package org.nhindirect.stagent.cryptography;

import com.google.inject.Inject;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import javax.mail.MessagingException;
import javax.mail.internet.ContentType;
import javax.mail.internet.InternetHeaders;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMultipart;
import javax.mail.internet.MimePart;
import javax.mail.internet.ParseException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
import org.bouncycastle.asn1.smime.SMIMECapability;
import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.RecipientId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.mail.smime.CMSProcessableBodyPart;
import org.bouncycastle.mail.smime.SMIMEEnveloped;
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import org.nhindirect.stagent.CryptoExtensions;
import org.nhindirect.stagent.NHINDException;
import org.nhindirect.stagent.SignatureValidationException;
import org.nhindirect.stagent.cert.X509CertificateEx;
import org.nhindirect.stagent.cryptography.annotation.IncludeEpilogInSig;
import org.nhindirect.stagent.mail.Message;
import org.nhindirect.stagent.mail.MimeEntity;
import org.nhindirect.stagent.mail.MimeError;
import org.nhindirect.stagent.mail.MimeException;
import org.nhindirect.stagent.mail.MimeStandard;
import org.nhindirect.stagent.parser.EntitySerializer;

/* loaded from: input_file:org/nhindirect/stagent/cryptography/SMIMECryptographerImpl.class */
public class SMIMECryptographerImpl implements Cryptographer {
    private static final Log LOGGER = LogFactory.getFactory().getInstance(SMIMECryptographerImpl.class);
    public static final SMIMECryptographerImpl Default = new SMIMECryptographerImpl();
    private EncryptionAlgorithm m_encryptionAlgorithm;
    private DigestAlgorithm m_digestAlgorithm;
    private boolean m_includeEpilogue;

    public SMIMECryptographerImpl() {
        this.m_includeEpilogue = true;
        this.m_encryptionAlgorithm = EncryptionAlgorithm.AES128;
        this.m_digestAlgorithm = DigestAlgorithm.SHA1;
    }

    public SMIMECryptographerImpl(EncryptionAlgorithm encryptionAlgorithm, DigestAlgorithm digestAlgorithm) {
        this.m_includeEpilogue = true;
        this.m_encryptionAlgorithm = encryptionAlgorithm;
        this.m_digestAlgorithm = digestAlgorithm;
    }

    public EncryptionAlgorithm getEncryptionAlgorithm() {
        return this.m_encryptionAlgorithm;
    }

    @Inject(optional = true)
    public void setEncryptionAlgorithm(EncryptionAlgorithm encryptionAlgorithm) {
        this.m_encryptionAlgorithm = encryptionAlgorithm;
    }

    public DigestAlgorithm getDigestAlgorithm() {
        return this.m_digestAlgorithm;
    }

    @Inject(optional = true)
    public void setDigestAlgorithm(DigestAlgorithm digestAlgorithm) {
        this.m_digestAlgorithm = digestAlgorithm;
    }

    public boolean isIncludeMultipartEpilogueInSignature() {
        return this.m_includeEpilogue;
    }

    @Inject(optional = true)
    public void setIncludeMultipartEpilogueInSignature(@IncludeEpilogInSig boolean z) {
        this.m_includeEpilogue = z;
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public MimeEntity encrypt(MimeMultipart mimeMultipart, X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        return encrypt(mimeMultipart, arrayList);
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public MimeEntity encrypt(MimeMultipart mimeMultipart, Collection<X509Certificate> collection) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            mimeMultipart.writeTo(byteArrayOutputStream);
            byteArrayOutputStream.flush();
            InternetHeaders internetHeaders = new InternetHeaders();
            internetHeaders.addHeader(MimeStandard.ContentTypeHeader, mimeMultipart.getContentType());
            MimeEntity mimeEntity = new MimeEntity(internetHeaders, byteArrayOutputStream.toByteArray());
            byteArrayOutputStream.close();
            return encrypt(mimeEntity, collection);
        } catch (Exception e) {
            throw new MimeException(MimeError.InvalidMimeEntity, e);
        }
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public MimeEntity encrypt(MimeEntity mimeEntity, X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        return encrypt(mimeEntity, (Collection<X509Certificate>) arrayList);
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public MimeEntity encrypt(MimeEntity mimeEntity, Collection<X509Certificate> collection) {
        if (mimeEntity == null) {
            throw new IllegalArgumentException();
        }
        MimePart encrypt = encrypt((MimeBodyPart) mimeEntity, collection);
        try {
            byte[] serializeToBytes = EntitySerializer.Default.serializeToBytes(encrypt);
            MimeEntity mimeEntity2 = new MimeEntity(new ByteArrayInputStream(EntitySerializer.Default.serializeToBytes(encrypt)));
            if (LOGGER.isDebugEnabled()) {
                writePostEncypt(serializeToBytes);
            }
            mimeEntity2.setHeader(MimeStandard.ContentTypeHeader, SMIMEStandard.EncryptedContentTypeHeaderValue);
            return mimeEntity2;
        } catch (Exception e) {
            throw new MimeException(MimeError.Unexpected, e);
        }
    }

