package com.fsck.k9.crypto;

import android.content.Context;
import com.fsck.k9.mail.internet.MimeMessage;
import com.fsck.k9.mailstore.LocalMessage;
import com.fsck.k9.mailstore.recipients.CertificateListItem;
import com.fsck.k9.mailstore.recipients.CertificatesDatabase;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.PrivateKey;
import java.security.Security;
import java.util.ArrayList;
import java.util.Iterator;
import javax.mail.Session;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSVerifierCertificateNotValidException;
import org.spongycastle.cms.RecipientInformation;
import org.spongycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.spongycastle.cms.jcajce.JceKeyTransRecipientId;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.mail.smime.SMIMEEnveloped;

/* loaded from: classes.dex */
public class ReadEncryptedMail {
    public static DecryptedMessageObject decrypt(Context context, MimeMessage mimeMessage) {
        boolean z;
        Security.addProvider(new BouncyCastleProvider());
        CertificatesDatabase certificatesDatabase = new CertificatesDatabase(context, ((LocalMessage) mimeMessage).getAccount().getUuid());
        certificatesDatabase.open();
        ArrayList<CertificateListItem> allCertificates = certificatesDatabase.getAllCertificates();
        if (allCertificates.isEmpty()) {
            throw new Exception("certificate_is_null");
        }
        Iterator<CertificateListItem> it = allCertificates.iterator();
        while (it.hasNext()) {
            CertificateListItem next = it.next();
            PrivateKey privateKey = (PrivateKey) certificatesDatabase.getPrivateKeyById(next.getId());
            JceKeyTransRecipientId jceKeyTransRecipientId = new JceKeyTransRecipientId(next.getCertificate());
            Session defaultInstance = Session.getDefaultInstance(System.getProperties(), null);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            mimeMessage.writeTo(byteArrayOutputStream);
            RecipientInformation recipientInformation = new SMIMEEnveloped(new javax.mail.internet.MimeMessage(defaultInstance, new ByteArrayInputStream(byteArrayOutputStream.toByteArray()))).getRecipientInfos().get(jceKeyTransRecipientId);
            if (recipientInformation != null) {
                try {
                    javax.mail.internet.MimeMessage mimeMessage2 = new javax.mail.internet.MimeMessage(defaultInstance, recipientInformation.getContentStream(new JceKeyTransEnvelopedRecipient(privateKey)).getContentStream());
                    boolean z2 = false;
                    mimeMessage2.setFrom(mimeMessage.getFrom()[0].getAddress());
                    if (mimeMessage2.isMimeType("multipart/signed")) {
                        try {
                            z = ValidateSignedMail.readSignedEmail(mimeMessage2, context);
                        } catch (CMSVerifierCertificateNotValidException unused) {
                            z = false;
                        }
                        z2 = true;
                    } else {
                        z = false;
                    }
                    return new DecryptedMessageObject(recipientInformation.getContentStream(new JceKeyTransEnvelopedRecipient(privateKey)).getContentStream(), z2, z);
                } catch (CMSException e) {
                    if (!e.getMessage().equals("exception unwrapping key: key invalid: RSA private or public key is null")) {
                        throw e;
                    }
                }
            }
        }
        throw new Exception("all_keys_invalid");
    }
}
