package net.savignano.snotify.atlassian.common.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.internet.ContentType;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimePart;
import net.savignano.snotify.atlassian.common.Constants;
import net.savignano.snotify.atlassian.common.enums.EKeyPurpose;
import net.savignano.thirdparty.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import net.savignano.thirdparty.org.bouncycastle.asn1.ASN1Primitive;
import net.savignano.thirdparty.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import net.savignano.thirdparty.org.bouncycastle.asn1.x500.RDN;
import net.savignano.thirdparty.org.bouncycastle.asn1.x500.X500Name;
import net.savignano.thirdparty.org.bouncycastle.asn1.x500.style.BCStyle;
import net.savignano.thirdparty.org.bouncycastle.cert.X509CertificateHolder;
import net.savignano.thirdparty.org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import net.savignano.thirdparty.org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import net.savignano.thirdparty.org.bouncycastle.cms.CMSAlgorithm;
import net.savignano.thirdparty.org.bouncycastle.cms.KeyTransRecipientId;
import net.savignano.thirdparty.org.bouncycastle.util.Store;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/atlassian/common/util/SmimeUtil.class */
public class SmimeUtil {
    public static final String X509_FACTORY_KEY = "X.509";
    private static final Logger log = LoggerFactory.getLogger(SmimeUtil.class);

    public static final String getSerialNumber(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            log.debug("Null value given for certificate.");
            return "<N/A>";
        }
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        if (serialNumber != null) {
            return getSerialNumber(serialNumber);
        }
        log.warn("No serial number in certificate. Might be corrupt. Certificate: {}", x509Certificate);
        return "<N/A>";
    }

    public static final String getSerialNumber(BigInteger bigInteger) {
        if (bigInteger != null) {
            return bigInteger.toString(10) + " (0x" + bigInteger.toString(16) + ")";
        }
        log.debug("Null value given for serial number.");
        return "<N/A>";
    }

    public static final boolean isSupportedSymmetricKeyAlgorithm(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return (aSN1ObjectIdentifier == null || aSN1ObjectIdentifier.equals((ASN1Primitive) CMSAlgorithm.DES_CBC)) ? false : true;
    }

    public static final boolean isSupportedAsymmetricKeyAlgorithm(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return aSN1ObjectIdentifier != null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static final boolean isMessageEncrypted(Message message) {
        if (message instanceof MimeMessage) {
            return isMessageEncrypted((MimePart) message);
        }
        log.debug("Message is not a MIME message, so can't be S/MIME encrypted. Encountered message class: {}", message.getClass());
        return false;
    }

    private static final boolean isMessageEncrypted(MimePart mimePart) {
        try {
            ContentType contentType = new ContentType(mimePart.getContentType());
            if (contentType.match(Constants.MIME_CONTENT_TYPE_PKCS7) || contentType.match(Constants.MIME_CONTENT_TYPE_XPKCS7)) {
                return "enveloped-data".equalsIgnoreCase(contentType.getParameter("smime-type"));
            }
            return false;
        } catch (MessagingException e) {
            log.error(e.getMessage(), e);
            return false;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static final boolean isMessageSigned(Message message) {
        if (message instanceof MimeMessage) {
            MimePart mimePart = (MimePart) message;
            return isMessageTransparentSigned(mimePart) || isMessageOpaqueSigned(mimePart);
        }
        log.debug("Message is not a MIME message, so can't be S/MIME signed. Encountered message class: {}", message.getClass());
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static final boolean isMessageOpaqueSigned(Message message) {
        if (message instanceof MimeMessage) {
            return isMessageOpaqueSigned((MimePart) message);
        }
        log.debug("Message is not a MIME message, so can't be S/MIME signed. Encountered message class: {}", message.getClass());
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static final boolean isMessageTransparentSigned(Message message) {
        if (message instanceof MimeMessage) {
            return isMessageTransparentSigned((MimePart) message);
        }
        log.debug("Message is not a MIME message, so can't be S/MIME signed. Encountered message class: {}", message.getClass());
        return false;
    }

