package net.savignano.snotify.jira.mailer;

import com.atlassian.jira.bc.user.search.UserSearchService;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.user.ApplicationUser;
import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.mail.Address;
import javax.mail.Header;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.Session;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import net.savignano.snotify.jira.mailer.security.CertUtil;
import net.savignano.snotify.jira.mailer.security.SecurityUtil;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.operator.OutputEncryptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/jira/mailer/Mailer.class */
public class Mailer {
    private static final String PREFIX_PROP = "net.savignano.snotify.";
    public static final String EMAIL_CERT_PROP = "net.savignano.snotify.email.smime.cert";
    public static final String EMAIL_ENCRYPTION_FAILURE_PROP = "net.savignano.snotify.email.encryptionFailure";
    public static final String KEYSTORE_LOCATION_PROP = "net.savignano.snotify.certificate.keystoreLocation";
    public static final String KEYSTORE_PASSWORD_PROP = "net.savignano.snotify.certificate.keystorePassword";
    public static final String CERTIFICATE_LOCATION_PRIORITY_PROP = "net.savignano.snotify.certificate.locationPriority";
    public static final String FREEZE_SNOTIFY_PROP = "net.savignano.snotify.mailer.freeze";
    public static final String DISABLE_SNOTIFY_PROP = "net.savignano.snotify.mailer.disable";
    public static final String BOUNCY_CASTLE_KEYSTORE_TYPE = "BKS";
    private static final String INFO_MESSAGE = "Message could not be encrypted. Please contact your Jira administrator.";
    private static final String XENCRPYTED_MAIL_PROPERTY = "X-Encrypted";
    private static final String XENCRPYTED_MAIL_VALUE = "by S/Notify at {0}";
    private final Provider provider = SecurityUtil.getProvider();
    private final KeyStore keyStore = loadKeyStore();
    private final String hostName = getHostName();
    public static final String UTF8 = "UTF-8";
    public static final Charset UTF8_CHARSET = Charset.forName(UTF8);
    private static final String[] SPECIAL_HEADERS = {"MIME-Version", "Content-Type", "Content-Transfer-Encoding"};
    private static final Logger log = LoggerFactory.getLogger(Mailer.class);

    /* loaded from: input_file:net/savignano/snotify/jira/mailer/Mailer$CertificateLocationPriorityOption.class */
    public enum CertificateLocationPriorityOption {
        KEYSTORE,
        USERSETTINGS
    }

    /* loaded from: input_file:net/savignano/snotify/jira/mailer/Mailer$EncryptionFailureOption.class */
    public enum EncryptionFailureOption {
        ALLOW,
        REPORT,
        BLOCK
    }

    private static X509Certificate getUserCertForEmail(String str) throws CertificateException {
        for (ApplicationUser applicationUser : ((UserSearchService) ComponentAccessor.getComponent(UserSearchService.class)).findUsersByEmail(str)) {
            String text = ComponentAccessor.getUserPropertyManager().getPropertySet(applicationUser).getText(EMAIL_CERT_PROP);
            if (text != null && !text.isEmpty()) {
                byte[] decodeBase64 = Base64.decodeBase64(text.getBytes(UTF8_CHARSET));
                log.debug("Using certificate of user {} for encrypting email to \"{}\".", applicationUser.getUsername(), str);
                X509Certificate createCertificate = CertUtil.createCertificate(decodeBase64);
                createCertificate.checkValidity();
                return createCertificate;
            }
        }
        return null;
    }

    private static X509Certificate getKeystoreCertForEmail(String str, KeyStore keyStore) {
        return CertUtil.getCertForEmail(keyStore, str);
    }

    private static KeyStore loadKeyStore(String str, String str2, Provider provider) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        char[] charArray;
        if (str == null || str.isEmpty()) {
            log.debug("No location given. No keystore loaded.");
            return null;
        }
        if (provider == null || str.isEmpty()) {
            log.debug("No provider given. No keystore loaded.");
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(BOUNCY_CASTLE_KEYSTORE_TYPE, provider);
        log.debug("Loading keystore from location: {}", str);
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
        Throwable th = null;
        if (str2 == null) {
            charArray = null;
        } else {
            try {
                try {
                    charArray = str2.toCharArray();
                } finally {
                }
            } catch (Throwable th2) {
                if (bufferedInputStream != null) {
                    if (th != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        bufferedInputStream.close();
                    }
                }
                throw th2;
            }
        }
        keyStore.load(bufferedInputStream, charArray);
        if (bufferedInputStream != null) {
            if (0 != 0) {
                try {
                    bufferedInputStream.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                bufferedInputStream.close();
            }
        }
        log.debug("Loaded keystore from location \"{}\" succesfully.", str);
        return keyStore;
    }

