package org.kuali.kfs.sys.service.impl;

import java.io.FileInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Locale;
import javax.activation.CommandMap;
import javax.activation.MailcapCommandMap;
import javax.mail.Authenticator;
import javax.mail.MessagingException;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
import org.bouncycastle.asn1.smime.SMIMECapability;
import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
import org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESignedGenerator;
import org.kuali.kfs.coreservice.framework.parameter.ParameterService;
import org.kuali.kfs.krad.util.KRADConstants;
import org.kuali.kfs.sys.mail.MailMessage;
import org.kuali.kfs.sys.service.EmailService;
import org.kuali.rice.core.api.CoreConstants;
import org.kuali.rice.core.api.config.property.ConfigurationService;
import org.opensaml.security.crypto.JCAConstants;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.mail.MailException;
import org.springframework.mail.javamail.JavaMailSenderImpl;
import org.springframework.mail.javamail.MimeMessageHelper;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2020-09-25.jar:org/kuali/kfs/sys/service/impl/EmailServiceImpl.class */
public class EmailServiceImpl implements EmailService, InitializingBean {
    private static final Logger LOG = LogManager.getLogger();
    protected static final String PARAM_NON_PRODUCTION_EMAIL_MODE = "NON_PRODUCTION_EMAIL_MODE";
    protected static final String PARAM_DEFAULT_FROM_EMAIL_ADDRESS = "DEFAULT_FROM_EMAIL_ADDRESS";
    protected static final String PARAM_DEFAULT_TO_EMAIL_ADDRESS = "DEFAULT_TO_EMAIL_ADDRESS";
    protected static final String PARAM_NON_PRODUCTION_TO_EMAIL_ADDRESS = "NON_PRODUCTION_TO_EMAIL_ADDRESS";
    protected static final String MODE_LOG = "L";
    protected static final String MODE_TEST = "T";
    protected static final String MODE_PROD = "P";
    protected static final int MAXIMUM_NUMBER_OF_CHARACTERS_FOR_LOGGED_MESSAGE = 5000;
    protected JavaMailSenderImpl javaMailSender;
    protected ConfigurationService configurationService;
    protected ParameterService parameterService;
    private KeyStore keyStore;
    private String keyStoreFile;
    private String keyStorePassword;

    @Override // org.kuali.kfs.sys.service.EmailService
    public String getDefaultFromAddress() {
        return this.parameterService.getParameterValueAsString("KFS-SYS", "All", PARAM_DEFAULT_FROM_EMAIL_ADDRESS);
    }

    @Override // org.kuali.kfs.sys.service.EmailService
    public String getDefaultToAddress() {
        return this.parameterService.getParameterValueAsString("KFS-SYS", "All", PARAM_DEFAULT_TO_EMAIL_ADDRESS);
    }

    @Override // org.kuali.kfs.sys.service.EmailService
    public void sendMessage(MailMessage mailMessage, boolean z) {
        LOG.debug("sendMessage() started");
        if (mailMessage.getToAddresses().size() == 0) {
            LOG.error("sendMessage() Attempting to send email with no TO addresses");
            logMessage(mailMessage);
            return;
        }
        if (StringUtils.isEmpty(mailMessage.getFromAddress())) {
            LOG.error("sendMessage() Attempting to send email with no FROM address");
            logMessage(mailMessage);
            return;
        }
        String mode = getMode();
        if ("L".equals(mode)) {
            logMessage(mailMessage);
            return;
        }
        if ("T".equals(mode)) {
            modifyMessageForTestMode(mailMessage);
        }
        mailMessage.setSubject(modifyMessageSubject(mailMessage.getSubject()));
        try {
            MimeMessage createMimeMessage = this.javaMailSender.createMimeMessage();
            MimeMessageHelper mimeMessageHelper = new MimeMessageHelper(createMimeMessage, mailMessage.getAttachmentContent() != null);
            mimeMessageHelper.setTo((String[]) mailMessage.getToAddresses().toArray(new String[mailMessage.getToAddresses().size()]));
            mimeMessageHelper.setBcc((String[]) mailMessage.getBccAddresses().toArray(new String[mailMessage.getBccAddresses().size()]));
            mimeMessageHelper.setCc((String[]) mailMessage.getCcAddresses().toArray(new String[mailMessage.getCcAddresses().size()]));
            mimeMessageHelper.setSubject(mailMessage.getSubject());
            mimeMessageHelper.setFrom(mailMessage.getFromAddress());
            mimeMessageHelper.setText(mailMessage.getMessage(), z);
            if (mailMessage.getAttachmentContent() != null) {
                mimeMessageHelper.addAttachment(mailMessage.getAttachmentFileName(), new ByteArrayResource(mailMessage.getAttachmentContent()), mailMessage.getAttachmentContentType());
            }
            if (this.configurationService.getPropertyValueAsBoolean(KRADConstants.MAIL_SIGNING_ENABLED, false) && this.keyStore != null) {
                try {
                    Enumeration<String> aliases = this.keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        String propertyValueAsString = this.configurationService.getPropertyValueAsString(String.format("keystore.%s.password", StringUtils.substringBefore(nextElement, "@")));
                        if (nextElement.equals(mailMessage.getFromAddress()) && StringUtils.isNotBlank(propertyValueAsString)) {
                            createMimeMessage = signMessage(createMimeMessage, nextElement, propertyValueAsString);
                        }
                    }
                } catch (KeyStoreException e) {
                    LOG.error("sendMessage() Unable to parse keystore", (Throwable) e);
                    throw new RuntimeException("Unable to parse keystore", e);
                }
            }
            this.javaMailSender.send(createMimeMessage);
        } catch (MessagingException | MailException e2) {
            LOG.error("sendMessage() Unable to send email", e2);
            throw new RuntimeException("Unable to send email", e2);
        }
    }