    private static final boolean isMessageOpaqueSigned(MimePart mimePart) {
        try {
            ContentType contentType = new ContentType(mimePart.getContentType());
            if (contentType.match(Constants.MIME_CONTENT_TYPE_PKCS7) || contentType.match(Constants.MIME_CONTENT_TYPE_XPKCS7)) {
                return "signed-data".equalsIgnoreCase(contentType.getParameter("smime-type"));
            }
            return false;
        } catch (MessagingException e) {
            log.error(e.getMessage(), e);
            return false;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:9:0x0031, code lost:
    
        if (r0.equals("application/x-pkcs7-signature") != false) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static final boolean isMessageTransparentSigned(javax.mail.internet.MimePart r4) {
        /*
            javax.mail.internet.ContentType r0 = new javax.mail.internet.ContentType     // Catch: javax.mail.MessagingException -> L3d
            r1 = r0
            r2 = r4
            java.lang.String r2 = r2.getContentType()     // Catch: javax.mail.MessagingException -> L3d
            r1.<init>(r2)     // Catch: javax.mail.MessagingException -> L3d
            r5 = r0
            r0 = r5
            java.lang.String r1 = "multipart/signed"
            boolean r0 = r0.match(r1)     // Catch: javax.mail.MessagingException -> L3d
            if (r0 == 0) goto L3a
            r0 = r5
            java.lang.String r1 = "protocol"
            java.lang.String r0 = r0.getParameter(r1)     // Catch: javax.mail.MessagingException -> L3d
            r6 = r0
            r0 = r6
            if (r0 == 0) goto L38
            r0 = r6
            java.lang.String r1 = "application/pkcs7-signature"
            boolean r0 = r0.equals(r1)     // Catch: javax.mail.MessagingException -> L3d
            if (r0 != 0) goto L34
            r0 = r6
            java.lang.String r1 = "application/x-pkcs7-signature"
            boolean r0 = r0.equals(r1)     // Catch: javax.mail.MessagingException -> L3d
            if (r0 == 0) goto L38
        L34:
            r0 = 1
            goto L39
        L38:
            r0 = 0
        L39:
            return r0
        L3a:
            goto L4b
        L3d:
            r5 = move-exception
            org.slf4j.Logger r0 = net.savignano.snotify.atlassian.common.util.SmimeUtil.log
            r1 = r5
            java.lang.String r1 = r1.getMessage()
            r2 = r5
            r0.error(r1, r2)
        L4b:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: net.savignano.snotify.atlassian.common.util.SmimeUtil.isMessageTransparentSigned(javax.mail.internet.MimePart):boolean");
    }

    public static final X509Certificate createCertificate(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static final List<String> getAliasesForEmail(KeyStore keyStore, String str) throws KeyStoreException, CertificateException {
        return getAliasesForEmail(keyStore, str, EKeyPurpose.UNDEFINED);
    }

    public static final List<String> getAliasesForEmail(KeyStore keyStore, String str, EKeyPurpose eKeyPurpose) throws KeyStoreException, CertificateException {
        if (keyStore == null || str == null || eKeyPurpose == null) {
            return Collections.emptyList();
        }
        log.debug("Retrieving aliases from key store (Size {}) for email <{}> with purpose {}.", new Object[]{Integer.valueOf(keyStore.size()), str, eKeyPurpose});
        Enumeration<String> aliases = keyStore.aliases();
        ArrayList arrayList = new ArrayList();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            log.trace("Checking alias: {}", nextElement);
            X509Certificate certForAlias = getCertForAlias(keyStore, nextElement);
            if (isCertForEmail(certForAlias, str) && (eKeyPurpose == EKeyPurpose.UNDEFINED || isCertForPurpose(certForAlias, eKeyPurpose))) {
                log.trace("Certificate with serial number {} provided by alias {} belongs to email <{}>.", new Object[]{getSerialNumber(certForAlias), nextElement, str});
                arrayList.add(nextElement);
            }
        }
        log.debug("Found aliases in key store for email <{}>: {}", str, arrayList);
        return arrayList;
    }

