package net.savignano.snotify.jira.mailer;

import com.atlassian.jira.bc.user.search.UserSearchService;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.user.ApplicationUser;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.activation.CommandMap;
import javax.activation.MailcapCommandMap;
import javax.mail.Address;
import javax.mail.Header;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.Session;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import org.bouncycastle.mail.smime.SMIMEException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/jira/mailer/Mailer.class */
public class Mailer {
    public static final String EMAIL_CERT_PROP = "net.savignano.snotify.email.smime.cert";
    public static final String EMAIL_ENCRYPTION_FAILURE_PROP = "net.savignano.snotify.email.encryptionFailure";
    public static final String KEYSTORE_LOCATION_PROP = "net.savignano.snotify.certificate.keystoreLocation";
    public static final String KEYSTORE_PASSWORD_PROP = "net.savignano.snotify.certificate.keystorePassword";
    public static final String CERTIFICATE_LOCATION_PRIORITY_PROP = "net.savignano.snotify.certificate.locationPriority";
    public static final String BOUNCY_CASTLE_KEYSTORE_TYPE = "BKS";
    public static final String X509_FACTORY_KEY = "X.509";
    public static final String UTF8 = "UTF-8";
    private static final String INFO_MESSAGE = "Message could not be encrypted. Please contact your Jira administrator.";
    private static final Logger log = LoggerFactory.getLogger(Mailer.class);
    private final Provider provider = getProvider();
    private final KeyStore keyStore = loadKeyStore();

    /* loaded from: input_file:net/savignano/snotify/jira/mailer/Mailer$CertificateLocationPriorityOption.class */
    public enum CertificateLocationPriorityOption {
        KEYSTORE,
        USERSETTINGS
    }

    /* loaded from: input_file:net/savignano/snotify/jira/mailer/Mailer$EncryptionFailureOption.class */
    public enum EncryptionFailureOption {
        ALLOW,
        REPORT,
        BLOCK
    }

    public static final Provider getProvider() {
        Provider provider = Security.getProvider("BC");
        if (provider == null) {
            log.debug("Initializing Bouncy Castle Provider and Mailcap.");
            provider = new BouncyCastleProvider();
            Security.addProvider(provider);
            initMailcap();
        }
        return provider;
    }

    private static final void initMailcap() {
        MailcapCommandMap defaultCommandMap = CommandMap.getDefaultCommandMap();
        defaultCommandMap.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
        defaultCommandMap.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
        defaultCommandMap.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
        defaultCommandMap.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
        defaultCommandMap.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");
        CommandMap.setDefaultCommandMap(defaultCommandMap);
    }

    private static X509Certificate getCertificate(byte[] bArr) throws CertificateException {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(X509_FACTORY_KEY).generateCertificate(new ByteArrayInputStream(bArr));
        x509Certificate.checkValidity();
        return x509Certificate;
    }

    private static X509Certificate getUserCertForEmail(String str) throws CertificateException {
        for (ApplicationUser applicationUser : ((UserSearchService) ComponentAccessor.getComponent(UserSearchService.class)).findUsersByEmail(str)) {
            byte[] data = ComponentAccessor.getUserPropertyManager().getPropertySet(applicationUser).getData(EMAIL_CERT_PROP);
            if (data != null) {
                log.debug("Using certificate of user {0} for encrypting email to {1}.", applicationUser.getUsername(), str);
                return getCertificate(data);
            }
        }
        return null;
    }

    private static X509Certificate getKeystoreCertForEmail(String str, KeyStore keyStore) throws KeyStoreException {
        if (keyStore == null) {
            return null;
        }
        for (ApplicationUser applicationUser : ((UserSearchService) ComponentAccessor.getComponent(UserSearchService.class)).findUsersByEmail(str)) {
            for (String str2 : new String[]{applicationUser.getUsername(), applicationUser.getDisplayName(), applicationUser.getKey()}) {
                Certificate certificate = keyStore.getCertificate(str2);
                if (certificate != null) {
                    if (certificate instanceof X509Certificate) {
                        log.debug("Using certificate of user {0} for encrypting email to {1}.", applicationUser.getUsername(), str);
                        return (X509Certificate) certificate;
                    }
                    log.warn("Certificate found in S/Notify keystore for {0} is not of the correct type. X509Certificate expected, but found: {1}", str2, certificate.getClass().getSimpleName());
                }
            }
        }
        return null;
    }