    protected MimeMessage signMessage(MimeMessage mimeMessage, final String str, final String str2) {
        try {
            PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(str, str2.toCharArray());
            Certificate[] certificateChain = this.keyStore.getCertificateChain(str);
            MailcapCommandMap mailcapCommandMap = (MailcapCommandMap) CommandMap.getDefaultCommandMap();
            mailcapCommandMap.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
            mailcapCommandMap.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
            mailcapCommandMap.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
            mailcapCommandMap.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
            mailcapCommandMap.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");
            SMIMECapabilityVector sMIMECapabilityVector = new SMIMECapabilityVector();
            sMIMECapabilityVector.addCapability(SMIMECapability.dES_EDE3_CBC);
            sMIMECapabilityVector.addCapability(SMIMECapability.rC2_CBC, 128);
            sMIMECapabilityVector.addCapability(SMIMECapability.dES_CBC);
            sMIMECapabilityVector.addCapability(SMIMECapability.aES256_CBC);
            Session defaultInstance = Session.getDefaultInstance(this.javaMailSender.getJavaMailProperties(), new Authenticator() { // from class: org.kuali.kfs.sys.service.impl.EmailServiceImpl.1
                @Override // javax.mail.Authenticator
                protected PasswordAuthentication getPasswordAuthentication() {
                    return new PasswordAuthentication(str, str2);
                }
            });
            Security.addProvider(new BouncyCastleProvider());
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new SMIMEEncryptionKeyPreferenceAttribute(new IssuerAndSerialNumber(new X500Name(((X509Certificate) certificateChain[0]).getIssuerDN().getName()), ((X509Certificate) certificateChain[0]).getSerialNumber())));
            aSN1EncodableVector.add(new SMIMECapabilitiesAttribute(sMIMECapabilityVector));
            SMIMESignedGenerator sMIMESignedGenerator = new SMIMESignedGenerator();
            sMIMESignedGenerator.addSigner(privateKey, (X509Certificate) certificateChain[0], JCAConstants.KEY_ALGO_DSA.equals(privateKey.getAlgorithm()) ? SMIMESignedGenerator.DIGEST_SHA1 : SMIMESignedGenerator.DIGEST_MD5, new AttributeTable(aSN1EncodableVector), null);
            ArrayList arrayList = new ArrayList();
            arrayList.add(certificateChain[0]);
            sMIMESignedGenerator.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC"));
            MimeMultipart generate = sMIMESignedGenerator.generate(mimeMessage, "BC");
            MimeMessage mimeMessage2 = new MimeMessage(defaultInstance);
            Enumeration<String> allHeaderLines = mimeMessage.getAllHeaderLines();
            while (allHeaderLines.hasMoreElements()) {
                mimeMessage2.addHeaderLine(allHeaderLines.nextElement());
            }
            mimeMessage2.setContent(generate);
            return mimeMessage2;
        } catch (InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CertStoreException | MessagingException | SMIMEException e) {
            LOG.error("Exception while signing message. Message will be sent unsigned", e);
            return mimeMessage;
        }
    }

