package net.savignano.snotify.atlassian.common.util;

import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import java.util.LinkedHashSet;
import java.util.List;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimePart;
import net.savignano.snotify.atlassian.common.Constants;
import net.savignano.snotify.atlassian.common.enums.EKeyPurpose;
import net.savignano.thirdparty.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import net.savignano.thirdparty.org.bouncycastle.asn1.x500.RDN;
import net.savignano.thirdparty.org.bouncycastle.asn1.x500.X500Name;
import net.savignano.thirdparty.org.bouncycastle.asn1.x500.style.BCStyle;
import net.savignano.thirdparty.org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/atlassian/common/util/CertUtil.class */
public class CertUtil {
    public static final String X509_FACTORY_KEY = "X.509";
    private static final Logger log = LoggerFactory.getLogger(CertUtil.class);

    public static final boolean isMessageSmimeEncrypted(Message message) {
        if (message instanceof MimeMessage) {
            return isSmimeEncrypted((MimePart) message);
        }
        log.debug("Message is not a MIME message, so can't be S/MIME encrypted. Encountered message class: {}", message.getClass());
        return false;
    }

    private static final boolean isSmimeEncrypted(MimePart mimePart) {
        try {
            return mimePart.isMimeType("application/pkcs7-mime");
        } catch (MessagingException e) {
            log.error(e.getMessage(), e);
            return false;
        }
    }

    public static final X509Certificate createCertificate(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static final X509Certificate getValidCertForEmail(KeyStore keyStore, String str, EKeyPurpose eKeyPurpose) {
        if (keyStore == null || str == null || eKeyPurpose == null) {
            return null;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            X509Certificate x509Certificate = null;
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                try {
                    X509Certificate certForAlias = getCertForAlias(keyStore, nextElement);
                    try {
                        if (isCertForEmail(certForAlias, str)) {
                            if (eKeyPurpose == EKeyPurpose.UNKNOWN || isCertForPurpose(certForAlias, eKeyPurpose)) {
                                try {
                                    certForAlias.checkValidity();
                                    log.debug("Found valid certificate for email \"{}\": {}", str, certForAlias.getSerialNumber());
                                    if (x509Certificate == null) {
                                        x509Certificate = certForAlias;
                                    } else if (certForAlias.getNotAfter().after(x509Certificate.getNotAfter())) {
                                        x509Certificate = certForAlias;
                                    }
                                } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                                    log.debug("Found invalid certificate for email \"{}\": {}", str, certForAlias.getSerialNumber());
                                }
                            } else {
                                log.debug("Certificate with serial number {} is not suitable for purpose: {}", certForAlias.getSerialNumber(), eKeyPurpose);
                            }
                        }
                    } catch (CertificateEncodingException e2) {
                        log.error("Error extracting the information from certificate: " + certForAlias, e2);
                    } catch (CertificateParsingException e3) {
                        log.error("Subject Alternative Names Extension could not be parsed from certificate: " + certForAlias, e3);
                    }
                } catch (KeyStoreException e4) {
                    log.error("Error getting certificate for alias: " + nextElement, e4);
                }
            }
            log.debug("Found certificate for email \"{}\": {}", str, x509Certificate);
            return x509Certificate;
        } catch (KeyStoreException e5) {
            log.error("Error getting aliases from KeyStore: " + keyStore, e5);
            return null;
        }
    }

    public static final X509Certificate getCertForEmail(KeyStore keyStore, String str) throws KeyStoreException, CertificateException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            X509Certificate certForAlias = getCertForAlias(keyStore, aliases.nextElement());
            if (isCertForEmail(certForAlias, str)) {
                return certForAlias;
            }
        }
        return null;
    }

    private static final X509Certificate getCertForAlias(KeyStore keyStore, String str) throws KeyStoreException {
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate instanceof X509Certificate) {
            return (X509Certificate) certificate;
        }
        log.warn("Certificate found for alias \"{}\" is not a X509Certificate. It will be skipped. Found certificate: {}", str, certificate);
        return null;
    }

    public static final String[] getEmails(X509Certificate x509Certificate) throws CertificateEncodingException, CertificateParsingException {
        return x509Certificate == null ? new String[0] : getEmails(getSubject(x509Certificate), x509Certificate.getSubjectAlternativeNames());
    }

    public static final String[] getIssuerEmails(X509Certificate x509Certificate) throws CertificateEncodingException, CertificateParsingException {
        return x509Certificate == null ? new String[0] : getEmails(getIssuer(x509Certificate), x509Certificate.getIssuerAlternativeNames());
    }

    private static final String[] getEmails(X500Name x500Name, Collection<List<?>> collection) {
        String rDNValue;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (x500Name != null && (rDNValue = getRDNValue(x500Name, BCStyle.E)) != null) {
            linkedHashSet.add(rDNValue);
        }
        if (collection != null) {
            for (List<?> list : collection) {
                int intValue = ((Integer) list.get(0)).intValue();
                Object obj = list.get(1);
                if (intValue == 1 && obj != null) {
                    linkedHashSet.add(obj.toString());
                }
            }
        }
        return (String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]);
    }

    public static final boolean isCertForPurpose(X509Certificate x509Certificate, EKeyPurpose eKeyPurpose) {
        boolean z;
        if (x509Certificate == null || eKeyPurpose == null) {
            return false;
        }
        log.debug("Checking purpose {} for certificate {}.", eKeyPurpose, x509Certificate.getSerialNumber());
        if (x509Certificate.getCriticalExtensionOIDs().contains(Constants.OID_EXTENDED_KEY_USAGE)) {
            try {
                if (!x509Certificate.getExtendedKeyUsage().contains(Constants.OID_EXTENDED_KEY_USAGE_EMAIL)) {
                    log.debug("Extended Key Usage for certificate is critical, but does not contain 'Email'.");
                    return false;
                }
            } catch (CertificateParsingException e) {
                log.error("Could not parse 'Extended Key Usage' extension of certificate " + x509Certificate.getSerialNumber() + ". Error message: " + e.getMessage(), e);
                return false;
            }
        }
        if (!x509Certificate.getCriticalExtensionOIDs().contains(Constants.OID_KEY_USAGE)) {
            log.debug("Key usage is not critical.");
            return true;
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        switch (eKeyPurpose) {
            case DECRYPTION:
            case ENCRYPTION:
                z = keyUsage[2];
                break;
            case SIGNING:
                z = keyUsage[0];
                break;
            case UNKNOWN:
                z = false;
                break;
            default:
                throw new IllegalStateException("Handling of key purpose " + eKeyPurpose + " not yet implemented.");
        }
        log.debug("Certificate is usable: {}", Boolean.valueOf(z));
        return z;
    }

    public static final boolean isCertForEmail(X509Certificate x509Certificate, String str) throws CertificateEncodingException, CertificateParsingException {
        if (str == null) {
            return false;
        }
        for (String str2 : getEmails(x509Certificate)) {
            if (str.equalsIgnoreCase(str2)) {
                return true;
            }
        }
        return false;
    }

    public static final X500Name getIssuer(X509Certificate x509Certificate) throws CertificateEncodingException {
        return new JcaX509CertificateHolder(x509Certificate).getIssuer();
    }

    public static final X500Name getSubject(X509Certificate x509Certificate) throws CertificateEncodingException {
        return new JcaX509CertificateHolder(x509Certificate).getSubject();
    }

    public static final String getRDNValue(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
        if (rDNs.length == 0) {
            return null;
        }
        return rDNs[0].getFirst().getValue().toString();
    }
}
