package com.airwatch.email.smime;

import android.content.Context;
import android.util.Log;
import com.airwatch.UnrecoverableException;
import com.airwatch.crypto.openssl.OpenSSLWrapper;
import com.airwatch.email.Email;
import com.airwatch.email.service.EmailServiceUtils;
import com.airwatch.email.smime.X509CertificateVerifier;
import com.airwatch.email.smime.storage.CertStorage;
import com.airwatch.email.utility.AirWatchEmailEnums;
import com.airwatch.emailcommon.internet.MimeMessage;
import com.airwatch.emailcommon.mail.Body;
import com.airwatch.emailcommon.mail.Message;
import com.airwatch.emailcommon.mail.MessagingException;
import com.airwatch.emailcommon.mail.Part;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.james.mime4j.field.Field;
import org.spongycastle.jce.provider.JDKX509CertificateFactory;

/* loaded from: classes.dex */
public class SMIMEDecryptAndVerify {
    private final String a = "signer";
    private final String b = ".pem";
    private final Context f = Email.b();
    private final OpenSSLWrapper d = new OpenSSLWrapper(this.f);
    private final PEMFormat e = new PEMFormat();
    private SMIMECryptoUtil c = new SMIMECryptoUtil();
    private EmailServiceUtils g = new EmailServiceUtils();

    /* loaded from: classes.dex */
    public static class SMIMEMessage {
        public byte[] a;
        public AirWatchEmailEnums.SMIMEMessageType b;
        public MimeMessage c;
        private X509CertificateVerifier.CertVerificationResult d;
        private SMIMEException e;

        public SMIMEMessage(byte[] bArr, AirWatchEmailEnums.SMIMEMessageType sMIMEMessageType) {
            this.a = bArr;
            this.b = sMIMEMessageType;
        }

        public SMIMEMessage(byte[] bArr, AirWatchEmailEnums.SMIMEMessageType sMIMEMessageType, MimeMessage mimeMessage) {
            this.a = bArr;
            this.b = sMIMEMessageType;
            this.c = mimeMessage;
        }

        public final X509CertificateVerifier.CertVerificationResult a() {
            return this.d;
        }

        public final void a(SMIMEException sMIMEException) {
            this.e = sMIMEException;
        }

