package com.blackberry.security.secureemail.provider.a;

import android.content.ContentUris;
import android.content.Context;
import android.database.Cursor;
import android.net.Uri;
import android.os.Handler;
import com.blackberry.common.utils.o;
import com.blackberry.email.service.AttachmentDownloadService;
import com.blackberry.message.service.MessageAttachmentValue;
import com.blackberry.message.service.MessageValue;
import com.blackberry.o.g;
import com.blackberry.security.a.a;
import com.blackberry.security.secureemail.client.d.a;
import com.blackberry.security.secureemail.client.message.service.e;
import com.blackberry.security.secureemail.client.message.service.f;
import com.blackberry.security.secureemail.constants.Encoding;
import com.blackberry.security.secureemail.constants.EncodingAction;
import com.blackberry.security.secureemail.constants.EncodingType;
import com.blackberry.security.secureemail.constants.HashAlgorithm;
import com.blackberry.security.secureemail.constants.SignatureStatus;
import com.blackberry.security.secureemail.processors.SecureEmailProcessor;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;

/* compiled from: AbstractSecureMessageDecoder.java */
/* loaded from: classes.dex */
public abstract class a {
    protected final MessageValue cnq;
    protected e cnr;
    protected com.blackberry.security.secureemail.client.message.service.b cns;
    protected final SecureEmailProcessor cnt;
    protected Uri cnu;
    protected final a.l cnv;
    protected final Context mContext;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: AbstractSecureMessageDecoder.java */
    /* renamed from: com.blackberry.security.secureemail.provider.a.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public final class C0182a extends com.blackberry.message.e.b {
        private final CountDownLatch mLatch;

        C0182a(Context context, MessageAttachmentValue messageAttachmentValue, Handler handler) {
            super(context, messageAttachmentValue, null, null);
            this.mLatch = new CountDownLatch(1);
        }

        @Override // com.blackberry.message.e.b
        public void MX() {
            this.mLatch.countDown();
        }

        @Override // com.blackberry.message.e.b
        public void bh(int i, int i2) {
            if (i2 != 1) {
                if (i2 != 3) {
                    return;
                }
                this.mLatch.countDown();
            } else {
                o.e("SecureEmail", "Failed to download attachment: " + this.bWk.Bi, new Object[0]);
                this.mLatch.countDown();
            }
        }

        public boolean bq(long j) {
            o.b("SecureEmail", "waitForResult: " + this.bWk.Bi, new Object[0]);
            return this.mLatch.await(120000L, TimeUnit.MILLISECONDS);
        }

        public int getState() {
            return this.bWk.sX;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:25:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:8:0x00e4  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public a(com.blackberry.message.service.MessageValue r8, android.content.Context r9, com.blackberry.security.secureemail.constants.EncodingType r10, com.blackberry.security.secureemail.client.d.a.l r11) {
        /*
            Method dump skipped, instructions count: 272
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.blackberry.security.secureemail.provider.a.a.<init>(com.blackberry.message.service.MessageValue, android.content.Context, com.blackberry.security.secureemail.constants.EncodingType, com.blackberry.security.secureemail.client.d.a$l):void");
    }

    public static a a(long j, Context context) {
        Cursor query = context.getContentResolver().query(ContentUris.withAppendedId(g.i.CONTENT_URI, j), g.i.DEFAULT_PROJECTION, null, null, null);
        if (query == null || !query.moveToFirst()) {
            if (query != null) {
                query.close();
            }
            o.e("SecureEmail", "Failed to create secure decoder: No secure message data for message id " + j, new Object[0]);
            return null;
        }
        MessageValue messageValue = new MessageValue(query);
        query.close();
        try {
            a.l ib = a.l.ib(com.blackberry.security.secureemail.client.d.a.a.av(context, j));
            if (!com.blackberry.email.c.a.cg(context)) {
                o.c("SecureEmail", "created NullDecoder - secure email not enabled on device.", new Object[0]);
                return new c(messageValue, context, ib);
            }
            if (!com.blackberry.email.c.a.Gf()) {
                o.c("SecureEmail", "created NullDecoder - secure email not supported on processor", new Object[0]);
                return new c(messageValue, context, ib);
            }
            switch (ib) {
                case SMIME_CLEAR_SIGNED:
                    o.c("SecureEmail", "created SmimeClearSignedDecoder.", new Object[0]);
                    return new com.blackberry.security.secureemail.provider.b.b(messageValue, context, ib);
                case SMIME_ENCRYPTED:
                case SMIME_OPAQUE_SIGNED:
                case SMIME_RECEIPT:
                    o.c("SecureEmail", "created SmimeDecoder.", new Object[0]);
                    return new com.blackberry.security.secureemail.provider.b.c(messageValue, context, ib);
                case PGP_CLEAR_SIGNED:
                    o.c("SecureEmail", "created NullDecoder - PGP clear signed not supported.", new Object[0]);
                    return new c(messageValue, context, ib);
                default:
                    o.e("SecureEmail", "Can't create decoder for messageType %d", Integer.valueOf(ib.getValue()));
                    return null;
            }
        } catch (IllegalArgumentException e) {
            o.e("SecureEmail", "Failed to create secure decoder: " + e.getMessage(), new Object[0]);
            return null;
        }
    }

