrivateKey"
            android.net.Uri$Builder r0 = r0.appendEncodedPath(r2)
            android.net.Uri r1 = r0.build()
            android.content.ContentResolver r0 = r11.getContentResolver()     // Catch: java.lang.Exception -> L63
            r2 = 0
            r3 = 0
            r4 = 1
            java.lang.String[] r4 = new java.lang.String[r4]     // Catch: java.lang.Exception -> L63
            r5 = 0
            r4[r5] = r12     // Catch: java.lang.Exception -> L63
            r5 = 0
            android.database.Cursor r7 = r0.query(r1, r2, r3, r4, r5)     // Catch: java.lang.Exception -> L63
            r2 = 0
            if (r7 == 0) goto L6d
            android.os.Bundle r6 = r7.getExtras()     // Catch: java.lang.Throwable -> L7e java.lang.Throwable -> La2
            if (r6 == 0) goto L6d
            java.lang.String r0 = "email.cert.private_key"
            java.io.Serializable r0 = r6.getSerializable(r0)     // Catch: java.lang.Throwable -> L7e java.lang.Throwable -> La2
            java.security.PrivateKey r0 = (java.security.PrivateKey) r0     // Catch: java.lang.Throwable -> L7e java.lang.Throwable -> La2
            if (r7 == 0) goto L5d
            if (r9 == 0) goto L69
            r7.close()     // Catch: java.lang.Throwable -> L5e java.lang.Exception -> L63
        L5d:
            return r0
        L5e:
            r3 = move-exception
            r2.addSuppressed(r3)     // Catch: java.lang.Exception -> L63
            goto L5d
        L63:
            r8 = move-exception
            r8.printStackTrace()
        L67:
            r0 = r9
            goto L5d
        L69:
            r7.close()     // Catch: java.lang.Exception -> L63
            goto L5d
        L6d:
            if (r7 == 0) goto L67
            if (r9 == 0) goto L7a
            r7.close()     // Catch: java.lang.Exception -> L63 java.lang.Throwable -> L75
            goto L67
        L75:
            r0 = move-exception
            r2.addSuppressed(r0)     // Catch: java.lang.Exception -> L63
            goto L67
        L7a:
            r7.close()     // Catch: java.lang.Exception -> L63
            goto L67
        L7e:
            r0 = move-exception
            throw r0     // Catch: java.lang.Throwable -> L80
        L80:
            r2 = move-exception
            r10 = r2
            r2 = r0
            r0 = r10
        L84:
            if (r7 == 0) goto L8b
            if (r2 == 0) goto L91
            r7.close()     // Catch: java.lang.Exception -> L63 java.lang.Throwable -> L8c
        L8b:
            throw r0     // Catch: java.lang.Exception -> L63
        L8c:
            r3 = move-exception
            r2.addSuppressed(r3)     // Catch: java.lang.Exception -> L63
            goto L8b
        L91:
            r7.close()     // Catch: java.lang.Exception -> L63
            goto L8b
        L95:
            java.security.PrivateKey r0 = android.security.KeyChain.getPrivateKey(r11, r12)     // Catch: android.security.KeyChainException -> L9a java.lang.InterruptedException -> La0
            goto L5d
        L9a:
            r8 = move-exception
        L9b:
            r8.printStackTrace()
            r0 = r9
            goto L5d
        La0:
            r8 = move-exception
            goto L9b
        La2:
            r0 = move-exception
            r2 = r9
            goto L84
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.getPrivateKey(android.content.Context, java.lang.String):java.security.PrivateKey");
    }

    public static Bundle importCertificate(Context context, String str, String str2) {
        String str3 = null;
        try {
            String AESDecryption = AESEncryptionUtil.AESDecryption(str2);
            CertificateMgr certificateMgr = new CertificateMgr(DeviceWrapper.getDeviceId(context), context);
            File file = new File(str);
            str3 = file.exists() ? certificateMgr.importCertificate(file, AESDecryption) : certificateMgr.importCertificate(EmailContent.MDMCertificates.getCertificateData(context, str), AESDecryption, null);
            SemSMIMELog.d("%s::installCertificate() : Alias[%s]", TAG, str3);
        } catch (CertificateManagerException e) {
            e.printStackTrace();
            Bundle bundle = new Bundle();
            bundle.putString(ProxyArgs.ARG_ALIAS, str3);
            bundle.putString(ProxyArgs.ARG_EXCEPTION_STRING, "CERT_IMPORT_NOT_SUCCESSFULL");
            bundle.putInt(ProxyArgs.ARG_CERT_ERROR_CODE, e.getErrorCode());
            return bundle;
        } catch (FileNotFoundException e2) {
            e2.printStackTrace();
