package com.samsung.android.email.common.util;

import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.os.RemoteException;
import com.samsung.android.email.ui.messagelist.common.MessageListConst;
import com.samsung.android.emailcommon.basic.constant.IntentConst;
import com.samsung.android.emailcommon.basic.general.VersionChecker;
import com.samsung.android.emailcommon.basic.log.EmailLog;
import com.samsung.android.emailcommon.basic.log.SemProtocolLog;
import com.samsung.android.emailcommon.basic.log.SemSMIMELog;
import com.samsung.android.emailcommon.newsecurity.BCConst;
import com.samsung.android.emailcommon.preferences.InternalSettingPreference;
import com.samsung.android.emailcommon.provider.Account;
import com.samsung.android.emailcommon.provider.SdpHelper;
import com.samsung.android.knox.util.SemKeyStoreManager;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.jce.PrincipalUtil;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes2.dex */
public class SemCertificateUtil {
    private static final String TAG = "SemCertificateUtil";

    public static boolean canAccessToKeyStoreWithAlias(Context context, String str) {
        return SemKeyStoreUtil.isUcmAlias(str) || SemKeyStoreUtil.isCCMEnabled(context) || !SemKeyStoreUtil.isAndroidKeyStoreLocked(context);
    }

    public static boolean canInstallCertificate(Context context) {
        return VersionChecker.isQOrAbove() || SemKeyStoreUtil.isCCMEnabled(context) || !SemKeyStoreUtil.isAndroidKeyStoreLocked(context);
    }

    public static void checkCertificatesForInstall(Context context) {
        Intent intent = new Intent();
        intent.setAction(IntentConst.ACTION_INSTALL_MDM_CERTIFICATES);
        if (containsMDMPushedCertificates(context)) {
            try {
                context.startActivity(intent);
            } catch (ActivityNotFoundException e) {
                e.printStackTrace();
            }
        }
    }

    private static boolean containsMDMPushedCertificates(Context context) {
        InternalSettingPreference internalSettingPreference = InternalSettingPreference.getInstance(context);
        return (internalSettingPreference.getMDMSmimeCertsAcc() == null || internalSettingPreference.getMDMSmimeCertsAcc().equals("") || internalSettingPreference.getMDMSmimeCertsAcc().split(MessageListConst.DELIMITER_1).length <= 0 || SemKeyStoreUtil.isCCMEnabled(context)) ? false : true;
    }

    public static String getAlias(Account account) {
        String str = account.mSmimeOwnSignCertAlias;
        EmailLog.vnf(TAG, "alias= " + str);
        return str;
    }

    public static String getAliasNameFromUri(String str) {
        if (str == null) {
            return "";
        }
        try {
            String path = new URI(str).getPath();
            if (path == null) {
                return str;
            }
            String[] split = path.split("/");
            if (split.length <= 0) {
                return str;
            }
            str = split[split.length - 1];
            SemSMIMELog.d("%s::getAliasNameFromUri() - extracted name : ", TAG, str);
            return str;
        } catch (URISyntaxException unused) {
            SemSMIMELog.e("%s::getAliasNameFromUri() - URISyntaxException, Not UCM alias", TAG);
            return str;
        }
    }

    public static String getEmailAddressFromCert(X509Certificate x509Certificate) throws CertificateEncodingException {
        if (x509Certificate == null) {
            return "";
        }
        Set emailAddressSet = getEmailAddressSet(x509Certificate);
        if (emailAddressSet.isEmpty()) {
            return "";
        }
        Iterator it = emailAddressSet.iterator();
        StringBuilder sb = new StringBuilder(60);
        boolean z = true;
        while (it.hasNext()) {
            if (z) {
                z = false;
            } else {
                sb.append(MessageListConst.DELIMITER_1);
            }
            sb.append((String) it.next());
        }
        return sb.toString();
    }

