package org.bouncycastle.mail.smime.validator;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import javax.mail.MessagingException;
import javax.mail.Part;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import org.bouncycastle.asn1.ab.ae;
import org.bouncycastle.asn1.ab.bk;
import org.bouncycastle.asn1.ab.w;
import org.bouncycastle.asn1.bf;
import org.bouncycastle.asn1.bj;
import org.bouncycastle.asn1.bl;
import org.bouncycastle.asn1.bp;
import org.bouncycastle.asn1.c.ao;
import org.bouncycastle.asn1.c.b;
import org.bouncycastle.asn1.c.h;
import org.bouncycastle.asn1.i;
import org.bouncycastle.asn1.n;
import org.bouncycastle.asn1.u.s;
import org.bouncycastle.asn1.y;
import org.bouncycastle.cms.ch;
import org.bouncycastle.cms.ci;
import org.bouncycastle.i18n.a.d;
import org.bouncycastle.i18n.a.e;
import org.bouncycastle.jce.g;
import org.bouncycastle.mail.smime.j;
import org.bouncycastle.x509.CertPathReviewerException;
import org.bouncycastle.x509.f;

/* loaded from: classes.dex */
public class a {
    private static final String a = "org.bouncycastle.mail.smime.validator.SignedMailValidatorMessages";
    private static final Class b = f.class;
    private static final String c = bk.w.e();
    private static final String d = bk.g.e();
    private static final int e = 512;
    private static final long f = 946728000000L;
    private CertStore g;
    private ci h;
    private Map i;
    private String[] j;
    private Class k;

    /* renamed from: org.bouncycastle.mail.smime.validator.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public class C0068a {
        private f b;
        private List c;
        private List d;
        private List e;
        private boolean f;

        C0068a(f fVar, boolean z, List list, List list2, List list3) {
            this.b = fVar;
            this.c = list;
            this.d = list2;
            this.f = z;
            this.e = list3;
        }

        public List a() {
            return this.c;
        }

        public List b() {
            return this.d;
        }

        public f c() {
            return this.b;
        }

        public CertPath d() {
            if (this.b != null) {
                return this.b.a();
            }
            return null;
        }

        public List e() {
            return this.e;
        }

        public boolean f() {
            return this.f;
        }

        public boolean g() {
            return this.b != null && this.f && this.b.h() && this.c.isEmpty();
        }
    }

    public a(MimeMessage mimeMessage, PKIXParameters pKIXParameters) throws SignedMailValidatorException {
        this(mimeMessage, pKIXParameters, b);
    }

    public a(MimeMessage mimeMessage, PKIXParameters pKIXParameters, Class cls) throws SignedMailValidatorException {
        j jVar;
        InternetAddress internetAddress;
        this.k = cls;
        if (!b.isAssignableFrom(cls)) {
            throw new IllegalArgumentException("certPathReviewerClass is not a subclass of " + b.getName());
        }
        try {
            if (mimeMessage.isMimeType("multipart/signed")) {
                jVar = new j((MimeMultipart) mimeMessage.getContent());
            } else {
                if (!mimeMessage.isMimeType("application/pkcs7-mime") && !mimeMessage.isMimeType("application/x-pkcs7-mime")) {
                    throw new SignedMailValidatorException(new org.bouncycastle.i18n.a(a, "SignedMailValidator.noSignedMessage"));
                }
                jVar = new j((Part) mimeMessage);
            }
            this.g = jVar.d("Collection", "BC");
            this.h = jVar.b();
            InternetAddress[] from = mimeMessage.getFrom();
            try {
                internetAddress = mimeMessage.getHeader("Sender") != null ? new InternetAddress(mimeMessage.getHeader("Sender")[0]) : null;
            } catch (MessagingException e2) {
                internetAddress = null;
            }
            this.j = new String[(internetAddress != null ? 1 : 0) + from.length];
            for (int i = 0; i < from.length; i++) {
                this.j[i] = from[i].getAddress();
            }
            if (internetAddress != null) {
                this.j[from.length] = internetAddress.getAddress();
            }
            this.i = new HashMap();
            a(pKIXParameters);
        } catch (Exception e3) {
            if (!(e3 instanceof SignedMailValidatorException)) {
                throw new SignedMailValidatorException(new org.bouncycastle.i18n.a(a, "SignedMailValidator.exceptionReadingMessage", new Object[]{e3.getMessage(), e3, e3.getClass().getName()}), e3);
            }
            throw ((SignedMailValidatorException) e3);
        }
    }

