package net.savignano.snotify.atlassian.mailer.validate;

import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.Part;
import javax.mail.internet.ContentType;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import javax.mail.internet.MimePart;
import net.savignano.snotify.atlassian.common.Constants;
import net.savignano.snotify.atlassian.common.enums.EKeyPurpose;
import net.savignano.snotify.atlassian.common.enums.EKeySource;
import net.savignano.snotify.atlassian.common.enums.EKeyValidity;
import net.savignano.snotify.atlassian.common.enums.EValidationType;
import net.savignano.snotify.atlassian.common.security.key.publicly.SnotifySmimePublicKey;
import net.savignano.snotify.atlassian.common.util.SecurityUtil;
import net.savignano.snotify.atlassian.common.util.SmimeUtil;
import net.savignano.snotify.atlassian.mailer.visitor.BaseMessageVisitor;
import net.savignano.thirdparty.org.bouncycastle.asn1.ASN1InputStream;
import net.savignano.thirdparty.org.bouncycastle.asn1.ASN1Primitive;
import net.savignano.thirdparty.org.bouncycastle.asn1.cms.ContentInfo;
import net.savignano.thirdparty.org.bouncycastle.cert.X509CertificateHolder;
import net.savignano.thirdparty.org.bouncycastle.cms.SignerInformation;
import net.savignano.thirdparty.org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import net.savignano.thirdparty.org.bouncycastle.i18n.ErrorBundle;
import net.savignano.thirdparty.org.bouncycastle.mail.smime.SMIMESigned;
import net.savignano.thirdparty.org.bouncycastle.mail.smime.validator.SignedMailValidator;
import net.savignano.thirdparty.org.bouncycastle.mail.smime.validator.SignedMailValidatorException;
import net.savignano.thirdparty.org.bouncycastle.util.Store;
import net.savignano.thirdparty.org.bouncycastle.x509.PKIXCertPathReviewer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/atlassian/mailer/validate/SmimeMailValidator.class */
public class SmimeMailValidator extends AMailValidator<SnotifySmimePublicKey> {
    private static final Logger log = LoggerFactory.getLogger(SmimeMailValidator.class);
    private final PKIXParameters pkixParams;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/savignano/snotify/atlassian/mailer/validate/SmimeMailValidator$ExtractVisitor.class */
    public static final class ExtractVisitor extends Visitor {
        private final String email;
        private X509Certificate cert;

        public ExtractVisitor(String str) {
            super();
            this.email = str;
        }

        @Override // net.savignano.snotify.atlassian.mailer.validate.SmimeMailValidator.Visitor
        public void handle(SMIMESigned sMIMESigned) throws Exception {
            SmimeMailValidator.log.debug("Extracting public key for email: {}", this.email);
            this.cert = SmimeUtil.getValidCertForEmail(SmimeUtil.convertToKeyStore(sMIMESigned.getCertificates(), Constants.P12_KEYSTORE_TYPE, null), this.email, EKeyPurpose.ENCRYPTION);
        }

        public X509Certificate getCertificate() {
            return this.cert;
        }
    }

    /* loaded from: input_file:net/savignano/snotify/atlassian/mailer/validate/SmimeMailValidator$ValidateVisitor.class */
    private static final class ValidateVisitor extends Visitor {
        private boolean valid;
        private final PKIXParameters pkixParams;
        private final Set<EValidationType> validations;

        public ValidateVisitor(PKIXParameters pKIXParameters, Set<EValidationType> set) {
            super();
            this.valid = false;
            this.pkixParams = pKIXParameters;
            this.validations = set;
        }

        @Override // net.savignano.snotify.atlassian.mailer.visitor.BaseMessageVisitor
        public void visit(MimeMessage mimeMessage) throws Exception {
            SmimeMailValidator.log.debug("Validation types desired: {}", this.validations);
            if (this.pkixParams == null) {
                super.visit(mimeMessage);
            } else {
                this.pkixParams.setDate(mimeMessage.getSentDate());
                handle(new SignedMailValidator(mimeMessage, this.pkixParams));
            }
        }

