package net.savignano.snotify.jira.mailer.security;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Enumeration;
import javax.mail.Address;
import javax.mail.MessagingException;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import net.savignano.snotify.jira.mailer.JiraMailer;
import net.savignano.snotify.jira.mailer.Mailer;
import net.savignano.snotify.jira.mailer.SnotifyMimeMessage;
import net.savignano.snotify.jira.mailer.enums.EncryptionKeySource;
import net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor;
import net.savignano.snotify.jira.mailer.security.key.EKeyValidity;
import net.savignano.snotify.jira.mailer.security.key.SnotifySmimeKey;
import net.savignano.snotify.jira.mailer.util.CertUtil;
import net.savignano.snotify.jira.mailer.util.PropertiesUtil;
import net.savignano.thirdparty.org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import net.savignano.thirdparty.org.bouncycastle.cms.CMSAlgorithm;
import net.savignano.thirdparty.org.bouncycastle.cms.CMSException;
import net.savignano.thirdparty.org.bouncycastle.cms.bc.BcCMSContentEncryptorBuilder;
import net.savignano.thirdparty.org.bouncycastle.cms.bc.BcRSAKeyTransRecipientInfoGenerator;
import net.savignano.thirdparty.org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import net.savignano.thirdparty.org.bouncycastle.mail.smime.SMIMEException;
import net.savignano.thirdparty.org.bouncycastle.operator.OutputEncryptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/jira/mailer/security/SmimeMailEncryptor.class */
public class SmimeMailEncryptor extends AbstractMailEncryptor<SnotifySmimeKey> {
    private static final Logger log = LoggerFactory.getLogger(SmimeMailEncryptor.class);
    private static final String XENCRPYTED_MAIL_VALUE = "by S/Notify for Jira at {0} using S/MIME encryption with {1}";
    private KeyStore keyStore;

    public SmimeMailEncryptor(MimeMessage mimeMessage, Address address) {
        super(mimeMessage, address);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    public SnotifySmimeKey getValidityKey(EKeyValidity eKeyValidity) {
        return new SnotifySmimeKey(eKeyValidity);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    public SnotifySmimeKey getRepositoryPublicKey() {
        if (getKeyStore() == null) {
            log.debug("No key store specified. Can't get certificate from key store.");
            return getValidityKey(EKeyValidity.NOT_FOUND);
        }
        String address = getAddress().toString();
        X509Certificate validCertForEmail = CertUtil.getValidCertForEmail(getKeyStore(), address);
        if (validCertForEmail != null) {
            return new SnotifySmimeKey(validCertForEmail, address);
        }
        try {
            X509Certificate certForEmail = CertUtil.getCertForEmail(getKeyStore(), address);
            return certForEmail == null ? getValidityKey(EKeyValidity.NOT_FOUND) : new SnotifySmimeKey(certForEmail);
        } catch (KeyStoreException | CertificateException e) {
            log.error("Could not load certificate from key store for email " + address + ".", e);
            return getValidityKey(EKeyValidity.ERROR);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    public SnotifySmimeKey getUserPublicKey() {
        byte[] bytes = PropertiesUtil.getUserProps().getBytes(JiraMailer.EMAIL_SMIME_CERT_PROP, getUser());
        if (bytes == null) {
            log.debug("User {} has no public certificate stored.", getUser());
            return getValidityKey(EKeyValidity.NOT_FOUND);
        }
        log.debug("Using certificate of user {} for encrypting email to \"{}\".", getUser(), getAddress());
        try {
            return new SnotifySmimeKey(CertUtil.createCertificate(bytes));
        } catch (CertificateException e) {
            log.error("Could not parse certificate stored for user: " + getUser(), e);
            return getValidityKey(EKeyValidity.ERROR);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    public void storePublicKey(SnotifySmimeKey snotifySmimeKey) throws IOException {
        log.debug("Storing new S/MIME certificate to user properties: {}", snotifySmimeKey.getEncryptionKey());
        PropertiesUtil.getUserProps().setBytes(JiraMailer.EMAIL_SMIME_CERT_PROP, snotifySmimeKey.getEncoded(), getUser());
        PropertiesUtil.getUserProps().setLong(JiraMailer.EMAIL_SMIME_TIME_STAMP_PROP, Long.valueOf(System.currentTimeMillis()), getUser());
        PropertiesUtil.getUserProps().setEnum(JiraMailer.EMAIL_SMIME_KEY_SOURCE_PROP, EncryptionKeySource.KEYSTORE, getUser());
    }