            Bundle bundle2 = new Bundle();
            bundle2.putString(ProxyArgs.ARG_ALIAS, str3);
            bundle2.putString(ProxyArgs.ARG_EXCEPTION_STRING, "CERT_IMPORT_NOT_SUCCESSFULL");
            bundle2.putInt(ProxyArgs.ARG_CERT_ERROR_CODE, 1);
            return bundle2;
        } catch (IOException e3) {
            e3.printStackTrace();
        }
        Bundle bundle3 = new Bundle();
        bundle3.putString(ProxyArgs.ARG_ALIAS, str3);
        bundle3.putString(ProxyArgs.ARG_EXCEPTION_STRING, null);
        return bundle3;
    }

    /* JADX WARN: Removed duplicated region for block: B:49:0x0133  */
    /* JADX WARN: Removed duplicated region for block: B:66:0x0071  */
    /* JADX WARN: Removed duplicated region for block: B:71:0x0142  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static android.os.Bundle importCertificate(android.content.Context r25, java.lang.String r26, java.lang.String r27, java.lang.String r28, java.lang.String r29) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 447
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.importCertificate(android.content.Context, java.lang.String, java.lang.String, java.lang.String, java.lang.String):android.os.Bundle");
    }

    public static boolean isRevocationProcessEnabled(Context context) {
        boolean z = false;
        try {
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (!RestrictionsProviderUtils.certRevocationCheckEnabled(context)) {
            if (!Utility.getBooleanFromSecContentProvider(context, Utility.getCertificatePolicy(), null, "isRevocationCheckEnabled", false).booleanValue()) {
                z = false;
                SemSMIMELog.d("%s::isRevocationProcessEnabled() - isRevocationEnabled[%s]", TAG, Boolean.valueOf(z));
                return z;
            }
        }
        z = true;
        SemSMIMELog.d("%s::isRevocationProcessEnabled() - isRevocationEnabled[%s]", TAG, Boolean.valueOf(z));
        return z;
    }

    private static void loadAllMdmCertificatePolicies(Context context) {
        try {
            isRevocationEnabled = RestrictionsProviderUtils.certRevocationCheckEnabled(context) || Utility.getBooleanFromSecContentProvider(context, Utility.getCertificatePolicy(), null, "isRevocationCheckEnabled", false).booleanValue();
            isOCSPEnabled = RestrictionsProviderUtils.certOcspCheckEnabled(context) || Utility.getBooleanFromSecContentProvider(context, Utility.getCertificatePolicy(), null, "isOcspCheckEnabled", false).booleanValue();
            SemSMIMELog.d("%s::loadAllMdmCertificatePolicies() - isRevocationEnabled[%s], isOCSPEnabled[%s]", TAG, Boolean.valueOf(isRevocationEnabled), Boolean.valueOf(isOCSPEnabled));
        } catch (Exception e) {
            SemSMIMELog.sysE("%s::loadAllMdmCertificatePolicies() - Fail.", TAG);
            e.printStackTrace();
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:102:0x021f A[Catch: all -> 0x01e7, TRY_ENTER, TryCatch #3 {all -> 0x01e7, blocks: (B:17:0x008a, B:20:0x009c, B:23:0x00bf, B:25:0x00cc, B:33:0x00fb, B:31:0x01a0, B:36:0x016b, B:37:0x00fe, B:39:0x011c, B:41:0x0134, B:52:0x01f8, B:54:0x0210, B:65:0x01b6, B:63:0x01f4, B:68:0x01e3, B:69:0x01b9, B:45:0x013f, B:95:0x0176, B:97:0x018a, B:102:0x021f, B:85:0x01bb, B:87:0x01cc, B:92:0x022b), top: B:16:0x008a, inners: #16, #20 }] */
    /* JADX WARN: Removed duplicated region for block: B:147:0x045f  */
    /* JADX WARN: Removed duplicated region for block: B:220:0x0563  */
    /* JADX WARN: Removed duplicated region for block: B:62:0x01b4  */
    /* JADX WARN: Removed duplicated region for block: B:97:0x018a A[Catch: all -> 0x01e7, TRY_LEAVE, TryCatch #3 {all -> 0x01e7, blocks: (B:17:0x008a, B:20:0x009c, B:23:0x00bf, B:25:0x00cc, B:33:0x00fb, B:31:0x01a0, B:36:0x016b, B:37:0x00fe, B:39:0x011c, B:41:0x0134, B:52:0x01f8, B:54:0x0210, B:65:0x01b6, B:63:0x01f4, B:68:0x01e3, B:69:0x01b9, B:45:0x013f, B:95:0x0176, B:97:0x018a, B:102:0x021f, B:85:0x01bb, B:87:0x01cc, B:92:0x022b), top: B:16:0x008a, inners: #16, #20 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.RevocationInfo performCertValidation(android.content.Context r35, long r36, java.security.cert.Certificate[] r38) {
        /*
            Method dump skipped, instructions count: 1636
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil.performCertValidation(android.content.Context, long, java.security.cert.Certificate[]):com.samsung.android.email.sync.emailsecurity.smime.Certificate.SemCertificateUtil$RevocationInfo");
    }

    public static int removeCertificates(Context context, String[] strArr) throws CertificateManagerException, IOException {
