package net.savignano.snotify.jira.mailer;

import com.atlassian.cache.CacheFactory;
import com.atlassian.jira.component.ComponentAccessor;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.PKIXParameters;
import java.util.Collections;
import java.util.function.BiConsumer;
import java.util.function.BiFunction;
import javax.mail.Session;
import javax.mail.internet.AddressException;
import net.savignano.cryptography.enums.EKeySource;
import net.savignano.cryptography.enums.EKeyValidity;
import net.savignano.cryptography.key.ICryptographyKey;
import net.savignano.cryptography.key.IPublicCryptographyKey;
import net.savignano.cryptography.key.pgp.PgpPublicKey;
import net.savignano.cryptography.key.pgp.PgpValidationKey;
import net.savignano.cryptography.key.smime.SmimePublicKey;
import net.savignano.cryptography.mail.validate.IMailValidator;
import net.savignano.cryptography.mail.validate.PgpMailValidator;
import net.savignano.cryptography.mail.validate.SmimeMailValidator;
import net.savignano.cryptography.util.SecurityUtil;
import net.savignano.snotify.atlassian.common.EProperty;
import net.savignano.snotify.atlassian.common.properties.ISnotifyAppProperties;
import net.savignano.snotify.atlassian.common.properties.ISnotifyUserProperties;
import net.savignano.snotify.atlassian.common.security.access.pgp.PgpUserKeyLoader;
import net.savignano.snotify.atlassian.common.security.access.smime.SmimeUserKeyLoader;
import net.savignano.snotify.atlassian.common.user.IUser;
import net.savignano.snotify.atlassian.common.user.VirtualUser;
import net.savignano.snotify.atlassian.mailer.keysource.pgp.PgpPublicKeyManager;
import net.savignano.snotify.jira.common.JiraConstants;
import net.savignano.snotify.jira.common.JiraUser;
import net.savignano.snotify.jira.mailer.decorator.DecoratorData;
import net.savignano.snotify.jira.mailer.decrypt.AComposedMailDecryptor;
import net.savignano.snotify.jira.mailer.decrypt.ComposedMailDecryptor;
import net.savignano.snotify.jira.mailer.validate.ComposedMailValidator;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPPublicKeyRing;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/jira/mailer/AtlassianIncomingMailHandler.class */
public class AtlassianIncomingMailHandler {
    private static final Logger log = LoggerFactory.getLogger(AtlassianIncomingMailHandler.class);
    private final ISnotifyAppProperties appProps;
    private final ISnotifyUserProperties userProps;

    public AtlassianIncomingMailHandler(ISnotifyAppProperties iSnotifyAppProperties, ISnotifyUserProperties iSnotifyUserProperties) {
        this.appProps = iSnotifyAppProperties;
        this.userProps = iSnotifyUserProperties;
    }

    public MessageStoreTransformerConfiguration createConfiguration() {
        MessageStoreTransformerConfiguration messageStoreTransformerConfiguration = new MessageStoreTransformerConfiguration(this::getMailDecryptor, this::getMailValidator);
        messageStoreTransformerConfiguration.setPublicKeyConsumer(this::handleExtractedPublicKeys);
        messageStoreTransformerConfiguration.setDisabled(this.appProps.getBoolean(EProperty.DISABLE_SNOTIFY));
        messageStoreTransformerConfiguration.setFrozen(this.appProps.getBoolean(EProperty.FREEZE_SNOTIFY));
        messageStoreTransformerConfiguration.setLite(this.appProps.getBoolean(EProperty.LITE_MODE));
        messageStoreTransformerConfiguration.setRemoveSignature(this.appProps.getBoolean(EProperty.REMOVE_SIGNATURES));
        messageStoreTransformerConfiguration.setExtractPublicKey(this.appProps.getBoolean(EProperty.EXTRACT_PUBLIC_KEY_FROM_SIGNATURES) || this.appProps.getBoolean(EProperty.EXTRACT_CERTIFICATE_FROM_SIGNATURES));
        messageStoreTransformerConfiguration.setCheckOnlySignature(this.appProps.getBoolean(EProperty.TWEAK_SMIME_IGNORE_CERT_PATH_VALIDATION));
        messageStoreTransformerConfiguration.setTreatDecryptionWarningAsFailure(this.appProps.getBoolean(EProperty.TWEAK_PGP_PREFERRED_CIPHERS_ONLY));
        messageStoreTransformerConfiguration.setCheckPgpInline(this.appProps.getBoolean(EProperty.TWEAK_PGP_INLINE_SUPPORT));
        messageStoreTransformerConfiguration.setPgpBinaryAttachmentRegex(this.appProps.getString(EProperty.TWEAK_PGP_BINARY_REGEX));
        if (this.appProps.getBoolean(EProperty.DECORATE_RECEIVED_MAILS) && this.appProps.hasKey(EProperty.GUI_KEY)) {
            DecoratorData decoratorData = new DecoratorData();
            decoratorData.displayMissingProtection = this.appProps.getBoolean(EProperty.TWEAK_RECEIVED_MAILS_EXTENDED_DECORATION);
            messageStoreTransformerConfiguration.setDecoratorData(decoratorData);
        }
        return messageStoreTransformerConfiguration;
    }