    static String a(Object[] objArr) {
        if (objArr == null) {
            return "null";
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append('[');
        for (int i = 0; i != objArr.length; i++) {
            if (i > 0) {
                stringBuffer.append(", ");
            }
            stringBuffer.append(String.valueOf(objArr[i]));
        }
        return stringBuffer.append(']').toString();
    }

    public static CertPath a(X509Certificate x509Certificate, Set set, List list) throws GeneralSecurityException {
        return (CertPath) a(x509Certificate, set, list, null)[0];
    }

    private static X509Certificate a(List list, X509CertSelector x509CertSelector, Set set) throws CertStoreException {
        Iterator it = a(list, x509CertSelector).iterator();
        boolean z = false;
        X509Certificate x509Certificate = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            x509Certificate = (X509Certificate) it.next();
            if (!set.contains(x509Certificate)) {
                z = true;
                break;
            }
        }
        if (z) {
            return x509Certificate;
        }
        return null;
    }

    public static Date a(ch chVar) {
        org.bouncycastle.asn1.c.a a2;
        b k = chVar.k();
        if (k == null || (a2 = k.a((org.bouncycastle.asn1.bk) h.c)) == null) {
            return null;
        }
        return ao.a(a2.f().a(0).c()).f();
    }

    private static List a(List list, X509CertSelector x509CertSelector) throws CertStoreException {
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.addAll(((CertStore) it.next()).getCertificates(x509CertSelector));
        }
        return arrayList;
    }

    public static Set a(X509Certificate x509Certificate) throws IOException, CertificateEncodingException {
        int i = 0;
        HashSet hashSet = new HashSet();
        org.bouncycastle.jce.j b2 = g.b(x509Certificate);
        Vector e2 = b2.e();
        Vector f2 = b2.f();
        int i2 = 0;
        while (true) {
            if (i2 >= e2.size()) {
                break;
            }
            if (e2.get(i2).equals(org.bouncycastle.jce.j.F)) {
                hashSet.add(((String) f2.get(i2)).toLowerCase());
                break;
            }
            i2++;
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(d);
        if (extensionValue != null) {
            bp bpVar = (bp) a(extensionValue);
            while (true) {
                int i3 = i;
                if (i3 >= bpVar.g()) {
                    break;
                }
                y yVar = (y) bpVar.a(i3);
                if (yVar.e() == 1) {
                    hashSet.add(bf.a(yVar, true).g_().toLowerCase());
                }
                i = i3 + 1;
            }
        }
        return hashSet;
    }

    private static bj a(byte[] bArr) throws IOException {
        return new i(((n) new i(bArr).c()).g()).c();
    }