    private MimeBodyPart encrypt(MimeBodyPart mimeBodyPart, Collection<X509Certificate> collection) {
        return createEncryptedEnvelope(mimeBodyPart, collection);
    }

    private MimeBodyPart createEncryptedEnvelope(MimeBodyPart mimeBodyPart, Collection<X509Certificate> collection) {
        if (mimeBodyPart == null || collection == null || collection.size() == 0) {
            throw new IllegalArgumentException();
        }
        if (LOGGER.isDebugEnabled()) {
            writePreEncypt(EntitySerializer.Default.serializeToBytes(mimeBodyPart));
        }
        SMIMEEnvelopedGenerator sMIMEEnvelopedGenerator = new SMIMEEnvelopedGenerator();
        Iterator<X509Certificate> it = collection.iterator();
        while (it.hasNext()) {
            sMIMEEnvelopedGenerator.addKeyTransRecipient(it.next());
        }
        try {
            return sMIMEEnvelopedGenerator.generate(mimeBodyPart, toEncyAlgorithmOid(this.m_encryptionAlgorithm), CryptoExtensions.getJCEProviderName());
        } catch (Exception e) {
            throw new MimeException(MimeError.Unexpected, e);
        }
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public MimeEntity decrypt(Message message, X509CertificateEx x509CertificateEx) {
        return decrypt(message.extractMimeEntity(), x509CertificateEx);
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public MimeEntity decrypt(MimeEntity mimeEntity, X509CertificateEx x509CertificateEx) {
        if (mimeEntity == null || x509CertificateEx == null) {
            throw new IllegalArgumentException();
        }
        if (!x509CertificateEx.hasPrivateKey()) {
            throw new IllegalArgumentException("Certificate has no private key");
        }
        mimeEntity.verifyContentType(SMIMEStandard.EncryptedContentTypeHeaderValue);
        mimeEntity.verifyTransferEncoding(MimeStandard.TransferEncodingBase64);
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509CertificateEx);
        return decrypt(mimeEntity, arrayList);
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public MimeEntity decrypt(MimeEntity mimeEntity, Collection<X509CertificateEx> collection) {
        if (collection == null || collection.size() == 0) {
            throw new IllegalArgumentException();
        }
        try {
            if (LOGGER.isDebugEnabled()) {
                writePreDecrypt(mimeEntity.getContentAsBytes());
            }
            SMIMEEnveloped sMIMEEnveloped = new SMIMEEnveloped(mimeEntity);
            X509CertificateEx next = collection.iterator().next();
            RecipientId recipientId = new RecipientId();
            recipientId.setSerialNumber(next.getSerialNumber());
            recipientId.setIssuer(next.getIssuerX500Principal().getEncoded());
            byte[] content = sMIMEEnveloped.getRecipientInfos().get(recipientId).getContent(next.getPrivateKey(), CryptoExtensions.getJCEProviderName());
            if (LOGGER.isDebugEnabled()) {
                writePostDecrypt(content);
            }
            return new MimeEntity(new ByteArrayInputStream(content));
        } catch (Exception e) {
            throw new MimeException(MimeError.Unexpected, e);
        } catch (MessagingException e2) {
            throw new MimeException(MimeError.InvalidMimeEntity, (Exception) e2);
        }
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public SignedEntity sign(Message message, X509Certificate x509Certificate) {
        return sign(message.extractEntityForSignature(this.m_includeEpilogue), x509Certificate);
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public SignedEntity sign(Message message, Collection<X509Certificate> collection) {
        return sign(message.extractEntityForSignature(this.m_includeEpilogue), collection);
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public SignedEntity sign(MimeEntity mimeEntity, X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        return sign(mimeEntity, arrayList);
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public SignedEntity sign(MimeEntity mimeEntity, Collection<X509Certificate> collection) {
        if (mimeEntity == null) {
            throw new IllegalArgumentException();
        }
        MimeMultipart createSignatureEntity = createSignatureEntity(EntitySerializer.Default.serializeToBytes(mimeEntity), collection);
        try {
            return new SignedEntity(new ContentType(createSignatureEntity.getContentType()), createSignatureEntity);
        } catch (ParseException e) {
            throw new MimeException(MimeError.InvalidHeader, (Exception) e);
        }
    }

