package org.nhindirect.stagent;

import com.google.inject.Inject;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import javax.mail.Header;
import javax.mail.MessagingException;
import javax.mail.internet.ContentType;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.InternetHeaders;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import javax.mail.util.ByteArrayDataSource;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.nhindirect.stagent.annotation.AgentDomains;
import org.nhindirect.stagent.annotation.PrivateCerts;
import org.nhindirect.stagent.annotation.PublicCerts;
import org.nhindirect.stagent.cert.CertificateResolver;
import org.nhindirect.stagent.cert.X509CertificateEx;
import org.nhindirect.stagent.cryptography.Cryptographer;
import org.nhindirect.stagent.cryptography.SMIMECryptographerImpl;
import org.nhindirect.stagent.cryptography.SMIMEStandard;
import org.nhindirect.stagent.cryptography.SignedEntity;
import org.nhindirect.stagent.mail.Message;
import org.nhindirect.stagent.mail.MimeEntity;
import org.nhindirect.stagent.mail.MimeError;
import org.nhindirect.stagent.mail.MimeException;
import org.nhindirect.stagent.mail.MimeStandard;
import org.nhindirect.stagent.mail.WrappedMessage;
import org.nhindirect.stagent.parser.EntitySerializer;
import org.nhindirect.stagent.trust.TrustAnchorResolver;
import org.nhindirect.stagent.trust.TrustEnforcementStatus;
import org.nhindirect.stagent.trust.TrustError;
import org.nhindirect.stagent.trust.TrustException;
import org.nhindirect.stagent.trust.TrustModel;

/* loaded from: input_file:org/nhindirect/stagent/DefaultNHINDAgent.class */
public class DefaultNHINDAgent implements NHINDAgent {
    private static final Log LOGGER = LogFactory.getFactory().getInstance(DefaultNHINDAgent.class);
    static MimeMultipart lastMMPart = null;
    private Cryptographer cryptographer;
    private CertificateResolver privateCertResolver;
    private Collection<CertificateResolver> publicCertResolver;
    private TrustAnchorResolver trustAnchors;
    private TrustModel trustModel;
    private TrustEnforcementStatus minTrustRequirement;
    private Collection<String> domains;
    private NHINDAgentEventListener m_listener;
    private boolean encryptionEnabled;
    private boolean wrappingEnabled;

    public DefaultNHINDAgent(String str, CertificateResolver certificateResolver, CertificateResolver certificateResolver2, TrustAnchorResolver trustAnchorResolver) {
        this(str, certificateResolver, certificateResolver2, trustAnchorResolver, TrustModel.Default, SMIMECryptographerImpl.Default);
    }

    public DefaultNHINDAgent(Collection<String> collection, CertificateResolver certificateResolver, CertificateResolver certificateResolver2, TrustAnchorResolver trustAnchorResolver) {
        this(collection, certificateResolver, certificateResolver2, trustAnchorResolver, TrustModel.Default, SMIMECryptographerImpl.Default);
    }

    public DefaultNHINDAgent(String str, CertificateResolver certificateResolver, CertificateResolver certificateResolver2, TrustAnchorResolver trustAnchorResolver, TrustModel trustModel, Cryptographer cryptographer) {
        this(Arrays.asList(str), certificateResolver, Arrays.asList(certificateResolver2), trustAnchorResolver, trustModel, cryptographer);
    }

    @Inject
    public DefaultNHINDAgent(@AgentDomains Collection<String> collection, @PrivateCerts CertificateResolver certificateResolver, @PublicCerts Collection<CertificateResolver> collection2, TrustAnchorResolver trustAnchorResolver, TrustModel trustModel, Cryptographer cryptographer) {
        this.m_listener = null;
        this.encryptionEnabled = true;
        this.wrappingEnabled = true;
        if (collection == null || collection.size() == 0 || certificateResolver == null || collection2 == null || trustAnchorResolver == null || trustModel == null || cryptographer == null) {
            throw new IllegalArgumentException();
        }
        StringBuilder sb = new StringBuilder("Initializing NHINDAgent\r\nLocal domains:");
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            sb.append("\r\n\t" + it.next());
        }
        LOGGER.info(sb);
        this.domains = collection;
        this.privateCertResolver = certificateResolver;
        this.publicCertResolver = collection2;
        this.cryptographer = cryptographer;
        this.trustAnchors = trustAnchorResolver;
        this.trustModel = trustModel;
        this.minTrustRequirement = TrustEnforcementStatus.Success_Offline;
        if (this.trustModel.getCertChainValidator() == null || this.trustModel.getCertChainValidator().isCertificateResolver()) {
            return;
        }
        this.trustModel.getCertChainValidator().setCertificateResolver(this.publicCertResolver);
    }

