package f.a.l.a.t;

import f.a.c.a0;
import f.a.c.f;
import f.a.c.h1;
import f.a.c.m1;
import f.a.c.p;
import f.a.c.p3.i;
import f.a.c.p3.i0;
import f.a.c.p3.p1;
import f.a.c.p3.r1;
import f.a.c.p3.x;
import f.a.c.q1;
import f.a.c.q2.o0;
import f.a.c.t;
import f.a.f.h2;
import f.a.f.i2;
import f.a.f.m2.k;
import f.a.i.h.d;
import f.a.i.h.e;
import f.a.k.h;
import f.a.l.a.l;
import f.a.w.j;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import javax.mail.MessagingException;
import javax.mail.Part;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;

/* loaded from: classes.dex */
public class a {

    /* renamed from: f, reason: collision with root package name */
    private static final String f10996f = "org.spongycastle.mail.smime.validator.SignedMailValidatorMessages";
    private static final int j = 512;
    private static final long k = 946728000000L;

    /* renamed from: a, reason: collision with root package name */
    private CertStore f10997a;

    /* renamed from: b, reason: collision with root package name */
    private i2 f10998b;

    /* renamed from: c, reason: collision with root package name */
    private Map f10999c;

    /* renamed from: d, reason: collision with root package name */
    private String[] f11000d;

    /* renamed from: e, reason: collision with root package name */
    private Class f11001e;
    private static final Class g = j.class;
    private static final String h = p1.ExtendedKeyUsage.getId();
    private static final String i = p1.SubjectAlternativeName.getId();
    private static final k l = new k();

    /* renamed from: f.a.l.a.t.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public class C0228a {

        /* renamed from: a, reason: collision with root package name */
        private j f11002a;

        /* renamed from: b, reason: collision with root package name */
        private List f11003b;

        /* renamed from: c, reason: collision with root package name */
        private List f11004c;

        /* renamed from: d, reason: collision with root package name */
        private List f11005d;

        /* renamed from: e, reason: collision with root package name */
        private boolean f11006e;

        C0228a(j jVar, boolean z, List list, List list2, List list3) {
            this.f11002a = jVar;
            this.f11003b = list;
            this.f11004c = list2;
            this.f11006e = z;
            this.f11005d = list3;
        }

        public CertPath getCertPath() {
            j jVar = this.f11002a;
            if (jVar != null) {
                return jVar.getCertPath();
            }
            return null;
        }

        public j getCertPathReview() {
            return this.f11002a;
        }

        public List getErrors() {
            return this.f11003b;
        }

        public List getNotifications() {
            return this.f11004c;
        }

        public List getUserProvidedCerts() {
            return this.f11005d;
        }

        public boolean isValidSignature() {
            j jVar = this.f11002a;
            return jVar != null && this.f11006e && jVar.isValidCertPath() && this.f11003b.isEmpty();
        }

        public boolean isVerifiedSignature() {
            return this.f11006e;
        }
    }

    public a(MimeMessage mimeMessage, PKIXParameters pKIXParameters) {
        this(mimeMessage, pKIXParameters, g);
    }

    public a(MimeMessage mimeMessage, PKIXParameters pKIXParameters, Class cls) {
        l lVar;
        this.f11001e = cls;
        if (!g.isAssignableFrom(cls)) {
            throw new IllegalArgumentException("certPathReviewerClass is not a subclass of " + g.getName());
        }
        try {
            if (mimeMessage.isMimeType("multipart/signed")) {
                lVar = new l((MimeMultipart) mimeMessage.getContent());
            } else {
                if (!mimeMessage.isMimeType("application/pkcs7-mime") && !mimeMessage.isMimeType("application/x-pkcs7-mime")) {
                    throw new b(new f.a.i.a(f10996f, "SignedMailValidator.noSignedMessage"));
                }
                lVar = new l((Part) mimeMessage);
            }
            this.f10997a = lVar.getCertificatesAndCRLs("Collection", "SC");
            this.f10998b = lVar.getSignerInfos();
            InternetAddress[] from = mimeMessage.getFrom();
            InternetAddress internetAddress = null;
            try {
                if (mimeMessage.getHeader("Sender") != null) {
                    internetAddress = new InternetAddress(mimeMessage.getHeader("Sender")[0]);
                }
            } catch (MessagingException unused) {
            }
            this.f11000d = new String[from.length + (internetAddress != null ? 1 : 0)];
            for (int i2 = 0; i2 < from.length; i2++) {
                this.f11000d[i2] = from[i2].getAddress();
            }
            if (internetAddress != null) {
                this.f11000d[from.length] = internetAddress.getAddress();
            }
            this.f10999c = new HashMap();
            a(pKIXParameters);
        } catch (Exception e2) {
            if (!(e2 instanceof b)) {
                throw new b(new f.a.i.a(f10996f, "SignedMailValidator.exceptionReadingMessage", new Object[]{e2.getMessage(), e2, e2.getClass().getName()}), e2);
            }
            throw ((b) e2);
        }
    }

    private static t a(byte[] bArr) {
        return new f.a.c.k(((p) new f.a.c.k(bArr).readObject()).getOctets()).readObject();
    }