    private KeyStore loadKeyStore() {
        String string = ComponentAccessor.getApplicationProperties().getString(KEYSTORE_LOCATION_PROP);
        try {
            return loadKeyStore(string, ComponentAccessor.getApplicationProperties().getString(KEYSTORE_PASSWORD_PROP), this.provider);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            log.error("Could not load keystore from location: " + string, e);
            return null;
        }
    }

    public MessageAndAddress[] getMessages(Session session, Message message, Address[] addressArr) {
        ApplicationProperties applicationProperties = ComponentAccessor.getApplicationProperties();
        if (applicationProperties.getOption(DISABLE_SNOTIFY_PROP)) {
            MessageAndAddress[] messageAndAddressArr = new MessageAndAddress[addressArr.length];
            for (int i = 0; i < messageAndAddressArr.length; i++) {
                messageAndAddressArr[i] = new MessageAndAddress(message, addressArr[i]);
            }
            return messageAndAddressArr;
        }
        EncryptionFailureOption encryptionFailureOption = getEncryptionFailureOption();
        CertificateLocationPriorityOption certificateLocationPriorityOption = getCertificateLocationPriorityOption();
        boolean option = applicationProperties.getOption(FREEZE_SNOTIFY_PROP);
        boolean z = false;
        ArrayList arrayList = new ArrayList();
        for (Address address : addressArr) {
            MessageAndAddress messageAndAddress = new MessageAndAddress();
            messageAndAddress.address = address;
            messageAndAddress.message = message;
            boolean z2 = false;
            if (option) {
                if (!z) {
                    log.error("Could not encrypt email due to licensing error in S/Notify. Handling unencrypted email as: " + encryptionFailureOption);
                    z = true;
                }
            } else if (message instanceof MimeMessage) {
                X509Certificate certificate = getCertificate(address, certificateLocationPriorityOption);
                if (certificate != null) {
                    try {
                        messageAndAddress.message = encrypt(session, certificate, (MimeMessage) message, address);
                        z2 = true;
                    } catch (Exception e) {
                        log.error("Error encrypting email for address " + address + ": " + e.getMessage(), e);
                    }
                } else if (encryptionFailureOption != EncryptionFailureOption.ALLOW) {
                    log.warn("No public certificate found to encrypt email for: {}", address);
                }
            } else {
                log.error("Can't encrypt email, because it is not a MIME Email but: " + message.getClass().getCanonicalName());
            }
            if (z2 || encryptionFailureOption == EncryptionFailureOption.ALLOW) {
                arrayList.add(messageAndAddress);
            } else if (encryptionFailureOption == EncryptionFailureOption.REPORT) {
                try {
                    messageAndAddress.message = createInfoMessage(session, message);
                    arrayList.add(messageAndAddress);
                } catch (MessagingException e2) {
                    log.error("Error creating info email for email address " + address + ": " + e2.getMessage(), e2);
                }
            }
        }
        return (MessageAndAddress[]) arrayList.toArray(new MessageAndAddress[arrayList.size()]);
    }

    private X509Certificate getCertificate(Address address, CertificateLocationPriorityOption certificateLocationPriorityOption) {
        String address2 = address.toString();
        X509Certificate x509Certificate = null;
        if (certificateLocationPriorityOption == CertificateLocationPriorityOption.KEYSTORE) {
            x509Certificate = getKeystoreCert(address2);
        }
        if (x509Certificate == null) {
            x509Certificate = getUserCert(address2);
        }
        if (x509Certificate == null && certificateLocationPriorityOption != CertificateLocationPriorityOption.KEYSTORE) {
            x509Certificate = getKeystoreCert(address2);
        }
        return x509Certificate;
    }

    private X509Certificate getKeystoreCert(String str) {
        return getKeystoreCertForEmail(str, this.keyStore);
    }

    private X509Certificate getUserCert(String str) {
        try {
            return getUserCertForEmail(str);
        } catch (CertificateException e) {
            log.error("Error getting user certificate for email address " + str + ": " + e.getMessage(), e);
            return null;
        }
    }

    private EncryptionFailureOption getEncryptionFailureOption() {
        EncryptionFailureOption encryptionFailureOption = EncryptionFailureOption.ALLOW;
        String string = ComponentAccessor.getApplicationProperties().getString(EMAIL_ENCRYPTION_FAILURE_PROP);
        if (string != null) {
            try {
                encryptionFailureOption = EncryptionFailureOption.valueOf(string);
            } catch (IllegalArgumentException e) {
                log.warn("Unknwon value for 'Encryption Failure' found. Value found was '" + string + "'. Default 'ALLOW' was used. Please go to S/Notify admin settings and select proper value.", e);
            }
        }
        return encryptionFailureOption;
    }

