package net.savignano.snotify.jira.mailer.security;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Enumeration;
import javax.mail.Address;
import javax.mail.MessagingException;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import net.savignano.snotify.jira.mailer.JiraMailer;
import net.savignano.snotify.jira.mailer.Mailer;
import net.savignano.snotify.jira.mailer.enums.EncryptionKeySource;
import net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor;
import net.savignano.snotify.jira.mailer.util.CertUtil;
import net.savignano.snotify.jira.mailer.util.PropertiesUtil;
import net.savignano.thirdparty.org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import net.savignano.thirdparty.org.bouncycastle.cms.CMSAlgorithm;
import net.savignano.thirdparty.org.bouncycastle.cms.CMSException;
import net.savignano.thirdparty.org.bouncycastle.cms.bc.BcCMSContentEncryptorBuilder;
import net.savignano.thirdparty.org.bouncycastle.cms.bc.BcRSAKeyTransRecipientInfoGenerator;
import net.savignano.thirdparty.org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import net.savignano.thirdparty.org.bouncycastle.mail.smime.SMIMEException;
import net.savignano.thirdparty.org.bouncycastle.operator.OutputEncryptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/jira/mailer/security/SmimeMailEncryptor.class */
public class SmimeMailEncryptor extends AbstractMailEncryptor<X509Certificate> {
    private static final String XENCRPYTED_MAIL_VALUE = "by S/Notify for Jira at {0} using S/MIME encryption with {1}";
    private KeyStore keyStore;
    private static final Logger log = LoggerFactory.getLogger(SmimeMailEncryptor.class);
    private static final String[] SPECIAL_HEADERS = {"MIME-Version", "Content-Type", "Content-Transfer-Encoding"};

    public SmimeMailEncryptor(MimeMessage mimeMessage, Address address) {
        super(mimeMessage, address);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    public X509Certificate getRepositoryPublicKey() {
        if (getKeyStore() != null) {
            return CertUtil.getCertForEmail(getKeyStore(), getAddress().toString());
        }
        log.debug("No key store specified. Can't get certificate from key store.");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    public X509Certificate getUserPublicKey() {
        try {
            byte[] bytes = PropertiesUtil.getUserProps().getBytes(JiraMailer.EMAIL_SMIME_CERT_PROP, getUser());
            if (bytes != null) {
                log.debug("Using certificate of user {} for encrypting email to \"{}\".", getUser(), getAddress());
                return CertUtil.createCertificate(bytes);
            }
            log.debug("User {} has no public certificate stored.", getUser());
            return null;
        } catch (CertificateException e) {
            log.error("Error retrieving certificate for user " + getUser() + ": " + e.getMessage(), e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    public boolean isPublicKeyValid(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            log.debug("Certificate is null, considered invalid.");
            return false;
        }
        try {
            x509Certificate.checkValidity();
            EncryptionKeySource encryptionKeySource = (EncryptionKeySource) PropertiesUtil.getUserProps().getEnum(JiraMailer.EMAIL_PGP_KEY_SOURCE_PROP, EncryptionKeySource.class, getUser());
            boolean z = PropertiesUtil.getAppProps().getBoolean(JiraMailer.ALLOW_PGP_PUBLIC_KEY_OVERWRITE_PROP, true);
            if (encryptionKeySource != EncryptionKeySource.USER || z) {
                log.debug("Certificate with serial number {} is valid.", x509Certificate.getSerialNumber());
                return true;
            }
            log.debug("Certificate with serial number {} is invalid because it was uploaded by a user, but this is not allowed.", x509Certificate.getSerialNumber());
            return false;
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            log.debug("Certificate with serial number {} is invalid because it expired at: ", x509Certificate.getSerialNumber(), x509Certificate.getNotAfter());
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    public void storePublicKey(X509Certificate x509Certificate) throws IOException {
        byte[] bArr = null;
        if (x509Certificate != null) {
            try {
                bArr = x509Certificate.getEncoded();
            } catch (CertificateEncodingException e) {
                throw new IOException(e.getMessage(), e);
            }
        }
        PropertiesUtil.getUserProps().setBytes(JiraMailer.EMAIL_SMIME_CERT_PROP, bArr, getUser());
        PropertiesUtil.getUserProps().setLong(JiraMailer.EMAIL_SMIME_TIME_STAMP_PROP, Long.valueOf(System.currentTimeMillis()), getUser());
        PropertiesUtil.getUserProps().setEnum(JiraMailer.EMAIL_SMIME_KEY_SOURCE_PROP, EncryptionKeySource.KEYSTORE, getUser());
    }

