package com.modus.openas2.lib.helper;

import com.modus.common.message.AS2Headers;
import com.modus.common.service.SupportedAlgorithm;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.DigestInputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.mail.MessagingException;
import javax.mail.internet.ContentType;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMultipart;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEEnveloped;
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESigned;
import org.bouncycastle.mail.smime.SMIMESignedGenerator;
import org.bouncycastle.mail.smime.SMIMEUtil;
import org.bouncycastle.operator.OutputEncryptor;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/modus/openas2/lib/helper/BCCryptoHelper.class */
public class BCCryptoHelper implements ICryptoHelper {
    private static final String JKS_KEY_STORE_TYPE = "JKS";
    private static final String PKCS12_KEY_STORE_TYPE = "PKCS12";
    private static final String BC_PROVIDER = "BC";
    private Log logger = LogFactory.getLog(BCCryptoHelper.class);

    @Override // com.modus.openas2.lib.helper.ICryptoHelper
    public boolean isEncrypted(MimeBodyPart mimeBodyPart) throws MessagingException {
        String parameter;
        ContentType contentType = new ContentType(mimeBodyPart.getContentType());
        return contentType.getBaseType().toLowerCase().equalsIgnoreCase("application/pkcs7-mime") && (parameter = contentType.getParameter("smime-type")) != null && parameter.equalsIgnoreCase("enveloped-data");
    }

    @Override // com.modus.openas2.lib.helper.ICryptoHelper
    public boolean isSigned(MimeBodyPart mimeBodyPart) throws MessagingException {
        return new ContentType(mimeBodyPart.getContentType()).getBaseType().toLowerCase().equalsIgnoreCase("multipart/signed");
    }

    @Override // com.modus.openas2.lib.helper.ICryptoHelper
    public String calculateMIC(MimeBodyPart mimeBodyPart, String str, boolean z) throws GeneralSecurityException, MessagingException, IOException {
        MessageDigest messageDigest = MessageDigest.getInstance(convertAlgorithm(str, true), BC_PROVIDER);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (z) {
            mimeBodyPart.writeTo(byteArrayOutputStream);
        } else {
            IOUtils.copy(mimeBodyPart.getInputStream(), byteArrayOutputStream);
        }
        DigestInputStream digestInputStream = new DigestInputStream(trimCRLFPrefix(byteArrayOutputStream.toByteArray()), messageDigest);
        do {
        } while (digestInputStream.read(new byte[4096]) >= 0);
        byteArrayOutputStream.close();
        StringBuilder sb = new StringBuilder(new String(Base64.encode(digestInputStream.getMessageDigest().digest())));
        sb.append(", ").append(str);
        return sb.toString();
    }

    @Override // com.modus.openas2.lib.helper.ICryptoHelper
    public MimeBodyPart decrypt(MimeBodyPart mimeBodyPart, Certificate certificate, Key key) throws GeneralSecurityException, MessagingException, CMSException, IOException, SMIMEException {
        if (!isEncrypted(mimeBodyPart)) {
            throw new GeneralSecurityException("Content-Type indicates data isn't encrypted");
        }
        X509Certificate castCertificate = castCertificate(certificate);
        SMIMEEnveloped sMIMEEnveloped = new SMIMEEnveloped(mimeBodyPart);
        RecipientInformation recipientInformation = sMIMEEnveloped.getRecipientInfos().get(new JceKeyTransRecipientId(castCertificate));
        if (recipientInformation == null) {
            throw new GeneralSecurityException("Certificate does not match part signature");
        }
        return SMIMEUtil.toMimeBodyPart(recipientInformation.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) key).setProvider(BC_PROVIDER)));
    }

