package net.savignano.snotify.atlassian.mailer.decrypt;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.activation.DataHandler;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.Session;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import javax.mail.util.ByteArrayDataSource;
import net.savignano.snotify.atlassian.common.Constants;
import net.savignano.snotify.atlassian.common.security.key.secret.SnotifySmimeDecryptionKey;
import net.savignano.snotify.atlassian.common.util.MessageUtil;
import net.savignano.snotify.atlassian.common.util.SmimeUtil;
import net.savignano.thirdparty.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import net.savignano.thirdparty.org.bouncycastle.cms.CMSException;
import net.savignano.thirdparty.org.bouncycastle.cms.KeyTransRecipientId;
import net.savignano.thirdparty.org.bouncycastle.cms.Recipient;
import net.savignano.thirdparty.org.bouncycastle.cms.RecipientId;
import net.savignano.thirdparty.org.bouncycastle.cms.RecipientInformation;
import net.savignano.thirdparty.org.bouncycastle.cms.RecipientInformationStore;
import net.savignano.thirdparty.org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import net.savignano.thirdparty.org.bouncycastle.mail.smime.SMIMEEnveloped;
import net.savignano.thirdparty.org.bouncycastle.mail.smime.SMIMEException;
import net.savignano.thirdparty.org.bouncycastle.mail.smime.SMIMEUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/atlassian/mailer/decrypt/SmimeMailDecryptor.class */
public class SmimeMailDecryptor extends AMailDecryptor<SnotifySmimeDecryptionKey> {
    private static final Logger log = LoggerFactory.getLogger(SmimeMailDecryptor.class);

    public SmimeMailDecryptor(Session session, SnotifySmimeDecryptionKey snotifySmimeDecryptionKey) {
        super(session, snotifySmimeDecryptionKey);
    }

    @Override // net.savignano.snotify.atlassian.mailer.decrypt.AMailDecryptor
    protected void decrypt(MimeMessage mimeMessage) throws IOException, MessagingException {
        try {
            if (log.isTraceEnabled()) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                mimeMessage.writeTo(byteArrayOutputStream);
                log.trace("Original email:\n{}\n", byteArrayOutputStream.toString());
            }
            if (!SmimeUtil.isMessageEncrypted((Message) mimeMessage)) {
                log.debug("Message is not S/MIME encrypted. Content type encountered: {}", mimeMessage.getContentType());
                return;
            }
            String messageId = MessageUtil.getMessageId(mimeMessage);
            KeyStore key = getPrivateKey().getKey();
            SMIMEEnveloped sMIMEEnveloped = new SMIMEEnveloped(mimeMessage);
            ASN1ObjectIdentifier algorithm = sMIMEEnveloped.getContentEncryptionAlgorithm().getAlgorithm();
            log.debug("Used symmetric encryption algorithm: {}", SmimeUtil.getCmsName(algorithm));
            if (!SmimeUtil.isSupportedSymmetricKeyAlgorithm(algorithm)) {
                throw new MessagingException("Algorithm " + SmimeUtil.getCmsName(algorithm) + " that was used to encrypt Email with ID " + messageId + " is not supported.");
            }
            RecipientInformation recipientInformation = null;
            JceKeyTransEnvelopedRecipient jceKeyTransEnvelopedRecipient = null;
            RecipientInformationStore recipientInfos = sMIMEEnveloped.getRecipientInfos();
            Iterator<RecipientInformation> it = recipientInfos.getRecipients().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RecipientInformation next = it.next();
                X509Certificate cert = getCert(next);
                if (cert != null) {
                    String certificateAlias = key.getCertificateAlias(cert);
                    PrivateKey privateKey = (PrivateKey) key.getKey(certificateAlias, getPrivateKey().getPassword());
                    if (privateKey != null) {
                        log.debug("Used asymmetric encryption algorithm: {}", SmimeUtil.getCmsName(next.getKeyEncryptionAlgorithm().getAlgorithm()));
                        recipientInformation = next;
                        jceKeyTransEnvelopedRecipient = new JceKeyTransEnvelopedRecipient(privateKey);
                        break;
                    }
                    log.warn("Private key for alias \"{}\" not found in key store. Please make sure that the corresponding private key for certificate with serial number {} can be found in this key store under the given alias.", certificateAlias, SmimeUtil.getSerialNumber(cert.getSerialNumber()));
                }
            }
            if (jceKeyTransEnvelopedRecipient == null) {
                throwRecipientCertificateNotFoundException(messageId, recipientInfos);
            }
            decrypt(mimeMessage, recipientInformation, jceKeyTransEnvelopedRecipient);
            if (log.isTraceEnabled()) {
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                mimeMessage.writeTo(byteArrayOutputStream2);
                log.trace("Final email:\n{}\n", byteArrayOutputStream2.toString());
            }
        } catch (Exception e) {
            throw new MessagingException("Could not decrypt email. Failure message: " + e.getMessage(), e);
        }
    }