    private static boolean c(byte[] bArr, byte[] bArr2) {
        if (bArr != null && bArr2 != null && bArr.length == bArr2.length) {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                if (((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr))).getSerialNumber().equals(((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr2))).getSerialNumber())) {
                    return true;
                }
            } catch (CertificateException e) {
                o.e("SecureEmail", e, "Exception in isEncryptionCertificateData", new Object[0]);
            }
        }
        return false;
    }

    public static ByteArrayInputStream l(InputStream inputStream) {
        byte[] bArr = new byte[16384];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private byte[] p(byte[] bArr) {
        ArrayList<byte[]> arrayList = new ArrayList<>();
        this.cnt.getSignerCmsCertificate(arrayList);
        if (arrayList.size() > 0) {
            o.b("SecureEmail", "Checking " + arrayList.size() + " certificates", new Object[0]);
            Iterator<byte[]> it = arrayList.iterator();
            while (it.hasNext()) {
                byte[] next = it.next();
                if (!c(next, bArr) && q(next)) {
                    return next;
                }
            }
        }
        if (!q(bArr)) {
            return null;
        }
        o.b("SecureEmail", "Signing cert can be used to encrypt", new Object[0]);
        return bArr;
    }

    private static boolean q(byte[] bArr) {
        Object[] objArr = new Object[1];
        objArr[0] = Integer.valueOf(bArr == null ? -1 : bArr.length);
        o.b("SecureEmail", "isEncryptionCertificateData %d tytes", objArr);
        if (bArr == null || bArr.length == 0) {
            return false;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            boolean[] keyUsage = x509Certificate.getKeyUsage();
            o.b("SecureEmail", "Certificate(%s) Expire: %s\n", x509Certificate.getSerialNumber().toString(16), x509Certificate.getNotAfter().toString());
            if (keyUsage != null && keyUsage.length > 2) {
                if (keyUsage[2]) {
                    return true;
                }
            }
        } catch (CertificateException e) {
            o.e("SecureEmail", e, "Exception in isEncryptionCertificateData", new Object[0]);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void RI() {
        this.cns.clc = this.cnt.getSignerEmailAddress();
        this.cns.ckW = this.cnt.getSignatureStatus().value();
        this.cns.ckS = this.cnt.getSignatureAlgorithmType().value();
        this.cns.ckT = this.cnt.getHashType().value();
        if (this.cns.ckT == HashAlgorithm.SHA1.value() && com.blackberry.email.c.a.Gg()) {
            com.blackberry.security.a.a.a(a.EnumC0166a.FAILURE, a.b.WARNING, "smime", "decode", "weak hash algorithm: SHA1");
        }
        this.cns.ckU = this.cnt.getContentCipher().value();
        this.cns.ckV = this.cnt.getKeyExchangeAlgorithm().value();
        EncodingAction encoding = this.cnt.getEncoding();
        int value = encoding.value();
        if (value != EncodingAction.NONE.value()) {
            if ((this.cns.ckO == Encoding.SMIME_ENCRYPT.value() && value == EncodingAction.SIGN.value()) || (this.cns.ckO == Encoding.SMIME_SIGN.value() && value == EncodingAction.ENCRYPT.value())) {
                encoding = EncodingAction.SIGN_ENCRYPT;
            }
            this.cns.ckO = Encoding.valueOf(EncodingType.SMIME, encoding).value();
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.cnt.getSignerCertificate(byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        this.cns.a(byteArray, p(byteArray));
    }

