package com.samsung.android.email.sync.exchange.common.cba;

import android.content.Context;
import android.os.Process;
import android.text.TextUtils;
import com.samsung.android.email.common.newsecurity.manager.EmailPolicyManager;
import com.samsung.android.email.common.util.SetupData;
import com.samsung.android.email.sync.exchange.common.ssl.SSLUtils;
import com.samsung.android.email.sync.exchange.controller.EasAccountSyncController;
import com.samsung.android.email.sync.exchange.controller.ExchangeCommonUtil;
import com.samsung.android.emailcommon.basic.constant.CarrierValues;
import com.samsung.android.emailcommon.basic.constant.SSLConst;
import com.samsung.android.emailcommon.basic.exception.SyncServiceLogger;
import com.samsung.android.emailcommon.basic.general.ConnectivityUtil;
import com.samsung.android.emailcommon.basic.log.EmailLog;
import com.samsung.android.emailcommon.basic.log.LogUtility;
import com.samsung.android.emailcommon.provider.Account;
import com.samsung.android.emailcommon.provider.HostAuth;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: classes2.dex */
public class SSLCBAClient {
    private static final TrustManager[] INSECURE_TRUST_MANAGER = new TrustManager[1];
    private static final String TAG = "SSLCBAClient";
    public static final String TLS = "TLS";
    private static HashMap<String, SSLSocketFactory> sInsecureFactoryMap;
    private static SSLSocketFactory sSecureFactory;
    Context mContext;
    private String mEmailAddress;
    boolean mInsecure;
    SSLSocketFactory mSocketFactory;
    String mTempKeyStorePassword;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class CustomX509TrustManager implements X509TrustManager {
        private Context mContext;
        private String mEmailAddress;
        private X509TrustManager x509trustManager;

        public CustomX509TrustManager(Context context, String str, X509TrustManager x509TrustManager) {
            EmailLog.dnf(SSLCBAClient.TAG, "CustomX509TrustManager emailAddress=" + LogUtility.getSecureAddress(str));
            this.mContext = context;
            this.mEmailAddress = str;
            this.x509trustManager = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            EmailLog.dnf(SSLCBAClient.TAG, "checkClientTrusted");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            EmailLog.dnf(SSLCBAClient.TAG, "checkServerTrusted authType=" + str + " emailAddress=" + LogUtility.getSecureAddress(this.mEmailAddress));
            if (!EmailPolicyManager.getInstance().isUntrustedCertificateFeatureEnabled(this.mContext)) {
                EmailLog.dnf(SSLCBAClient.TAG, "Feature disabled!!!!");
                return;
            }
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw new IllegalArgumentException("null or zero-length certification chain");
            }
            if (TextUtils.isEmpty(str)) {
                throw new IllegalArgumentException("null or zero-length authentication type");
            }
            if (this.x509trustManager != null) {
                EmailLog.dnf(SSLCBAClient.TAG, "testing server certificate !!");
                try {
                    this.x509trustManager.checkServerTrusted(x509CertificateArr, str);
                    EmailLog.dnf(SSLCBAClient.TAG, "Server certificates are trusted by Secure trust manager!!!!");
                    return;
                } catch (IllegalArgumentException unused) {
                    EmailLog.enf(SSLCBAClient.TAG, "IllegalArgumentException exception while checking the certificate");
                } catch (CertificateException unused2) {
                    EmailLog.enf(SSLCBAClient.TAG, "Certification exception while checking the certificate");
                }
            }
            HostAuth hostAuth = null;
            Account restoreAccountWithEmailAddress = Account.restoreAccountWithEmailAddress(this.mContext, this.mEmailAddress);
            if (restoreAccountWithEmailAddress == null) {
                restoreAccountWithEmailAddress = SetupData.getAccount();
                if (restoreAccountWithEmailAddress != null) {
                    hostAuth = restoreAccountWithEmailAddress.getOrCreateHostAuthRecv(this.mContext);
                }
            } else {
                hostAuth = HostAuth.restoreHostAuthWithId(this.mContext, restoreAccountWithEmailAddress.mHostAuthKeyRecv);
            }
            if (hostAuth == null || hostAuth.mFlags != 5) {
                EmailLog.dnf(SSLCBAClient.TAG, "certs.length" + x509CertificateArr.length);
                X509Certificate x509Certificate = x509CertificateArr[0];
                String str2 = x509Certificate.getIssuerDN().toString() + SSLConst.FIRST_LEVEL_DELIMITER + x509Certificate.getSerialNumber() + SSLConst.FIRST_LEVEL_DELIMITER + SSLUtils.getSignature(x509Certificate) + SSLConst.FIRST_LEVEL_DELIMITER + SSLUtils.getStringFingerprint(x509Certificate, "SHA-1") + SSLConst.FIRST_LEVEL_DELIMITER + SSLUtils.getStringFingerprint(x509Certificate, MessageDigestAlgorithms.MD5);
                if (TextUtils.isEmpty(this.mEmailAddress) || SSLUtils.isAcceptedCertificate(this.mContext, this.mEmailAddress, x509Certificate)) {
                    return;
                }
                long j = restoreAccountWithEmailAddress == null ? -1L : restoreAccountWithEmailAddress.mId;
                if (CarrierValues.IS_CARRIER_ATT && (ConnectivityUtil.isCaptivePortalNetwork(this.mContext) || ConnectivityUtil.checkATTWifiSsid(this.mContext))) {
                    EmailLog.dnf(SSLCBAClient.TAG, "Captive Portal");
                    SyncServiceLogger.logCaptivePortalStats(this.mContext, "Connected to Captive portal", j);
                } else {
                    SyncServiceLogger.logUntrustedCertificateStats(this.mContext, "certificate mismatch emailAddress=" + LogUtility.getSecureAddress(this.mEmailAddress) + " certificateFromServer=" + str2, j);
                    SSLUtils.showSSLCertificationWarning(this.mContext, x509Certificate, this.mEmailAddress, "");
                    EasAccountSyncController.getInstance(this.mContext, j).removeAllHttpConnections();
                    throw new CertificateException("Untrusted Certificate " + str2);
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            EmailLog.dnf(SSLCBAClient.TAG, "getAcceptedIssuers");
            return new X509Certificate[0];
        }
    }

