package com.fsck.k9.crypto;

import android.content.Context;
import com.fsck.k9.mailstore.recipients.RecipientDatabase;
import io.sentry.instrumentation.file.SentryFileInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import javax.mail.Address;
import javax.mail.Session;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.ASN1Encoding;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.spongycastle.cms.CMSVerifierCertificateNotValidException;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.mail.smime.SMIMESigned;
import org.spongycastle.util.Store;
import timber.log.Timber;

/* loaded from: classes.dex */
public class ValidateSignedMail {
    public static final int DETAIL = 3;
    private static final String RESOURCE_NAME = "org.bouncycastle.mail.smime.validator.SignedMailValidatorMessages";
    public static final int SUMMARY = 2;
    public static final int TEXT = 1;
    public static final int TITLE = 0;
    static int dbgLvl = 3;
    public static final boolean useCaCerts = false;

    private static X509Certificate extractCertificate(SMIMESigned sMIMESigned) {
        Store certificates = sMIMESigned.getCertificates();
        Iterator<SignerInformation> it = sMIMESigned.getSignerInfos().getSigners().iterator();
        if (!it.hasNext()) {
            return null;
        }
        return new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) certificates.getMatches(it.next().getSID()).iterator().next());
    }

    public static X509Certificate getCertificateFromDb(String str, Context context) {
        RecipientDatabase recipientDatabase = new RecipientDatabase(context);
        try {
            recipientDatabase.open();
            X509Certificate certificate = recipientDatabase.getCertificate(str);
            recipientDatabase.close();
            return certificate;
        } catch (Exception unused) {
            recipientDatabase.close();
            return null;
        } catch (Throwable th) {
            recipientDatabase.close();
            throw th;
        }
    }

    private static TrustAnchor getDummyTrustAnchor() {
        X500Principal x500Principal = new X500Principal("CN=Dummy Trust Anchor");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(1024, new SecureRandom());
        return new TrustAnchor(x500Principal, keyPairGenerator.generateKeyPair().getPublic(), (byte[]) null);
    }

    protected static TrustAnchor getTrustAnchor(String str, Context context) {
        X509Certificate loadCert = loadCert(str, context);
        if (loadCert == null) {
            return null;
        }
        byte[] extensionValue = loadCert.getExtensionValue(Extension.nameConstraints.getId());
        return extensionValue != null ? new TrustAnchor(loadCert, JcaX509ExtensionUtils.parseExtensionValue(extensionValue).toASN1Primitive().getEncoded(ASN1Encoding.DER)) : new TrustAnchor(loadCert, null);
    }

    protected static X509CRL loadCRL(String str) {
        try {
            return (X509CRL) CertificateFactory.getInstance("X.509", "BC").generateCRL(SentryFileInputStream.Factory.create(new FileInputStream(str), str));
        } catch (Exception unused) {
            Timber.tag("signminfo").d("crlfile \"" + str + "\" not found - classpath is " + System.getProperty("java.class.path"), new Object[0]);
            return null;
        }
    }

    protected static X509Certificate loadCert(String str, Context context) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCertificate(context.getResources().openRawResource(context.getResources().getIdentifier("actaliscag3", "raw", context.getPackageName())));
        } catch (Exception unused) {
            System.out.println("certfile \"" + str + "\" not found - classpath is " + System.getProperty("java.class.path"));
            return null;
        }
    }

    private static SMIMESigned makeSMIMESigned(MimeMessage mimeMessage) {
        if (mimeMessage.isMimeType("multipart/signed")) {
            return new SMIMESigned((MimeMultipart) mimeMessage.getContent());
        }
        if (mimeMessage.isMimeType("application/pkcs7-mime") || mimeMessage.isMimeType("application/x-pkcs7-mime")) {
            return new SMIMESigned(mimeMessage);
        }
        return null;
    }

    public static boolean readSignedEmail(MimeMessage mimeMessage, Context context) {
        Security.addProvider(new BouncyCastleProvider());
        HashSet hashSet = new HashSet();
        TrustAnchor trustAnchor = getTrustAnchor("trustanchor", context);
        if (trustAnchor == null) {
            Timber.tag("signminfo").d("no trustanchor file found, using a dummy trustanchor", new Object[0]);
            trustAnchor = getDummyTrustAnchor();
        }
        hashSet.add(trustAnchor);
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        ArrayList arrayList = new ArrayList();
        X509CRL loadCRL = loadCRL("crl.file");
        if (loadCRL != null) {
            arrayList.add(loadCRL);
        }
        pKIXParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC"));
        pKIXParameters.setRevocationEnabled(true);
        SMIMESigned makeSMIMESigned = makeSMIMESigned(mimeMessage);
        savePublicCertificateToDatabase(mimeMessage, makeSMIMESigned, context);
        return verify(makeSMIMESigned, ((InternetAddress) mimeMessage.getFrom()[0]).getAddress());
    }

    public static boolean readSignedK9Email(com.fsck.k9.mail.internet.MimeMessage mimeMessage, Context context) {
        Session defaultInstance = Session.getDefaultInstance(System.getProperties(), null);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        mimeMessage.writeTo(byteArrayOutputStream);
        try {
            return readSignedEmail(new MimeMessage(defaultInstance, new ByteArrayInputStream(byteArrayOutputStream.toByteArray())), context);
        } catch (CMSVerifierCertificateNotValidException e) {
            e.printStackTrace();
            return false;
        }
    }

    private static void savePublicCertificateToDatabase(MimeMessage mimeMessage, SMIMESigned sMIMESigned, Context context) {
        String str;
        X509Certificate extractCertificate = extractCertificate(sMIMESigned);
        try {
            str = ((InternetAddress) mimeMessage.getFrom()[0]).getAddress();
        } catch (Exception unused) {
            str = extractCertificate.getSubjectDN().getName().split("=")[1];
        }
        Address[] from = mimeMessage.getFrom();
        String personal = from.length > 0 ? ((InternetAddress) from[0]).getPersonal() : null;
        RecipientDatabase recipientDatabase = new RecipientDatabase(context);
        recipientDatabase.open();
        recipientDatabase.insertNewRecipient(personal, str, extractCertificate);
        recipientDatabase.close();
    }

    public static boolean validateCertificate(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
            return true;
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            e.printStackTrace();
            return false;
        }
    }

    private static boolean verify(SMIMESigned sMIMESigned, String str) {
        Store certificates = sMIMESigned.getCertificates();
        Iterator<SignerInformation> it = sMIMESigned.getSignerInfos().getSigners().iterator();
        if (!it.hasNext()) {
            return false;
        }
        SignerInformation next = it.next();
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) certificates.getMatches(next.getSID()).iterator().next());
        return next.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(certificate)) && certificate.getSubjectDN().getName().split("=")[1].equals(str);
    }
}