        private void handle(SignedMailValidator signedMailValidator) throws SignedMailValidatorException {
            if (this.validations.contains(EValidationType.CAN_VALIDATE) && this.validations.size() == 1) {
                this.valid = true;
                return;
            }
            SmimeMailValidator.log.debug("Validating message.");
            Iterator<SignerInformation> it = signedMailValidator.getSignerInformationStore().getSigners().iterator();
            this.valid = it.hasNext();
            while (this.valid && it.hasNext()) {
                SignerInformation next = it.next();
                SmimeMailValidator.log.debug("Checking signature for certificate with serial number: {}", SmimeUtil.getSerialNumber(next.getSID().getSerialNumber()));
                SignedMailValidator.ValidationResult validationResult = signedMailValidator.getValidationResult(next);
                if (this.validations.contains(EValidationType.SIGNATURE)) {
                    this.valid = validationResult.isVerifiedSignature();
                }
                if (this.valid && this.validations.contains(EValidationType.TRUST)) {
                    if (this.validations.contains(EValidationType.SIGNATURE)) {
                        this.valid = validationResult.isValidSignature();
                    } else {
                        PKIXCertPathReviewer certPathReview = validationResult.getCertPathReview();
                        this.valid = certPathReview != null && certPathReview.isValidCertPath();
                    }
                }
                if (this.valid || !SmimeMailValidator.log.isWarnEnabled()) {
                    SmimeMailValidator.log.debug("Signature check successful: {}", Boolean.valueOf(this.valid));
                } else {
                    logValidationResult(validationResult, next);
                }
            }
            SmimeMailValidator.log.debug("Validation finished.");
        }

        private void logValidationResult(SignedMailValidator.ValidationResult validationResult, SignerInformation signerInformation) {
            PKIXCertPathReviewer certPathReview = validationResult.getCertPathReview();
            List<? extends Certificate> certificates = validationResult.getCertPath().getCertificates();
            StringBuilder sb = new StringBuilder(500);
            sb.append("Validation for signer with certificate ID ");
            sb.append(SmimeUtil.getSerialNumber(signerInformation.getSID().getSerialNumber()));
            sb.append(" failed. Verified signature: ");
            sb.append(validationResult.isVerifiedSignature());
            sb.append(". Cert path valid: ");
            sb.append(certPathReview.isValidCertPath());
            sb.append("\n");
            sb.append("  Validation errors: ");
            logErrors(validationResult.getErrors(), sb);
            sb.append("  Cert path (length ");
            sb.append(certificates.size());
            sb.append(")\n");
            if (certificates.size() != 0) {
                for (int i = 0; i < certificates.size(); i++) {
                    X509Certificate x509Certificate = (X509Certificate) certificates.get(i);
                    sb.append("    Cert ");
                    sb.append(i);
                    sb.append(": ");
                    sb.append(x509Certificate.getSubjectX500Principal());
                    sb.append("\" with ID ");
                    sb.append(SmimeUtil.getSerialNumber(x509Certificate));
                    sb.append("\n");
                }
                X509Certificate x509Certificate2 = (X509Certificate) certificates.get(certificates.size() - 1);
                sb.append("    Expected: ");
                sb.append(x509Certificate2.getIssuerX500Principal());
                sb.append("\n");
            }
            sb.append("  Cert path validation errors:\n");
            for (int i2 = -1; i2 < certificates.size(); i2++) {
                if (i2 == -1) {
                    sb.append("    Global errors: ");
                } else {
                    X509Certificate x509Certificate3 = (X509Certificate) certificates.get(i2);
                    sb.append("    Errors for cert \"");
                    sb.append(x509Certificate3.getSubjectX500Principal());
                    sb.append("\" with ID ");
                    sb.append(SmimeUtil.getSerialNumber(x509Certificate3));
                    sb.append(": ");
                }
                logErrors(certPathReview.getErrors(i2), sb);
            }
            SmimeMailValidator.log.warn(sb.toString());
        }

        private void logErrors(List<ErrorBundle> list, StringBuilder sb) {
            switch (list.size()) {
                case 0:
                    sb.append("No errors reported.\n");
                    return;
                case 1:
                    logErrorBundle(list.get(0), sb);
                    sb.append("\n");
                    return;
                default:
                    sb.append("\n");
                    Iterator<ErrorBundle> it = list.iterator();
                    while (it.hasNext()) {
                        logErrorBundle(it.next(), sb);
                        sb.append("\n");
                    }
                    return;
            }
        }

        private void logErrorBundle(ErrorBundle errorBundle, StringBuilder sb) {
            sb.append(errorBundle.getId());
            sb.append(": ");
            sb.append(errorBundle.getSummary(Locale.ENGLISH));
        }

