package org.kman.AquaMail.cert.smime;

import androidx.compose.runtime.internal.q;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.jvm.internal.k0;
import kotlin.jvm.internal.q1;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;

@q(parameters = 0)
@q1({"SMAP\nSMimeCustomCertChainValidator.kt\nKotlin\n*S Kotlin\n*F\n+ 1 SMimeCustomCertChainValidator.kt\norg/kman/AquaMail/cert/smime/SMimeCustomCertChainValidator\n+ 2 ArraysJVM.kt\nkotlin/collections/ArraysKt__ArraysJVMKt\n*L\n1#1,84:1\n37#2,2:85\n*S KotlinDebug\n*F\n+ 1 SMimeCustomCertChainValidator.kt\norg/kman/AquaMail/cert/smime/SMimeCustomCertChainValidator\n*L\n26#1:85,2\n*E\n"})
/* loaded from: classes5.dex */
public final class n implements f {
    public static final int $stable = 0;

    @Override // org.kman.AquaMail.cert.smime.f
    public int a(@q7.l d smimeCertChain) {
        k0.p(smimeCertChain, "smimeCertChain");
        t7.d d9 = smimeCertChain.d();
        if (d9 == null || d9.isEmpty()) {
            return org.kman.AquaMail.mail.smime.a.ERROR_SIGNATURE_NO_CERT_CHAIN;
        }
        X509Certificate p9 = k.f51851a.p(d9, smimeCertChain);
        if (p9 == null) {
            return org.kman.AquaMail.mail.smime.a.ERROR_SIGNATURE_NO_SMIME_CERT;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        X509Certificate[] x509CertificateArr = (X509Certificate[]) d9.toArray(new X509Certificate[0]);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        k0.o(trustManagers, "getTrustManagers(...)");
        for (TrustManager trustManager : trustManagers) {
            if (trustManager instanceof X509TrustManager) {
                try {
                    X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
                    k0.m(acceptedIssuers);
                    if (d(p9, x509CertificateArr, acceptedIssuers)) {
                        return 0;
                    }
                } catch (Exception e9) {
                    org.kman.Compat.util.j.k("S/MIME", "Certificate not trusted " + e9.getMessage());
                }
            }
        }
        return org.kman.AquaMail.mail.smime.a.ERROR_SIGNATURE_UNTRUSTED_CERT;
    }

    @q7.m
    public final X509Certificate b(@q7.l X500Name cn, @q7.l X509Certificate[] store) {
        k0.p(cn, "cn");
        k0.p(store, "store");
        for (X509Certificate x509Certificate : store) {
            if (k0.g(cn, new JcaX509CertificateHolder(x509Certificate).getSubject())) {
                return x509Certificate;
            }
        }
        return null;
    }

    public final boolean c(@q7.l X509Certificate cert, @q7.l X509Certificate signer) {
        k0.p(cert, "cert");
        k0.p(signer, "signer");
        try {
            cert.verify(signer.getPublicKey());
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    public final boolean d(@q7.l X509Certificate cert, @q7.l X509Certificate[] certChain, @q7.l X509Certificate[] trusted) {
        k0.p(cert, "cert");
        k0.p(certChain, "certChain");
        k0.p(trusted, "trusted");
        cert.checkValidity();
        X500Name issuer = new JcaX509CertificateHolder(cert).getIssuer();
        k0.m(issuer);
        X509Certificate b9 = b(issuer, trusted);
        if (b9 != null && c(cert, b9)) {
            return true;
        }
        X509Certificate b10 = b(issuer, certChain);
        if (b10 == null || !c(cert, b10)) {
            return false;
        }
        return d(b10, certChain, trusted);
    }
}