    private static KeyStore loadKeyStore(String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (str == null) {
            log.debug("No location given. No keystore loaded.");
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(BOUNCY_CASTLE_KEYSTORE_TYPE, Security.getProvider("BC"));
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
        Throwable th = null;
        try {
            keyStore.load(bufferedInputStream, str2 == null ? null : str2.toCharArray());
            if (bufferedInputStream != null) {
                if (0 != 0) {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    bufferedInputStream.close();
                }
            }
            log.debug("Loaded keystore from location \"{0}\" succesfully.", str);
            return keyStore;
        } catch (Throwable th3) {
            if (bufferedInputStream != null) {
                if (0 != 0) {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    bufferedInputStream.close();
                }
            }
            throw th3;
        }
    }

    private KeyStore loadKeyStore() {
        String string = ComponentAccessor.getApplicationProperties().getString(KEYSTORE_LOCATION_PROP);
        try {
            return loadKeyStore(string, ComponentAccessor.getApplicationProperties().getString(KEYSTORE_PASSWORD_PROP));
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            log.error("Could not load keystore from location: " + string, e);
            return null;
        }
    }

    public MessageAndAddress[] getMessages(Session session, Message message, Address[] addressArr) {
        EncryptionFailureOption encryptionFailureOption = getEncryptionFailureOption();
        CertificateLocationPriorityOption certificateLocationPriorityOption = getCertificateLocationPriorityOption();
        ArrayList arrayList = new ArrayList();
        for (Address address : addressArr) {
            MessageAndAddress messageAndAddress = new MessageAndAddress();
            messageAndAddress.address = address;
            messageAndAddress.message = message;
            boolean z = false;
            X509Certificate certificate = getCertificate(address, certificateLocationPriorityOption);
            if (certificate != null) {
                try {
                    messageAndAddress.message = encrypt(session, certificate, message, address);
                    z = true;
                } catch (Exception e) {
                    log.error("Error encrypting E-Mail for address " + address + ": " + e.getMessage(), e);
                }
            } else if (encryptionFailureOption != EncryptionFailureOption.ALLOW) {
                log.warn("No public certificate found to encrypt E-Mail for: {0}", address);
            }
            if (z || encryptionFailureOption == EncryptionFailureOption.ALLOW) {
                arrayList.add(messageAndAddress);
            } else if (encryptionFailureOption == EncryptionFailureOption.REPORT) {
                try {
                    messageAndAddress.message = createInfoMessage(session, message);
                    arrayList.add(messageAndAddress);
                } catch (MessagingException e2) {
                    log.error("Error creating info email for email address " + address + ": " + e2.getMessage(), e2);
                }
            }
        }
        return (MessageAndAddress[]) arrayList.toArray(new MessageAndAddress[arrayList.size()]);
    }

    private X509Certificate getCertificate(Address address, CertificateLocationPriorityOption certificateLocationPriorityOption) {
        String address2 = address.toString();
        X509Certificate x509Certificate = null;
        if (certificateLocationPriorityOption == CertificateLocationPriorityOption.KEYSTORE) {
            x509Certificate = getKeystoreCert(address2);
        }
        if (x509Certificate == null) {
            x509Certificate = getUserCert(address2);
        }
        if (x509Certificate == null && certificateLocationPriorityOption != CertificateLocationPriorityOption.KEYSTORE) {
            x509Certificate = getKeystoreCert(address2);
        }
        return x509Certificate;
    }

