package edu.iu.uits.mail;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Optional;
import java.util.Properties;
import javax.mail.Address;
import javax.mail.MessagingException;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
import org.bouncycastle.asn1.smime.SMIMECapability;
import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
import org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESignedGenerator;
import org.bouncycastle.operator.OperatorCreationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:edu/iu/uits/mail/MailSigner.class */
public class MailSigner {
    private static final Logger log = LoggerFactory.getLogger(MailSigner.class);
    public static final String CERT_PASSWORD_PROPERTY_TEMPLATE = "mail.keystore.%s.password";
    private static final String LOCAL_ADDRESS_REGEX = "^(.*)@.*$";
    private KeyStore keyStore;
    private Properties properties;

    public MailSigner(Properties properties) {
        this.properties = properties;
        String property = properties.getProperty("mail.keystore.file");
        String property2 = properties.getProperty("mail.keystore.password");
        if (property != null) {
            try {
                if (!property.trim().isEmpty() && property2 != null && !property2.trim().isEmpty()) {
                    this.keyStore = KeyStore.getInstance("JKS");
                    this.keyStore.load(new FileInputStream(property), property2.toCharArray());
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                log.error("Caught exception attempting to load mail keystore.  No emails will be signed.", e);
                return;
            }
        }
        log.warn("No mail keystore file or password set.  No emails will be signed.");
    }

    public MailSigner(Properties properties, KeyStore keyStore) {
        this.properties = properties;
        this.keyStore = keyStore;
    }

    public Optional<MimeMessage> signMessage(MimeMessage mimeMessage) {
        if (this.keyStore == null) {
            log.warn("No keystore provided so the message will not be signed");
            return Optional.empty();
        }
        try {
            Address[] from = mimeMessage.getFrom();
            Optional findFirst = Arrays.stream(from).map((v0) -> {
                return v0.toString();
            }).filter(str -> {
                try {
                    return this.keyStore.containsAlias(str);
                } catch (KeyStoreException e) {
                    return false;
                }
            }).findFirst();
            if (!findFirst.isPresent()) {
                log.info("Could not find an email certificate for any of the from addresses: " + from);
                return Optional.empty();
            }
            String str2 = (String) findFirst.get();
            return Optional.of(signMessage(mimeMessage, (PrivateKey) this.keyStore.getKey(str2, getEmailPassword(str2).toCharArray()), (X509Certificate) this.keyStore.getCertificateChain(str2)[0]));
        } catch (MessagingException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            log.error("Caught exception when attempting to sign a message.  The message will be sent unsigned.", e);
            return Optional.empty();
        }
    }

    protected String getEmailPassword(String str) {
        String property = this.properties.getProperty(String.format(CERT_PASSWORD_PROPERTY_TEMPLATE, str));
        if (property == null || property.trim().isEmpty()) {
            String replaceAll = str.replaceAll(LOCAL_ADDRESS_REGEX, "$1");
            log.debug(String.format("No key password found for %s.  Trying local portion, %s.", str, replaceAll));
            property = this.properties.getProperty(String.format(CERT_PASSWORD_PROPERTY_TEMPLATE, replaceAll));
            if (property == null || property.trim().isEmpty()) {
                log.debug(String.format("No key password found for %s or %s.  Defaulting to using the keystore password.", str, replaceAll));
                property = this.properties.getProperty("mail.keystore.password");
            }
        }
        return property;
    }

    public static MimeMessage signMessage(MimeMessage mimeMessage, PrivateKey privateKey, X509Certificate x509Certificate) {
        try {
            JcaCertStore jcaCertStore = new JcaCertStore(Collections.singletonList(x509Certificate));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            SMIMECapabilityVector sMIMECapabilityVector = new SMIMECapabilityVector();
            sMIMECapabilityVector.addCapability(SMIMECapability.dES_EDE3_CBC);
            sMIMECapabilityVector.addCapability(SMIMECapability.rC2_CBC, 128);
            sMIMECapabilityVector.addCapability(SMIMECapability.dES_CBC);
            sMIMECapabilityVector.addCapability(SMIMECapability.aES256_CBC);
            aSN1EncodableVector.add(new SMIMECapabilitiesAttribute(sMIMECapabilityVector));
            aSN1EncodableVector.add(new SMIMEEncryptionKeyPreferenceAttribute(new IssuerAndSerialNumber(new X500Name(x509Certificate.getIssuerDN().getName()), x509Certificate.getSerialNumber())));
            SMIMESignedGenerator sMIMESignedGenerator = new SMIMESignedGenerator();
            sMIMESignedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(new BouncyCastleProvider()).setSignedAttributeGenerator(new AttributeTable(aSN1EncodableVector)).build("SHA1withRSA", privateKey, x509Certificate));
            sMIMESignedGenerator.addCertificates(jcaCertStore);
            MimeBodyPart mimeBodyPart = new MimeBodyPart();
            Object content = mimeMessage.getContent();
            if (content instanceof String) {
                mimeBodyPart.setText((String) content);
            } else if (content instanceof MimeMultipart) {
                mimeBodyPart.setContent((MimeMultipart) content);
            }
            MimeMultipart generate = sMIMESignedGenerator.generate(mimeBodyPart);
            MimeMessage mimeMessage2 = new MimeMessage(mimeMessage.getSession());
            mimeMessage2.setContent(generate, generate.getContentType());
            Enumeration allHeaderLines = mimeMessage.getAllHeaderLines();
            while (allHeaderLines.hasMoreElements()) {
                String str = (String) allHeaderLines.nextElement();
                if (!str.startsWith("Content-Type:")) {
                    mimeMessage2.addHeaderLine(str);
                }
            }
            mimeMessage2.saveChanges();
            return mimeMessage2;
        } catch (CertificateEncodingException | OperatorCreationException | IOException | MessagingException | SMIMEException e) {
            log.error("Caught exception when attempting to sign a message. Message will be sent unsigned", e);
            return mimeMessage;
        }
    }
}