        int i = 0;
        if (strArr == null) {
            return 0;
        }
        CertificateMgr certificateMgr = new CertificateMgr(DeviceWrapper.getDeviceId(context), context);
        for (String str : strArr) {
            try {
                certificateMgr.removeCertificate(str);
                i++;
            } catch (CertificateManagerException e) {
                e.printStackTrace();
            }
        }
        return i;
    }

    private static void setup_rev_info(RevocationInfo revocationInfo, int i) {
        revocationInfo.revocationStatus = 0;
        if (Build.VERSION.SDK_INT <= 26) {
            switch (i) {
                case 0:
                    revocationInfo.revocationStatus = 1;
                    revocationInfo.genericMessage = "Certificate Valid";
                    revocationInfo.resourceID = -1;
                    return;
                case 8:
                    revocationInfo.genericMessage = "CRL Signature Failure.";
                    revocationInfo.resourceID = R.string.crl_signature_failed;
                    return;
                case 10:
                    revocationInfo.genericMessage = "Certificate Expired.";
                    revocationInfo.resourceID = R.string.crl_cert_expired;
                    return;
                case 11:
                    revocationInfo.genericMessage = "CRL not yet valid.";
                    revocationInfo.resourceID = R.string.crl_not_valid;
                    return;
                case 12:
                    revocationInfo.genericMessage = "CRL has expired.";
                    revocationInfo.resourceID = R.string.crl_expired;
                    return;
                case 23:
                    revocationInfo.genericMessage = "Certificate is revoked";
                    revocationInfo.resourceID = R.string.certificate_revoked;
                    return;
                case 27:
                    revocationInfo.genericMessage = "Certificate Untrusted.";
                    revocationInfo.resourceID = R.string.crl_cert_untrusted;
                    return;
                case 28:
                    revocationInfo.genericMessage = "Certificate Rejected in CRL Check.";
                    revocationInfo.resourceID = R.string.crl_cert_rejected;
                    return;
                case 54:
                    revocationInfo.genericMessage = "CRL Path Validation Error.";
                    revocationInfo.resourceID = R.string.crl_path_validation_error;
                    return;
                case 1000:
                    revocationInfo.genericMessage = "Certificate is revoked";
                    revocationInfo.resourceID = R.string.certificate_revoked;
                    return;
                case 1001:
                    revocationInfo.genericMessage = "Certificate Valid.";
                    revocationInfo.revocationStatus = 1;
                    revocationInfo.resourceID = -1;
                    return;
                case 1009:
                    revocationInfo.genericMessage = "Unable to parse OCSP Address";
                    revocationInfo.resourceID = R.string.ocsp_unable_to_parse;
                    return;
                case 1011:
                    revocationInfo.genericMessage = "Unable to connect to OCSP Server.";
                    revocationInfo.resourceID = R.string.ocsp_unable_to_connect;
                    return;
                case 1012:
                    revocationInfo.genericMessage = "Invalid Response";
                    revocationInfo.resourceID = R.string.ocsp_invalid_response;
                    return;
                default:
                    revocationInfo.genericMessage = "Unknown Error.";
                    revocationInfo.resourceID = R.string.crl_unknown_error;
                    return;
            }
        }
        switch (i) {
            case 0:
                revocationInfo.revocationStatus = 1;
                revocationInfo.genericMessage = "Certificate Valid";
                revocationInfo.resourceID = -1;
                return;
            case 8:
                revocationInfo.genericMessage = "CRL Signature Failure.";
                revocationInfo.resourceID = R.string.crl_signature_failed;
                return;
            case 10:
                revocationInfo.genericMessage = "Certificate Expired.";
                revocationInfo.resourceID = R.string.crl_cert_expired;
                return;
            case 11:
                revocationInfo.genericMessage = "CRL not yet valid.";
