package net.savignano.snotify.jira.mailer;

import com.atlassian.cache.CacheFactory;
import com.atlassian.jira.component.ComponentAccessor;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.PKIXParameters;
import java.util.function.BiConsumer;
import java.util.function.BiFunction;
import javax.mail.Session;
import net.savignano.snotify.atlassian.common.Constants;
import net.savignano.snotify.atlassian.common.EProperty;
import net.savignano.snotify.atlassian.common.ISnotifyAppProperties;
import net.savignano.snotify.atlassian.common.ISnotifyUserProperties;
import net.savignano.snotify.atlassian.common.IUser;
import net.savignano.snotify.atlassian.common.enums.EKeySource;
import net.savignano.snotify.atlassian.common.security.access.pgp.PgpUserKeyLoader;
import net.savignano.snotify.atlassian.common.security.access.smime.SmimeUserKeyLoader;
import net.savignano.snotify.atlassian.common.security.key.ISnotifyKey;
import net.savignano.snotify.atlassian.common.security.key.publicly.ISnotifyPublicKey;
import net.savignano.snotify.atlassian.common.security.key.publicly.SnotifyPgpPublicKey;
import net.savignano.snotify.atlassian.common.security.key.publicly.SnotifySmimePublicKey;
import net.savignano.snotify.atlassian.common.util.SecurityUtil;
import net.savignano.snotify.atlassian.mailer.keysource.pgp.PgpPublicKeyManager;
import net.savignano.snotify.atlassian.mailer.validate.IMailValidator;
import net.savignano.snotify.atlassian.mailer.validate.PgpMailValidator;
import net.savignano.snotify.atlassian.mailer.validate.SmimeMailValidator;
import net.savignano.snotify.jira.common.JiraUser;
import net.savignano.snotify.jira.mailer.decrypt.ComposedMailDecryptor;
import net.savignano.snotify.jira.mailer.decrypt.IComposedMailDecryptor;
import net.savignano.snotify.jira.mailer.validate.ComposedMailValidator;
import net.savignano.snotify.jira.mailer.validate.IComposedMailValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/jira/mailer/AtlassianIncomingMailHandler.class */
public class AtlassianIncomingMailHandler {
    private static final Logger log = LoggerFactory.getLogger(AtlassianIncomingMailHandler.class);
    private final ISnotifyAppProperties appProps;
    private final ISnotifyUserProperties userProps;

    public AtlassianIncomingMailHandler(ISnotifyAppProperties iSnotifyAppProperties, ISnotifyUserProperties iSnotifyUserProperties) {
        this.appProps = iSnotifyAppProperties;
        this.userProps = iSnotifyUserProperties;
    }

    public IComposedMailDecryptor getMailDecryptor(Session session) {
        return new ComposedMailDecryptor(session, this.appProps);
    }

    public IComposedMailValidator getMailValidator() {
        ComposedMailValidator composedMailValidator = new ComposedMailValidator();
        composedMailValidator.setPgpValidator(getPgpValidator());
        composedMailValidator.setSmimeValidator(getSmimeValidator());
        return composedMailValidator;
    }

    private IMailValidator<SnotifyPgpPublicKey> getPgpValidator() {
        PgpMailValidator pgpMailValidator = new PgpMailValidator();
        pgpMailValidator.setPublicKeyRetriever(str -> {
            return new PgpPublicKeyManager(str, this.appProps, this.userProps).getKey();
        });
        return pgpMailValidator;
    }

    private IMailValidator<SnotifySmimePublicKey> getSmimeValidator() {
        KeyStore keyStore = null;
        try {
            keyStore = SecurityUtil.getJavaTrustStore();
        } catch (Exception e) {
            log.error("Could not load java trust store. Certificate Chain will not be validated. Error message: " + e.getMessage(), e);
        }
        PKIXParameters pKIXParameters = null;
        if (keyStore != null) {
            try {
                pKIXParameters = new PKIXParameters(keyStore);
                pKIXParameters.setRevocationEnabled(this.appProps.getBoolean(EProperty.TWEAK_CERTIFICATION_REVOCATION_ENABLED));
            } catch (Exception e2) {
                log.error("Could not create validation parameters. Certification chain will not be validated. Error message: " + e2.getMessage(), e2);
            }
        }
        return new SmimeMailValidator(pKIXParameters);
    }