        @Override // net.savignano.snotify.atlassian.mailer.validate.SmimeMailValidator.Visitor
        public void handle(SMIMESigned sMIMESigned) throws Exception {
            SmimeMailValidator.log.debug("Validating signed part.");
            Store<X509CertificateHolder> certificates = sMIMESigned.getCertificates();
            Iterator<SignerInformation> it = sMIMESigned.getSignerInfos().getSigners().iterator();
            this.valid = it.hasNext();
            while (this.valid && it.hasNext()) {
                SignerInformation next = it.next();
                SmimeMailValidator.log.debug("Checking signer ID for certificate with serial number: {}", next.getSID().getSerialNumber());
                X509CertificateHolder next2 = certificates.getMatches(next.getSID()).iterator().next();
                JcaSimpleSignerInfoVerifierBuilder jcaSimpleSignerInfoVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder();
                jcaSimpleSignerInfoVerifierBuilder.setProvider(SecurityUtil.getProvider());
                this.valid = next.verify(jcaSimpleSignerInfoVerifierBuilder.build(next2));
            }
        }

        public boolean isValid() {
            return this.valid;
        }
    }

    /* loaded from: input_file:net/savignano/snotify/atlassian/mailer/validate/SmimeMailValidator$Visitor.class */
    private static abstract class Visitor extends BaseMessageVisitor {
        private Visitor() {
        }

        @Override // net.savignano.snotify.atlassian.mailer.visitor.BaseMessageVisitor, net.savignano.snotify.atlassian.mailer.visitor.IMessageVisitor
        public void visit(MimePart mimePart) throws Exception {
            super.visit(mimePart);
            ContentType contentType = new ContentType(mimePart.getContentType());
            SmimeMailValidator.log.trace("MIME type: {}", contentType);
            if (SmimeMailValidator.isMessageTransparentSigned(mimePart)) {
                SmimeMailValidator.log.debug("Found '{}' content.", contentType);
                MimeMultipart mimeMultipart = (MimeMultipart) mimePart.getContent();
                String encoding = mimePart.getEncoding();
                handle(encoding == null ? new SMIMESigned(mimeMultipart) : new SMIMESigned(mimeMultipart, encoding));
                return;
            }
            if (SmimeMailValidator.isMessageOpaqueSigned(mimePart)) {
                SmimeMailValidator.log.debug("Found '{}' content.", contentType);
                handle(new SMIMESigned((Part) mimePart));
            }
        }

        public abstract void handle(SMIMESigned sMIMESigned) throws Exception;
    }

    public static final boolean isMessageSigned(Message message) {
        if (message instanceof MimeMessage) {
            MimePart mimePart = (MimePart) message;
            return isMessageTransparentSigned(mimePart) || isMessageOpaqueSigned(mimePart);
        }
        log.debug("Message is not a MIME message, so can't be S/MIME signed. Encountered message class: {}", message.getClass());
        return false;
    }

    public static final boolean isMessageOpaqueSigned(Message message) {
        if (message instanceof MimeMessage) {
            return isMessageOpaqueSigned((MimePart) message);
        }
        log.debug("Message is not a MIME message, so can't be S/MIME signed. Encountered message class: {}", message.getClass());
        return false;
    }

    public static final boolean isMessageTransparentSigned(Message message) {
        if (message instanceof MimeMessage) {
            return isMessageTransparentSigned((MimePart) message);
        }
        log.debug("Message is not a MIME message, so can't be S/MIME signed. Encountered message class: {}", message.getClass());
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final boolean isMessageOpaqueSigned(MimePart mimePart) {
        try {
            ContentType contentType = new ContentType(mimePart.getContentType());
            if (!contentType.match(Constants.MIME_CONTENT_TYPE_PKCS7) && !contentType.match(Constants.MIME_CONTENT_TYPE_XPKCS7)) {
                return false;
            }
            String parameter = contentType.getParameter("smime-type");
            return parameter != null ? "signed-data".equalsIgnoreCase(parameter) : checkAsn1Type(mimePart);
        } catch (Exception e) {
            LoggerFactory.getLogger(SmimeMailValidator.class).error(e.getMessage(), e);
            return false;
        }
    }