    @Override // com.modus.openas2.lib.helper.ICryptoHelper
    public MimeBodyPart encrypt(MimeBodyPart mimeBodyPart, Certificate certificate, String str) throws GeneralSecurityException, SMIMEException, CMSException {
        X509Certificate castCertificate = castCertificate(certificate);
        SMIMEEnvelopedGenerator sMIMEEnvelopedGenerator = new SMIMEEnvelopedGenerator();
        sMIMEEnvelopedGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(castCertificate));
        return sMIMEEnvelopedGenerator.generate(mimeBodyPart, encryptorFromDigest(str));
    }

    private OutputEncryptor encryptorFromDigest(String str) throws CMSException {
        JceCMSContentEncryptorBuilder jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC);
        boolean z = -1;
        switch (str.hashCode()) {
            case -938232998:
                if (str.equals(SupportedAlgorithm.RC2_40)) {
                    z = false;
                    break;
                }
                break;
            case -938232932:
                if (str.equals(SupportedAlgorithm.RC2_64)) {
                    z = true;
                    break;
                }
                break;
            case 979545369:
                if (str.equals(SupportedAlgorithm.RC2_128)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC, 40);
                break;
            case true:
                jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC, 64);
                break;
            case true:
                jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC, 128);
                break;
        }
        return jceCMSContentEncryptorBuilder.setProvider(BC_PROVIDER).build();
    }

    @Override // com.modus.openas2.lib.helper.ICryptoHelper
    public void initialize() {
        if (Security.addProvider(new BouncyCastleProvider()) == -1) {
            this.logger.warn("Could not register BouncyCastle as a provider. BouncyCastle " + Security.getProvider(BC_PROVIDER).getVersion() + " is already installed as a provider.");
        }
    }

    @Override // com.modus.openas2.lib.helper.ICryptoHelper
    public MimeBodyPart sign(MimeBodyPart mimeBodyPart, Certificate certificate, Key key, String str) throws GeneralSecurityException, SMIMEException, MessagingException {
        String convertAlgorithm = convertAlgorithm(str, true);
        X509Certificate castCertificate = castCertificate(certificate);
        PrivateKey castKey = castKey(key);
        SMIMESignedGenerator sMIMESignedGenerator = new SMIMESignedGenerator(AS2Headers.BINARY_TRANSFER_ENCODING);
        sMIMESignedGenerator.addSigner(castKey, castCertificate, convertAlgorithm);
        MimeMultipart generate = sMIMESignedGenerator.generate(mimeBodyPart, BC_PROVIDER);
        MimeBodyPart mimeBodyPart2 = new MimeBodyPart();
        mimeBodyPart2.setContent(generate);
        mimeBodyPart2.setHeader("Content-Type", generate.getContentType());
        mimeBodyPart2.setHeader(AS2Headers.CONTENT_DISPOSITION, mimeBodyPart.getHeader(AS2Headers.CONTENT_DISPOSITION, (String) null));
        return mimeBodyPart2;
    }

    @Override // com.modus.openas2.lib.helper.ICryptoHelper
    public MimeBodyPart verify(MimeBodyPart mimeBodyPart, Certificate certificate) throws GeneralSecurityException, IOException, MessagingException, CMSException {
        if (!isSigned(mimeBodyPart)) {
            throw new GeneralSecurityException("Content-Type indicates data isn't signed");
        }
        X509Certificate castCertificate = castCertificate(certificate);
        SMIMESigned sMIMESigned = new SMIMESigned((MimeMultipart) mimeBodyPart.getContent(), AS2Headers.BINARY_TRANSFER_ENCODING);
        Iterator it = sMIMESigned.getSignerInfos().getSigners().iterator();
        while (it.hasNext()) {
            if (!((SignerInformation) it.next()).verify(castCertificate, BC_PROVIDER)) {
                throw new SignatureException("Verification failed");
            }
        }
        return sMIMESigned.getContent();
    }

    private X509Certificate castCertificate(Certificate certificate) throws GeneralSecurityException {
        if (certificate == null) {
            throw new GeneralSecurityException("Certificate is null");
        }
        if (certificate instanceof X509Certificate) {
            return (X509Certificate) certificate;
        }
        throw new GeneralSecurityException("Certificate must be an instance of X509Certificate");
    }

    private PrivateKey castKey(Key key) throws GeneralSecurityException {
        if (key instanceof PrivateKey) {
            return (PrivateKey) key;
        }
        throw new GeneralSecurityException("Key must implement PrivateKey interface");
    }