                revocationInfo.resourceID = R.string.crl_not_valid;
                return;
            case 12:
                revocationInfo.genericMessage = "CRL has expired.";
                revocationInfo.resourceID = R.string.crl_expired;
                return;
            case 23:
                revocationInfo.genericMessage = "Certificate is revoked";
                revocationInfo.resourceID = R.string.certificate_revoked;
                return;
            case 27:
                revocationInfo.genericMessage = "Certificate Untrusted.";
                revocationInfo.resourceID = R.string.crl_cert_untrusted;
                return;
            case 28:
                revocationInfo.genericMessage = "Certificate Rejected in CRL Check.";
                revocationInfo.resourceID = R.string.crl_cert_rejected;
                return;
            case 54:
                revocationInfo.genericMessage = "CRL Path Validation Error.";
                revocationInfo.resourceID = R.string.crl_path_validation_error;
                return;
            case 1000:
                revocationInfo.genericMessage = "Certificate is revoked";
                revocationInfo.resourceID = R.string.certificate_revoked;
                return;
            case 1001:
                revocationInfo.genericMessage = "Certificate Valid.";
                revocationInfo.revocationStatus = 1;
                revocationInfo.resourceID = -1;
                return;
            case 1009:
                revocationInfo.genericMessage = "Unable to parse OCSP Address";
                revocationInfo.resourceID = R.string.ocsp_unable_to_parse;
                return;
            case 1011:
                revocationInfo.genericMessage = "Unable to connect to OCSP Server.";
                revocationInfo.resourceID = R.string.ocsp_unable_to_connect;
                return;
            case 1012:
                revocationInfo.genericMessage = "Invalid Response";
                revocationInfo.resourceID = R.string.ocsp_invalid_response;
                return;
            default:
                revocationInfo.genericMessage = "Unknown Error.";
                revocationInfo.resourceID = R.string.crl_unknown_error;
                return;
        }
    }

    public static SemValidateResult validateCertificateOfRecipient(Context context, long j, SemResolveRecipientResult semResolveRecipientResult) {
        DebugSettingPreference debugSettingPreference = DebugSettingPreference.getInstance(context);
        boolean z = debugSettingPreference != null && debugSettingPreference.getEnableSMIMELog();
        EmailContent.Account restoreAccountWithId = EmailContent.Account.restoreAccountWithId(context, j);
        SemValidateResult semValidateResult = new SemValidateResult(0);
        ArrayList<RevocationInfo> arrayList = null;
        try {
            if (isRevocationProcessEnabled(context)) {
                SemSMIMELog.d("%s::validateCertificateOfRecipient() - isRevocationEnabled is true", TAG);
                arrayList = checkRevocationStatus(context, j, false, semResolveRecipientResult.getRecipientInfoList());
            } else {
                if (semResolveRecipientResult.getResult() == -1) {
                    Iterator<String> it = semResolveRecipientResult.getErrorEmailList().iterator();
                    while (it.hasNext()) {
                        String next = it.next();
                        semValidateResult.addValidateInfo(new SemValidateInfo(next, "COULD_NOT_FETCH_THE_CERTIFICATE_FROM_SERVER"));
                        Object[] objArr = new Object[2];
                        objArr[0] = TAG;
                        if (!z) {
                            next = Utility.getSecureAddress(next);
                        }
                        objArr[1] = next;
                        SemSMIMELog.sysE("%s::validateCertificateOfRecipient() - can not fetch address[%s]", objArr);
                    }
                    semValidateResult.setResult(1);
                    return semValidateResult;
                }
                if (semResolveRecipientResult.mExchangeRecipientInfo.size() > 0) {
                    SemSMIMELog.i("%s::validateCertificateOfRecipient() - isRevocationEnabled is false", TAG);
                    boolean isCredentialAccount = restoreAccountWithId != null ? CACManager.isCredentialAccount(context, restoreAccountWithId.getEmailAddress()) : false;
                    ArrayList<Integer> validateCertificates = validateCertificates(context, j, semResolveRecipientResult.getExchangeX509Certificates());