    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    public MimeMessage getEncryptedMessage() throws MessagingException, IOException {
        if (getPublicKey() == null) {
            throw new MessagingException("No certificate found for address: " + getAddress());
        }
        return encrypt();
    }

    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    protected MimeMessage encrypt() throws IOException, MessagingException {
        Object obj;
        OutputEncryptor build;
        log.debug("Encrypting email to \"{}\" with certificate: {}", getAddress(), getPublicKey());
        if (log.isTraceEnabled()) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            getMessage().writeTo(byteArrayOutputStream);
            log.trace("Original email:\n{}\n", byteArrayOutputStream.toString());
        }
        try {
            SMIMEEnvelopedGenerator sMIMEEnvelopedGenerator = new SMIMEEnvelopedGenerator();
            sMIMEEnvelopedGenerator.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(getPublicKey())));
            try {
                log.debug("Using AES256_CBC algorithm for encryption.");
                obj = "AES256_CBC";
                build = new BcCMSContentEncryptorBuilder(CMSAlgorithm.AES256_CBC).build();
            } catch (CMSException e) {
                if (!e.getMessage().contains("Illegal key size")) {
                    throw e;
                }
                log.debug(e.getMessage(), e);
                log.warn("\"Java Cryptography Extension (JCE) Unlimited Strength\" is not installed on this machine. AES256_CBC encryption standard can not be used. Using fallback AES128_CBC encryption algorithm.");
                obj = "AES128_CBC";
                build = new BcCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).build();
            }
            MimeBodyPart generate = sMIMEEnvelopedGenerator.generate(getMessage(), build);
            if (log.isTraceEnabled()) {
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                generate.writeTo(byteArrayOutputStream2);
                log.trace("Encrypted body:\n{}\n", byteArrayOutputStream2.toString());
            }
            MimeMessage mimeMessage = new MimeMessage(getMessage().getSession());
            Enumeration nonMatchingHeaderLines = getMessage().getNonMatchingHeaderLines(SPECIAL_HEADERS);
            while (nonMatchingHeaderLines.hasMoreElements()) {
                mimeMessage.addHeaderLine((String) nonMatchingHeaderLines.nextElement());
            }
            mimeMessage.addHeader(Mailer.XENCRPYTED_MAIL_PROPERTY, MessageFormat.format(XENCRPYTED_MAIL_VALUE, getHostName(), obj));
            mimeMessage.setContent(generate.getContent(), generate.getContentType());
            mimeMessage.saveChanges();
            if (log.isTraceEnabled()) {
                ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
                mimeMessage.writeTo(byteArrayOutputStream3);
                log.trace("Final email:\n{}\n", byteArrayOutputStream3.toString());
            }
            log.debug("Encrypting email to \"{}\" succesfully finished.", getAddress());
            return mimeMessage;
        } catch (CertificateEncodingException | CMSException | SMIMEException e2) {
            throw new MessagingException(e2.getLocalizedMessage(), e2);
        }
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public void setKeyStore(KeyStore keyStore) {
        this.keyStore = keyStore;
    }

    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    protected AbstractMailEncryptor.EncryptorPropertiesData getPropertiesData() {
        AbstractMailEncryptor.EncryptorPropertiesData encryptorPropertiesData = new AbstractMailEncryptor.EncryptorPropertiesData();
        encryptorPropertiesData.allowCustomUserKey = PropertiesUtil.getAppProps().getBoolean(JiraMailer.ALLOW_SMIME_CERTIFICATE_OVERWRITE_PROP, true);
        encryptorPropertiesData.expireTimeStamp = PropertiesUtil.getAppProps().getLong(JiraMailer.EXPIRE_KEYS_TIMESTAMP);
        encryptorPropertiesData.keySource = (EncryptionKeySource) PropertiesUtil.getUserProps().getEnum(JiraMailer.EMAIL_SMIME_KEY_SOURCE_PROP, EncryptionKeySource.class, getUser());
        encryptorPropertiesData.timeStamp = PropertiesUtil.getUserProps().getLong(JiraMailer.EMAIL_SMIME_TIME_STAMP_PROP, getUser());
        return encryptorPropertiesData;
    }
}