    private String convertAlgorithm(String str, boolean z) throws NoSuchAlgorithmException {
        if (str == null) {
            throw new NoSuchAlgorithmException("Algorithm is null");
        }
        if (z) {
            if (str.equalsIgnoreCase("md5")) {
                return SMIMESignedGenerator.DIGEST_MD5;
            }
            if (str.equalsIgnoreCase("sha1")) {
                return SMIMESignedGenerator.DIGEST_SHA1;
            }
            if (str.equalsIgnoreCase("3des")) {
                return SMIMEEnvelopedGenerator.DES_EDE3_CBC;
            }
            if (str.equalsIgnoreCase(ICryptoHelper.CRYPT_CAST5)) {
                return "1.2.840.113533.7.66.10";
            }
            if (str.equalsIgnoreCase(ICryptoHelper.CRYPT_IDEA)) {
                return "1.3.6.1.4.1.188.7.1.1.2";
            }
            if (str.equalsIgnoreCase(ICryptoHelper.CRYPT_RC2)) {
                return SMIMEEnvelopedGenerator.RC2_CBC;
            }
            throw new NoSuchAlgorithmException("Unknown algorithm: " + str);
        }
        if (str.equalsIgnoreCase(SMIMESignedGenerator.DIGEST_MD5)) {
            return "md5";
        }
        if (str.equalsIgnoreCase(SMIMESignedGenerator.DIGEST_SHA1)) {
            return "sha1";
        }
        if (str.equalsIgnoreCase("1.2.840.113533.7.66.10")) {
            return ICryptoHelper.CRYPT_CAST5;
        }
        if (str.equalsIgnoreCase(SMIMEEnvelopedGenerator.DES_EDE3_CBC)) {
            return "3des";
        }
        if (str.equalsIgnoreCase("1.3.6.1.4.1.188.7.1.1.2")) {
            return ICryptoHelper.CRYPT_IDEA;
        }
        if (str.equalsIgnoreCase(SMIMEEnvelopedGenerator.RC2_CBC)) {
            return ICryptoHelper.CRYPT_RC2;
        }
        throw new NoSuchAlgorithmException("Unknown algorithm: " + str);
    }

    private InputStream trimCRLFPrefix(byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        int length = bArr.length;
        for (int i = 0; i < length - 1 && new String(bArr, i, 2).equals("\r\n"); i += 2) {
            byteArrayInputStream.read();
            byteArrayInputStream.read();
        }
        return byteArrayInputStream;
    }

    @Override // com.modus.openas2.lib.helper.ICryptoHelper
    public KeyStore loadKeyStore(String str, String str2) throws IOException, GeneralSecurityException {
        this.logger.debug("Looking for certificate at:" + str);
        KeyStore keyStore = null;
        if (StringUtils.isNotEmpty(str)) {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(toInputStream(str));
            bufferedInputStream.mark(0);
            try {
                keyStore = loadKeyStore(PKCS12_KEY_STORE_TYPE, bufferedInputStream, str2);
            } catch (IOException e) {
                bufferedInputStream.reset();
                keyStore = loadKeyStore(JKS_KEY_STORE_TYPE, bufferedInputStream, str2);
            }
        }
        return keyStore;
    }

    public static KeyStore loadKeyStore(String str, InputStream inputStream, String str2) throws IOException, GeneralSecurityException {
        KeyStore keyStore;
        try {
            keyStore = KeyStore.getInstance(str, BC_PROVIDER);
        } catch (KeyStoreException e) {
            keyStore = KeyStore.getInstance(str);
        }
        keyStore.load(inputStream, str2.toCharArray());
        inputStream.close();
        return keyStore;
    }

    private InputStream toInputStream(String str) throws IOException {
        URL url = null;
        try {
            File canonicalFile = new File(str).getCanonicalFile();
            if (canonicalFile.exists()) {
                url = canonicalFile.getAbsoluteFile().toURI().toURL();
            } else {
                this.logger.debug("File doesn't exist: " + canonicalFile.getAbsolutePath());
            }
        } catch (Exception e) {
            this.logger.debug("Unable to load resource from the file system: " + e.getMessage());
        }
        if (url == null) {
            url = Thread.currentThread().getContextClassLoader().getResource(str);
            if (url == null) {
                this.logger.debug("Unable to load resource " + str + " from the classpath");
            }
        }
        if (url != null) {
            return url.openStream();
        }
        throw new FileNotFoundException();
    }
}
