package net.savignano.snotify.atlassian.common.security.access.smime;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Hashtable;
import java.util.Iterator;
import javax.mail.MessagingException;
import javax.mail.Session;
import javax.mail.internet.MimeMessage;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import net.savignano.snotify.atlassian.common.Constants;
import net.savignano.snotify.atlassian.common.connector.LdapConnector;
import net.savignano.snotify.atlassian.common.enums.ECryptographyType;
import net.savignano.snotify.atlassian.common.enums.EKeySource;
import net.savignano.snotify.atlassian.common.enums.EKeyValidity;
import net.savignano.snotify.atlassian.common.info.InfoData;
import net.savignano.snotify.atlassian.common.security.access.AKeyLoader;
import net.savignano.snotify.atlassian.common.security.key.publicly.SnotifySmimePublicKey;
import net.savignano.snotify.atlassian.common.util.SecurityUtil;
import net.savignano.snotify.atlassian.common.util.SmimeUtil;
import net.savignano.thirdparty.org.bouncycastle.cert.X509CertificateHolder;
import net.savignano.thirdparty.org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import net.savignano.thirdparty.org.bouncycastle.cms.CMSException;
import net.savignano.thirdparty.org.bouncycastle.cms.CMSSignedData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/atlassian/common/security/access/smime/SmimeLdapLoader.class */
public class SmimeLdapLoader extends AKeyLoader<SnotifySmimePublicKey> {
    private static final Logger log = LoggerFactory.getLogger(SmimeLdapLoader.class);
    public static final int INFO_NO_USER = 200;
    public static final int INFO_LDAP_CONNECTED = 201;
    public static final int INFO_LDAP_DISCONNECTED = 202;
    public static final int INFO_LDAP_CONNECTION_ERROR = 203;
    public static final int INFO_USER_FOUND = 204;
    public static final int INFO_USER_NOT_FOUND = 205;
    private static final String BINARY_TRANSFER = "java.naming.ldap.attributes.binary";
    private static final String USER_SMIME_CERT = "userSMIMECertificate";
    private static final String USER_CERT = "userCertificate";
    private final LdapConnector connector;
    private String userName;
    private String email;
    private boolean searchCert;
    private boolean searchSmime;
    private boolean expectP7b;

    public SmimeLdapLoader(LdapConnector ldapConnector) {
        this(ldapConnector, null);
    }

