package net.savignano.snotify.atlassian.gui.keysource.verification.smime;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.LinkedHashSet;
import java.util.Set;
import net.savignano.snotify.atlassian.common.ISnotifyI18n;
import net.savignano.snotify.atlassian.common.security.key.publicly.SnotifySmimePublicKey;
import net.savignano.snotify.atlassian.common.security.key.secret.SnotifySmimeSignKey;
import net.savignano.snotify.atlassian.common.util.SecurityUtil;
import net.savignano.snotify.atlassian.common.util.SmimeUtil;
import net.savignano.snotify.atlassian.gui.keysource.verification.AKeySourceVerification;
import net.savignano.snotify.atlassian.gui.keysource.verification.EVerificationStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/atlassian/gui/keysource/verification/smime/SmimeKeyStoreVerification.class */
public class SmimeKeyStoreVerification extends AKeySourceVerification {
    private static final Logger log = LoggerFactory.getLogger(SmimeKeyStoreVerification.class);
    private static final String CRYPTOGRAPHY_SUPPORT_ERROR = "JCE cannot authenticate the provider SAVIGNANO-BC";
    private final String keyStoreType;
    private final String location;
    private final Set<String> emails;
    private char[] keyStorePassword;
    private char[] keyPassword;
    private boolean enablePrivateKeyCheck;

    public SmimeKeyStoreVerification(String str, String str2, ISnotifyI18n iSnotifyI18n) {
        super(iSnotifyI18n);
        this.emails = new LinkedHashSet();
        if (str == null) {
            throw new IllegalArgumentException("Location must not be null.");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("Key Store Type must not be null.");
        }
        this.location = str;
        this.keyStoreType = str2;
    }

    @Override // net.savignano.snotify.atlassian.gui.keysource.verification.AKeySourceVerification
    protected void doVerify() throws Exception {
        if (isEnablePrivateKeyCheck()) {
            getBuilder().title("net.savignano.snotify.smime-private-keystore-verification.title", new Object[0]);
        } else {
            getBuilder().title("net.savignano.snotify.smime-public-keystore-verification.title", new Object[0]);
        }
        canReadLocation();
    }

    private void canReadLocation() {
        SecurityException securityException = null;
        boolean z = false;
        try {
            z = new File(this.location).canRead();
            log.debug("Can access key store at location {}: {}", this.location, Boolean.valueOf(z));
        } catch (SecurityException e) {
            securityException = e;
            log.debug("Can not access key store location: " + this.location, securityException);
        }
        if (z) {
            getBuilder().status(EVerificationStatus.SUCCESS);
            getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.canRead.success.title", new Object[0]);
            getBuilder().message("net.savignano.snotify.smime-keystore-verification.canRead.success.message", this.location);
            build();
            loadKeyStore();
            return;
        }
        if (securityException != null) {
            getBuilder().status(EVerificationStatus.ERROR);
            getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.canRead.exception.title", new Object[0]);
            getBuilder().message("net.savignano.snotify.smime-keystore-verification.canRead.exception.message", this.location, securityException.getClass().getSimpleName(), securityException.getLocalizedMessage());
            build();
            return;
        }
        getBuilder().status(EVerificationStatus.ERROR);
        getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.canRead.failure.title", new Object[0]);
        getBuilder().message("net.savignano.snotify.smime-keystore-verification.canRead.failure.message", this.location);
        build();
    }

    private void loadKeyStore() {
        boolean z = false;
        Exception exc = null;
        KeyStore keyStore = null;
        int i = 0;
        try {
            keyStore = KeyStore.getInstance(this.keyStoreType, SecurityUtil.getProvider());
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(this.location));
            Throwable th = null;
            try {
                try {
                    keyStore.load(bufferedInputStream, getKeyStorePassword());
                    log.debug("Could load key store from location: {}", this.location);
                    if (bufferedInputStream != null) {
                        if (0 != 0) {
                            try {
                                bufferedInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedInputStream.close();
                        }
                    }
                    i = keyStore.size();
                    log.debug("Found {} entries inside key store.", Integer.valueOf(i));
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (Exception e) {
            exc = e;
            log.debug("Could not load key store from location: " + this.location, exc);
            z = exc.getMessage().contains(CRYPTOGRAPHY_SUPPORT_ERROR);
        }
        if (exc != null) {
            if (z) {
                getBuilder().status(EVerificationStatus.ERROR);
                getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.loadKeyStore.cryptographySupport.title", new Object[0]);
                getBuilder().message("net.savignano.snotify.smime-keystore-verification.loadKeyStore.cryptographySupport.message", exc.getClass().getSimpleName(), exc.getLocalizedMessage());
                build();
                return;
            }
            getBuilder().status(EVerificationStatus.ERROR);
            getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.loadKeyStore.exception.title", new Object[0]);
            getBuilder().message("net.savignano.snotify.smime-keystore-verification.loadKeyStore.exception.message", exc.getClass().getSimpleName(), exc.getLocalizedMessage());
            build();
            return;
        }
        if (i == 0) {
            getBuilder().status(EVerificationStatus.ERROR);
            getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.loadKeyStore.empty.title", new Object[0]);
            getBuilder().message("net.savignano.snotify.smime-keystore-verification.loadKeyStore.empty.message", new Object[0]);
            build();
            return;
        }
        getBuilder().status(EVerificationStatus.SUCCESS);
        getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.loadKeyStore.success.title", new Object[0]);
        getBuilder().message("net.savignano.snotify.smime-keystore-verification.loadKeyStore.success.message", Integer.valueOf(i));
        build();
        checkEmails(keyStore);
    }