    private SSLCBAClient(Context context) {
        this.mContext = context;
    }

    public static SSLSocketFactory getSSLSocketFactory(Context context, String str, boolean z, String str2) {
        EmailLog.dnf(TAG, "getSSLSocketFactory alias=" + str + " insecure=" + z + " emailAddress=" + LogUtility.getSecureAddress(str2));
        SSLCBAClient sSLCBAClient = new SSLCBAClient(context);
        sSLCBAClient.mEmailAddress = str2;
        sSLCBAClient.init(str, z);
        return sSLCBAClient.mSocketFactory;
    }

    public static final synchronized SSLSocketFactory getSSLSocketFactory(boolean z, String str, Context context) {
        synchronized (SSLCBAClient.class) {
            if (!z) {
                EmailLog.dnf(TAG, "getSSLSocketFactory secure connection");
                if (sSecureFactory == null) {
                    sSecureFactory = getSSLSocketFactory(context, null, false, str);
                }
                return sSecureFactory;
            }
            EmailLog.dnf(TAG, "getSSLSocketFactory insecure connection");
            if (sInsecureFactoryMap == null) {
                sInsecureFactoryMap = new HashMap<>();
            }
            SSLSocketFactory sSLSocketFactory = sInsecureFactoryMap.get(str);
            if (sSLSocketFactory == null) {
                sSLSocketFactory = getSSLSocketFactory(context, null, true, str);
                sInsecureFactoryMap.put(str, sSLSocketFactory);
            }
            return sSLSocketFactory;
        }
    }

    public static synchronized boolean removeAccountFromInsecureFactoryMap(String str) {
        synchronized (SSLCBAClient.class) {
            EmailLog.inf(TAG, "removeAccountFromInsecureFactoryMap emailAddress=" + LogUtility.getSecureAddress(str));
            if (TextUtils.isEmpty(str)) {
                EmailLog.enf(TAG, "Invalid params");
                return false;
            }
            HashMap<String, SSLSocketFactory> hashMap = sInsecureFactoryMap;
            if (hashMap != null) {
                return hashMap.remove(str) != null;
            }
            return false;
        }
    }

    private KeyStore setupKeyStore() {
        return null;
    }

    private SSLContext setupSSLContext(KeyStore keyStore, String str, KeyStore keyStore2) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
        KeyManager[] keyManagers;
        X509TrustManager x509TrustManager;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore2);
        if (keyStore == null) {
            keyManagers = new KeyManager[]{new CBAEmailKeyManager(this)};
        } else {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, str.toCharArray());
            keyManagers = keyManagerFactory.getKeyManagers();
        }
        SSLContext sSLContext = SSLContext.getInstance(TLS);
        if (this.mInsecure) {
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    x509TrustManager = null;
                    break;
                }
                TrustManager trustManager = trustManagers[i];
                if (trustManager instanceof X509TrustManager) {
                    x509TrustManager = (X509TrustManager) trustManager;
                    break;
                }
                i++;
            }
            TrustManager[] trustManagerArr = INSECURE_TRUST_MANAGER;
            trustManagerArr[0] = new CustomX509TrustManager(this.mContext, this.mEmailAddress, x509TrustManager);
            sSLContext.init(keyManagers, trustManagerArr, null);
        } else {
            sSLContext.init(keyManagers, trustManagerFactory.getTrustManagers(), null);
        }
        return sSLContext;
    }

    private synchronized KeyStore setupTrustStore() {
        return null;
    }

    public String chooseAlias() {
        return ExchangeCommonUtil.getAliasFromMap(Process.myTid());
    }

    public Context getContext() {
        return this.mContext;
    }

    public void init(String str, boolean z) {
        try {
            this.mInsecure = z;
            this.mTempKeyStorePassword = str;
            this.mSocketFactory = new CustomSSLSocketFactory(setupSSLContext(setupKeyStore(), this.mTempKeyStorePassword, setupTrustStore()).getSocketFactory());
        } catch (Exception e) {
            e.printStackTrace();
            EmailLog.dnf("SSL", e.getMessage());
            this.mSocketFactory = new CustomSSLSocketFactory((SSLSocketFactory) SSLSocketFactory.getDefault());
        }
    }
}
