package at.rundquadrat.android.r2mail2.tasks;

import android.content.Context;
import android.os.AsyncTask;
import android.preference.PreferenceManager;
import at.rundquadrat.android.r2mail2.CallbackHandler;
import at.rundquadrat.android.r2mail2.CertCrlOcspDownloader;
import at.rundquadrat.android.r2mail2.Constants;
import at.rundquadrat.android.r2mail2.FileLogger;
import at.rundquadrat.android.r2mail2.FullX509Certificate;
import at.rundquadrat.android.r2mail2.R;
import at.rundquadrat.android.r2mail2.R2Mail2;
import at.rundquadrat.android.r2mail2.ValidationResult;
import at.rundquadrat.android.r2mail2.provider.X509Database;
import at.rundquadrat.javax.naming.NamingException;
import java.io.IOException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Iterator;

/* loaded from: classes.dex */
public class CertificateValidatorTask extends AsyncTask<FullX509Certificate, String, ValidationResult.CertificateValidationResult> {
    private boolean chkCRL;
    private boolean chkOCSP;
    private Context context;
    private X509Database db;
    private boolean downloadIssuer;
    private CallbackHandler handler;
    private boolean includeSystemRoots;
    private FileLogger log = new FileLogger();

    public CertificateValidatorTask(Context context, boolean z, boolean z2, boolean z3, boolean z4, CallbackHandler callbackHandler) {
        this.db = R2Mail2.getCertDb(context);
        this.chkOCSP = z;
        this.chkCRL = z2;
        this.downloadIssuer = z3;
        this.includeSystemRoots = z4;
        this.handler = callbackHandler;
        this.context = context;
    }

    private ArrayList<FullX509Certificate> sortChain(ArrayList<FullX509Certificate> arrayList) {
        ArrayList<FullX509Certificate> arrayList2 = new ArrayList<>();
        for (int i = 0; i < arrayList.size(); i++) {
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                FullX509Certificate fullX509Certificate = arrayList.get(i2);
                if (fullX509Certificate.isSelfSigned()) {
                    arrayList.remove(fullX509Certificate);
                } else if (!fullX509Certificate.isCA() && arrayList2.isEmpty()) {
                    arrayList2.add(fullX509Certificate);
                    arrayList.remove(fullX509Certificate);
                } else if (!arrayList2.isEmpty() && arrayList2.get(arrayList2.size() - 1).isSigneBy(fullX509Certificate)) {
                    arrayList2.add(fullX509Certificate);
                    arrayList.remove(fullX509Certificate);
                }
            }
        }
        return arrayList2;
    }

    private ValidationResult.CertificateValidationResult validate(ArrayList<FullX509Certificate> arrayList) throws CertificateException {
        ValidationResult.CertificateValidationResult certificateValidationResult = new ValidationResult.CertificateValidationResult();
        if (arrayList.isEmpty()) {
            throw new CertificateException(this.context.getString(R.string.certvalidator_no_cert));
        }
        if (arrayList.size() == 1 && arrayList.get(0).isSelfSigned()) {
            FullX509Certificate fullX509Certificate = arrayList.get(0);
            if (fullX509Certificate.isValid()) {
                certificateValidationResult.certValid = true;
                if (this.db.isCertInStore(fullX509Certificate)) {
                    certificateValidationResult.chainValid = true;
                } else {
                    certificateValidationResult.chainValid = false;
                    certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_selfsigned_not_trusted));
                }
            } else {
                certificateValidationResult.certValid = false;
                certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_outdated));
            }
        } else {
            ArrayList<FullX509Certificate> sortChain = sortChain(arrayList);
            if (sortChain.isEmpty()) {
                certificateValidationResult.certValid = false;
                certificateValidationResult.chainValid = false;
                certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_error_building_certchain));
            } else {
                FullX509Certificate fullX509Certificate2 = sortChain.get(0);
                ArrayList<FullX509Certificate> chain = this.db.getChain(sortChain, this.downloadIssuer, this.includeSystemRoots);
                certificateValidationResult.sortedChain = chain;
                if (chain.isEmpty() || !chain.get(chain.size() - 1).isSelfSigned()) {
                    certificateValidationResult.certValid = false;
                    certificateValidationResult.chainValid = false;
                    certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_no_trusted_root));
                } else {
                    certificateValidationResult.chainValid = true;
                    if (fullX509Certificate2.isValid()) {
                        certificateValidationResult.certValid = true;
                        if (this.chkOCSP) {
                            Iterator<String> it = fullX509Certificate2.getOCSP().iterator();
                            while (it.hasNext()) {
                                try {
                                    switch (CertCrlOcspDownloader.checkOCSP(fullX509Certificate2.getSerialNumber(), it.next(), chain.get(1))) {
                                        case -1:
                                            certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_ocsp_error));
                                            certificateValidationResult.revocationCheckDone = true;
                                            certificateValidationResult.certValid = false;
                                            break;
                                        case 1:
                                            certificateValidationResult.revocationCheckDone = true;
                                            certificateValidationResult.certValid = true;
                                            break;
                                        case 2:
                                            certificateValidationResult.revocationCheckDone = true;
                                            certificateValidationResult.certValid = false;
                                            certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_ocsp_revoked));
                                            break;
                                    }
                                } catch (Exception e) {
                                    certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_ocsp_error_exception, e.getMessage()));
                                    this.log.e("Error during OCSP Request: " + e.getMessage(), e.getStackTrace());
                                }
                            }
                        }
                        if (this.chkCRL) {
                            for (String str : fullX509Certificate2.getCRLDistributionPoints()) {
                                try {
                                    X509CRL crl = this.db.getCrl(str);
                                    if (crl == null) {
                                        crl = CertCrlOcspDownloader.downloadCRL(str);
                                        this.db.storeCRL(crl, str);
                                    }
                                    if (crl != null) {
                                        certificateValidationResult.revocationCheckDone = true;
                                        try {
                                            crl.verify(chain.get(1).getPublicKey());
                                            if (crl.getThisUpdate().before(Calendar.getInstance().getTime()) && crl.getNextUpdate().after(Calendar.getInstance().getTime())) {
                                                X509CRLEntry revokedCertificate = crl.getRevokedCertificate(fullX509Certificate2.getCertificate());
                                                if (revokedCertificate != null) {
                                                    certificateValidationResult.certValid = false;
                                                    certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_crl_revoked, new StringBuilder().append(revokedCertificate.getSerialNumber()).toString()));
                                                } else {
                                                    certificateValidationResult.certValid = true;
                                                }
                                            }
                                        } catch (Exception e2) {
                                            this.log.e("Error verifying CRL - Signature invalid!");
                                            certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_crl_signature_invalid));
                                        }
                                    } else {
                                        continue;
                                    }
                                } catch (NamingException e3) {
                                    certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_crl_downloaderror, str));
                                    this.log.e("Error downloading CRL: " + e3.getMessage());
                                } catch (IOException e4) {
                                    certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_crl_downloaderror, str));
                                    this.log.e("Error downloading CRL: " + e4.getMessage());
                                } catch (CRLException e5) {
                                    certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_crl_downloaderror, str));
                                    this.log.e("Error downloading CRL: " + e5.getMessage());
                                }
                            }
                        }
                    } else {
                        certificateValidationResult.certValid = false;
                        certificateValidationResult.errors.add(this.context.getString(R.string.certvalidator_outdated));
                    }
                }
            }
        }
        return certificateValidationResult;
    }