    public static final X509Certificate getValidCertForEmail(KeyStore keyStore, String str) throws KeyStoreException, CertificateException {
        return getValidCertForEmail(keyStore, str, EKeyPurpose.UNDEFINED);
    }

    public static final X509Certificate getValidCertForEmail(KeyStore keyStore, String str, EKeyPurpose eKeyPurpose) throws KeyStoreException, CertificateException {
        if (keyStore == null || str == null || eKeyPurpose == null) {
            return null;
        }
        X509Certificate x509Certificate = null;
        Iterator<String> it = getAliasesForEmail(keyStore, str, eKeyPurpose).iterator();
        while (it.hasNext()) {
            X509Certificate certForAlias = getCertForAlias(keyStore, it.next());
            try {
                certForAlias.checkValidity();
                log.debug("Found valid certificate for email <{}>. Serial number: {}", str, getSerialNumber(certForAlias));
                if (x509Certificate == null) {
                    x509Certificate = certForAlias;
                } else if (certForAlias.getNotAfter().after(x509Certificate.getNotAfter())) {
                    x509Certificate = certForAlias;
                }
            } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                log.debug("Found invalid certificate for email <{}>: {}", str, getSerialNumber(certForAlias));
            }
        }
        log.debug("Found certificate for email <{}>: {}", str, x509Certificate);
        return x509Certificate;
    }

    public static final X509Certificate getCertForEmail(KeyStore keyStore, String str) throws KeyStoreException, CertificateException {
        if (keyStore == null || str == null) {
            return null;
        }
        log.debug("Looking up certificate in key store (size {}) for email: <{}>", Integer.valueOf(keyStore.size()), str);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            log.trace("Checking alias: {}", nextElement);
            X509Certificate certForAlias = getCertForAlias(keyStore, nextElement);
            if (isCertForEmail(certForAlias, str)) {
                log.debug("Certificate with serial number {} found in key store.", getSerialNumber(certForAlias));
                return certForAlias;
            }
        }
        log.debug("Found no certificate in key store for email: <{}>", str);
        return null;
    }

    public static final X509Certificate getCertForRecipient(KeyStore keyStore, KeyTransRecipientId keyTransRecipientId) throws KeyStoreException, CertificateException {
        if (keyStore == null || keyTransRecipientId == null) {
            return null;
        }
        BigInteger serialNumber = keyTransRecipientId.getSerialNumber();
        X500Name issuer = keyTransRecipientId.getIssuer();
        String serialNumber2 = getSerialNumber(serialNumber);
        log.debug("Looking up certificate in key store (size {}) for recipient: {} from {}", new Object[]{Integer.valueOf(keyStore.size()), serialNumber2, issuer});
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            X509Certificate certForAlias = getCertForAlias(keyStore, nextElement);
            if (certForAlias != null && serialNumber.equals(certForAlias.getSerialNumber()) && issuer.equals(getIssuer(certForAlias))) {
                log.debug("Found certificate for recipient {} from {} at alias: {}", new Object[]{serialNumber2, issuer, nextElement});
                return certForAlias;
            }
        }
        log.debug("Found no certificate in key store for recipient: {} from {}", serialNumber2, issuer);
        return null;
    }

    private static final X509Certificate getCertForAlias(KeyStore keyStore, String str) throws KeyStoreException {
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate instanceof X509Certificate) {
            return (X509Certificate) certificate;
        }
        log.warn("Certificate found for alias \"{}\" is not a X509Certificate. It can not be used. Found certificate: {}", str, certificate);
        return null;
    }