    private void checkEmails(KeyStore keyStore) {
        if (keyStore == null) {
            return;
        }
        if (getEmails().isEmpty()) {
            log.debug("No email address was given, so can't check if a certificate was found for it.");
            getBuilder().status(EVerificationStatus.INFO);
            if (isEnablePrivateKeyCheck()) {
                getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.checkEmail.noServer.title", new Object[0]);
                getBuilder().message("net.savignano.snotify.smime-keystore-verification.checkEmail.noServer.message", new Object[0]);
            } else {
                getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.checkEmail.noEmail.title", new Object[0]);
                getBuilder().message("net.savignano.snotify.smime-keystore-verification.checkEmail.noEmail.message", new Object[0]);
            }
            build();
            return;
        }
        for (String str : getEmails()) {
            try {
                X509Certificate certForEmail = SmimeUtil.getCertForEmail(keyStore, str);
                if (certForEmail != null) {
                    log.debug("Certificate for email <{}> was found in key store.", str);
                    getBuilder().status(EVerificationStatus.SUCCESS);
                    getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.checkEmail.success.title", new Object[0]);
                    getBuilder().message("net.savignano.snotify.smime-keystore-verification.checkEmail.success.message", str);
                    build();
                    if (isEnablePrivateKeyCheck()) {
                        checkPrivateKey(keyStore, certForEmail);
                    } else {
                        verifyKey(new SnotifySmimePublicKey(certForEmail, str));
                    }
                } else {
                    log.debug("No certificate for email <{}> was found in key store.", str);
                    getBuilder().status(EVerificationStatus.WARNING);
                    getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.checkEmail.failure.title", new Object[0]);
                    getBuilder().message("net.savignano.snotify.smime-keystore-verification.checkEmail.failure.message", str);
                    build();
                }
            } catch (Exception e) {
                log.debug("Could not look up email <" + str + "> in keystore \"" + keyStore + "\".", e);
                getBuilder().status(EVerificationStatus.ERROR);
                getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.checkEmail.exception.title", new Object[0]);
                getBuilder().message("net.savignano.snotify.smime-keystore-verification.checkEmail.exception.message", str, e.getClass().getSimpleName(), e.getLocalizedMessage());
                build();
                return;
            }
        }
    }

    private void checkPrivateKey(KeyStore keyStore, X509Certificate x509Certificate) {
        if (keyStore == null) {
            return;
        }
        if (getKeyPassword() == null) {
            log.debug("No key password was given, so can't check if it matches a private key.");
            getBuilder().status(EVerificationStatus.INFO);
            getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.checkPrivateKey.noPassword.title", new Object[0]);
            getBuilder().message("net.savignano.snotify.smime-keystore-verification.checkPrivateKey.noPassword.message", new Object[0]);
            build();
            return;
        }
        String serialNumber = SmimeUtil.getSerialNumber(x509Certificate);
        try {
            PrivateKey privateKeyForCert = SmimeUtil.getPrivateKeyForCert(keyStore, x509Certificate, getKeyPassword());
            if (privateKeyForCert == null) {
                log.debug("No private key matching certificate with ID \"{}\" was found in key store.", serialNumber);
                getBuilder().status(EVerificationStatus.WARNING);
                getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.checkPrivateKey.failure.title", new Object[0]);
                getBuilder().message("net.savignano.snotify.smime-keystore-verification.checkPrivateKey.failure.message", serialNumber);
                build();
                return;
            }
            log.debug("Found private key matching certificate with ID \"{}\" in key store.", serialNumber);
            getBuilder().status(EVerificationStatus.SUCCESS);
            getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.checkPrivateKey.success.title", new Object[0]);
            getBuilder().message("net.savignano.snotify.smime-keystore-verification.checkPrivateKey.success.message", serialNumber);
            build();
            verifyKey(new SnotifySmimeSignKey(privateKeyForCert, x509Certificate));
        } catch (UnrecoverableKeyException e) {
            log.debug("Password did not match private key matching certificate with ID \"" + serialNumber + "\" in key store \"" + keyStore + "\".", e);
            getBuilder().status(EVerificationStatus.ERROR);
            getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.checkPrivateKey.passwordException.title", new Object[0]);
            getBuilder().message("net.savignano.snotify.smime-keystore-verification.checkPrivateKey.passwordException.message", serialNumber);
            build();
        } catch (Exception e2) {
            log.debug("Could not look up private key matching certificate with ID \"" + serialNumber + "\" in key store \"" + keyStore + "\".", e2);
            getBuilder().status(EVerificationStatus.ERROR);
            getBuilder().subTitle("net.savignano.snotify.smime-keystore-verification.checkPrivateKey.exception.title", new Object[0]);
            getBuilder().message("net.savignano.snotify.smime-keystore-verification.checkPrivateKey.exception.message", serialNumber, e2.getClass().getSimpleName(), e2.getLocalizedMessage());
            build();
        }
    }

    public Set<String> getEmails() {
        return this.emails;
    }

    public char[] getKeyStorePassword() {
        return this.keyStorePassword;
    }

    public void setKeyStorePassword(char[] cArr) {
        this.keyStorePassword = cArr;
    }

    public char[] getKeyPassword() {
        return this.keyPassword;
    }

    public void setKeyPassword(char[] cArr) {
        this.keyPassword = cArr;
    }

    public boolean isEnablePrivateKeyCheck() {
        return this.enablePrivateKeyCheck;
    }

    public void setEnablePrivateKeyCheck(boolean z) {
        this.enablePrivateKeyCheck = z;
    }
}