    private AComposedMailDecryptor getMailDecryptor(Session session) {
        return new ComposedMailDecryptor(session, this.appProps);
    }

    private ComposedMailValidator getMailValidator(Session session) {
        ComposedMailValidator composedMailValidator = new ComposedMailValidator();
        composedMailValidator.setCheckPgpInline(this.appProps.getBoolean(EProperty.TWEAK_PGP_INLINE_SUPPORT));
        composedMailValidator.setPgpValidator(getPgpValidator(session));
        composedMailValidator.setSmimeValidator(getSmimeValidator(session));
        return composedMailValidator;
    }

    private IMailValidator<PgpPublicKey> getPgpValidator(Session session) {
        PgpMailValidator pgpMailValidator = new PgpMailValidator(session);
        pgpMailValidator.setCheckInline(this.appProps.getBoolean(EProperty.TWEAK_PGP_INLINE_SUPPORT));
        pgpMailValidator.setPublicKeyRetriever(str -> {
            JiraUser lookupUser = JiraUser.lookupUser(str);
            if (lookupUser == null) {
                try {
                    lookupUser = new VirtualUser(str);
                } catch (AddressException e) {
                    log.error(e.getMessage(), e);
                    return new PgpValidationKey(EKeyValidity.ERROR);
                }
            }
            PgpPublicKey key = new PgpPublicKeyManager(this.appProps, this.userProps).getKey((PgpPublicKeyManager) lookupUser);
            PGPPublicKeyRing keyRing = key.getKeyRing();
            return keyRing != null ? new PgpValidationKey(new PGPPublicKeyRingCollection(Collections.singleton(keyRing))) : new PgpValidationKey(key.getKeyValidity(), key.getKeySource());
        });
        return pgpMailValidator;
    }

    private IMailValidator<SmimePublicKey> getSmimeValidator(Session session) {
        KeyStore keyStore = null;
        try {
            keyStore = SecurityUtil.getJavaTrustStore();
        } catch (Exception e) {
            log.error("Could not load java trust store. Certificate Chain will not be validated. Error message: " + e.getMessage(), e);
        }
        PKIXParameters pKIXParameters = null;
        if (keyStore != null) {
            try {
                pKIXParameters = new PKIXParameters(keyStore);
                pKIXParameters.setRevocationEnabled(this.appProps.getBoolean(EProperty.TWEAK_CERTIFICATION_REVOCATION_ENABLED));
            } catch (Exception e2) {
                log.error("Could not create validation parameters. Certification chain will not be validated. Error message: " + e2.getMessage(), e2);
            }
        }
        return new SmimeMailValidator(session, pKIXParameters);
    }