    public static final PrivateKey getPrivateKeyForCert(KeyStore keyStore, X509Certificate x509Certificate, char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        if (keyStore == null || x509Certificate == null) {
            return null;
        }
        log.debug("Getting private key for certificate with serial number: {}", getSerialNumber(x509Certificate));
        String certificateAlias = keyStore.getCertificateAlias(x509Certificate);
        log.debug("Found alias for cert: {}", certificateAlias);
        PrivateKey privateKey = null;
        if (certificateAlias != null) {
            Key key = keyStore.getKey(certificateAlias, cArr);
            if (key == null) {
                log.debug("No private key found for alias {} in key store.", certificateAlias);
            } else if (key instanceof PrivateKey) {
                log.trace("Found private key: {}", key);
                privateKey = (PrivateKey) key;
            } else {
                log.warn("Key for alias {} is not a PrivateKey, but: {}", certificateAlias, key.getClass());
            }
        }
        if (privateKey == null) {
            Enumeration<String> aliases = keyStore.aliases();
            while (privateKey == null && aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement) && x509Certificate.equals(keyStore.getCertificate(nextElement))) {
                    Key key2 = keyStore.getKey(nextElement, cArr);
                    if (key2 instanceof PrivateKey) {
                        log.trace("Found private key: {}", key2);
                        privateKey = (PrivateKey) key2;
                    } else {
                        log.warn("Key for alias {} is not a PrivateKey, but: {}", nextElement, key2.getClass());
                    }
                }
            }
        }
        return privateKey;
    }

    public static final String[] getEmails(X509Certificate x509Certificate) throws CertificateEncodingException, CertificateParsingException {
        if (x509Certificate == null) {
            return new String[0];
        }
        String[] emails = getEmails(getSubject(x509Certificate), x509Certificate.getSubjectAlternativeNames());
        log.trace("Emails of subject from certificate with serial number {}: {}", getSerialNumber(x509Certificate), emails);
        return emails;
    }

    public static final String[] getIssuerEmails(X509Certificate x509Certificate) throws CertificateEncodingException, CertificateParsingException {
        if (x509Certificate == null) {
            return new String[0];
        }
        String[] emails = getEmails(getIssuer(x509Certificate), x509Certificate.getIssuerAlternativeNames());
        log.trace("Emails of issuer from certificate with serial number {}: {}", getSerialNumber(x509Certificate), emails);
        return emails;
    }

    private static final String[] getEmails(X500Name x500Name, Collection<List<?>> collection) {
        String rDNValue;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (x500Name != null && (rDNValue = getRDNValue(x500Name, BCStyle.E)) != null) {
            linkedHashSet.add(rDNValue);
        }
        if (collection != null) {
            for (List<?> list : collection) {
                int intValue = ((Integer) list.get(0)).intValue();
                Object obj = list.get(1);
                if (intValue == 1 && obj != null) {
                    linkedHashSet.add(obj.toString());
                }
            }
        }
        return (String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]);
    }

    public static final boolean isCertForPurpose(X509Certificate x509Certificate, EKeyPurpose eKeyPurpose) {
        boolean z;
        if (x509Certificate == null || eKeyPurpose == null) {
            return false;
        }
        log.debug("Checking purpose {} for certificate with serial number: {}", eKeyPurpose, getSerialNumber(x509Certificate));
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs != null && criticalExtensionOIDs.contains(Constants.OID_EXTENDED_KEY_USAGE)) {
            try {
                List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(Constants.OID_EXTENDED_KEY_USAGE_EMAIL)) {
                    log.debug("Extended Key Usage for certificate is critical, but does not contain 'Email'.");
                    return false;
                }
            } catch (CertificateParsingException e) {
                log.error("Could not parse 'Extended Key Usage' extension of certificate " + getSerialNumber(x509Certificate) + ". Error message: " + e.getMessage(), e);
                return false;
            }
        }
        if (criticalExtensionOIDs == null || !criticalExtensionOIDs.contains(Constants.OID_KEY_USAGE)) {
            log.debug("Key usage is not critical.");
            return true;
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        switch (eKeyPurpose) {
            case DECRYPTION:
            case ENCRYPTION:
                z = keyUsage[2];
                break;
            case SIGNING:
                z = keyUsage[0];
                break;
            case UNDEFINED:
                z = false;
                break;
            default:
                throw new IllegalStateException("Handling of key purpose " + eKeyPurpose + " not yet implemented.");
        }
        log.debug("Certificate is usable: {}", Boolean.valueOf(z));
        return z;
    }