    public DefaultNHINDAgent(Collection<String> collection, CertificateResolver certificateResolver, CertificateResolver certificateResolver2, TrustAnchorResolver trustAnchorResolver, TrustModel trustModel, Cryptographer cryptographer) {
        this(collection, certificateResolver, Arrays.asList(certificateResolver2), trustAnchorResolver, trustModel, cryptographer);
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public Collection<String> getDomains() {
        return Collections.unmodifiableCollection(this.domains);
    }

    public Cryptographer getCryptographer() {
        return this.cryptographer;
    }

    public boolean isEncryptMessages() {
        return this.encryptionEnabled;
    }

    public void setEncryptMessages(boolean z) {
        this.encryptionEnabled = z;
    }

    public boolean isWrappingEnabled() {
        return this.wrappingEnabled;
    }

    public void setWrappingEnabled(boolean z) {
        this.wrappingEnabled = z;
    }

    public CertificateResolver getPublicCertResolver() {
        if (this.publicCertResolver == null || this.publicCertResolver.size() <= 0) {
            return null;
        }
        return this.publicCertResolver.iterator().next();
    }

    public Collection<CertificateResolver> getPublicCertResolvers() {
        return this.publicCertResolver;
    }

    public CertificateResolver getPrivateCertResolver() {
        return this.privateCertResolver;
    }

    public TrustAnchorResolver getTrustAnchors() {
        return this.trustAnchors;
    }

    public TrustEnforcementStatus getMinTrustRequirement() {
        return this.minTrustRequirement;
    }

    public void setMinTrustRequirement(TrustEnforcementStatus trustEnforcementStatus) {
        if (trustEnforcementStatus.compareTo(TrustEnforcementStatus.Success_Offline) < 0) {
            throw new IllegalArgumentException();
        }
        this.minTrustRequirement = trustEnforcementStatus;
    }

    public void setEventListener(NHINDAgentEventListener nHINDAgentEventListener) {
        this.m_listener = nHINDAgentEventListener;
    }

    public void setCryptographer(Cryptographer cryptographer) {
        this.cryptographer = cryptographer;
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public IncomingMessage processIncoming(String str) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException();
        }
        return processIncoming(new IncomingMessage(str));
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public IncomingMessage processIncoming(String str, NHINDAddressCollection nHINDAddressCollection, NHINDAddress nHINDAddress) {
        checkEnvelopeAddresses(nHINDAddressCollection, nHINDAddress);
        return processIncoming(new IncomingMessage(str, nHINDAddressCollection, nHINDAddress));
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public IncomingMessage processIncoming(MessageEnvelope messageEnvelope) {
        if (messageEnvelope == null) {
            throw new IllegalArgumentException();
        }
        checkEnvelopeAddresses(messageEnvelope);
        return processIncoming(new IncomingMessage(messageEnvelope));
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public IncomingMessage processIncoming(MimeMessage mimeMessage) {
        if (mimeMessage == null) {
            throw new IllegalArgumentException();
        }
        try {
            return processIncoming(new IncomingMessage(new Message(mimeMessage)));
        } catch (MessagingException e) {
            throw new MimeException(MimeError.InvalidMimeEntity, (Exception) e);
        }
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public IncomingMessage processIncoming(IncomingMessage incomingMessage) {
        if (incomingMessage == null) {
            throw new IllegalArgumentException();
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Processing incoming message:\r\n" + incomingMessage.toString() + MimeStandard.CRLF);
        }
        try {
            incomingMessage.setAgent(this);
            incomingMessage.validate();
            if (this.m_listener != null) {
                this.m_listener.preProcessIncoming(incomingMessage);
            }
            processMessage(incomingMessage);
            if (this.m_listener != null) {
                this.m_listener.postProcessIncoming(incomingMessage);
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Completed processing incoming message.  Result message:\r\n" + EntitySerializer.Default.serialize(incomingMessage.getMessage()) + MimeStandard.CRLF);
            }
            return incomingMessage;
        } catch (Exception e) {
            LOGGER.error("Error processing incoming message: " + e.getMessage(), e);
            NHINDException nHINDException = new NHINDException(e);
            if (this.m_listener != null) {
                this.m_listener.errorIncoming(incomingMessage, e);
            }
            throw nHINDException;
        }
    }