    public void handleExtractedPublicKeys(ISnotifyPublicKey<?> iSnotifyPublicKey, String str) {
        if (iSnotifyPublicKey == null || !iSnotifyPublicKey.isValid()) {
            return;
        }
        if (iSnotifyPublicKey instanceof SnotifySmimePublicKey) {
            if (this.appProps.getBoolean(EProperty.EXTRACT_CERTIFICATE_FROM_SIGNATURES)) {
                for (JiraUser jiraUser : JiraUser.lookupUsers(str)) {
                    storeKey((SnotifySmimePublicKey) iSnotifyPublicKey, jiraUser, new SmimeUserKeyLoader(jiraUser, this.userProps).loadKey(), this::setSmime, this::equalsSmime);
                }
                log.debug("Caching S/MIME certificate for email {}, should user be created.", str);
                ((CacheFactory) ComponentAccessor.getComponent(CacheFactory.class)).getCache(Constants.CACHE_INCOMING_MAIL_SMIME).put(str, ((SnotifySmimePublicKey) iSnotifyPublicKey).getKey());
                return;
            }
            return;
        }
        if (!(iSnotifyPublicKey instanceof SnotifyPgpPublicKey)) {
            log.error("Unknown public key encountered: {}", iSnotifyPublicKey);
            return;
        }
        if (this.appProps.getBoolean(EProperty.EXTRACT_PUBLIC_KEY_FROM_SIGNATURES)) {
            for (JiraUser jiraUser2 : JiraUser.lookupUsers(str)) {
                storeKey((SnotifyPgpPublicKey) iSnotifyPublicKey, jiraUser2, new PgpUserKeyLoader(jiraUser2, this.userProps).loadKey(), this::setPgp, this::equalsPgp);
            }
            log.debug("Caching PGP key for email {}, should user be created.", str);
            try {
                ((CacheFactory) ComponentAccessor.getComponent(CacheFactory.class)).getCache(Constants.CACHE_INCOMING_MAIL_PGP).put(str, ((SnotifyPgpPublicKey) iSnotifyPublicKey).getEncoded());
            } catch (IOException e) {
                log.error("Could not encoded public PGP key. Error message: " + e.getMessage(), e);
            }
        }
    }

    private <T extends ISnotifyKey<?>> void storeKey(T t, IUser<?> iUser, T t2, BiConsumer<T, IUser<?>> biConsumer, BiFunction<T, T, Boolean> biFunction) {
        log.debug("Currently cached key for user {}: {}", iUser, t2);
        if (!t2.isValid()) {
            biConsumer.accept(t, iUser);
        } else if (t2.getKeySource() != EKeySource.USER) {
            if (biFunction.apply(t, t2).booleanValue()) {
                log.debug("Cached key is same as extracted key. No storing needed.");
            } else {
                biConsumer.accept(t, iUser);
            }
        }
    }

    private boolean equalsSmime(SnotifySmimePublicKey snotifySmimePublicKey, SnotifySmimePublicKey snotifySmimePublicKey2) {
        return snotifySmimePublicKey.getKey().getSerialNumber().equals(snotifySmimePublicKey2.getKey().getSerialNumber());
    }

    private void setSmime(SnotifySmimePublicKey snotifySmimePublicKey, IUser<?> iUser) {
        log.info("Setting S/MIME certificate for user: {}", iUser.getDisplayName());
        try {
            this.userProps.setBytes(EProperty.EMAIL_SMIME_CERT, snotifySmimePublicKey.getEncoded(), iUser);
            this.userProps.setLong(EProperty.EMAIL_SMIME_TIME_STAMP, Long.valueOf(System.currentTimeMillis()), iUser);
            this.userProps.setEnum(EProperty.EMAIL_SMIME_KEY_SOURCE, snotifySmimePublicKey.getKeySource(), iUser);
        } catch (IOException e) {
            log.error("Could not set S/MIME certificate for user: " + iUser.getDisplayName() + ". Error message: " + e.getMessage(), e);
        }
    }

    private Boolean equalsPgp(SnotifyPgpPublicKey snotifyPgpPublicKey, SnotifyPgpPublicKey snotifyPgpPublicKey2) {
        return Boolean.valueOf(snotifyPgpPublicKey.getKey().getKeyID() == snotifyPgpPublicKey2.getKey().getKeyID() && snotifyPgpPublicKey.getMasterKey().getKeyID() == snotifyPgpPublicKey2.getMasterKey().getKeyID());
    }

    private void setPgp(SnotifyPgpPublicKey snotifyPgpPublicKey, IUser<?> iUser) {
        log.info("Setting PGP key for user: {}", iUser.getDisplayName());
        try {
            this.userProps.setBytes(EProperty.EMAIL_PGP_KEY, snotifyPgpPublicKey.getEncoded(), iUser);
            this.userProps.setLong(EProperty.EMAIL_PGP_KEY_ID, Long.valueOf(snotifyPgpPublicKey.getKey().getKeyID()), iUser);
            this.userProps.setLong(EProperty.EMAIL_PGP_TIME_STAMP, Long.valueOf(System.currentTimeMillis()), iUser);
            this.userProps.setEnum(EProperty.EMAIL_PGP_KEY_SOURCE, snotifyPgpPublicKey.getKeySource(), iUser);
        } catch (IOException e) {
            log.error("Could not set PGP public key for user: " + iUser.getDisplayName() + ". Error message: " + e.getMessage(), e);
        }
    }
}