        public final SMIMEException b() {
            return this.e;
        }
    }

    private SMIMEMessage a(SMIMEMessage sMIMEMessage, byte[] bArr, byte[] bArr2) {
        boolean z = true;
        if (sMIMEMessage.a == null) {
            return sMIMEMessage;
        }
        try {
            MimeMessage mimeMessage = sMIMEMessage.c != null ? sMIMEMessage.c : new MimeMessage(sMIMEMessage.a);
            String mimeType = mimeMessage.getMimeType();
            String protocol = mimeMessage.getProtocol();
            if (Email.a) {
                Log.d("SMIMEDecryptAndVerify", "MIME type : " + mimeType);
                Log.d("SMIMEDecryptAndVerify", "Protocol : " + protocol);
            }
            String mimeType2 = mimeMessage.getMimeType();
            if (!(mimeType2.contains("application/pkcs7-mime") || mimeType2.contains("application/x-pkcs7-mime"))) {
                String mimeType3 = mimeMessage.getMimeType();
                String protocol2 = mimeMessage.getProtocol();
                if (!mimeType3.contains("multipart/signed") || protocol2 == null || (!protocol2.contains("application/pkcs7-signature") && !protocol2.contains("application/x-pkcs7-signature"))) {
                    z = false;
                }
                if (!z) {
                    if (!SMIMECryptoUtil.d(mimeMessage)) {
                        return sMIMEMessage;
                    }
                    SMIMECryptoUtil.e(mimeMessage);
                    return a(new SMIMEMessage(SMIMECryptoUtil.a(mimeMessage), AirWatchEmailEnums.SMIMEMessageType.MESSAGE_NOT_SIGNED_NOT_ENCRYPTED, mimeMessage), bArr, bArr2);
                }
                if (Email.a) {
                    Log.d("SMIMEDecryptAndVerify", "Clear Text Signing");
                }
                AirWatchEmailEnums.SMIMEMessageType sMIMEMessageType = sMIMEMessage.b == AirWatchEmailEnums.SMIMEMessageType.MESSAGE_ENCRYPTED ? AirWatchEmailEnums.SMIMEMessageType.MESSAGE_SIGNED_AND_ENCRYPTED : AirWatchEmailEnums.SMIMEMessageType.MESSAGE_SIGNED;
                File a = a();
                byte[] awVerifySignatureAndGetMessageSMIME = this.d.awVerifySignatureAndGetMessageSMIME(sMIMEMessage.a, SMIMECryptoUtil.c(mimeMessage), null, a.getAbsolutePath());
                SMIMEMessage sMIMEMessage2 = new SMIMEMessage(awVerifySignatureAndGetMessageSMIME, sMIMEMessageType, mimeMessage);
                X509Certificate a2 = a(a, mimeMessage, true);
                if (a2 != null) {
                    a(a2, sMIMEMessage2, mimeMessage);
                    CertStorage.a().a(mimeMessage);
                }
                if (awVerifySignatureAndGetMessageSMIME != null) {
                    return sMIMEMessage2;
                }
                sMIMEMessage2.a(b());
                return sMIMEMessage2;
            }
            String sMIMEType = mimeMessage.getSMIMEType();
            if (Email.a) {
                Log.d("SMIMEDecryptAndVerify", "SMIME type : " + sMIMEType);
            }
            if ("signed-data".equals(sMIMEType)) {
                if (Email.a) {
                    Log.d("SMIMEDecryptAndVerify", "Signed Data");
                }
                AirWatchEmailEnums.SMIMEMessageType sMIMEMessageType2 = sMIMEMessage.b == AirWatchEmailEnums.SMIMEMessageType.MESSAGE_ENCRYPTED ? AirWatchEmailEnums.SMIMEMessageType.MESSAGE_SIGNED_AND_ENCRYPTED : AirWatchEmailEnums.SMIMEMessageType.MESSAGE_SIGNED;
                File a3 = a();
                byte[] awVerifySignatureAndGetMessageSMIME2 = this.d.awVerifySignatureAndGetMessageSMIME(SMIMECryptoUtil.a(SMIMECryptoUtil.a((Message) mimeMessage)), SMIMECryptoUtil.c(mimeMessage), null, a3.getAbsolutePath());
                if (awVerifySignatureAndGetMessageSMIME2 == null) {
                    throw b();
                }
                a(mimeMessage, awVerifySignatureAndGetMessageSMIME2);
                SMIMEMessage sMIMEMessage3 = new SMIMEMessage(SMIMECryptoUtil.a(mimeMessage), sMIMEMessageType2, mimeMessage);
                X509Certificate a4 = a(a3, mimeMessage, false);
                if (a4 == null) {
                    return sMIMEMessage3;
                }
                a(a4, sMIMEMessage3, mimeMessage);
                return sMIMEMessage3;
            }
            if (!"enveloped-data".equals(sMIMEType)) {
                if (!Email.a) {
                    return sMIMEMessage;
                }
                Log.d("SMIMEDecryptAndVerify", "Email is not signed or encrypted");
                return sMIMEMessage;
            }
            if (Email.a) {
                Log.d("SMIMEDecryptAndVerify", "Encrypted Data");
            }
            if (bArr == null) {
                SMIMEMessage sMIMEMessage4 = new SMIMEMessage(null, AirWatchEmailEnums.SMIMEMessageType.MESSAGE_ENCRYPTED, mimeMessage);
                sMIMEMessage4.a(new SMIMEException(51));
                return sMIMEMessage4;
            }
            File b = SMIMECryptoUtil.b(SMIMECryptoUtil.a((Message) mimeMessage));
            byte[] awDecryptAndVerifySMIME = this.d.awDecryptAndVerifySMIME(b.getAbsolutePath(), bArr, bArr2);
            b.delete();
            if (awDecryptAndVerifySMIME == null) {
                throw b();
            }
            a(mimeMessage, awDecryptAndVerifySMIME);
            return a(new SMIMEMessage(SMIMECryptoUtil.a(mimeMessage), AirWatchEmailEnums.SMIMEMessageType.MESSAGE_ENCRYPTED, mimeMessage), bArr, bArr2);
        } catch (MessagingException e) {
            throw new SMIMEException(38, e);
        } catch (IOException e2) {
            throw new SMIMEException(34, e2);
        } catch (CertificateException e3) {
            throw new SMIMEException(38, e3);
        }
    }

    private SMIMEMessage a(byte[] bArr, X509Certificate x509Certificate, PrivateKey privateKey) {
        byte[] a;
        if (x509Certificate != null) {
            try {
                a = PEMFormat.a(x509Certificate);
            } catch (IOException e) {
                throw new SMIMEException(34, e);
            } catch (CertificateException e2) {
                throw new SMIMEException(33, e2);
            }
        } else {
            a = null;
        }
        return a(new SMIMEMessage(bArr, AirWatchEmailEnums.SMIMEMessageType.MESSAGE_NOT_SIGNED_NOT_ENCRYPTED), a, privateKey != null ? PEMFormat.a(privateKey) : null);
    }