    public static Object[] a(X509Certificate x509Certificate, Set set, List list, List list2) throws GeneralSecurityException {
        X509Certificate x509Certificate2;
        boolean z;
        X509Certificate x509Certificate3;
        boolean z2;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        ArrayList arrayList = new ArrayList();
        linkedHashSet.add(x509Certificate);
        arrayList.add(new Boolean(true));
        X509Certificate x509Certificate4 = null;
        boolean z3 = false;
        X509Certificate x509Certificate5 = x509Certificate;
        while (x509Certificate5 != null && !z3) {
            Iterator it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                TrustAnchor trustAnchor = (TrustAnchor) it.next();
                X509Certificate trustedCert = trustAnchor.getTrustedCert();
                if (trustedCert != null) {
                    if (trustedCert.getSubjectX500Principal().equals(x509Certificate5.getIssuerX500Principal())) {
                        try {
                            x509Certificate5.verify(trustedCert.getPublicKey(), "BC");
                            x509Certificate4 = trustedCert;
                            z3 = true;
                            break;
                        } catch (Exception e2) {
                        }
                    } else {
                        continue;
                    }
                } else if (trustAnchor.getCAName().equals(x509Certificate5.getIssuerX500Principal().getName())) {
                    try {
                        x509Certificate5.verify(trustAnchor.getCAPublicKey(), "BC");
                        z3 = true;
                        break;
                    } catch (Exception e3) {
                    }
                } else {
                    continue;
                }
            }
            if (z3) {
                x509Certificate3 = x509Certificate5;
            } else {
                X509CertSelector x509CertSelector = new X509CertSelector();
                try {
                    x509CertSelector.setSubject(x509Certificate5.getIssuerX500Principal().getEncoded());
                    byte[] extensionValue = x509Certificate5.getExtensionValue(bk.f85u.e());
                    if (extensionValue != null) {
                        try {
                            org.bouncycastle.asn1.ab.i a2 = org.bouncycastle.asn1.ab.i.a(a(extensionValue));
                            if (a2.e() != null) {
                                x509CertSelector.setSubjectKeyIdentifier(new bl(a2.e()).b());
                            }
                        } catch (IOException e4) {
                        }
                    }
                    x509Certificate3 = a(list, x509CertSelector, linkedHashSet);
                    if (x509Certificate3 != null || list2 == null) {
                        z2 = false;
                    } else {
                        x509Certificate3 = a(list2, x509CertSelector, linkedHashSet);
                        z2 = true;
                    }
                    if (x509Certificate3 != null) {
                        linkedHashSet.add(x509Certificate3);
                        arrayList.add(new Boolean(z2));
                    }
                } catch (IOException e5) {
                    throw new IllegalStateException(e5.toString());
                }
            }
            x509Certificate5 = x509Certificate3;
        }
        if (z3) {
            if (x509Certificate4 == null || !x509Certificate4.getSubjectX500Principal().equals(x509Certificate4.getIssuerX500Principal())) {
                X509CertSelector x509CertSelector2 = new X509CertSelector();
                try {
                    x509CertSelector2.setSubject(x509Certificate5.getIssuerX500Principal().getEncoded());
                    x509CertSelector2.setIssuer(x509Certificate5.getIssuerX500Principal().getEncoded());
                    X509Certificate a3 = a(list, x509CertSelector2, linkedHashSet);
                    if (a3 != null || list2 == null) {
                        x509Certificate2 = a3;
                        z = false;
                    } else {
                        x509Certificate2 = a(list2, x509CertSelector2, linkedHashSet);
                        z = true;
                    }
                    if (x509Certificate2 != null) {
                        try {
                            x509Certificate5.verify(x509Certificate2.getPublicKey(), "BC");
                            linkedHashSet.add(x509Certificate2);
                            arrayList.add(new Boolean(z));
                        } catch (GeneralSecurityException e6) {
                        }
                    }
                } catch (IOException e7) {
                    throw new IllegalStateException(e7.toString());
                }
            } else {
                linkedHashSet.add(x509Certificate4);
                arrayList.add(new Boolean(false));
            }
        }
        return new Object[]{CertificateFactory.getInstance(com.a.b.e, "BC").generateCertPath(new ArrayList(linkedHashSet)), arrayList};
    }

