package com.zollsoft.kvc.message;

import com.zollsoft.kvc.constants.Consts;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.mail.MessagingException;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.ess.ESSCertIDv2;
import org.bouncycastle.asn1.ess.SigningCertificateV2;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Attribute;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEEnveloped;
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESigned;
import org.bouncycastle.mail.smime.SMIMESignedGenerator;
import org.bouncycastle.mail.smime.SMIMEUtil;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Store;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/zollsoft/kvc/message/SMIME.class */
public class SMIME {
    protected static final Logger LOG = LoggerFactory.getLogger(SMIME.class);
    private X509Certificate certificate;
    private PrivateKey privateKey;

    public SMIME(X509Certificate x509Certificate, PrivateKey privateKey) {
        this.certificate = x509Certificate;
        this.privateKey = privateKey;
    }

    public MimeMultipart signMail(MimeMultipart mimeMultipart, X509Certificate[] x509CertificateArr) {
        MimeBodyPart mimeBodyPart = new MimeBodyPart();
        try {
            mimeBodyPart.setContent(mimeMultipart);
        } catch (MessagingException e) {
            LOG.error("Inhalt des MimeBodyparts konnte nicht gesetzt werden. {}", e.getMessage());
        }
        return makeSignature(makeCertStore(x509CertificateArr), mimeBodyPart, makeSignInfoGenerator());
    }

    private Store makeCertStore(X509Certificate[] x509CertificateArr) {
        JcaCertStore jcaCertStore = null;
        ArrayList arrayList = new ArrayList();
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                arrayList.add(x509Certificate);
            }
            jcaCertStore = new JcaCertStore(arrayList);
        } catch (CertificateEncodingException e) {
            LOG.error("Fehler bei initialisierung eines neuen Zertifikat Stores. {}", e.getMessage());
        }
        return jcaCertStore;
    }

    private JcaSimpleSignerInfoGeneratorBuilder makeSignInfoGenerator() {
        ASN1EncodableVector makeSigningCertificateV2 = makeSigningCertificateV2(this.certificate);
        JcaSimpleSignerInfoGeneratorBuilder jcaSimpleSignerInfoGeneratorBuilder = null;
        try {
            jcaSimpleSignerInfoGeneratorBuilder = new JcaSimpleSignerInfoGeneratorBuilder();
            jcaSimpleSignerInfoGeneratorBuilder.setSignedAttributeGenerator(new AttributeTable(makeSigningCertificateV2));
        } catch (OperatorCreationException e) {
            LOG.error("Fehler beim Initialisieren des Signatur Info Generators. {}", e.getMessage());
        }
        return jcaSimpleSignerInfoGeneratorBuilder;
    }

    private MimeMultipart makeSignature(Store store, MimeBodyPart mimeBodyPart, JcaSimpleSignerInfoGeneratorBuilder jcaSimpleSignerInfoGeneratorBuilder) {
        MimeMultipart mimeMultipart = null;
        SMIMESignedGenerator sMIMESignedGenerator = new SMIMESignedGenerator();
        try {
            sMIMESignedGenerator.addSignerInfoGenerator(jcaSimpleSignerInfoGeneratorBuilder.build(Consts.SIGNING_ALGORITHM, this.privateKey, this.certificate));
            sMIMESignedGenerator.addCertificates(store);
            mimeMultipart = sMIMESignedGenerator.generate(mimeBodyPart);
        } catch (SMIMEException e) {
            LOG.error("Signatur konnte nicht erstellt werden. {}", e.getMessage());
        } catch (OperatorCreationException | CertificateEncodingException e2) {
            LOG.error("Fehler bei der Erstellung des Info Generators der Signatur. {}", e2.getMessage());
        }
        return mimeMultipart;
    }

    public void verifySignature(MimeMultipart mimeMultipart) throws DecryptException {
        try {
            SMIMESigned sMIMESigned = new SMIMESigned(mimeMultipart, "base64");
            Store certificates = sMIMESigned.getCertificates();
            for (SignerInformation signerInformation : sMIMESigned.getSignerInfos().getSigners()) {
                X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next();
                try {
                } catch (CertificateException | OperatorCreationException | CMSException e) {
                    LOG.warn("Verifizierung mit Zertifikat '{}' fehlgeschlagen.", x509CertificateHolder, e);
                }
                if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(new JcaX509CertificateConverter().getCertificate(x509CertificateHolder)))) {
                    return;
                }
            }
            throw new DecryptException("Signatur konnte nicht verifiziert werden.");
        } catch (MessagingException | CMSException e2) {
            throw new DecryptException("Signatur konnte nicht verifiziert werden. ", e2);
        }
    }