    private X509Certificate getCert(RecipientInformation recipientInformation) throws KeyStoreException, CertificateException {
        if (recipientInformation.getRID().getType() != 0) {
            log.debug("Recipient Info {} is not of type Key Transport (0), but {}", recipientInformation.getRID(), Integer.valueOf(recipientInformation.getRID().getType()));
            return null;
        }
        KeyTransRecipientId keyTransRecipientId = (KeyTransRecipientId) recipientInformation.getRID();
        String serialNumber = SmimeUtil.getSerialNumber(keyTransRecipientId.getSerialNumber());
        if (!SmimeUtil.isSupportedAsymmetricKeyAlgorithm(recipientInformation.getKeyEncryptionAlgorithm().getAlgorithm())) {
            log.warn("Key with serial number {} cannot be used for decryption, as the asymmetric algorith is not supported. Used algorithm: {}", serialNumber, SmimeUtil.getCmsName(recipientInformation.getKeyEncryptionAlgorithm().getAlgorithm()));
        }
        return SmimeUtil.getCertForRecipient(getPrivateKey().getKey(), keyTransRecipientId);
    }

    private void throwRecipientCertificateNotFoundException(String str, RecipientInformationStore recipientInformationStore) throws MessagingException {
        String str2 = null;
        Iterator<RecipientInformation> it = recipientInformationStore.getRecipients().iterator();
        while (it.hasNext()) {
            RecipientId rid = it.next().getRID();
            log.debug("Recipient Type encountered: {}", getRecipientType(rid));
            if (rid.getType() == 0 && (rid instanceof KeyTransRecipientId)) {
                String serialNumber = SmimeUtil.getSerialNumber(((KeyTransRecipientId) rid).getSerialNumber());
                log.debug("Serial number: {}", serialNumber);
                str2 = str2 == null ? serialNumber : str2 + ", " + serialNumber;
            }
        }
        if (str2 == null) {
            str2 = "<N/A>";
        }
        throw new MessagingException("Found no private key in Key Store to decrypt Email with ID " + str + ". Certificate(s) used to encrypt email have serial number(s): " + str2);
    }

    private void decrypt(MimeMessage mimeMessage, RecipientInformation recipientInformation, Recipient recipient) throws SMIMEException, CMSException, MessagingException, IOException {
        log.debug("Decrypting content.");
        MimeBodyPart mimeBodyPart = SMIMEUtil.toMimeBodyPart(recipientInformation.getContent(recipient));
        mimeMessage.setDisposition((String) null);
        mimeMessage.removeHeader(Constants.MIME_HEADER_CONTENT_TRANSFER_ENCODING);
        mimeMessage.setDataHandler(new DataHandler(new ByteArrayDataSource(mimeBodyPart.getInputStream(), mimeBodyPart.getContentType())));
        MessageUtil.copyAllHeaders(mimeBodyPart, mimeMessage);
        mimeMessage.saveChanges();
    }

    private String getRecipientType(RecipientId recipientId) {
        switch (recipientId.getType()) {
            case 0:
                return "KeyTrans";
            case 1:
                return "Kek";
            case 2:
                return "KeyAgree";
            case 3:
                return "Password";
            default:
                return "<N/A>";
        }
    }
}