                    if (validateCertificates == null) {
                        SemSMIMELog.sysE("%s::validateCertificateOfRecipient() - status is null.", TAG);
                        semValidateResult.setResult(1);
                        return semValidateResult;
                    }
                    for (int i = 0; i < validateCertificates.size(); i++) {
                        int intValue = validateCertificates.get(i).intValue();
                        if (intValue != 1 && intValue != 6 && intValue != 14 && intValue != 17) {
                            String emailAddressFromExchangeIndex = semResolveRecipientResult.getEmailAddressFromExchangeIndex(i);
                            Object[] objArr2 = new Object[5];
                            objArr2[0] = TAG;
                            objArr2[1] = Integer.valueOf(i);
                            objArr2[2] = Integer.valueOf(intValue);
                            objArr2[3] = z ? emailAddressFromExchangeIndex : Utility.getSecureAddress(emailAddressFromExchangeIndex);
                            objArr2[4] = Boolean.valueOf(isCredentialAccount);
                            SemSMIMELog.sysE("%s::validateCertificateOfRecipient() - index[%s], status[%s], address[%s], isCredential[%s]", objArr2);
                            semValidateResult.addValidateInfo(new SemValidateInfo(emailAddressFromExchangeIndex, "account_settings_smime_certificate_not_present_or_invalid"));
                            semValidateResult.setResult(1);
                        }
                    }
                } else {
                    SemSMIMELog.sysW("%s::validateCertificateOfRecipient() - exchangeCertificates length is 0.", TAG);
                }
                if (semResolveRecipientResult.mLdapRecipientInfo.size() > 0) {
                    arrayList = checkRevocationStatus(context, j, true, semResolveRecipientResult.mLdapRecipientInfo);
                } else {
                    SemSMIMELog.i("%s::validateCertificateOfRecipient() - ldapCertificates length is 0.", TAG);
                }
            }
            if (arrayList == null) {
                SemSMIMELog.sysW("%s::validateCertificateOfRecipient() - revokationStatus is null.", TAG);
                return semValidateResult;
            }
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                RevocationInfo revocationInfo = arrayList.get(i2);
                int revocationStatus = revocationInfo.getRevocationStatus();
                String genericMessage = revocationInfo.getGenericMessage();
                int resourceID = revocationInfo.getResourceID();
                SemSMIMELog.d("%s::validateCertificateOfRecipient() - checkRevocationStatus result.  rev_status[%s]", TAG, Integer.valueOf(revocationStatus));
                if (revocationStatus != 1) {
                    String emailAddress = revocationInfo.getEmailAddress();
                    Object[] objArr3 = new Object[4];
                    objArr3[0] = TAG;
                    objArr3[1] = z ? emailAddress : Utility.getSecureAddress(emailAddress);
                    objArr3[2] = genericMessage;
                    objArr3[3] = Integer.valueOf(resourceID);
                    SemSMIMELog.sysE("%s::validateCertificateOfRecipient() - Revocation check Failed! address[%s], reason[%s], res_Id[%s]", objArr3);
                    semValidateResult.addValidateInfo(new SemValidateInfo(emailAddress, resourceID + ";" + genericMessage));
                    semValidateResult.setResult(1);
                }
            }
            return semValidateResult;
        } catch (Exception e) {
            SemSMIMELog.sysE("%s::validateCertificateOfRecipient() - Exception[%s]", TAG, e.getMessage());
            e.printStackTrace();
            return null;
        }
    }

    private static ArrayList<Integer> validateCertificates(Context context, long j, ArrayList<X509Certificate> arrayList) throws IllegalArgumentException {
        if (arrayList != null) {
            ArrayList arrayList2 = new ArrayList();
            try {
                Iterator<X509Certificate> it = arrayList.iterator();
                while (it.hasNext()) {
                    arrayList2.add(Base64.encodeToString(it.next().getEncoded(), 2));
                }
                return SemRecipientUtil.doValidateCert(context, j, (String[]) arrayList2.toArray(new String[0]), null, true);
            } catch (MessagingException | CertificateEncodingException e) {
                e.printStackTrace();
            }
        }
        return null;
    }
}