    protected void processMessage(IncomingMessage incomingMessage) {
        if (incomingMessage.getSender() == null) {
            throw new TrustException(TrustError.UntrustedSender);
        }
        incomingMessage.categorizeRecipients(getDomains());
        if (!incomingMessage.hasDomainRecipients()) {
            throw new AgentException(AgentError.NoTrustedRecipients);
        }
        bindAddresses(incomingMessage);
        decryptSignedContent(incomingMessage);
        incomingMessage.setMessage(unwrapMessage(incomingMessage.getMessage()));
        this.trustModel.enforce(incomingMessage);
        if (incomingMessage.hasDomainRecipients()) {
            incomingMessage.categorizeRecipients(this.minTrustRequirement);
        }
        if (!incomingMessage.hasDomainRecipients()) {
            throw new TrustException(TrustError.NoTrustedRecipients);
        }
        incomingMessage.updateRoutingHeaders();
    }

    protected void bindAddresses(IncomingMessage incomingMessage) {
        incomingMessage.getSender().setCertificates(resolvePublicCerts(incomingMessage.getSender(), false));
        Iterator<NHINDAddress> it = incomingMessage.getDomainRecipients().iterator();
        while (it.hasNext()) {
            NHINDAddress next = it.next();
            next.setCertificates(resolvePrivateCerts(next, false));
            next.setTrustAnchors(this.trustAnchors.getIncomingAnchors().getCertificates(next));
        }
    }

    protected void decryptSignedContent(IncomingMessage incomingMessage) {
        CMSSignedData deserializeSignatureEnvelope;
        MimeEntity content;
        MimeEntity decryptMessage = decryptMessage(incomingMessage);
        try {
            if (SMIMEStandard.isContentEnvelopedSignature(new ContentType(decryptMessage.getContentType()))) {
                deserializeSignatureEnvelope = this.cryptographer.deserializeEnvelopedSignature(decryptMessage);
                content = new MimeEntity(new ByteArrayInputStream(deserializeSignatureEnvelope.getContentInfo().getEncoded()));
            } else {
                if (!SMIMEStandard.isContentMultipartSignature(new ContentType(decryptMessage.getContentType()))) {
                    throw new AgentException(AgentError.UnsignedMessage);
                }
                SignedEntity load = SignedEntity.load(new MimeMultipart(new ByteArrayDataSource(decryptMessage.getRawInputStream(), decryptMessage.getContentType())));
                deserializeSignatureEnvelope = this.cryptographer.deserializeSignatureEnvelope(load);
                content = load.getContent();
            }
            incomingMessage.setSignature(deserializeSignatureEnvelope);
            InternetHeaders internetHeaders = new InternetHeaders();
            Enumeration allHeaders = incomingMessage.getMessage().getAllHeaders();
            while (allHeaders.hasMoreElements()) {
                Header header = (Header) allHeaders.nextElement();
                if (!MimeStandard.startsWith(header.getName(), MimeStandard.HeaderPrefix)) {
                    internetHeaders.setHeader(header.getName(), header.getValue());
                }
            }
            Enumeration allHeaders2 = content.getAllHeaders();
            while (allHeaders2.hasMoreElements()) {
                Header header2 = (Header) allHeaders2.nextElement();
                internetHeaders.setHeader(header2.getName(), header2.getValue());
            }
            incomingMessage.setMessage(new Message(internetHeaders, content.getContentAsBytes()));
        } catch (IOException e) {
            throw new MimeException(MimeError.InvalidBody, e);
        } catch (MessagingException e2) {
            throw new MimeException(MimeError.InvalidBody, (Exception) e2);
        }
    }

