package com.samsung.android.emailsecurity.smime;

import android.content.ContentProviderOperation;
import android.content.Context;
import android.os.Build;
import android.os.Process;
import android.os.UserHandle;
import android.security.KeyChain;
import com.samsung.android.emailcommon.provider.EmailContent;
import com.samsung.android.emailcommon.utility.EmailLog;
import com.samsung.android.emailcommon.utility.Log;
import com.samsung.android.emailcommon.utility.Utility;
import com.samsung.android.knox.util.SemCertAndroidKeyStore;
import com.samsung.android.knox.util.SemCertByte;
import com.samsung.android.knox.util.SemKeyStoreManager;
import com.sec.android.smimeutil.SecCertificateMgr;
import com.sec.android.smimeutil.SemCertificateMgr;
import com.sec.enterprise.knox.EnterpriseKnoxManager;
import com.sec.enterprise.knox.ccm.CertificateProfile;
import com.sec.enterprise.knox.ccm.ClientCertificateManager;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;

/* loaded from: classes37.dex */
public class CertificateMgr {
    public static final String CERTIFICATE_ALIAS = "CERTIFICATE_ALIAS";
    public static final String CERTIFICATE_NOT_SUPPORTED = "Certificate not supported of device secure storage";
    public static final String CERTIFICATE_TYPE = "CERTIFICATE_TYPE";
    public static final String KEYSTORE_PASSWORD = "KEYSTORE_PASSWORD";
    public static final String KEYSTORE_PROXY_CERT_INSTALL_ERROR = "KeyStore proxy install cert error";
    public static final String KEYSTORE_PROXY_SERVICE_CONNECTION_ERROR = "KeyStore proxy service connection error";
    private static final String TYPE_ANDROID_KEYSTORE = "AndroidKeyStore";
    private static SemKeyStoreManager mRemoteServiceKeystore;
    private Context mContext;
    private KeyStore mKeyStore;
    private String mKeyStoreType;
    private String mPassword;
    private static final String TAG = CertificateMgr.class.getSimpleName();
    public static boolean mIsSavingKeyStore = false;

    public CertificateMgr(String str, Context context) throws CertificateManagerException {
        this.mKeyStoreType = TYPE_ANDROID_KEYSTORE;
        this.mContext = context;
        if (str == null) {
            throw new CertificateManagerException("CertificateMgr is unable to intialize without password");
        }
        this.mPassword = str;
    }

    public CertificateMgr(String str, Context context, String str2, String str3, boolean z) throws CertificateManagerException {
        try {
            this.mContext = context;
            this.mPassword = str;
            Log.d(TAG, "Is CAC enabled:" + z);
            if (!z) {
                Log.d(TAG, "Loading Tima KeyStore and CAC is not enabled");
                KeyStore.getInstance("TimaKeyStore").load(null, null);
            }
            this.mKeyStore = KeyStore.getInstance(str2, str3);
            EmailLog.i(TAG, "Initializing KeyStore");
            this.mKeyStoreType = str2;
            waitingKeyOp();
            this.mKeyStore.load(null, null);
            try {
                Enumeration<String> aliases = this.mKeyStore.aliases();
                if (!aliases.hasMoreElements()) {
                    EmailLog.d(TAG, "Empty Keystore!!!");
                }
                while (aliases.hasMoreElements()) {
                    EmailLog.d(TAG, "alias: " + aliases.nextElement());
                }
            } catch (Exception e) {
            }
        } catch (IOException e2) {
            e2.printStackTrace();
            if (!(e2.getCause() instanceof UnrecoverableKeyException)) {
                throw new CertificateManagerException(e2.getMessage() + " may be pw input canceled", 3);
            }
            throw new CertificateManagerException(e2.getMessage() + " may be wrong pw", 2);
        } catch (Exception e3) {
            EmailLog.d(TAG, " error while loading certificate");
            EmailLog.dumpException(TAG, e3);
            throw new CertificateManagerException(e3.getMessage());
        }
    }

    private boolean bindKeyStoreProxy() {
        if (mRemoteServiceKeystore == null) {
            mRemoteServiceKeystore = SemKeyStoreManager.getInstance();
        }
        if (mRemoteServiceKeystore == null) {
            return false;
        }
        Log.v("SCEP Bind", mRemoteServiceKeystore.getClass().getName());
        return true;
    }

    private static byte[] convertToPem(Certificate... certificateArr) throws CertificateEncodingException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream, StandardCharsets.US_ASCII));
        for (Certificate certificate : certificateArr) {
            pemWriter.writeObject("CERTIFICATE", certificate.getEncoded());
        }
        pemWriter.close();
        return byteArrayOutputStream.toByteArray();
    }

    public static boolean isCCMEnabled(Context context) {
        ClientCertificateManager clientCertificateManagerPolicy = EnterpriseKnoxManager.getInstance().getClientCertificateManagerPolicy(context);
        if (clientCertificateManagerPolicy == null || clientCertificateManagerPolicy.getCCMVersion() == null) {
            return false;
        }
        return clientCertificateManagerPolicy.isCCMPolicyEnabledForPackage("com.samsung.android.email.provider");
    }