    private void handleExtractedPublicKeys(IPublicCryptographyKey<?> iPublicCryptographyKey, String str) {
        if (iPublicCryptographyKey == null || !iPublicCryptographyKey.isValid()) {
            return;
        }
        if (iPublicCryptographyKey instanceof SmimePublicKey) {
            if (this.appProps.getBoolean(EProperty.EXTRACT_CERTIFICATE_FROM_SIGNATURES)) {
                for (JiraUser jiraUser : JiraUser.lookupUsers(str)) {
                    storeKey((SmimePublicKey) iPublicCryptographyKey, jiraUser, new SmimeUserKeyLoader(this.userProps).loadKey(jiraUser), this::setSmime, this::equalsSmime);
                }
                log.debug("Caching S/MIME certificate for email {}, should user be created.", str);
                ((CacheFactory) ComponentAccessor.getComponent(CacheFactory.class)).getCache(JiraConstants.CACHE_INCOMING_MAIL_SMIME).put(str, ((SmimePublicKey) iPublicCryptographyKey).getKey());
                return;
            }
            return;
        }
        if (!(iPublicCryptographyKey instanceof PgpPublicKey)) {
            log.error("Unknown public key encountered: {}", iPublicCryptographyKey);
            return;
        }
        if (this.appProps.getBoolean(EProperty.EXTRACT_PUBLIC_KEY_FROM_SIGNATURES)) {
            for (JiraUser jiraUser2 : JiraUser.lookupUsers(str)) {
                storeKey((PgpPublicKey) iPublicCryptographyKey, jiraUser2, new PgpUserKeyLoader(this.userProps).loadKey(jiraUser2), this::setPgp, this::equalsPgp);
            }
            log.debug("Caching PGP key for email {}, should user be created.", str);
            try {
                ((CacheFactory) ComponentAccessor.getComponent(CacheFactory.class)).getCache(JiraConstants.CACHE_INCOMING_MAIL_PGP).put(str, ((PgpPublicKey) iPublicCryptographyKey).getEncoded());
            } catch (IOException e) {
                log.error("Could not encoded public PGP key. Error message: " + e.getMessage(), e);
            }
        }
    }

    private <T extends ICryptographyKey<?>> void storeKey(T t, IUser<?> iUser, T t2, BiConsumer<T, IUser<?>> biConsumer, BiFunction<T, T, Boolean> biFunction) {
        log.debug("Currently cached key for user {}: {}", iUser, t2);
        if (!t2.isValid()) {
            biConsumer.accept(t, iUser);
        } else if (t2.getKeySource() != EKeySource.USER) {
            if (biFunction.apply(t, t2).booleanValue()) {
                log.debug("Cached key is same as extracted key. No storing needed.");
            } else {
                biConsumer.accept(t, iUser);
            }
        }
    }

    private boolean equalsSmime(SmimePublicKey smimePublicKey, SmimePublicKey smimePublicKey2) {
        return smimePublicKey.getKey().getSerialNumber().equals(smimePublicKey2.getKey().getSerialNumber());
    }

    private void setSmime(SmimePublicKey smimePublicKey, IUser<?> iUser) {
        log.info("Setting S/MIME certificate for user: {}", iUser.getDisplayName());
        try {
            this.userProps.setBytes(EProperty.EMAIL_SMIME_CERT, smimePublicKey.getEncoded(), iUser);
            this.userProps.setLong(EProperty.EMAIL_SMIME_TIME_STAMP, Long.valueOf(System.currentTimeMillis()), iUser);
            this.userProps.setEnum(EProperty.EMAIL_SMIME_KEY_SOURCE, smimePublicKey.getKeySource(), iUser);
        } catch (IOException e) {
            log.error("Could not set S/MIME certificate for user: " + iUser.getDisplayName() + ". Error message: " + e.getMessage(), e);
        }
    }

    private Boolean equalsPgp(PgpPublicKey pgpPublicKey, PgpPublicKey pgpPublicKey2) {
        return Boolean.valueOf(pgpPublicKey.getKey().getKeyID() == pgpPublicKey2.getKey().getKeyID() && pgpPublicKey.getMasterKey().getKeyID() == pgpPublicKey2.getMasterKey().getKeyID());
    }

    private void setPgp(PgpPublicKey pgpPublicKey, IUser<?> iUser) {
        log.info("Setting PGP key for user: {}", iUser.getDisplayName());
        try {
            this.userProps.setBytes(EProperty.EMAIL_PGP_KEY, pgpPublicKey.getEncoded(), iUser);
            this.userProps.setLong(EProperty.EMAIL_PGP_KEY_ID, Long.valueOf(pgpPublicKey.getKey().getKeyID()), iUser);
            this.userProps.setLong(EProperty.EMAIL_PGP_TIME_STAMP, Long.valueOf(System.currentTimeMillis()), iUser);
            this.userProps.setEnum(EProperty.EMAIL_PGP_KEY_SOURCE, pgpPublicKey.getKeySource(), iUser);
        } catch (IOException e) {
            log.error("Could not set PGP public key for user: " + iUser.getDisplayName() + ". Error message: " + e.getMessage(), e);
        }
    }
}