    static String a(Object[] objArr) {
        if (objArr == null) {
            return "null";
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append('[');
        for (int i2 = 0; i2 != objArr.length; i2++) {
            if (i2 > 0) {
                stringBuffer.append(", ");
            }
            stringBuffer.append(String.valueOf(objArr[i2]));
        }
        stringBuffer.append(']');
        return stringBuffer.toString();
    }

    private static X509Certificate a(List list, X509CertSelector x509CertSelector, Set set) {
        boolean z;
        Iterator it = a(list, x509CertSelector).iterator();
        X509Certificate x509Certificate = null;
        while (true) {
            if (!it.hasNext()) {
                z = false;
                break;
            }
            x509Certificate = (X509Certificate) it.next();
            if (!set.contains(x509Certificate)) {
                z = true;
                break;
            }
        }
        if (z) {
            return x509Certificate;
        }
        return null;
    }

    private static List a(List list, X509CertSelector x509CertSelector) {
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.addAll(((CertStore) it.next()).getCertificates(x509CertSelector));
        }
        return arrayList;
    }

    public static CertPath createCertPath(X509Certificate x509Certificate, Set set, List list) {
        return (CertPath) createCertPath(x509Certificate, set, list, null)[0];
    }

    public static Object[] createCertPath(X509Certificate x509Certificate, Set set, List list, List list2) {
        boolean z;
        boolean z2;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        ArrayList arrayList = new ArrayList();
        linkedHashSet.add(x509Certificate);
        arrayList.add(new Boolean(true));
        X509Certificate x509Certificate2 = null;
        boolean z3 = false;
        while (x509Certificate != null && !z3) {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                TrustAnchor trustAnchor = (TrustAnchor) it.next();
                X509Certificate trustedCert = trustAnchor.getTrustedCert();
                if (trustedCert != null) {
                    if (trustedCert.getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal())) {
                        try {
                            x509Certificate.verify(trustedCert.getPublicKey(), "SC");
                            x509Certificate2 = trustedCert;
                        } catch (Exception unused) {
                        }
                    } else {
                        continue;
                    }
                } else if (trustAnchor.getCAName().equals(x509Certificate.getIssuerX500Principal().getName())) {
                    x509Certificate.verify(trustAnchor.getCAPublicKey(), "SC");
                }
                z3 = true;
            }
            if (!z3) {
                X509CertSelector x509CertSelector = new X509CertSelector();
                try {
                    x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
                    byte[] extensionValue = x509Certificate.getExtensionValue(p1.AuthorityKeyIdentifier.getId());
                    if (extensionValue != null) {
                        try {
                            i iVar = i.getInstance(a(extensionValue));
                            if (iVar.getKeyIdentifier() != null) {
                                x509CertSelector.setSubjectKeyIdentifier(new m1(iVar.getKeyIdentifier()).getEncoded(f.DER));
                            }
                        } catch (IOException unused2) {
                        }
                    }
                    x509Certificate = a(list, x509CertSelector, linkedHashSet);
                    if (x509Certificate != null || list2 == null) {
                        z2 = false;
                    } else {
                        x509Certificate = a(list2, x509CertSelector, linkedHashSet);
                        z2 = true;
                    }
                    if (x509Certificate != null) {
                        linkedHashSet.add(x509Certificate);
                        arrayList.add(new Boolean(z2));
                    }
                } catch (IOException e2) {
                    throw new IllegalStateException(e2.toString());
                }
            }
        }
        if (z3) {
            if (x509Certificate2 == null || !x509Certificate2.getSubjectX500Principal().equals(x509Certificate2.getIssuerX500Principal())) {
                X509CertSelector x509CertSelector2 = new X509CertSelector();
                try {
                    x509CertSelector2.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
                    x509CertSelector2.setIssuer(x509Certificate.getIssuerX500Principal().getEncoded());
                    X509Certificate a2 = a(list, x509CertSelector2, linkedHashSet);
                    if (a2 != null || list2 == null) {
                        z = false;
                    } else {
                        a2 = a(list2, x509CertSelector2, linkedHashSet);
                        z = true;
                    }
                    if (a2 != null) {
                        try {
                            x509Certificate.verify(a2.getPublicKey(), "SC");
                            linkedHashSet.add(a2);
                            arrayList.add(new Boolean(z));
                        } catch (GeneralSecurityException unused3) {
                        }
                    }
                } catch (IOException e3) {
                    throw new IllegalStateException(e3.toString());
                }
            } else {
                linkedHashSet.add(x509Certificate2);
                arrayList.add(new Boolean(false));
            }
        }
        return new Object[]{CertificateFactory.getInstance("X.509", "SC").generateCertPath(new ArrayList(linkedHashSet)), arrayList};
    }