    private boolean isCa(X509Certificate x509Certificate) {
        return Build.VERSION.SDK_INT <= 26 ? SecCertificateMgr.isCa(x509Certificate) : SemCertificateMgr.isCa(x509Certificate);
    }

    private static void waitingKeyOp() {
        while (mIsSavingKeyStore) {
            try {
                Thread.sleep(100L);
            } catch (InterruptedException e) {
                e.printStackTrace();
                return;
            }
        }
    }

    public Enumeration<String> getAliases() throws CertificateManagerException {
        try {
            if (this.mKeyStore != null) {
                return this.mKeyStore.aliases();
            }
            return null;
        } catch (Exception e) {
            throw new CertificateManagerException(e.getMessage(), e);
        }
    }

    public X509Certificate getCertificate(String str) throws CertificateManagerException {
        if (str.toLowerCase().startsWith("__bulk")) {
            return null;
        }
        try {
            if (!TYPE_ANDROID_KEYSTORE.equals(this.mKeyStoreType)) {
                return (X509Certificate) this.mKeyStore.getCertificate(str);
            }
            if (!bindKeyStoreProxy()) {
                throw new CertificateManagerException(KEYSTORE_PROXY_SERVICE_CONNECTION_ERROR);
            }
            if (mRemoteServiceKeystore != null && (Utility.isAfwMode() || UserHandle.semGetMyUserId() != 0 || mRemoteServiceKeystore.hasAlias(str, false))) {
                mRemoteServiceKeystore.grantAccess(this.mContext.getPackageManager().getApplicationInfo("com.samsung.android.email.provider", 128).uid, str);
            }
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, this.mPassword.toCharArray());
            keyStore.setKeyEntry(str, KeyChain.getPrivateKey(this.mContext, str), this.mPassword.toCharArray(), KeyChain.getCertificateChain(this.mContext, str));
            return (X509Certificate) keyStore.getCertificate(str);
        } catch (Exception e) {
            throw new CertificateManagerException(e.getMessage(), e);
        }
    }

    public Key getPrivateKey(String str) throws CertificateManagerException {
        try {
            if (TYPE_ANDROID_KEYSTORE.equals(this.mKeyStoreType)) {
                return KeyChain.getPrivateKey(this.mContext, str);
            }
            if (this.mKeyStore == null) {
                return null;
            }
            Key key = this.mKeyStore.getKey(str, this.mPassword.toCharArray());
            if (key instanceof PrivateKey) {
                return key;
            }
            return null;
        } catch (Exception e) {
            Log.d(TAG, "getPrivateKey: exception");
            Log.dumpException(TAG, e);
            throw new CertificateManagerException(e.getMessage());
        }
    }

    public String getSubject(String str) throws CertificateManagerException {
        if (getCertificate(str) != null) {
            return getCertificate(str).getSubjectDN().getName();
        }
        return null;
    }

    public String importCertificate(File file, String str) throws CertificateManagerException {
        try {
            return importCertificate(new FileInputStream(file), str, null);
        } catch (FileNotFoundException e) {
            Log.dumpException(TAG, e);
            throw new CertificateManagerException(e.getMessage(), 1);
        }
    }