    private static final boolean checkAsn1Type(MimePart mimePart) throws IOException, MessagingException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(mimePart.getInputStream());
        Throwable th = null;
        try {
            try {
                ASN1Primitive readObject = aSN1InputStream.readObject();
                if (aSN1InputStream != null) {
                    if (0 != 0) {
                        try {
                            aSN1InputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        aSN1InputStream.close();
                    }
                }
                ContentInfo contentInfo = ContentInfo.getInstance(readObject);
                return contentInfo != null && Constants.OID_PKCS7_SIGNED_DATA.equals(contentInfo.getContentType().toString());
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (aSN1InputStream != null) {
                if (th != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    aSN1InputStream.close();
                }
            }
            throw th4;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Code restructure failed: missing block: B:9:0x0031, code lost:
    
        if (r0.equals("application/x-pkcs7-signature") != false) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static final boolean isMessageTransparentSigned(javax.mail.internet.MimePart r4) {
        /*
            javax.mail.internet.ContentType r0 = new javax.mail.internet.ContentType     // Catch: javax.mail.MessagingException -> L3d
            r1 = r0
            r2 = r4
            java.lang.String r2 = r2.getContentType()     // Catch: javax.mail.MessagingException -> L3d
            r1.<init>(r2)     // Catch: javax.mail.MessagingException -> L3d
            r5 = r0
            r0 = r5
            java.lang.String r1 = "multipart/signed"
            boolean r0 = r0.match(r1)     // Catch: javax.mail.MessagingException -> L3d
            if (r0 == 0) goto L3a
            r0 = r5
            java.lang.String r1 = "protocol"
            java.lang.String r0 = r0.getParameter(r1)     // Catch: javax.mail.MessagingException -> L3d
            r6 = r0
            r0 = r6
            if (r0 == 0) goto L38
            r0 = r6
            java.lang.String r1 = "application/pkcs7-signature"
            boolean r0 = r0.equals(r1)     // Catch: javax.mail.MessagingException -> L3d
            if (r0 != 0) goto L34
            r0 = r6
            java.lang.String r1 = "application/x-pkcs7-signature"
            boolean r0 = r0.equals(r1)     // Catch: javax.mail.MessagingException -> L3d
            if (r0 == 0) goto L38
        L34:
            r0 = 1
            goto L39
        L38:
            r0 = 0
        L39:
            return r0
        L3a:
            goto L4b
        L3d:
            r5 = move-exception
            org.slf4j.Logger r0 = net.savignano.snotify.atlassian.mailer.validate.SmimeMailValidator.log
            r1 = r5
            java.lang.String r1 = r1.getMessage()
            r2 = r5
            r0.error(r1, r2)
        L4b:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: net.savignano.snotify.atlassian.mailer.validate.SmimeMailValidator.isMessageTransparentSigned(javax.mail.internet.MimePart):boolean");
    }

    public SmimeMailValidator(PKIXParameters pKIXParameters) {
        this.pkixParams = pKIXParameters;
    }

    @Override // net.savignano.snotify.atlassian.mailer.validate.IMailValidator
    public Set<EValidationType> getValidationCapability() {
        return EnumSet.of(EValidationType.CAN_VALIDATE, EValidationType.SIGNATURE, EValidationType.TRUST);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // net.savignano.snotify.atlassian.mailer.validate.AMailValidator
    public SnotifySmimePublicKey getValidityKey(EKeyValidity eKeyValidity) {
        return new SnotifySmimePublicKey(eKeyValidity, EKeySource.EMAIL);
    }

    @Override // net.savignano.snotify.atlassian.mailer.validate.AMailValidator
    protected boolean isSigned(MimeMessage mimeMessage) {
        return isMessageSigned(mimeMessage);
    }

    @Override // net.savignano.snotify.atlassian.mailer.validate.AMailValidator
    protected boolean validate(MimeMessage mimeMessage, Set<EValidationType> set, String str) throws Exception {
        ValidateVisitor validateVisitor = new ValidateVisitor(this.pkixParams, set);
        validateVisitor.visit(mimeMessage);
        return validateVisitor.isValid();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // net.savignano.snotify.atlassian.mailer.validate.AMailValidator
    public SnotifySmimePublicKey extract(MimeMessage mimeMessage, String str) throws Exception {
        ExtractVisitor extractVisitor = new ExtractVisitor(str);
        extractVisitor.visit(mimeMessage);
        X509Certificate certificate = extractVisitor.getCertificate();
        if (certificate == null) {
            return getValidityKey(EKeyValidity.NOT_FOUND);
        }
        SnotifySmimePublicKey snotifySmimePublicKey = new SnotifySmimePublicKey(certificate, str);
        snotifySmimePublicKey.setKeySource(EKeySource.EMAIL);
        return snotifySmimePublicKey;
    }
}