    private static Set getEmailAddressSet(X509Certificate x509Certificate) throws CertificateEncodingException {
        HashSet hashSet = new HashSet();
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                SemSMIMELog.dnf("%s::getEmailAddressSet() - sanCollections size : %s", TAG, Integer.valueOf(subjectAlternativeNames.size()));
                for (List<?> list : subjectAlternativeNames) {
                    if (list != null && list.size() >= 2) {
                        int intValue = ((Integer) list.get(0)).intValue();
                        String str = TAG;
                        SemSMIMELog.dnf("%s::getEmailAddressSet() - type : %s", str, Integer.valueOf(intValue));
                        if (intValue == 1 || intValue == 3) {
                            String lowerCase = ((String) list.get(1)).toLowerCase();
                            SemSMIMELog.dnf("%s::getEmailAddressSet() - address :%s ", str, lowerCase);
                            if (AddressUtility.isEmailAddressValid(lowerCase)) {
                                hashSet.add(lowerCase);
                                SemSMIMELog.dnf("%s::getEmailAddressSet() - address added : %s", str, lowerCase);
                            }
                        }
                    }
                }
            }
        } catch (CertificateParsingException e) {
            e.printStackTrace();
        }
        X509Principal subjectX509Principal = PrincipalUtil.getSubjectX509Principal(x509Certificate);
        Vector oIDs = subjectX509Principal.getOIDs();
        Vector values = subjectX509Principal.getValues();
        SemSMIMELog.dnf("%s::getEmailAddressSet() - oids size = %s", TAG, Integer.valueOf(oIDs.size()));
        int i = 0;
        while (true) {
            if (i >= oIDs.size()) {
                break;
            }
            String str2 = TAG;
            SemSMIMELog.dnf("%s::getEmailAddressSet() - oids [%d] = %s", str2, Integer.valueOf(i), oIDs.get(i));
            SemSMIMELog.dnf("%s::getEmailAddressSet() - names[%d] = %s", str2, Integer.valueOf(i), values.get(i));
            if (oIDs.get(i).equals(PKCSObjectIdentifiers.pkcs_9_at_emailAddress)) {
                String lowerCase2 = ((String) values.get(i)).toLowerCase();
                if (AddressUtility.isEmailAddressValid(lowerCase2)) {
                    hashSet.add(lowerCase2);
                    break;
                }
            }
            i++;
        }
        SemSMIMELog.dnf("%s::getEmailAddressSet() - addresses size = %s", TAG, Integer.valueOf(hashSet.size()));
        return hashSet;
    }

    private static String getEncryptAlgorithmByObjectIdentifier(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return aSN1ObjectIdentifier == CMSAlgorithm.DES_CBC ? "-des" : aSN1ObjectIdentifier == CMSAlgorithm.AES128_CBC ? "-aes-128" : aSN1ObjectIdentifier == CMSAlgorithm.AES256_CBC ? "-aes-256" : "-des3";
    }

    public static ArrayList<String> getUnSupportedAlgorithmList(PrivateKey privateKey, int i) {
        if (i == 3) {
            return getUnsupportedSignAlgorithms(privateKey);
        }
        if (i == 2) {
            return getUnsupportedEncryptAlgorithms();
        }
        SemProtocolLog.sysW("%s::getUnSupportedAlgorithms() - certType is wrong");
        return null;
    }

    private static ArrayList<String> getUnsupportedEncryptAlgorithms() {
        ArrayList arrayList = new ArrayList();
        ArrayList<String> arrayList2 = new ArrayList<>();
        arrayList.add(CMSAlgorithm.DES_CBC);
        arrayList.add(CMSAlgorithm.AES128_CBC);
        arrayList.add(CMSAlgorithm.AES256_CBC);
        arrayList.add(CMSAlgorithm.DES_EDE3_CBC);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) it.next();
            try {
                new JceCMSContentEncryptorBuilder(aSN1ObjectIdentifier).build();
            } catch (CMSException unused) {
                arrayList2.add(getEncryptAlgorithmByObjectIdentifier(aSN1ObjectIdentifier));
            }
        }
        return arrayList2;
    }

    private static ArrayList<String> getUnsupportedSignAlgorithms(PrivateKey privateKey) {
        ArrayList arrayList = new ArrayList();
        ArrayList<String> arrayList2 = new ArrayList<>();
        arrayList.add(BCConst.BC_SIGNATURE_ALGORITHM_SHA1_WITH_RSA);
        arrayList.add(BCConst.BC_SIGNATURE_ALGORITHM_SHA256_WITH_RSA);
        arrayList.add(BCConst.BC_SIGNATURE_ALGORITHM_SHA384_WITH_RSA);
        arrayList.add(BCConst.BC_SIGNATURE_ALGORITHM_SHA512_WITH_RSA);
        arrayList.add(BCConst.BC_SIGNATURE_ALGORITHM_MD5_WITH_RSA);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            try {
                new JcaContentSignerBuilder(str).build(privateKey);
            } catch (OperatorCreationException unused) {
                arrayList2.add(str);
            }
        }
        return arrayList2;
    }

    public static void grantAccessForAKS(Context context, String str) throws RemoteException, PackageManager.NameNotFoundException {
        int i = context.getPackageManager().getApplicationInfo("com.samsung.android.email.provider", 128).uid;
        SemKeyStoreManager semKeyStoreManager = SemKeyStoreManager.getInstance();
        if (semKeyStoreManager == null) {
            SemProtocolLog.sysW("%s::grantAccessForAllEmailAliases() - remoteAKSSvc is null");
            return;
        }
        try {
            if (!SdpHelper.isAfwMode() && !semKeyStoreManager.hasAlias(str, false)) {
                SemProtocolLog.sysW("%s::grantAccessForAKS() - alias[%s] isn't in remoteAKSSvc, uid[%s]", TAG, str, Integer.valueOf(i));
            }
            semKeyStoreManager.grantAccess(i, str);
            SemProtocolLog.sysI("%s::grantAccessForAKS() - success to grant access for aks for alias[%s], uid[%s]", TAG, str, Integer.valueOf(i));
        } catch (NullPointerException e) {
            SemProtocolLog.sysW("%s::grantAccessForAKS() - exception occurred during grantAccess", TAG);
            e.printStackTrace();
        }
    }
}