    public SmimeLdapLoader(LdapConnector ldapConnector, String str) {
        this.searchCert = true;
        this.searchSmime = true;
        this.connector = ldapConnector;
        this.userName = str;
        if (ldapConnector == null) {
            throw new IllegalArgumentException("LDAP connector must not be null.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // net.savignano.snotify.atlassian.common.security.access.AKeyLoader
    public SnotifySmimePublicKey loadInternalKey() throws Exception {
        if (getUserName() == null) {
            log.warn("No user name given to look up S/MIME certificate for in LDAP.");
            getInfoDataManager().send(new InfoData(200, new Object[0]));
            return getValidityKey(EKeyValidity.ERROR);
        }
        log.info("Looking up S/MIME certificate for user {} in LDAP.", getUserName());
        SnotifySmimePublicKey snotifySmimePublicKey = new SnotifySmimePublicKey(EKeyValidity.NOT_FOUND, getKeySource());
        try {
            try {
                log.debug("Connecting to LDAP server: {}", this.connector.getLdapUrl());
                this.connector.connect(createEnvironment());
                getInfoDataManager().send(new InfoData(201, this.connector.getLdapUrl()));
                try {
                    Attributes certAttributes = getCertAttributes(this.connector.getContext());
                    if (certAttributes != null) {
                        Attribute attribute = null;
                        Attribute attribute2 = null;
                        NamingEnumeration iDs = certAttributes.getIDs();
                        while (iDs.hasMoreElements()) {
                            String str = (String) iDs.nextElement();
                            log.trace("Attribute ID: {}", str);
                            if (str.startsWith(USER_CERT)) {
                                attribute2 = certAttributes.get(str);
                            } else if (str.startsWith(USER_SMIME_CERT)) {
                                attribute = certAttributes.get(str);
                            }
                        }
                        snotifySmimePublicKey = getPublicKey(attribute, attribute2, snotifySmimePublicKey);
                    }
                    log.debug("Disconnecting from LDAP server.");
                    getInfoDataManager().send(new InfoData(202, this.connector.getLdapUrl()));
                    this.connector.disconnect();
                    log.info("S/MIME certificate for user {} in LDAP is: {}", getUserName(), snotifySmimePublicKey.getKeyValidity());
                    return snotifySmimePublicKey;
                } catch (NamingException e) {
                    throw new Exception("Error retrieving S/MIME certificate for user " + getUserName() + " in LDAP. Error message: " + e.getMessage(), e);
                }
            } catch (Exception e2) {
                log.error("Could not connect to ldap at " + this.connector.getLdapUrl() + " because of exception. Error message: " + e2.getMessage(), e2);
                getInfoDataManager().send(new InfoData(203, this.connector.getLdapUrl(), e2));
                SnotifySmimePublicKey validityKey = getValidityKey(EKeyValidity.ERROR);
                log.debug("Disconnecting from LDAP server.");
                getInfoDataManager().send(new InfoData(202, this.connector.getLdapUrl()));
                this.connector.disconnect();
                return validityKey;
            }
        } catch (Throwable th) {
            log.debug("Disconnecting from LDAP server.");
            getInfoDataManager().send(new InfoData(202, this.connector.getLdapUrl()));
            this.connector.disconnect();
            throw th;
        }
    }

    private Hashtable<String, String> createEnvironment() {
        Hashtable<String, String> hashtable = new Hashtable<>();
        hashtable.put(BINARY_TRANSFER, USER_CERT);
        hashtable.put(BINARY_TRANSFER, USER_SMIME_CERT);
        return hashtable;
    }

    private Attributes getCertAttributes(DirContext dirContext) throws NamingException {
        String str = "(" + (this.connector.getUserNameKey() + "=" + getUserName()) + ")";
        if (this.connector.getFilter() != null) {
            str = "(&" + str + this.connector.getFilter() + ")";
        }
        log.debug("Used filter: {}", str);
        NamingEnumeration search = dirContext.search(this.connector.getUserBase(), str, new SearchControls(2, 1L, 10000, getFieldParameter(), false, false));
        if (!search.hasMore()) {
            getInfoDataManager().send(new InfoData(205, getUserName()));
            throw new NamingException("Could not find user " + getUserName() + " in LDAP. Search query: " + this.connector.getUserBase() + " " + str);
        }
        SearchResult searchResult = (SearchResult) search.next();
        log.debug("Found user information at DN: {}", searchResult.getNameInNamespace());
        getInfoDataManager().send(new InfoData(204, getUserName()));
        return searchResult.getAttributes();
    }

    private SnotifySmimePublicKey getPublicKey(Attribute attribute, Attribute attribute2, SnotifySmimePublicKey snotifySmimePublicKey) throws NamingException {
        SnotifySmimePublicKey snotifySmimePublicKey2 = snotifySmimePublicKey;
        if (isSearchSmime()) {
            snotifySmimePublicKey2 = getKeyFromUserSmimeCert(attribute);
        }
        if (isSearchCert() && snotifySmimePublicKey.getKeyValidity() != EKeyValidity.VALID) {
            SnotifySmimePublicKey keyFromUserCert = getKeyFromUserCert(attribute2);
            if (keyFromUserCert.getKeyValidity().ordinal() < snotifySmimePublicKey.getKeyValidity().ordinal()) {
                snotifySmimePublicKey2 = keyFromUserCert;
            }
        }
        return snotifySmimePublicKey2;
    }