    private X509Certificate getKeystoreCert(String str) {
        try {
            return getKeystoreCertForEmail(str, this.keyStore);
        } catch (KeyStoreException e) {
            log.error("Error getting keystore certificate for E-Mail address " + str + ": " + e.getMessage(), e);
            return null;
        }
    }

    private X509Certificate getUserCert(String str) {
        try {
            return getUserCertForEmail(str);
        } catch (CertificateException e) {
            log.error("Error getting user certificate for E-Mail address " + str + ": " + e.getMessage(), e);
            return null;
        }
    }

    private EncryptionFailureOption getEncryptionFailureOption() {
        EncryptionFailureOption encryptionFailureOption = EncryptionFailureOption.ALLOW;
        String string = ComponentAccessor.getApplicationProperties().getString(EMAIL_ENCRYPTION_FAILURE_PROP);
        if (string != null) {
            try {
                encryptionFailureOption = EncryptionFailureOption.valueOf(string);
            } catch (IllegalArgumentException e) {
                log.warn("Unknwon value for 'Encryption Failure' found. Value found was '" + string + "'. Default 'ALLOW' was used. Please go to S/Notify admin settings and select proper value.", e);
            }
        }
        return encryptionFailureOption;
    }

    private CertificateLocationPriorityOption getCertificateLocationPriorityOption() {
        CertificateLocationPriorityOption certificateLocationPriorityOption = CertificateLocationPriorityOption.KEYSTORE;
        String string = ComponentAccessor.getApplicationProperties().getString(CERTIFICATE_LOCATION_PRIORITY_PROP);
        if (string != null) {
            try {
                certificateLocationPriorityOption = CertificateLocationPriorityOption.valueOf(string);
            } catch (IllegalArgumentException e) {
                log.warn("Unknwon value for 'Priority' found. Value found was '" + string + "'. Default 'KEYSTORE' was used. Please go to S/Notify admin settings and select proper value.", e);
            }
        }
        return certificateLocationPriorityOption;
    }

    private Message encrypt(Session session, X509Certificate x509Certificate, Message message, Address address) throws MessagingException, SMIMEException, IOException, CertificateEncodingException, CMSException {
        log.debug("Encrypting E-Mail.");
        SMIMEEnvelopedGenerator sMIMEEnvelopedGenerator = new SMIMEEnvelopedGenerator();
        sMIMEEnvelopedGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(x509Certificate));
        MimeBodyPart mimeBodyPart = new MimeBodyPart();
        mimeBodyPart.setContent(message.getContent(), message.getContentType());
        MimeBodyPart generate = sMIMEEnvelopedGenerator.generate(mimeBodyPart, new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC).setProvider(this.provider).build());
        MimeMessage mimeMessage = new MimeMessage(session);
        mimeMessage.setFrom(message.getFrom()[0]);
        mimeMessage.setRecipient(Message.RecipientType.TO, address);
        mimeMessage.setSubject(message.getSubject());
        mimeMessage.setContent(generate.getContent(), generate.getContentType());
        mimeMessage.saveChanges();
        return mimeMessage;
    }

    private Message createInfoMessage(Session session, Message message) throws MessagingException {
        log.debug("Creating info message.");
        MimeMessage mimeMessage = new MimeMessage(session);
        Enumeration allHeaders = mimeMessage.getAllHeaders();
        log.debug("Copying headers from original message.");
        while (allHeaders.hasMoreElements()) {
            Header header = (Header) allHeaders.nextElement();
            mimeMessage.addHeader(header.getName(), header.getValue());
            log.debug(header.toString());
        }
        log.debug("Copying headers from original message finished.");
        mimeMessage.setFrom(message.getFrom()[0]);
        mimeMessage.setRecipients(Message.RecipientType.TO, message.getRecipients(Message.RecipientType.TO));
        mimeMessage.setText(INFO_MESSAGE, UTF8);
        mimeMessage.setSubject(message.getSubject(), UTF8);
        return mimeMessage;
    }
}