    private MimeMultipart createSignatureEntity(byte[] bArr, Collection<X509Certificate> collection) {
        try {
            MimeBodyPart mimeBodyPart = new MimeBodyPart(new ByteArrayInputStream(bArr));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            SMIMECapabilityVector sMIMECapabilityVector = new SMIMECapabilityVector();
            sMIMECapabilityVector.addCapability(SMIMECapability.dES_EDE3_CBC);
            sMIMECapabilityVector.addCapability(SMIMECapability.rC2_CBC, 128);
            sMIMECapabilityVector.addCapability(SMIMECapability.dES_CBC);
            sMIMECapabilityVector.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
            sMIMECapabilityVector.addCapability(PKCSObjectIdentifiers.x509Certificate);
            aSN1EncodableVector.add(new SMIMECapabilitiesAttribute(sMIMECapabilityVector));
            ArrayList arrayList = new ArrayList();
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            for (X509Certificate x509Certificate : collection) {
                if (x509Certificate instanceof X509CertificateEx) {
                    cMSSignedDataGenerator.addSigner(((X509CertificateEx) x509Certificate).getPrivateKey(), x509Certificate, toDigestAlgorithmOid(this.m_digestAlgorithm), new AttributeTable(aSN1EncodableVector), (AttributeTable) null);
                    arrayList.add(x509Certificate);
                }
            }
            cMSSignedDataGenerator.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), CryptoExtensions.getJCEProviderName()));
            CMSSignedData generate = cMSSignedDataGenerator.generate(new CMSProcessableBodyPart(mimeBodyPart), false, CryptoExtensions.getJCEProviderName());
            String str = "signed; protocol=\"application/pkcs7-signature\"; micalg=" + toDigestAlgorithmMicalg(this.m_digestAlgorithm);
            String encodeBase64String = Base64.encodeBase64String(generate.getEncoded());
            MimeMultipart mimeMultipart = new MimeMultipart(str.toString());
            MimeBodyPart mimeBodyPart2 = new MimeBodyPart(new InternetHeaders(), encodeBase64String.getBytes("ASCII"));
            mimeBodyPart2.addHeader(MimeStandard.ContentTypeHeader, "application/pkcs7-signature; name=smime.p7s; smime-type=signed-data");
            mimeBodyPart2.addHeader(MimeStandard.ContentDispositionHeader, SMIMEStandard.SignatureDisposition);
            mimeBodyPart2.addHeader(MimeStandard.ContentDescriptionHeader, "S/MIME Cryptographic Signature");
            mimeBodyPart2.addHeader(MimeStandard.ContentTransferEncodingHeader, MimeStandard.TransferEncodingBase64);
            mimeMultipart.addBodyPart(mimeBodyPart);
            mimeMultipart.addBodyPart(mimeBodyPart2);
            return mimeMultipart;
        } catch (Exception e) {
            throw new NHINDException(MimeError.Unexpected, e);
        } catch (MessagingException e2) {
            throw new MimeException(MimeError.InvalidMimeEntity, (Exception) e2);
        } catch (IOException e3) {
            throw new SignatureException(SignatureError.InvalidMultipartSigned, e3);
        }
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public void checkSignature(SignedEntity signedEntity, X509Certificate x509Certificate, Collection<X509Certificate> collection) throws SignatureValidationException {
        try {
            Iterator it = deserializeSignatureEnvelope(signedEntity).getSignerInfos().getSigners().iterator();
            while (it.hasNext()) {
                ((SignerInformation) it.next()).verify(x509Certificate, CryptoExtensions.getJCEProviderName());
            }
        } catch (Throwable th) {
            throw new SignatureValidationException("Signature validation failure.");
        }
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public CMSSignedData deserializeSignatureEnvelope(SignedEntity signedEntity) {
        if (signedEntity == null) {
            throw new NHINDException();
        }
        try {
            return new CMSSignedData(new CMSProcessableBodyPart(new MimeBodyPart(new ByteArrayInputStream(EntitySerializer.Default.serializeToBytes(signedEntity.getContent())))), signedEntity.getMimeMultipart().getBodyPart(1).getInputStream());
        } catch (Exception e) {
            e.printStackTrace();
            throw new MimeException(MimeError.Unexpected, e);
        }
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public CMSSignedData deserializeEnvelopedSignature(MimeEntity mimeEntity) {
        if (mimeEntity == null) {
            throw new SignatureException(SignatureError.NullEntity);
        }
        if (SMIMEStandard.isSignedEnvelope(mimeEntity)) {
            return deserializeEnvelopedSignature(EntitySerializer.Default.serializeToBytes(mimeEntity));
        }
        throw new SignatureException(SignatureError.NotSignatureEnvelope);
    }