    private String[] getFieldParameter() {
        log.debug("Querying field {}: {}", USER_CERT, Boolean.valueOf(isSearchCert()));
        log.debug("Querying field {}: {}", USER_SMIME_CERT, Boolean.valueOf(isSearchSmime()));
        return isSearchCert() ? isSearchSmime() ? new String[]{USER_CERT, USER_SMIME_CERT} : new String[]{USER_CERT} : isSearchSmime() ? new String[]{USER_SMIME_CERT} : new String[0];
    }

    private SnotifySmimePublicKey getKeyFromUserSmimeCert(Attribute attribute) throws NamingException {
        InputStream inputStream;
        if (attribute == null || attribute.get() == null) {
            log.debug("No data stored in {} attribute.", USER_SMIME_CERT);
            return getValidityKey(EKeyValidity.NOT_FOUND);
        }
        log.debug("Retrieving data from {} attribute.", USER_SMIME_CERT);
        byte[] asBytes = asBytes(attribute.get());
        if (asBytes == null) {
            log.warn("Wrong data format in {} attribute for user {} in LDAP. Expected String or bytes, but found: {}", new String[]{USER_SMIME_CERT, getUserName(), attribute.get().getClass().getName()});
            return getValidityKey(EKeyValidity.ERROR);
        }
        if (isExpectP7b()) {
            log.debug("Expecting p7b format.");
            inputStream = new ByteArrayInputStream(asBytes);
        } else {
            log.debug("Expecting p7m format.");
            try {
                inputStream = new MimeMessage((Session) null, new ByteArrayInputStream(asBytes)).getInputStream();
            } catch (IOException | MessagingException e) {
                log.warn("Error loading S/MIME certificate for user " + getUserName() + " in LDAP. It appears that the stored content is not a properly formatted MIME message. Error message: " + e.getMessage(), e);
                return getValidityKey(EKeyValidity.ERROR);
            }
        }
        log.debug("Email address to look for: <{}>", getEmail());
        JcaX509CertificateConverter provider = new JcaX509CertificateConverter().setProvider(SecurityUtil.getProvider());
        try {
            try {
                Collection<X509CertificateHolder> matches = new CMSSignedData(inputStream).getCertificates().getMatches(null);
                log.debug("Found {} certificate(s).", Integer.valueOf(matches.size()));
                if (matches.size() == 1) {
                    X509Certificate certificate = provider.getCertificate(matches.iterator().next());
                    log.trace("Used certificate: {}", certificate);
                    SnotifySmimePublicKey snotifySmimePublicKey = new SnotifySmimePublicKey(certificate, getEmail());
                    snotifySmimePublicKey.setKeySource(getKeySource());
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        log.error(e2.getMessage(), e2);
                    }
                    return snotifySmimePublicKey;
                }
                if (getEmail() != null) {
                    Iterator<X509CertificateHolder> it = matches.iterator();
                    while (it.hasNext()) {
                        X509Certificate certificate2 = provider.getCertificate(it.next());
                        log.trace("Found certificate: {}", certificate2);
                        if (SmimeUtil.isCertForEmail(certificate2, getEmail())) {
                            log.debug("Using certificate with serial number: {}", SmimeUtil.getSerialNumber(certificate2));
                            SnotifySmimePublicKey snotifySmimePublicKey2 = new SnotifySmimePublicKey(certificate2, getEmail());
                            snotifySmimePublicKey2.setKeySource(getKeySource());
                            try {
                                inputStream.close();
                            } catch (IOException e3) {
                                log.error(e3.getMessage(), e3);
                            }
                            return snotifySmimePublicKey2;
                        }
                    }
                }
                log.debug("Found no certificate matching email: <{}>", getEmail());
                SnotifySmimePublicKey validityKey = getValidityKey(EKeyValidity.NOT_FOUND);
                try {
                    inputStream.close();
                } catch (IOException e4) {
                    log.error(e4.getMessage(), e4);
                }
                return validityKey;
            } catch (CertificateException | CMSException e5) {
                log.warn("Error loading S/MIME certificate for user " + getUserName() + " in LDAP. It appears that the content is not a properly formatted p7 certificate or certificate chain. Error message: " + e5.getMessage(), e5);
                SnotifySmimePublicKey validityKey2 = getValidityKey(EKeyValidity.ERROR);
                try {
                    inputStream.close();
                } catch (IOException e6) {
                    log.error(e6.getMessage(), e6);
                }
                return validityKey2;
            }
        } catch (Throwable th) {
            try {
                inputStream.close();
            } catch (IOException e7) {
                log.error(e7.getMessage(), e7);
            }
            throw th;
        }
    }

