package com.airwatch.email.smime.storage;

import android.util.Base64;
import android.util.Log;
import com.airwatch.email.Email;
import com.airwatch.email.crypto.CertificateManager;
import com.airwatch.email.smime.SMIMECryptoUtil;
import com.airwatch.email.smime.SMIMESignerCertVerifier;
import com.airwatch.email.utility.AirWatchEmailEnums;
import com.airwatch.emailcommon.internet.MimeMessage;
import com.airwatch.emailcommon.mail.Body;
import com.airwatch.emailcommon.mail.BodyPart;
import com.airwatch.emailcommon.mail.MessagingException;
import com.airwatch.emailcommon.mail.Multipart;
import com.airwatch.exchange.keystore.CertificateUtility;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import org.spongycastle.jce.provider.JDKX509CertificateFactory;

/* loaded from: classes.dex */
public class CertStorage {
    private static final String a = CertStorage.class.getSimpleName();
    private static CertStorage b = null;
    private final EncryptionCertDao c;

    private CertStorage(EncryptionCertDao encryptionCertDao) {
        this.c = encryptionCertDao;
    }

    public static CertStorage a() {
        if (b == null) {
            b = new CertStorage(EncryptionCertDaoFactory.a());
        }
        return b;
    }

    private static X509Certificate a(Multipart multipart) {
        X509Certificate x509Certificate;
        int b2 = multipart.b();
        for (int i = 0; i < b2; i++) {
            BodyPart a2 = multipart.a(i);
            String mimeType = a2.getMimeType();
            if ("application/pkcs7-signature".equals(mimeType) || "application/x-pkcs7-signature".equals(mimeType)) {
                Body body = a2.getBody();
                if (body == null) {
                    Log.e(a, "signature part does not have body");
                } else {
                    InputStream inputStream = body.getInputStream();
                    if (inputStream != null) {
                        JDKX509CertificateFactory jDKX509CertificateFactory = new JDKX509CertificateFactory();
                        do {
                            try {
                                x509Certificate = (X509Certificate) jDKX509CertificateFactory.engineGenerateCertificate(inputStream);
                                if (x509Certificate == null) {
                                    throw new MessagingException("\"multipart/signed\" message's signature does not contain a signing cert");
                                }
                            } finally {
                                inputStream.close();
                            }
                        } while (!SMIMESignerCertVerifier.a(x509Certificate));
                        return x509Certificate;
                    }
                    Log.e(a, "cannot get input stream from signature part body");
                }
            }
        }
        throw new MessagingException("\"multipart/signed\" message does not contain a signature");
    }

    private void a(String str, X509Certificate x509Certificate, AirWatchEmailEnums.CertTrustStatus certTrustStatus) {
        boolean a2;
        int a3;
        if (SMIMESignerCertVerifier.a(x509Certificate)) {
            CertificateManager f = Email.f();
            byte[] encoded = x509Certificate.getEncoded();
            String a4 = CertificateUtility.a(encoded);
            a2 = f.a(a4, CertificateManager.CertType.X509, encoded, null);
            if (!a2) {
                Log.w(a, "Certificate failed to be stored as a signer cert");
            } else if (certTrustStatus != null && (a3 = f.a(a4, certTrustStatus)) != 1) {
                Log.w(a, "Unexpected return value: " + a3 + " from signer certificate being set to " + certTrustStatus + ".");
            }
        } else {
            a2 = false;
        }
        if (a(x509Certificate)) {
            this.c.a(str, x509Certificate.getEncoded());
            a2 = true;
        }
        if (a2) {
            return;
        }
        Log.w(a, "Certificate NOT stored because it cannot be used for encryption or signing");
    }

    private static boolean a(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null) {
            return keyUsage[2] || keyUsage[3];
        }
        Log.w(a, "no key usage extensions in digital signature");
        return false;
    }

    private static X509Certificate[] a(InputStream inputStream) {
        ArrayList arrayList = new ArrayList();
        JDKX509CertificateFactory jDKX509CertificateFactory = new JDKX509CertificateFactory();
        while (true) {
            try {
                X509Certificate x509Certificate = (X509Certificate) jDKX509CertificateFactory.engineGenerateCertificate(inputStream);
                if (x509Certificate == null) {
                    inputStream.close();
                    return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
                }
                if (a(x509Certificate)) {
                    arrayList.add(x509Certificate);
                }
            } catch (Throwable th) {
                inputStream.close();
                throw th;
            }
        }
    }

    public static X509Certificate b(MimeMessage mimeMessage) {
        Body body = mimeMessage.getBody();
        if (Multipart.class.isInstance(body)) {
            return a((Multipart) body);
        }
        throw new MessagingException("Encountered non multipart body in a \"multipart/signed\" message");
    }

    public final int a(MimeMessage mimeMessage) {
        try {
            new SMIMECryptoUtil();
            String b2 = SMIMECryptoUtil.b(mimeMessage);
            Body body = mimeMessage.getBody();
            if (!Multipart.class.isInstance(body)) {
                throw new MessagingException("MimeMessage does not have a Multipart body");
            }
            Multipart multipart = (Multipart) body;
            int b3 = multipart.b();
            for (int i = 0; i < b3; i++) {
                BodyPart a2 = multipart.a(i);
                String mimeType = a2.getMimeType();
                if ("application/pkcs7-signature".equals(mimeType) || "application/x-pkcs7-signature".equals(mimeType)) {
                    Body body2 = a2.getBody();
                    if (body2 == null) {
                        Log.e(a, "signature part does not have body");
                    } else {
                        InputStream inputStream = body2.getInputStream();
                        if (inputStream != null) {
                            int i2 = 0;
                            for (X509Certificate x509Certificate : a(inputStream)) {
                                this.c.a(b2, x509Certificate.getEncoded());
                                i2++;
                            }
                            return i2;
                        }
                        Log.e(a, "cannot get input stream from signature part body");
                    }
                }
            }
            throw new MessagingException("\"multipart/signed\" message does not contain a signature");
        } catch (MessagingException e) {
            return 0;
        }
    }

    public final void a(String str, String str2) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(str2, 0));
        try {
            for (X509Certificate x509Certificate : a(byteArrayInputStream)) {
                a(str, x509Certificate, AirWatchEmailEnums.CertTrustStatus.TRUSTED);
            }
        } finally {
            byteArrayInputStream.close();
        }
    }

    public final void a(String str, X509Certificate x509Certificate) {
        a(str, x509Certificate, null);
    }
}