    public String importCertificate(InputStream inputStream, String str, String str2) throws CertificateManagerException {
        int i;
        String str3 = null;
        try {
            try {
                try {
                    if (!bindKeyStoreProxy()) {
                        throw new CertificateManagerException(KEYSTORE_PROXY_SERVICE_CONNECTION_ERROR);
                    }
                    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
                    keyStore.load(inputStream, str.toCharArray());
                    Enumeration<String> aliases = keyStore.aliases();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    KeyStore keyStore2 = KeyStore.getInstance("PKCS12", "BC");
                    keyStore2.load(null, str.toCharArray());
                    while (aliases != null && aliases.hasMoreElements() && 0 == 0) {
                        String nextElement = aliases.nextElement();
                        if (str2 != null) {
                            nextElement = str2;
                        }
                        Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                        Key key = keyStore.getKey(nextElement, str.toCharArray());
                        if (key instanceof PrivateKey) {
                            String replace = nextElement.trim().replace(' ', '_');
                            X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length - 1];
                            X509Certificate x509Certificate = null;
                            int length = certificateChain.length;
                            int i2 = 0;
                            int i3 = 0;
                            while (i2 < length) {
                                Certificate certificate = certificateChain[i2];
                                if (isCa((X509Certificate) certificate)) {
                                    i = i3 + 1;
                                    x509CertificateArr[i3] = (X509Certificate) certificate;
                                } else {
                                    x509Certificate = (X509Certificate) certificate;
                                    i = i3;
                                }
                                i2++;
                                i3 = i;
                            }
                            ClientCertificateManager clientCertificateManagerPolicy = EnterpriseKnoxManager.getInstance().getClientCertificateManagerPolicy(this.mContext);
                            if (!isCCMEnabled(this.mContext)) {
                                keyStore2.setKeyEntry(replace, key, str.toCharArray(), new Certificate[]{x509Certificate});
                                keyStore2.store(byteArrayOutputStream, str.toCharArray());
                                SemCertByte semCertByte = new SemCertByte();
                                semCertByte.certsize = byteArrayOutputStream.size();
                                semCertByte.certBytes = byteArrayOutputStream.toByteArray();
                                byte[] convertToPem = convertToPem(x509CertificateArr);
                                semCertByte.caSize = convertToPem.length;
                                semCertByte.caCertBytes = convertToPem;
                                int installCertInAndroidKeyStore = mRemoteServiceKeystore.installCertInAndroidKeyStore(semCertByte, replace, str.toCharArray(), false, Process.myUid());
                                Log.d(TAG, "Status code from SCEP proxy for cert installation : " + installCertInAndroidKeyStore);
                                if (installCertInAndroidKeyStore != 0) {
                                    Log.d(TAG, "EMAIL Key Installation alias : " + replace + " FAILURE");
                                    throw new CertificateManagerException(KEYSTORE_PROXY_CERT_INSTALL_ERROR);
                                }
                                Log.d(TAG, "EMAIL Key Installation alias :" + replace + " SUCCESS");
                                mRemoteServiceKeystore.grantAccess(this.mContext.getPackageManager().getApplicationInfo("com.samsung.android.email.provider", 128).uid, replace);
                                str3 = replace;
                            } else {
                                if (!"RSA".equals(key.getAlgorithm())) {
                                    throw new CertificateManagerException(CERTIFICATE_NOT_SUPPORTED);
                                }
                                keyStore2.setKeyEntry(replace, key, str.toCharArray(), certificateChain);
                                keyStore2.store(byteArrayOutputStream, str.toCharArray());
                                CertificateProfile certificateProfile = new CertificateProfile();
                                certificateProfile.alias = replace;
                                certificateProfile.allowAllPackages = true;
                                if (clientCertificateManagerPolicy != null) {
                                    if (!clientCertificateManagerPolicy.installCertificate(certificateProfile, byteArrayOutputStream.toByteArray(), str)) {
                                        Log.d("EMAIL CCM Key Installation alias :", replace + " FAILURE");
                                        throw new CertificateManagerException(KEYSTORE_PROXY_CERT_INSTALL_ERROR);
                                    }
                                    Log.d("EMAIL CCM Key Installation alias :", replace + " SUCCESS");
                                    str3 = replace;
                                }
                            }
                            if (x509CertificateArr.length > 0) {
                                SemCertAndroidKeyStore semCertAndroidKeyStore = new SemCertAndroidKeyStore();
                                semCertAndroidKeyStore.certs = x509CertificateArr;
                                Log.d(TAG, "Status code from SCEP proxy for CA cert installation : " + mRemoteServiceKeystore.installCaCert(semCertAndroidKeyStore));
                            }
                        }
                    }
                    return str3;
                } finally {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                            e.printStackTrace();
                        }
                    }
                }
            } catch (IOException e2) {
                Log.dumpException(TAG, e2);
                throw new CertificateManagerException(e2.getMessage(), 2);
            }
        } catch (Exception e3) {
            Log.dumpException(TAG, e3);
            throw new CertificateManagerException(e3.getMessage(), 0);
        }
    }

    public void refresh() throws CertificateManagerException {
        InputStream inputStream = null;
        try {
            try {
                inputStream = this.mContext.getContentResolver().openInputStream(EmailContent.CONTENT_URI);
                waitingKeyOp();
                this.mKeyStore.load(inputStream, this.mPassword.toCharArray());
                try {
                    Enumeration<String> aliases = this.mKeyStore.aliases();
                    if (!aliases.hasMoreElements()) {
                        EmailLog.d(TAG, "Empty Keystore!!!");
                    }
                    while (aliases.hasMoreElements()) {
                        EmailLog.d(TAG, "alias: " + aliases.nextElement());
                    }
                } catch (Exception e) {
                }
            } catch (Exception e2) {
                EmailLog.d(TAG, " error while loading certificate");
                throw new CertificateManagerException(e2.getMessage(), e2);
            }
        } finally {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Exception e3) {
                }
            }
        }
    }

    public void removeCertificate(String str) throws CertificateManagerException {
        if (str != null) {
            try {
                ArrayList<ContentProviderOperation> arrayList = new ArrayList<>();
                arrayList.add(ContentProviderOperation.newUpdate(EmailContent.Account.CONTENT_URI).withSelection("smimeOwnCertificateAlias=?", new String[]{str}).withValue(EmailContent.AccountColumns.SMIME_OWN_ENCRYPT_CERT_ALIAS, null).build());
                arrayList.add(ContentProviderOperation.newUpdate(EmailContent.Account.CONTENT_URI).withSelection("smimeOwnSignCertAlias=?", new String[]{str}).withValue(EmailContent.AccountColumns.SMIME_OWN_SIGN_CERT_ALIAS, null).build());
                this.mContext.getContentResolver().applyBatch("com.samsung.android.email.provider", arrayList);
            } catch (Exception e) {
                Log.dumpException(TAG, e);
                throw new CertificateManagerException(e.getMessage());
            }
        }
    }
}