    protected MimeEntity decryptMessage(IncomingMessage incomingMessage) {
        MimeEntity mimeEntity = null;
        if (this.encryptionEnabled) {
            for (X509Certificate x509Certificate : incomingMessage.getDomainRecipients().getCertificates()) {
                if (x509Certificate instanceof X509CertificateEx) {
                    mimeEntity = this.cryptographer.decrypt(incomingMessage.getMessage(), (X509CertificateEx) x509Certificate);
                    break;
                }
                continue;
            }
        } else {
            try {
                mimeEntity = new MimeEntity(incomingMessage.getMessage().getRawInputStream());
            } catch (MessagingException e) {
                throw new AgentException(AgentError.MissingMessage);
            }
        }
        if (mimeEntity == null) {
            throw new AgentException(AgentError.UntrustedMessage);
        }
        return mimeEntity;
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public OutgoingMessage processOutgoing(String str) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException();
        }
        return processOutgoing(new OutgoingMessage(wrapMessage(str)));
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public OutgoingMessage processOutgoing(String str, NHINDAddressCollection nHINDAddressCollection, NHINDAddress nHINDAddress) {
        checkEnvelopeAddresses(nHINDAddressCollection, nHINDAddress);
        return processOutgoing(new OutgoingMessage(wrapMessage(str), nHINDAddressCollection, nHINDAddress));
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public OutgoingMessage processOutgoing(MessageEnvelope messageEnvelope) {
        if (messageEnvelope == null) {
            throw new IllegalArgumentException();
        }
        checkEnvelopeAddresses(messageEnvelope);
        return processOutgoing(new OutgoingMessage(messageEnvelope));
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public OutgoingMessage processOutgoing(OutgoingMessage outgoingMessage) {
        if (outgoingMessage == null) {
            throw new IllegalArgumentException();
        }
        outgoingMessage.setAgent(this);
        outgoingMessage.validate();
        try {
            if (this.m_listener != null) {
                this.m_listener.preProcessOutgoing(outgoingMessage);
            }
            processMessage(outgoingMessage);
            if (this.m_listener != null) {
                this.m_listener.postProcessOutgoing(outgoingMessage);
            }
            return outgoingMessage;
        } catch (Exception e) {
            LOGGER.error("Error processing outgoing message: " + e.getMessage(), e);
            NHINDException nHINDException = new NHINDException(e);
            if (this.m_listener != null) {
                this.m_listener.errorOutgoing(outgoingMessage, e);
            }
            throw nHINDException;
        }
    }

    protected void processMessage(OutgoingMessage outgoingMessage) {
        if (!WrappedMessage.isWrapped(outgoingMessage.getMessage())) {
            outgoingMessage.setMessage(wrapMessage(outgoingMessage.getMessage()));
        }
        if (outgoingMessage.getSender() == null) {
            throw new AgentException(AgentError.MissingFrom);
        }
        bindAddresses(outgoingMessage);
        if (!outgoingMessage.hasRecipients()) {
            throw new AgentException(AgentError.MissingTo);
        }
        outgoingMessage.categorizeRecipients(getDomains());
        this.trustModel.enforce(outgoingMessage);
        outgoingMessage.categorizeRecipients(this.minTrustRequirement);
        if (!outgoingMessage.hasRecipients()) {
            throw new AgentException(AgentError.NoTrustedRecipients);
        }
        signAndEncryptMessage(outgoingMessage);
        outgoingMessage.updateRoutingHeaders();
    }

    protected void bindAddresses(OutgoingMessage outgoingMessage) {
        outgoingMessage.getSender().setCertificates(resolvePrivateCerts(outgoingMessage.getSender(), true));
        outgoingMessage.getSender().setTrustAnchors(this.trustAnchors.getOutgoingAnchors().getCertificates(outgoingMessage.getSender()));
        Iterator<NHINDAddress> it = outgoingMessage.getRecipients().iterator();
        while (it.hasNext()) {
            NHINDAddress next = it.next();
            next.setCertificates(resolvePublicCerts(next, false));
        }
    }

    protected Message wrapMessage(String str) {
        try {
            return !this.wrappingEnabled ? new Message(EntitySerializer.Default.deserialize(str)) : WrappedMessage.create(str, NHINDStandard.MailHeadersUsed);
        } catch (MessagingException e) {
            throw new MimeException(MimeError.InvalidMimeEntity, (Exception) e);
        }
    }