    private static File a() {
        return File.createTempFile("signer" + System.currentTimeMillis(), ".pem", Email.b().getCacheDir());
    }

    private static X509Certificate a(File file, MimeMessage mimeMessage, boolean z) {
        try {
            JDKX509CertificateFactory jDKX509CertificateFactory = new JDKX509CertificateFactory();
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                X509Certificate x509Certificate = (X509Certificate) jDKX509CertificateFactory.engineGenerateCertificate(fileInputStream);
                if (x509Certificate == null) {
                    Log.e("SMIMEDecryptAndVerify", "Error: Failed to read signer certificate from file");
                    if (z) {
                        Log.i("SMIMEDecryptAndVerify", "Clear-signed message. Obtaining certificate from message.");
                        x509Certificate = CertStorage.b(mimeMessage);
                    }
                }
                return x509Certificate;
            } finally {
                fileInputStream.close();
            }
        } catch (MessagingException e) {
            Log.e("SMIMEDecryptAndVerify", "error getting cert from clear signed message ", e);
            return null;
        } catch (IOException e2) {
            Log.e("SMIMEDecryptAndVerify", "error getting cert from clear signed message ", e2);
            return null;
        } catch (FileNotFoundException e3) {
            Log.e("SMIMEDecryptAndVerify", "no file present to create X509 cert from ", e3);
            return null;
        } catch (CertificateException e4) {
            Log.e("SMIMEDecryptAndVerify", "unable to generate x509 cert from file, possible bad formatting ", e4);
            return null;
        } finally {
            file.delete();
        }
    }

    private static void a(MimeMessage mimeMessage, byte[] bArr) {
        try {
            MimeMessage mimeMessage2 = new MimeMessage(new ByteArrayInputStream(bArr));
            a(Field.CONTENT_TRANSFER_ENCODING, mimeMessage2, mimeMessage);
            a("Content-Disposition", mimeMessage2, mimeMessage);
            a(Field.CONTENT_TYPE, mimeMessage2, mimeMessage);
            Body body = mimeMessage2.getBody();
            if (body == null) {
                throw new SMIMEException(38, "The decrypted message has empty body.");
            }
            mimeMessage.setBody(body);
        } catch (MessagingException e) {
            throw new UnrecoverableException("Should never happen", e);
        } catch (UnsupportedEncodingException e2) {
            throw new UnrecoverableException("Should never happen", e2);
        } catch (IOException e3) {
            throw new UnrecoverableException("Should never happen", e3);
        }
    }

    private static void a(String str, Message message, Part part) {
        String[] header = message.getHeader(str);
        if (header == null) {
            part.removeHeader(str);
            return;
        }
        for (String str2 : header) {
            part.setHeader(str, str2);
        }
    }

    private void a(X509Certificate x509Certificate, SMIMEMessage sMIMEMessage, MimeMessage mimeMessage) {
        X509CertificateVerifier.CertVerificationResult certVerificationResult = null;
        try {
            String b = SMIMECryptoUtil.b(mimeMessage);
            if (b != null) {
                String trim = b.trim();
                if (trim.length() > 0) {
                    CertStorage.a().a(trim, x509Certificate);
                    SMIMESignerCertVerifier sMIMESignerCertVerifier = new SMIMESignerCertVerifier(x509Certificate, trim, this.g);
                    if (sMIMESignerCertVerifier.b()) {
                        certVerificationResult = sMIMESignerCertVerifier.a();
                    }
                }
            }
        } catch (MessagingException e) {
            Log.e("SMIMEDecryptAndVerify", "error parsing sender email address from mime", e);
        } catch (IllegalArgumentException e2) {
            Log.e("SMIMEDecryptAndVerify", "trying to verify bad signer cert", e2);
        } catch (CertificateEncodingException e3) {
            Log.e("SMIMEDecryptAndVerify", "saving signer cert fails because of bad cert encoding", e3);
        }
        sMIMEMessage.d = certVerificationResult;
    }

    private SMIMEException b() {
        long awGetErrorCode = this.d.awGetErrorCode();
        return new SMIMEException(new OpenSSLError(awGetErrorCode, this.d.awGetErrorMessage(awGetErrorCode)).a());
    }

    public final SMIMEMessage a(byte[] bArr) {
        return a(bArr, this.c.a(), this.c.c());
    }

    public final SMIMEMessage b(byte[] bArr) {
        try {
            if ("enveloped-data".equals(new MimeMessage(bArr).getSMIMEType())) {
                throw new SMIMEException(40);
            }
            return a(bArr);
        } catch (IOException e) {
            throw new SMIMEException(34, e);
        }
    }
}