    public CertStore a() {
        return this.g;
    }

    protected void a(PKIXParameters pKIXParameters) {
        PKIXParameters pKIXParameters2 = (PKIXParameters) pKIXParameters.clone();
        pKIXParameters2.addCertStore(this.g);
        for (ch chVar : this.h.b()) {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            X509Certificate x509Certificate = null;
            try {
                Iterator it = a(pKIXParameters2.getCertStores(), chVar.c()).iterator();
                x509Certificate = it.hasNext() ? (X509Certificate) it.next() : null;
            } catch (CertStoreException e2) {
                arrayList.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.exceptionRetrievingSignerCert", new Object[]{e2.getMessage(), e2, e2.getClass().getName()}));
            }
            if (x509Certificate != null) {
                boolean z = false;
                try {
                    z = chVar.a(x509Certificate.getPublicKey(), "BC");
                    if (!z) {
                        arrayList.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.signatureNotVerified"));
                    }
                } catch (Exception e3) {
                    arrayList.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.exceptionVerifyingSignature", new Object[]{e3.getMessage(), e3, e3.getClass().getName()}));
                }
                a(x509Certificate, arrayList, arrayList2);
                b k = chVar.k();
                if (k != null && k.a((org.bouncycastle.asn1.bk) s.aG) != null) {
                    arrayList2.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.signedReceiptRequest"));
                }
                Date a2 = a(chVar);
                if (a2 == null) {
                    arrayList.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.noSigningTime"));
                    a2 = new Date();
                } else {
                    try {
                        x509Certificate.checkValidity(a2);
                    } catch (CertificateExpiredException e4) {
                        arrayList.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.certExpired", new Object[]{new d(a2), new d(x509Certificate.getNotAfter())}));
                    } catch (CertificateNotYetValidException e5) {
                        arrayList.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.certNotYetValid", new Object[]{new d(a2), new d(x509Certificate.getNotBefore())}));
                    }
                }
                pKIXParameters2.setDate(a2);
                try {
                    ArrayList arrayList3 = new ArrayList();
                    arrayList3.add(this.g);
                    Object[] a3 = a(x509Certificate, pKIXParameters2.getTrustAnchors(), pKIXParameters.getCertStores(), arrayList3);
                    CertPath certPath = (CertPath) a3[0];
                    List list = (List) a3[1];
                    try {
                        f fVar = (f) this.k.newInstance();
                        fVar.a(certPath, pKIXParameters2);
                        if (!fVar.h()) {
                            arrayList.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.certPathInvalid"));
                        }
                        this.i.put(chVar, new C0068a(fVar, z, arrayList, arrayList2, list));
                    } catch (IllegalAccessException e6) {
                        throw new IllegalArgumentException("Cannot instantiate object of type " + this.k.getName() + ": " + e6.getMessage());
                    } catch (InstantiationException e7) {
                        throw new IllegalArgumentException("Cannot instantiate object of type " + this.k.getName() + ": " + e7.getMessage());
                    }
                } catch (GeneralSecurityException e8) {
                    arrayList.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.exceptionCreateCertPath", new Object[]{e8.getMessage(), e8, e8.getClass().getName()}));
                    this.i.put(chVar, new C0068a(null, z, arrayList, arrayList2, null));
                } catch (CertPathReviewerException e9) {
                    arrayList.add(e9.getErrorMessage());
                    this.i.put(chVar, new C0068a(null, z, arrayList, arrayList2, null));
                }
            } else {
                arrayList.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.noSignerCert"));
                this.i.put(chVar, new C0068a(null, false, arrayList, arrayList2, null));
            }
        }
    }

    protected void a(X509Certificate x509Certificate, List list, List list2) {
        boolean z;
        PublicKey publicKey = x509Certificate.getPublicKey();
        int bitLength = publicKey instanceof RSAPublicKey ? ((RSAPublicKey) publicKey).getModulus().bitLength() : publicKey instanceof DSAPublicKey ? ((DSAPublicKey) publicKey).getParams().getP().bitLength() : -1;
        if (bitLength != -1 && bitLength <= 512) {
            list2.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.shortSigningKey", new Object[]{new Integer(bitLength)}));
        }
        if (x509Certificate.getNotAfter().getTime() - x509Certificate.getNotBefore().getTime() > f) {
            list2.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.longValidity", new Object[]{new d(x509Certificate.getNotBefore()), new d(x509Certificate.getNotAfter())}));
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && !keyUsage[0] && !keyUsage[1]) {
            list.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.signingNotPermitted"));
        }
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(c);
            if (extensionValue != null) {
                w a2 = w.a(a(extensionValue));
                if (!a2.a(ae.d) && !a2.a(ae.H)) {
                    list.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.extKeyUsageNotPermitted"));
                }
            }
        } catch (Exception e2) {
            list.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.extKeyUsageError", new Object[]{e2.getMessage(), e2, e2.getClass().getName()}));
        }
        try {
            Set a3 = a(x509Certificate);
            if (a3.isEmpty()) {
                list.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.noEmailInCert"));
                return;
            }
            int i = 0;
            while (true) {
                if (i >= this.j.length) {
                    z = false;
                    break;
                } else {
                    if (a3.contains(this.j[i].toLowerCase())) {
                        z = true;
                        break;
                    }
                    i++;
                }
            }
            if (z) {
                return;
            }
            list.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.emailFromCertMismatch", new Object[]{new e(a(this.j)), new e(a3)}));
        } catch (Exception e3) {
            list.add(new org.bouncycastle.i18n.a(a, "SignedMailValidator.certGetEmailError", new Object[]{e3.getMessage(), e3, e3.getClass().getName()}));
        }
    }

    public ci b() {
        return this.h;
    }

    public C0068a b(ch chVar) throws SignedMailValidatorException {
        if (this.h.b(chVar.c()).isEmpty()) {
            throw new SignedMailValidatorException(new org.bouncycastle.i18n.a(a, "SignedMailValidator.wrongSigner"));
        }
        return (C0068a) this.i.get(chVar);
    }
}
