package net.savignano.snotify.atlassian.mailer.keysource.smime;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.security.auth.x500.X500Principal;
import net.savignano.snotify.atlassian.common.enums.EKeyPurpose;
import net.savignano.snotify.atlassian.common.enums.EKeySource;
import net.savignano.snotify.atlassian.common.enums.EKeyValidity;
import net.savignano.snotify.atlassian.common.security.key.secret.SnotifySmimeSignKey;
import net.savignano.snotify.atlassian.common.util.SmimeUtil;
import net.savignano.snotify.atlassian.mailer.keysource.AKeyLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/atlassian/mailer/keysource/smime/SmimeSignKeyStoreLoader.class */
public class SmimeSignKeyStoreLoader extends AKeyLoader<SnotifySmimeSignKey> {
    private static final Logger log = LoggerFactory.getLogger(SmimeSignKeyStoreLoader.class);
    private final KeyStore keyStore;
    private final String email;
    private final char[] password;

    public SmimeSignKeyStoreLoader(KeyStore keyStore, char[] cArr, String str) {
        this.keyStore = keyStore;
        this.email = str;
        this.password = cArr;
        if (keyStore == null) {
            throw new IllegalArgumentException("Key Store must not be null.");
        }
        if (str == null) {
            throw new IllegalArgumentException("Email must not be null.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // net.savignano.snotify.atlassian.mailer.keysource.AKeyLoader
    public SnotifySmimeSignKey loadInternalKey() throws Exception {
        log.debug("Looking up private key for email: <{}>", getEmail());
        try {
            SnotifySmimeSignKey validKey = getValidKey();
            buildCertChain(validKey);
            return validKey;
        } catch (Exception e) {
            log.error("Could not load private key. Error message: " + e.getMessage(), e);
            return getValidityKey(EKeyValidity.ERROR);
        }
    }

    private SnotifySmimeSignKey getValidKey() throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        X509Certificate validCertForEmail = SmimeUtil.getValidCertForEmail(getKeyStore(), getEmail(), EKeyPurpose.SIGNING);
        if (validCertForEmail == null) {
            log.info("Found no valid certificate for email <{}> in private key store.", getEmail());
            return getValidityKey(EKeyValidity.NOT_FOUND);
        }
        PrivateKey privateKeyForCert = SmimeUtil.getPrivateKeyForCert(getKeyStore(), validCertForEmail, this.password);
        if (privateKeyForCert == null) {
            log.warn("Found a valid certificate for email <{}> in private key store, but not the corresponding private key. Please make sure that the private key for the certificate with serial number {} is stored in the key store at alias \"{}\".", new Object[]{getEmail(), SmimeUtil.getSerialNumber(validCertForEmail), getKeyStore().getCertificateAlias(validCertForEmail)});
            return getValidityKey(EKeyValidity.NOT_FOUND);
        }
        log.info("Found valid signing key for <{}>.", getEmail());
        log.trace("Used private key: {}", privateKeyForCert);
        log.trace("Used certificate: {}", validCertForEmail);
        SnotifySmimeSignKey snotifySmimeSignKey = new SnotifySmimeSignKey(privateKeyForCert, validCertForEmail, getEmail());
        snotifySmimeSignKey.setKeySource(EKeySource.KEYSTORE);
        return snotifySmimeSignKey;
    }

    private void buildCertChain(SnotifySmimeSignKey snotifySmimeSignKey) throws KeyStoreException {
        if (snotifySmimeSignKey.isValid()) {
            log.debug("Looking up intermediate certificates.");
            X509Certificate publicCert = snotifySmimeSignKey.getPublicCert();
            Certificate[] certificateChain = getKeyStore().getCertificateChain(getKeyStore().getCertificateAlias(publicCert));
            if (certificateChain != null && certificateChain.length > 1) {
                log.debug("Found {} intermediate certificate(s).", Integer.valueOf(certificateChain.length - 2));
                for (int i = 1; i < certificateChain.length - 1; i++) {
                    snotifySmimeSignKey.getIntermediateCerts().add((X509Certificate) certificateChain[i]);
                }
                X509Certificate x509Certificate = (X509Certificate) certificateChain[certificateChain.length - 1];
                if (!x509Certificate.getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal())) {
                    snotifySmimeSignKey.getIntermediateCerts().add(x509Certificate);
                }
                log.trace("Found intermediate certificates: {}", snotifySmimeSignKey.getIntermediateCerts());
                return;
            }
            if (log.isTraceEnabled()) {
                log.trace("Listing all certificates in key store.");
                Enumeration<String> aliases = getKeyStore().aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    X509Certificate x509Certificate2 = (X509Certificate) getKeyStore().getCertificate(nextElement);
                    log.trace("Alias: {}; Subject: {}; Issuer: {}", new Object[]{nextElement, x509Certificate2.getSubjectX500Principal(), x509Certificate2.getIssuerX500Principal()});
                }
            }
            log.debug("Fallback lookup of intermediate certificates.");
            X509Certificate x509Certificate3 = publicCert;
            while (x509Certificate3 != null) {
                x509Certificate3 = getIssuerCert(x509Certificate3);
                if (x509Certificate3 != null) {
                    snotifySmimeSignKey.getIntermediateCerts().add(x509Certificate3);
                }
            }
            log.trace("Found intermediate certificates: {}", snotifySmimeSignKey.getIntermediateCerts());
        }
    }

    private X509Certificate getIssuerCert(X509Certificate x509Certificate) throws KeyStoreException {
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        if (issuerX500Principal.equals(x509Certificate.getSubjectX500Principal())) {
            return null;
        }
        X509Certificate x509Certificate2 = (X509Certificate) getKeyStore().getCertificate(issuerX500Principal.getName());
        if (x509Certificate2 != null) {
            return x509Certificate2;
        }
        Enumeration<String> aliases = getKeyStore().aliases();
        while (aliases.hasMoreElements()) {
            X509Certificate x509Certificate3 = (X509Certificate) getKeyStore().getCertificate(aliases.nextElement());
            if (x509Certificate3.getSubjectX500Principal().equals(issuerX500Principal)) {
                return x509Certificate3;
            }
        }
        return null;
    }

    @Override // net.savignano.snotify.atlassian.mailer.keysource.IKeyLoader
    public EKeySource getKeySource() {
        return EKeySource.KEYSTORE;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // net.savignano.snotify.atlassian.mailer.keysource.AKeyLoader
    public SnotifySmimeSignKey getValidityKey(EKeyValidity eKeyValidity) {
        return new SnotifySmimeSignKey(eKeyValidity, getKeySource());
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public String getEmail() {
        return this.email;
    }

    public String toString() {
        return "SmimePrivateKeyStoreLoader [keyStore=" + this.keyStore + ", password=*****, email=" + this.email + "]";
    }
}