    public static Set getEmailAddresses(X509Certificate x509Certificate) {
        HashSet hashSet = new HashSet();
        f.a.k.k subjectX509Principal = h.getSubjectX509Principal(x509Certificate);
        Vector oIDs = subjectX509Principal.getOIDs();
        Vector values = subjectX509Principal.getValues();
        int i2 = 0;
        while (true) {
            if (i2 >= oIDs.size()) {
                break;
            }
            if (oIDs.get(i2).equals(r1.EmailAddress)) {
                hashSet.add(((String) values.get(i2)).toLowerCase());
                break;
            }
            i2++;
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(i);
        if (extensionValue != null) {
            q1 q1Var = (q1) a(extensionValue);
            for (int i3 = 0; i3 < q1Var.size(); i3++) {
                a0 a0Var = (a0) q1Var.getObjectAt(i3);
                if (a0Var.getTagNo() == 1) {
                    hashSet.add(h1.getInstance(a0Var, false).getString().toLowerCase());
                }
            }
        }
        return hashSet;
    }

    public static Date getSignatureTime(h2 h2Var) {
        f.a.c.q2.a aVar;
        f.a.c.q2.b signedAttributes = h2Var.getSignedAttributes();
        if (signedAttributes == null || (aVar = signedAttributes.get(f.a.c.q2.h.signingTime)) == null) {
            return null;
        }
        return o0.getInstance(aVar.getAttrValues().getObjectAt(0).toASN1Primitive()).getDate();
    }

    /* JADX WARN: Removed duplicated region for block: B:24:0x00dd  */
    /* JADX WARN: Removed duplicated region for block: B:32:0x0161 A[Catch: c -> 0x01ed, GeneralSecurityException -> 0x0213, TryCatch #10 {c -> 0x01ed, GeneralSecurityException -> 0x0213, blocks: (B:27:0x0131, B:29:0x014f, B:30:0x0158, B:32:0x0161, B:33:0x016b), top: B:26:0x0131 }] */
    /* JADX WARN: Removed duplicated region for block: B:57:0x00ed A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void a(java.security.cert.PKIXParameters r24) {
        /*
            Method dump skipped, instructions count: 636
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: f.a.l.a.t.a.a(java.security.cert.PKIXParameters):void");
    }

    protected void a(X509Certificate x509Certificate, List list, List list2) {
        boolean z;
        PublicKey publicKey = x509Certificate.getPublicKey();
        int bitLength = publicKey instanceof RSAPublicKey ? ((RSAPublicKey) publicKey).getModulus().bitLength() : publicKey instanceof DSAPublicKey ? ((DSAPublicKey) publicKey).getParams().getP().bitLength() : -1;
        if (bitLength != -1 && bitLength <= 512) {
            list2.add(new f.a.i.a(f10996f, "SignedMailValidator.shortSigningKey", new Object[]{new Integer(bitLength)}));
        }
        if (x509Certificate.getNotAfter().getTime() - x509Certificate.getNotBefore().getTime() > k) {
            list2.add(new f.a.i.a(f10996f, "SignedMailValidator.longValidity", new Object[]{new d(x509Certificate.getNotBefore()), new d(x509Certificate.getNotAfter())}));
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && !keyUsage[0] && !keyUsage[1]) {
            list.add(new f.a.i.a(f10996f, "SignedMailValidator.signingNotPermitted"));
        }
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(h);
            if (extensionValue != null) {
                x xVar = x.getInstance(a(extensionValue));
                if (!xVar.hasKeyPurposeId(i0.anyExtendedKeyUsage) && !xVar.hasKeyPurposeId(i0.id_kp_emailProtection)) {
                    list.add(new f.a.i.a(f10996f, "SignedMailValidator.extKeyUsageNotPermitted"));
                }
            }
        } catch (Exception e2) {
            list.add(new f.a.i.a(f10996f, "SignedMailValidator.extKeyUsageError", new Object[]{e2.getMessage(), e2, e2.getClass().getName()}));
        }
        try {
            Set emailAddresses = getEmailAddresses(x509Certificate);
            if (emailAddresses.isEmpty()) {
                list.add(new f.a.i.a(f10996f, "SignedMailValidator.noEmailInCert"));
                return;
            }
            int i2 = 0;
            while (true) {
                if (i2 >= this.f11000d.length) {
                    z = false;
                    break;
                } else {
                    if (emailAddresses.contains(this.f11000d[i2].toLowerCase())) {
                        z = true;
                        break;
                    }
                    i2++;
                }
            }
            if (z) {
                return;
            }
            list.add(new f.a.i.a(f10996f, "SignedMailValidator.emailFromCertMismatch", new Object[]{new e(a(this.f11000d)), new e(emailAddresses)}));
        } catch (Exception e3) {
            list.add(new f.a.i.a(f10996f, "SignedMailValidator.certGetEmailError", new Object[]{e3.getMessage(), e3, e3.getClass().getName()}));
        }
    }

    public CertStore getCertsAndCRLs() {
        return this.f10997a;
    }

    public i2 getSignerInformationStore() {
        return this.f10998b;
    }

    public C0228a getValidationResult(h2 h2Var) {
        if (this.f10998b.getSigners(h2Var.getSID()).isEmpty()) {
            throw new b(new f.a.i.a(f10996f, "SignedMailValidator.wrongSigner"));
        }
        return (C0228a) this.f10999c.get(h2Var);
    }
}