    private SnotifySmimePublicKey getKeyFromUserCert(Attribute attribute) throws NamingException {
        if (attribute == null || attribute.get() == null) {
            log.debug("No data stored in {} attribute.", USER_CERT);
            return getValidityKey(EKeyValidity.NOT_FOUND);
        }
        log.debug("Retrieving data from {} attribute.", USER_CERT);
        byte[] asBytes = asBytes(attribute.get());
        if (asBytes == null) {
            log.warn("Wrong data format in {} attribute for user {} in LDAP. Expected String or bytes, but found: {}", new String[]{USER_CERT, getUserName(), attribute.get().getClass().getName()});
            return getValidityKey(EKeyValidity.ERROR);
        }
        log.info("Found S/MIME certificate for user {} in LDAP.", getUserName());
        try {
            X509Certificate createCertificate = SmimeUtil.createCertificate(asBytes);
            log.trace("Found certificate: {}", createCertificate);
            SnotifySmimePublicKey snotifySmimePublicKey = new SnotifySmimePublicKey(createCertificate, getEmail());
            snotifySmimePublicKey.setKeySource(getKeySource());
            return snotifySmimePublicKey;
        } catch (CertificateException e) {
            log.warn("Error loading S/MIME certificate for user " + getUserName() + " in LDAP. Error message: " + e.getMessage(), e);
            return getValidityKey(EKeyValidity.ERROR);
        }
    }

    private byte[] asBytes(Object obj) {
        if (obj instanceof byte[]) {
            return (byte[]) obj;
        }
        if (obj instanceof String) {
            return ((String) obj).getBytes(Constants.UTF8_CHARSET);
        }
        return null;
    }

    @Override // net.savignano.snotify.atlassian.common.security.access.IKeyLoader
    public EKeySource getKeySource() {
        return EKeySource.LDAP;
    }

    @Override // net.savignano.snotify.atlassian.common.security.access.IKeyLoader
    public ECryptographyType getCryptography() {
        return ECryptographyType.PGP;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // net.savignano.snotify.atlassian.common.security.access.AKeyLoader
    public SnotifySmimePublicKey getValidityKey(EKeyValidity eKeyValidity) {
        return new SnotifySmimePublicKey(eKeyValidity, getKeySource());
    }

    public LdapConnector getConnector() {
        return this.connector;
    }

    public String getUserName() {
        return this.userName;
    }

    public void setUserName(String str) {
        this.userName = str;
    }

    public String getEmail() {
        return this.email;
    }

    public void setEmail(String str) {
        this.email = str;
    }

    public boolean isSearchCert() {
        return this.searchCert;
    }

    public void setSearchCert(boolean z) {
        this.searchCert = z;
    }

    public boolean isSearchSmime() {
        return this.searchSmime;
    }

    public void setSearchSmime(boolean z) {
        this.searchSmime = z;
    }

    public boolean isExpectP7b() {
        return this.expectP7b;
    }

    public void setExpectP7b(boolean z) {
        this.expectP7b = z;
    }

    public String toString() {
        return "SmimeLdapLoader [connector=" + this.connector + ", userName=" + this.userName + ", email=" + this.email + ", searchCert=" + this.searchCert + ", searchSmime=" + this.searchSmime + ", expectP7b=" + this.expectP7b + "]";
    }
}