    @Override // org.nhindirect.stagent.cryptography.Cryptographer
    public CMSSignedData deserializeEnvelopedSignature(byte[] bArr) {
        try {
            return new CMSSignedData(bArr);
        } catch (Exception e) {
            e.printStackTrace();
            throw new MimeException(MimeError.Unexpected, e);
        }
    }

    private String toDigestAlgorithmOid(DigestAlgorithm digestAlgorithm) {
        switch (digestAlgorithm) {
            case SHA1:
                return CMSSignedDataGenerator.DIGEST_SHA1;
            case SHA256:
                return CMSSignedDataGenerator.DIGEST_SHA256;
            case SHA384:
                return CMSSignedDataGenerator.DIGEST_SHA384;
            case SHA512:
                return CMSSignedDataGenerator.DIGEST_SHA512;
            default:
                throw new IllegalArgumentException();
        }
    }

    private String toDigestAlgorithmMicalg(DigestAlgorithm digestAlgorithm) {
        switch (digestAlgorithm) {
            case SHA1:
                return "sha1";
            case SHA256:
                return "sha256";
            case SHA384:
                return "sha384";
            case SHA512:
                return "sha512";
            default:
                throw new IllegalArgumentException();
        }
    }

    private String toEncyAlgorithmOid(EncryptionAlgorithm encryptionAlgorithm) {
        switch (encryptionAlgorithm) {
            case RSA_3DES:
                return SMIMEEnvelopedGenerator.DES_EDE3_CBC;
            case AES128:
                return SMIMEEnvelopedGenerator.AES128_CBC;
            case AES192:
                return SMIMEEnvelopedGenerator.AES192_CBC;
            case AES256:
                return SMIMEEnvelopedGenerator.AES256_CBC;
            default:
                throw new IllegalArgumentException();
        }
    }

    private void writePreEncypt(byte[] bArr) {
        String str = System.getProperty("user.dir") + "/tmp";
        File file = new File(str);
        if (file.exists() || file.mkdir()) {
            System.currentTimeMillis();
            File file2 = new File(str + "/preEncypt_" + System.currentTimeMillis() + ".eml");
            try {
                if (file2.exists() || file2.createNewFile()) {
                    BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file2));
                    bufferedOutputStream.write(bArr, 0, bArr.length);
                    bufferedOutputStream.flush();
                    bufferedOutputStream.close();
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    private void writePostEncypt(byte[] bArr) {
        String str = System.getProperty("user.dir") + "/tmp";
        File file = new File(str);
        if (file.exists() || file.mkdir()) {
            System.currentTimeMillis();
            File file2 = new File(str + "/postEncypt_" + System.currentTimeMillis() + ".eml");
            try {
                if (file2.exists() || file2.createNewFile()) {
                    BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file2));
                    bufferedOutputStream.write(bArr, 0, bArr.length);
                    bufferedOutputStream.flush();
                    bufferedOutputStream.close();
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    private void writePreDecrypt(byte[] bArr) {
        String str = System.getProperty("user.dir") + "/tmp";
        File file = new File(str);
        if (file.exists() || file.mkdir()) {
            System.currentTimeMillis();
            File file2 = new File(str + "/preDecrypt_" + System.currentTimeMillis() + ".eml");
            try {
                if (file2.exists() || file2.createNewFile()) {
                    BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file2));
                    bufferedOutputStream.write(bArr, 0, bArr.length);
                    bufferedOutputStream.flush();
                    bufferedOutputStream.close();
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    private void writePostDecrypt(byte[] bArr) {
        String str = System.getProperty("user.dir") + "/tmp";
        File file = new File(str);
        if (file.exists() || file.mkdir()) {
            System.currentTimeMillis();
            File file2 = new File(str + "/postDecrypt_" + System.currentTimeMillis() + ".eml");
            try {
                if (file2.exists() || file2.createNewFile()) {
                    BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file2));
                    bufferedOutputStream.write(bArr, 0, bArr.length);
                    bufferedOutputStream.flush();
                    bufferedOutputStream.close();
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }
}
