package com.samsung.android.email.newsecurity.smime;

import android.content.Context;
import android.os.RemoteException;
import android.os.UserHandle;
import com.samsung.android.email.common.util.SemCertificateUtil;
import com.samsung.android.email.common.util.SemCryptoUtil;
import com.samsung.android.emailcommon.basic.crypto.DeviceWrapper;
import com.samsung.android.emailcommon.basic.exception.CertificateManagerException;
import com.samsung.android.emailcommon.basic.log.SemSMIMELog;
import com.samsung.android.emailcommon.newsecurity.CertificateConst;
import com.samsung.android.emailcommon.provider.SdpHelper;
import com.samsung.android.knox.util.SemKeyStoreManager;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.inject.Inject;

/* loaded from: classes2.dex */
public class CertificateManager {
    private static final String TAG = "CertificateManager";
    private CertificateInstaller mCertificateInstaller;
    private final Context mContext;
    private SemKeyStoreManager mRemoteServiceKeystore;

    @Inject
    public CertificateManager(Context context) {
        this.mContext = context;
    }

    private boolean bindKeyStoreProxy() {
        if (this.mRemoteServiceKeystore == null) {
            this.mRemoteServiceKeystore = SemKeyStoreManager.getInstance();
        }
        SemKeyStoreManager semKeyStoreManager = this.mRemoteServiceKeystore;
        if (semKeyStoreManager == null) {
            return false;
        }
        SemSMIMELog.v("%s::bindKeyStoreProxy() - Bind [%s]", TAG, semKeyStoreManager.getClass().getName());
        return true;
    }

    private boolean needToGrantAccess(String str) throws RemoteException {
        return this.mRemoteServiceKeystore != null && (SdpHelper.isAfwMode() || UserHandle.semGetMyUserId() != 0 || this.mRemoteServiceKeystore.hasAlias(str, false));
    }

    public X509Certificate getCertificate(String str) throws CertificateManagerException, IOException {
        String str2 = TAG;
        SemSMIMELog.dnf("%s::getCertificate() - alias[%s]", str2, str);
        String deviceId = DeviceWrapper.getDeviceId(this.mContext);
        if (deviceId == null) {
            throw new CertificateManagerException(CertificateConst.CERTIFICATE_PASSWORD_IS_NULL);
        }
        if (str == null) {
            throw new CertificateManagerException(CertificateConst.CERTIFICATE_ALIAS_IS_NULL);
        }
        if (str.toLowerCase().startsWith("__bulk")) {
            SemSMIMELog.dnf("%s::getCertificate() - this is __bulk!", str2);
            return null;
        }
        if (!bindKeyStoreProxy()) {
            throw new CertificateManagerException(CertificateConst.KEYSTORE_PROXY_SERVICE_CONNECTION_ERROR);
        }
        try {
            if (needToGrantAccess(str)) {
                this.mRemoteServiceKeystore.grantAccess(this.mContext.getPackageManager().getApplicationInfo("com.samsung.android.email.provider", 128).uid, str);
            }
            X509Certificate certificate = KeyStoreManager.getCertificate(this.mContext, deviceId, str);
            if (SemCryptoUtil.isDebugSMIME(this.mContext)) {
                SemSMIMELog.dnf("%s::getCertificate() - alias[%s], cert : Subject DN[%s], Issuer DN[%s]", str2, str, certificate != null ? certificate.getSubjectDN().getName() : "", certificate != null ? certificate.getIssuerDN().getName() : "");
                SemSMIMELog.dnf("%s::getCertificate() - cert[%s] End", str2, certificate);
            } else {
                SemSMIMELog.dnf("%s::getCertificate() - End", str2);
            }
            SemSMIMELog.dnf("%s::getCertificatee() - cert[%s] End", str2, certificate);
            return certificate;
        } catch (Exception e) {
            e.printStackTrace();
            throw new CertificateManagerException(e.getMessage(), e);
        }
    }

    public String importCertificate(String str, InputStream inputStream, String str2) throws CertificateManagerException {
        if (str == null) {
            throw new CertificateManagerException(CertificateConst.CERTIFICATE_PASSWORD_IS_NULL);
        }
        if (!bindKeyStoreProxy()) {
            throw new CertificateManagerException(CertificateConst.KEYSTORE_PROXY_SERVICE_CONNECTION_ERROR);
        }
        if (this.mCertificateInstaller == null) {
            this.mCertificateInstaller = new CertificateInstallerFactory().getInstaller(this.mContext, this.mRemoteServiceKeystore);
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
            keyStore.load(inputStream, str.toCharArray());
            if (str2 != null) {
                this.mCertificateInstaller.install(keyStore, str, str2);
            } else {
                Enumeration<String> aliases = keyStore.aliases();
                str2 = null;
                while (aliases.hasMoreElements()) {
                    str2 = aliases.nextElement();
                    this.mCertificateInstaller.install(keyStore, str, str2);
                    SemCertificateUtil.grantAccessForAKS(this.mContext, str2);
                }
            }
            return str2;
        } catch (IOException e) {
            e.printStackTrace();
            throw new CertificateManagerException(e.getMessage(), 2);
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new CertificateManagerException(e2.getMessage(), 0);
        }
    }

    void setCertificateInstaller(CertificateInstaller certificateInstaller) {
        this.mCertificateInstaller = certificateInstaller;
    }

    void setRemoteServiceKeyStore(SemKeyStoreManager semKeyStoreManager) {
        this.mRemoteServiceKeystore = semKeyStoreManager;
    }
}