    private CertificateLocationPriorityOption getCertificateLocationPriorityOption() {
        CertificateLocationPriorityOption certificateLocationPriorityOption = CertificateLocationPriorityOption.KEYSTORE;
        String string = ComponentAccessor.getApplicationProperties().getString(CERTIFICATE_LOCATION_PRIORITY_PROP);
        if (string != null) {
            try {
                certificateLocationPriorityOption = CertificateLocationPriorityOption.valueOf(string);
            } catch (IllegalArgumentException e) {
                log.warn("Unknwon value for 'Priority' found. Value found was '" + string + "'. Default 'KEYSTORE' was used. Please go to S/Notify admin settings and select proper value.", e);
            }
        }
        return certificateLocationPriorityOption;
    }

    private Message encrypt(Session session, X509Certificate x509Certificate, MimeMessage mimeMessage, Address address) throws MessagingException, SMIMEException, IOException, CertificateEncodingException, CMSException {
        OutputEncryptor build;
        log.debug("Encrypting email to \"{}\" with certificate: {}", address, x509Certificate);
        if (log.isDebugEnabled()) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            mimeMessage.writeTo(byteArrayOutputStream);
            log.debug("Original email:\n{}\n", byteArrayOutputStream.toString());
        }
        SMIMEEnvelopedGenerator sMIMEEnvelopedGenerator = new SMIMEEnvelopedGenerator();
        sMIMEEnvelopedGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(x509Certificate));
        try {
            log.debug("Using AES256_CBC algorithm for encryption.");
            build = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES256_CBC).setProvider(this.provider).build();
        } catch (CMSException e) {
            if (!e.getMessage().contains("Illegal key size")) {
                throw e;
            }
            log.debug(e.getMessage(), e);
            log.warn("\"Java Cryptography Extension (JCE) Unlimited Strength\" is not installed on this machine. AES256_CBC encryption standard can not be used. Using fallback AES128_CBC encryption algorithm.");
            build = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(this.provider).build();
        }
        MimeBodyPart generate = sMIMEEnvelopedGenerator.generate(mimeMessage, build);
        if (log.isDebugEnabled()) {
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            generate.writeTo(byteArrayOutputStream2);
            log.debug("Encrypted body:\n{}\n", byteArrayOutputStream2.toString());
        }
        MimeMessage mimeMessage2 = new MimeMessage(session);
        Enumeration nonMatchingHeaderLines = mimeMessage.getNonMatchingHeaderLines(SPECIAL_HEADERS);
        while (nonMatchingHeaderLines.hasMoreElements()) {
            mimeMessage2.addHeaderLine((String) nonMatchingHeaderLines.nextElement());
        }
        mimeMessage2.addHeader(XENCRPYTED_MAIL_PROPERTY, MessageFormat.format(XENCRPYTED_MAIL_VALUE, this.hostName));
        mimeMessage2.setContent(generate.getContent(), generate.getContentType());
        mimeMessage2.saveChanges();
        if (log.isDebugEnabled()) {
            ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
            mimeMessage2.writeTo(byteArrayOutputStream3);
            log.debug("Final email:\n{}\n", byteArrayOutputStream3.toString());
        }
        log.debug("Encrypting email to \"{}\" succesfully finished.", address);
        return mimeMessage2;
    }

    private Message createInfoMessage(Session session, Message message) throws MessagingException {
        log.debug("Creating info message.");
        MimeMessage mimeMessage = new MimeMessage(session);
        Enumeration allHeaders = message.getAllHeaders();
        log.debug("Copying headers from original message.");
        while (allHeaders.hasMoreElements()) {
            Header header = (Header) allHeaders.nextElement();
            mimeMessage.addHeader(header.getName(), header.getValue());
            log.debug(header.toString());
        }
        log.debug("Copying headers from original message finished.");
        mimeMessage.setText(INFO_MESSAGE, UTF8);
        return mimeMessage;
    }

    private String getHostName() {
        try {
            String hostName = InetAddress.getLocalHost().getHostName();
            if (hostName != null) {
                if (!hostName.isEmpty()) {
                    return hostName;
                }
            }
        } catch (UnknownHostException e) {
            log.debug("Could not retrieve host name.", e);
        }
        try {
            String str = System.getenv("COMPUTERNAME");
            if (str != null) {
                return str;
            }
            String str2 = System.getenv("HOSTNAME");
            return str2 != null ? str2 : "<Unknown>";
        } catch (SecurityException e2) {
            log.debug("Could not retrieve host name from environment properties.", e2);
            return "<Unknown>";
        }
    }
}