    public static final boolean isCertForEmail(X509Certificate x509Certificate, String str) throws CertificateEncodingException, CertificateParsingException {
        if (str == null) {
            return false;
        }
        for (String str2 : getEmails(x509Certificate)) {
            if (str.equalsIgnoreCase(str2)) {
                return true;
            }
        }
        return false;
    }

    public static final X500Name getIssuer(X509Certificate x509Certificate) throws CertificateEncodingException {
        return new JcaX509CertificateHolder(x509Certificate).getIssuer();
    }

    public static final X500Name getSubject(X509Certificate x509Certificate) throws CertificateEncodingException {
        return new JcaX509CertificateHolder(x509Certificate).getSubject();
    }

    public static final String getRDNValue(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
        if (rDNs.length == 0) {
            return null;
        }
        return rDNs[0].getFirst().getValue().toString();
    }

    public static final KeyStore convertToKeyStore(Store<X509CertificateHolder> store, String str, char[] cArr) throws KeyStoreException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(str, SecurityUtil.getProvider());
        try {
            keyStore.load(null, cArr);
        } catch (IOException | NoSuchAlgorithmException e) {
            log.error("Failed to create key store. Error message: " + e.getMessage(), e);
        }
        JcaX509CertificateConverter provider = new JcaX509CertificateConverter().setProvider(SecurityUtil.getProvider());
        Collection<X509CertificateHolder> matches = store.getMatches(null);
        log.debug("Converting {} certificates.", Integer.valueOf(matches.size()));
        for (X509CertificateHolder x509CertificateHolder : matches) {
            String str2 = x509CertificateHolder.getIssuer().toString() + x509CertificateHolder.getSerialNumber().toString();
            log.trace("Adding certificate with alias \"{}\" to key store.", str2);
            keyStore.setCertificateEntry(str2, provider.getCertificate(x509CertificateHolder));
        }
        log.debug("Added all certificates to key store.");
        return keyStore;
    }

    public static final String getCmsName(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return aSN1ObjectIdentifier == null ? "null" : aSN1ObjectIdentifier.equals((ASN1Primitive) CMSAlgorithm.AES128_CBC) ? "AES128-CBC" : aSN1ObjectIdentifier.equals((ASN1Primitive) CMSAlgorithm.AES192_CBC) ? "AES192-CBC" : aSN1ObjectIdentifier.equals((ASN1Primitive) CMSAlgorithm.AES256_CBC) ? "AES256-CBC" : aSN1ObjectIdentifier.equals((ASN1Primitive) CMSAlgorithm.AES128_GCM) ? "AES128-GCM" : aSN1ObjectIdentifier.equals((ASN1Primitive) CMSAlgorithm.AES192_GCM) ? "AES192-GCM" : aSN1ObjectIdentifier.equals((ASN1Primitive) CMSAlgorithm.AES256_GCM) ? "AES256-GCM" : aSN1ObjectIdentifier.equals((ASN1Primitive) CMSAlgorithm.DES_CBC) ? "DES-CBC" : aSN1ObjectIdentifier.equals((ASN1Primitive) CMSAlgorithm.DES_EDE3_CBC) ? "DES-EDE3-CBC" : aSN1ObjectIdentifier.equals((ASN1Primitive) CMSAlgorithm.CAST5_CBC) ? "CAST5-CBC" : aSN1ObjectIdentifier.equals((ASN1Primitive) PKCSObjectIdentifiers.rsaEncryption) ? "RSA" : "Unknown (" + aSN1ObjectIdentifier.getId() + ")";
    }
}