    protected Message wrapMessage(Message message) {
        try {
            if (this.wrappingEnabled && !WrappedMessage.isWrapped(message)) {
                return WrappedMessage.create(message, NHINDStandard.MailHeadersUsed);
            }
            return message;
        } catch (MessagingException e) {
            throw new MimeException(MimeError.InvalidMimeEntity, (Exception) e);
        }
    }

    protected Message unwrapMessage(Message message) {
        if (!this.wrappingEnabled) {
            return message;
        }
        try {
            return !WrappedMessage.isWrapped(message) ? message : WrappedMessage.extract(message);
        } catch (MessagingException e) {
            throw new MimeException(MimeError.InvalidMimeEntity, (Exception) e);
        }
    }

    protected void signAndEncryptMessage(OutgoingMessage outgoingMessage) {
        SignedEntity sign = this.cryptographer.sign(outgoingMessage.getMessage(), outgoingMessage.getSender().getCertificates());
        try {
            if (this.encryptionEnabled) {
                MimeEntity encrypt = this.cryptographer.encrypt(sign.getMimeMultipart(), outgoingMessage.getRecipients().getCertificates());
                InternetHeaders internetHeaders = new InternetHeaders();
                Enumeration allHeaders = outgoingMessage.getMessage().getAllHeaders();
                while (allHeaders.hasMoreElements()) {
                    Header header = (Header) allHeaders.nextElement();
                    internetHeaders.setHeader(header.getName(), header.getValue());
                }
                Enumeration allHeaders2 = encrypt.getAllHeaders();
                while (allHeaders2.hasMoreElements()) {
                    Header header2 = (Header) allHeaders2.nextElement();
                    internetHeaders.setHeader(header2.getName(), header2.getValue());
                }
                outgoingMessage.setMessage(new Message(internetHeaders, encrypt.getContentAsBytes()));
            } else {
                InternetHeaders internetHeaders2 = new InternetHeaders();
                Enumeration allHeaders3 = outgoingMessage.getMessage().getAllHeaders();
                while (allHeaders3.hasMoreElements()) {
                    Header header3 = (Header) allHeaders3.nextElement();
                    internetHeaders2.setHeader(header3.getName(), header3.getValue());
                }
                internetHeaders2.setHeader(MimeStandard.ContentTypeHeader, sign.getMimeMultipart().getContentType());
                outgoingMessage.setMessage(new Message(internetHeaders2, sign.getEntityBodyAsBytes()));
            }
        } catch (Exception e) {
            throw new MimeException(MimeError.InvalidMimeEntity, e);
        }
    }

    private Collection<X509Certificate> resolvePrivateCerts(InternetAddress internetAddress, boolean z) {
        Collection<X509Certificate> collection = null;
        try {
            collection = this.privateCertResolver.getCertificates(internetAddress);
        } catch (Exception e) {
            if (z) {
                throw new NHINDException(e);
            }
        }
        if (collection == null && z) {
            throw new AgentException(AgentError.UnknownRecipient);
        }
        return collection;
    }

    private Collection<X509Certificate> resolvePublicCerts(InternetAddress internetAddress, boolean z) throws NHINDException {
        Collection<X509Certificate> collection = null;
        try {
            Iterator<CertificateResolver> it = this.publicCertResolver.iterator();
            while (it.hasNext()) {
                collection = it.next().getCertificates(internetAddress);
                if (collection != null) {
                    break;
                }
            }
        } catch (Exception e) {
            if (z) {
                throw new NHINDException(e);
            }
        }
        if (collection == null && z) {
            throw new AgentException(AgentError.UnknownRecipient);
        }
        return collection;
    }

    protected void checkEnvelopeAddresses(MessageEnvelope messageEnvelope) {
        checkEnvelopeAddresses(messageEnvelope.getRecipients(), messageEnvelope.getSender());
    }

    protected void checkEnvelopeAddresses(NHINDAddressCollection nHINDAddressCollection, NHINDAddress nHINDAddress) {
        if (nHINDAddressCollection == null || nHINDAddressCollection.size() == 0) {
            throw new AgentException(AgentError.NoRecipients);
        }
        if (nHINDAddress == null) {
            throw new AgentException(AgentError.NoSender);
        }
        nHINDAddressCollection.setSource(AddressSource.RcptTo);
        nHINDAddress.setSource(AddressSource.MailFrom);
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