    public Uri RJ() {
        String str;
        try {
            Object[] objArr = new Object[2];
            objArr[0] = Long.valueOf(this.cnq.Bi);
            switch (this.cnv) {
                case SMIME_CLEAR_SIGNED:
                    str = "CS";
                    break;
                case SMIME_ENCRYPTED:
                    str = "*E";
                    break;
                case SMIME_OPAQUE_SIGNED:
                    str = "OS";
                    break;
                case SMIME_RECEIPT:
                    str = "R";
                    break;
                case PGP_CLEAR_SIGNED:
                    str = "PGP";
                    break;
                default:
                    str = "unknown";
                    break;
            }
            objArr[1] = str;
            o.c("SecureEmail", "decode smime %d %s", objArr);
            Uri RL = RL();
            if (RL == null) {
                o.e("SecureEmail", "failed to get uri from decode()", new Object[0]);
            }
            return RL;
        } finally {
            this.cnt.close();
        }
    }

    public com.blackberry.security.secureemail.client.message.service.b RK() {
        return this.cns;
    }

    protected abstract Uri RL();

    /* JADX INFO: Access modifiers changed from: protected */
    public void RM() {
        new b(this.cnq, this.mContext).bm(5000, 120000);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int a(ByteArrayInputStream byteArrayInputStream, ByteArrayInputStream byteArrayInputStream2) {
        this.cnt.setClearSigned(true, byteArrayInputStream);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int decodeMessage = this.cnt.decodeMessage(byteArrayInputStream2, byteArrayOutputStream);
        if (decodeMessage != 0 && com.blackberry.email.c.a.Gg()) {
            com.blackberry.security.a.a.a(a.EnumC0166a.FAILURE, a.b.WARNING, "smime", "decode", this.cnt.errorCodeToString(decodeMessage));
        }
        RI();
        if (byteArrayOutputStream.size() == 0) {
            return decodeMessage;
        }
        int value = f.GENERAL_FAILURE.value();
        this.cns.ckW = SignatureStatus.VERIFY_FAILURE.value();
        return value;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean a(MessageAttachmentValue messageAttachmentValue, long j) {
        C0182a c0182a = new C0182a(this.mContext, messageAttachmentValue, null);
        boolean z = false;
        if (c0182a.MV()) {
            AttachmentDownloadService.c(this.mContext, messageAttachmentValue.Bi, 2);
            try {
                try {
                    if (c0182a.bq(120000L)) {
                        if (c0182a.getState() == 3) {
                            z = true;
                        }
                    }
                } catch (InterruptedException e) {
                    o.e("SecureEmail", e, "Download attachment failed", new Object[0]);
                }
            } finally {
                c0182a.MW();
            }
        } else {
            o.e("SecureEmail", "Unable to observe attachment", new Object[0]);
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Uri ic(int i) {
        return p(i, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Uri p(int i, String str) {
        com.blackberry.security.secureemail.client.message.service.b bVar = this.cns;
        bVar.ckP = i;
        bVar.ckQ = str;
        if (bVar.Bi >= 0) {
            Uri withAppendedId = ContentUris.withAppendedId(a.c.CONTENT_URI, this.cns.Bi);
            if (this.mContext.getContentResolver().update(withAppendedId, this.cns.aP(true), null, null) >= 1) {
                o.b("SecureEmail", "Updated DecodedInfo for message " + this.cns.aAF, new Object[0]);
                return withAppendedId;
            }
            o.e("SecureEmail", "Faled up update DecodedInfo for message: " + this.cns.aAF, new Object[0]);
        }
        o.b("SecureEmail", "Creating DecodedInfo for message " + this.cns.aAF, new Object[0]);
        Uri insert = this.mContext.getContentResolver().insert(a.c.CONTENT_URI, this.cns.aP(true));
        if (insert != null) {
            this.cns.Bi = ContentUris.parseId(insert);
        }
        Object[] objArr = new Object[2];
        objArr[0] = Integer.valueOf(this.cns.ckP);
        objArr[1] = com.blackberry.security.secureemail.provider.a.a(this.cnt.getEncoding(), this.cnv == a.l.SMIME_CLEAR_SIGNED);
        o.c("SecureEmail", "decodedinfo smime %d %s", objArr);
        return insert;
    }
}