    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    protected MimeMessage encrypt() throws IOException, MessagingException {
        Object obj;
        OutputEncryptor build;
        log.debug("Encrypting email to \"{}\" with certificate: {}", getAddress(), getPublicKey().getEncryptionKey());
        if (log.isTraceEnabled()) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            getMessage().writeTo(byteArrayOutputStream);
            log.trace("Original email:\n{}\n", byteArrayOutputStream.toString());
        }
        SnotifyMimeMessage snotifyMimeMessage = new SnotifyMimeMessage(getMessage());
        snotifyMimeMessage.getContent();
        SnotifyMimeMessage snotifyMimeMessage2 = new SnotifyMimeMessage(snotifyMimeMessage.getSession());
        Enumeration allHeaderLines = snotifyMimeMessage.getAllHeaderLines();
        while (allHeaderLines.hasMoreElements()) {
            snotifyMimeMessage2.addHeaderLine((String) allHeaderLines.nextElement());
        }
        try {
            SMIMEEnvelopedGenerator sMIMEEnvelopedGenerator = new SMIMEEnvelopedGenerator();
            sMIMEEnvelopedGenerator.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(getPublicKey().getEncryptionKey())));
            try {
                log.debug("Using AES256_CBC algorithm for encryption.");
                obj = "AES256_CBC";
                build = new BcCMSContentEncryptorBuilder(CMSAlgorithm.AES256_CBC).build();
            } catch (CMSException e) {
                if (!e.getMessage().contains("Illegal key size")) {
                    throw e;
                }
                log.debug(e.getMessage(), e);
                log.warn("\"Java Cryptography Extension (JCE) Unlimited Strength\" is not installed on this machine. AES256_CBC encryption standard can not be used. Using fallback AES128_CBC encryption algorithm.");
                obj = "AES128_CBC";
                build = new BcCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).build();
            }
            MimeBodyPart generate = sMIMEEnvelopedGenerator.generate(snotifyMimeMessage, build);
            if (log.isTraceEnabled()) {
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                generate.writeTo(byteArrayOutputStream2);
                log.trace("Encrypted body:\n{}\n", byteArrayOutputStream2.toString());
            }
            snotifyMimeMessage2.setContent(generate.getContent(), generate.getContentType());
            snotifyMimeMessage2.addHeader(Mailer.XENCRPYTED_MAIL_PROPERTY, MessageFormat.format(XENCRPYTED_MAIL_VALUE, getHostName(), obj));
            snotifyMimeMessage2.saveChanges();
            if (log.isTraceEnabled()) {
                ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
                snotifyMimeMessage2.writeTo(byteArrayOutputStream3);
                log.trace("Final email:\n{}\n", byteArrayOutputStream3.toString());
            }
            log.debug("Encrypting email to \"{}\" succesfully finished.", getAddress());
            return snotifyMimeMessage2;
        } catch (CertificateEncodingException | CMSException | SMIMEException e2) {
            throw new MessagingException(e2.getLocalizedMessage(), e2);
        }
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public void setKeyStore(KeyStore keyStore) {
        this.keyStore = keyStore;
    }

    @Override // net.savignano.snotify.jira.mailer.security.AbstractMailEncryptor
    protected AbstractMailEncryptor.EncryptorPropertiesData getPropertiesData() {
        AbstractMailEncryptor.EncryptorPropertiesData encryptorPropertiesData = new AbstractMailEncryptor.EncryptorPropertiesData();
        encryptorPropertiesData.allowCustomUserKey = PropertiesUtil.getAppProps().getBoolean(JiraMailer.ALLOW_SMIME_CERTIFICATE_OVERWRITE_PROP, true);
        encryptorPropertiesData.expireTimeStamp = PropertiesUtil.getAppProps().getLong(JiraMailer.EXPIRE_KEYS_TIMESTAMP);
        encryptorPropertiesData.keySource = (EncryptionKeySource) PropertiesUtil.getUserProps().getEnum(JiraMailer.EMAIL_SMIME_KEY_SOURCE_PROP, EncryptionKeySource.class, getUser());
        encryptorPropertiesData.timeStamp = PropertiesUtil.getUserProps().getLong(JiraMailer.EMAIL_SMIME_TIME_STAMP_PROP, getUser());
        return encryptorPropertiesData;
    }
}