    public static ValidationResult.CertificateValidationResult validateCert(Context context, FullX509Certificate fullX509Certificate) throws CertificateException {
        if (fullX509Certificate == null) {
            return null;
        }
        String string = PreferenceManager.getDefaultSharedPreferences(context).getString(Constants.PREFS_KEY_REVOCE_ORDER, "");
        boolean z = PreferenceManager.getDefaultSharedPreferences(context).getBoolean(Constants.PREFS_KEY_DOWNLAOD_CERTS, true);
        boolean z2 = PreferenceManager.getDefaultSharedPreferences(context).getBoolean(Constants.PREFS_KEY_USESYSTEM_ROOT, true);
        boolean z3 = true;
        boolean z4 = true;
        String[] stringArray = context.getResources().getStringArray(R.array.revocationOrder);
        if (string.equalsIgnoreCase(stringArray[1])) {
            z4 = false;
        } else if (string.equalsIgnoreCase(stringArray[2])) {
            z3 = false;
        } else if (string.equalsIgnoreCase(stringArray[3])) {
            z4 = false;
            z3 = false;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(fullX509Certificate);
        return validateCert(context, z4, z3, z, z2, arrayList);
    }

    public static ValidationResult.CertificateValidationResult validateCert(Context context, boolean z, boolean z2, boolean z3, boolean z4, ArrayList<FullX509Certificate> arrayList) throws CertificateException {
        return new CertificateValidatorTask(context, z, z2, z3, z4, null).validate(arrayList);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // android.os.AsyncTask
    public ValidationResult.CertificateValidationResult doInBackground(FullX509Certificate... fullX509CertificateArr) {
        try {
            if (fullX509CertificateArr.length < 1) {
                return null;
            }
            ArrayList<FullX509Certificate> arrayList = new ArrayList<>();
            arrayList.add(fullX509CertificateArr[0]);
            return validate(arrayList);
        } catch (CertificateException e) {
            return null;
        }
    }

    protected void finalize() throws Throwable {
        super.finalize();
        if (this.db != null) {
            R2Mail2.closeCertDb();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // android.os.AsyncTask
    public void onPostExecute(ValidationResult.CertificateValidationResult certificateValidationResult) {
        if (this.handler != null) {
            this.handler.hideProgressBar();
            if (certificateValidationResult == null) {
                return;
            }
            if (certificateValidationResult.certValid) {
                this.handler.showError(this.context.getString(R.string.certvalidator_cert_valid));
                return;
            }
            StringBuffer stringBuffer = new StringBuffer();
            Iterator<String> it = certificateValidationResult.errors.iterator();
            while (it.hasNext()) {
                stringBuffer.append("* " + it.next() + "\n");
            }
            this.handler.showError(this.context.getString(R.string.certvalidator_cert_invalid, stringBuffer.toString().trim()));
        }
    }

    @Override // android.os.AsyncTask
    protected void onPreExecute() {
        super.onPreExecute();
        if (this.handler != null) {
            this.handler.showProgressBar("Validating certificate ...");
        }
    }
}
