package org.kman.AquaMail.cert.smime;

import f.e1;
import f.q2.t.i0;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.kman.AquaMail.data.MailConstants;

/* loaded from: classes3.dex */
public final class m implements e {
    @Override // org.kman.AquaMail.cert.smime.e
    public int a(@g.b.a.d c cVar) {
        i0.f(cVar, "smimeCertChain");
        org.kman.AquaMail.d.d d2 = cVar.d();
        if (d2 == null || d2.isEmpty()) {
            return org.kman.AquaMail.mail.smime.a.ERROR_SIGNATURE_NO_CERT_CHAIN;
        }
        X509Certificate a = j.f7469c.a(d2, cVar);
        if (a == null) {
            return org.kman.AquaMail.mail.smime.a.ERROR_SIGNATURE_NO_SMIME_CERT;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        Object[] array = d2.toArray(new X509Certificate[0]);
        if (array == null) {
            throw new e1("null cannot be cast to non-null type kotlin.Array<T>");
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) array;
        i0.a((Object) trustManagerFactory, "trustManagerFactory");
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                try {
                    X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
                    i0.a((Object) acceptedIssuers, MailConstants.TRUSTED._TABLE_NAME);
                    if (a(a, x509CertificateArr, acceptedIssuers)) {
                        return 0;
                    }
                } catch (Exception e2) {
                    org.kman.Compat.util.i.a("S/MIME", "Certificate not trusted " + e2.getMessage());
                }
            }
        }
        return org.kman.AquaMail.mail.smime.a.ERROR_SIGNATURE_UNTRUSTED_CERT;
    }

    @g.b.a.e
    public final X509Certificate a(@g.b.a.d X500Name x500Name, @g.b.a.d X509Certificate[] x509CertificateArr) {
        i0.f(x500Name, "cn");
        i0.f(x509CertificateArr, "store");
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (i0.a(x500Name, new JcaX509CertificateHolder(x509Certificate).getSubject())) {
                return x509Certificate;
            }
        }
        return null;
    }

    public final boolean a(@g.b.a.d X509Certificate x509Certificate, @g.b.a.d X509Certificate x509Certificate2) {
        i0.f(x509Certificate, "cert");
        i0.f(x509Certificate2, "signer");
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    public final boolean a(@g.b.a.d X509Certificate x509Certificate, @g.b.a.d X509Certificate[] x509CertificateArr, @g.b.a.d X509Certificate[] x509CertificateArr2) {
        i0.f(x509Certificate, "cert");
        i0.f(x509CertificateArr, "certChain");
        i0.f(x509CertificateArr2, MailConstants.TRUSTED._TABLE_NAME);
        x509Certificate.checkValidity();
        X500Name issuer = new JcaX509CertificateHolder(x509Certificate).getIssuer();
        i0.a((Object) issuer, "x500name");
        X509Certificate a = a(issuer, x509CertificateArr2);
        if (a != null && a(x509Certificate, a)) {
            return true;
        }
        X509Certificate a2 = a(issuer, x509CertificateArr);
        if (a2 == null || !a(x509Certificate, a2)) {
            return false;
        }
        return a(a2, x509CertificateArr, x509CertificateArr2);
    }
}