    protected String modifyMessageSubject(String str) {
        String propertyValueAsString = this.configurationService.getPropertyValueAsString(CoreConstants.Config.APPLICATION_ID);
        String propertyValueAsString2 = this.configurationService.getPropertyValueAsString(KRADConstants.TENANT);
        String propertyValueAsString3 = this.configurationService.getPropertyValueAsString("environment");
        String propertyValueAsString4 = this.configurationService.getPropertyValueAsString("production.environment.code");
        StringBuilder sb = new StringBuilder();
        sb.append(propertyValueAsString).append(" ");
        if (StringUtils.isNotBlank(propertyValueAsString2)) {
            sb.append(propertyValueAsString2).append(" ");
        }
        if (!propertyValueAsString3.equalsIgnoreCase(propertyValueAsString4)) {
            sb.append(propertyValueAsString3);
        }
        sb.append(": ").append(str);
        return sb.toString();
    }

    protected void modifyMessageForTestMode(MailMessage mailMessage) {
        LOG.debug("modifyMessageForTestMode() started");
        mailMessage.setBccAddresses(new HashSet());
        mailMessage.setCcAddresses(new HashSet());
        mailMessage.setToAddresses(Collections.singleton(getNonProductionToEmailAddress()));
    }

    protected void logMessage(MailMessage mailMessage) {
        LOG.info("logMessage() Send email from: " + mailMessage.getFromAddress());
        LOG.info("logMessage() Send email to: " + String.join(",", mailMessage.getToAddresses()));
        if (!mailMessage.getCcAddresses().isEmpty()) {
            LOG.info("logMessage() CC: " + String.join(",", mailMessage.getCcAddresses()));
        }
        if (!mailMessage.getBccAddresses().isEmpty()) {
            LOG.info("logMessage() BCC: " + String.join(",", mailMessage.getBccAddresses()));
        }
        LOG.info("logMessage() Subject: " + mailMessage.getSubject());
        if (mailMessage.getMessage().length() > 5000) {
            LOG.info("logMessage() Message, truncated at 5000 characters: " + mailMessage.getMessage().substring(0, 5000));
        } else {
            LOG.info("logMessage() Message: " + mailMessage.getMessage());
        }
    }

    protected String getNonProductionToEmailAddress() {
        return this.parameterService.getParameterValueAsString("KFS-SYS", "All", PARAM_NON_PRODUCTION_TO_EMAIL_ADDRESS);
    }

    protected String getMode() {
        if (isProduction()) {
            return "P";
        }
        String parameterValueAsString = this.parameterService.getParameterValueAsString("KFS-SYS", "All", PARAM_NON_PRODUCTION_EMAIL_MODE);
        if ("P".equals(parameterValueAsString) || "T".equals(parameterValueAsString) || "L".equals(parameterValueAsString)) {
            return parameterValueAsString;
        }
        LOG.error("getMode() Invalid parameter value for NON_PRODUCTION_EMAIL_MODE: " + parameterValueAsString);
        return "L";
    }

    protected boolean isProduction() {
        return this.configurationService.getPropertyValueAsString("production.environment.code").toLowerCase(Locale.US).equals(this.configurationService.getPropertyValueAsString("environment").toLowerCase(Locale.US));
    }

    public void setJavaMailSender(JavaMailSenderImpl javaMailSenderImpl) {
        this.javaMailSender = javaMailSenderImpl;
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    public void setParameterService(ParameterService parameterService) {
        this.parameterService = parameterService;
    }

    protected KeyStore getKeyStore() {
        return this.keyStore;
    }

    public void setKeyStore(KeyStore keyStore) {
        this.keyStore = keyStore;
    }

    protected String getKeyStoreFile() {
        return this.keyStoreFile;
    }

    public void setKeyStoreFile(String str) {
        this.keyStoreFile = str;
    }

    protected String getKeyStorePassword() {
        return this.keyStorePassword;
    }

    public void setKeyStorePassword(String str) {
        this.keyStorePassword = str;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        if (this.configurationService.getPropertyValueAsBoolean(KRADConstants.MAIL_SIGNING_ENABLED, false) && StringUtils.isNotBlank(this.keyStoreFile) && StringUtils.isNotBlank(this.keyStorePassword)) {
            this.keyStore = KeyStore.getInstance(SslConfigurationDefaults.KEYSTORE_TYPE);
            this.keyStore.load(new FileInputStream(this.keyStoreFile), this.keyStorePassword.toCharArray());
        }
    }
}