    public MimeBodyPart encrypt(MimeMessage mimeMessage, List<X509Certificate> list) {
        Security.addProvider(new BouncyCastleProvider());
        MimeMessage mimeMessage2 = null;
        try {
            mimeMessage2 = new MimeMessage(mimeMessage);
        } catch (MessagingException e) {
            LOG.error("MimeMessage konnte nicht erstellt werden. {}", e.getMessage());
        }
        return startEncrypting(addRecipientInfo(list), mimeMessage2);
    }

    private SMIMEEnvelopedGenerator addRecipientInfo(List<X509Certificate> list) {
        SMIMEEnvelopedGenerator sMIMEEnvelopedGenerator = new SMIMEEnvelopedGenerator();
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            try {
                sMIMEEnvelopedGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(it.next()));
            } catch (CertificateEncodingException e) {
                LOG.error("Informationsgenerator für Empfänger konnte nicht erzeugt werden. {}", e.getMessage());
            }
        }
        return sMIMEEnvelopedGenerator;
    }

    private MimeBodyPart startEncrypting(SMIMEEnvelopedGenerator sMIMEEnvelopedGenerator, MimeMessage mimeMessage) {
        MimeBodyPart mimeBodyPart = null;
        try {
            mimeBodyPart = sMIMEEnvelopedGenerator.generate(mimeMessage, new JceCMSContentEncryptorBuilder(Consts.ENCRYPTION_ALGORITHM).build());
        } catch (CMSException e) {
            LOG.error("Encryptor konnte nicht mit Verschlüsselungsalgorithmus {} initialisiert werden. Fehler: {}. Bitte prüfen Sie, ob die unrestricted policy files für ihre JVM installiert wurden.", Consts.ENCRYPTION_ALGORITHM, e.getMessage());
        } catch (SMIMEException e2) {
            LOG.error("Verschlüsselte Nachricht konnte nicht generiert werden. {}", e2.getMessage());
        }
        return mimeBodyPart;
    }

    public MimeBodyPart decrypt(MimeMessage mimeMessage, X509Certificate x509Certificate, PrivateKey privateKey) throws DecryptException {
        return startDecrypting(loadRecipientInfo(mimeMessage, x509Certificate), privateKey);
    }

    private RecipientInformation loadRecipientInfo(MimeMessage mimeMessage, X509Certificate x509Certificate) {
        RecipientInformation recipientInformation = null;
        try {
            recipientInformation = new SMIMEEnveloped(mimeMessage).getRecipientInfos().get(new JceKeyTransRecipientId(x509Certificate));
        } catch (MessagingException | CMSException e) {
            LOG.error("Konnte enveloped data nicht laden. {}", e.getMessage());
        }
        return recipientInformation;
    }

    private MimeBodyPart startDecrypting(RecipientInformation recipientInformation, PrivateKey privateKey) throws DecryptException {
        try {
            return SMIMEUtil.toMimeBodyPart(recipientInformation.getContent(new JceKeyTransEnvelopedRecipient(privateKey)));
        } catch (CMSException e) {
            throw new DecryptException("Fehler beim Lesen der Empfängerdaten.", e);
        } catch (SMIMEException e2) {
            throw new DecryptException("MimeBodypart konnte nicht erzeugt werden.", e2);
        }
    }

    private ASN1EncodableVector makeSigningCertificateV2(X509Certificate x509Certificate) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        byte[] bArr = null;
        try {
            bArr = MessageDigest.getInstance(Consts.SIGNING_CERTIFICATE_V2, (Provider) new BouncyCastleProvider()).digest(x509Certificate.getEncoded());
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            LOG.error("Es konnte kein Hash über das Zertifikat gebildet werden. {}", e.getMessage());
        }
        aSN1EncodableVector.add(new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(new SigningCertificateV2(new ESSCertIDv2[]{new ESSCertIDv2(new AlgorithmIdentifier(new ASN1ObjectIdentifier(getAlgoIdentifier(Consts.SIGNING_CERTIFICATE_V2))), bArr)}))));
        return aSN1EncodableVector;
    }

    private String getAlgoIdentifier(String str) {
        String str2;
        boolean z = -1;
        switch (str.hashCode()) {
            case -1523887726:
                if (str.equals(Consts.SIGNING_CERTIFICATE_V2)) {
                    z = false;
                    break;
                }
                break;
            case -1523884971:
                if (str.equals("SHA-512")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                str2 = "2.16.840.1.101.3.4.2.1";
                break;
            case true:
                str2 = "2.16.840.1.101.3.4.2.3";
                break;
            default:
                str2 = "2.16.840.1.101.3.4.2.2";
                break;
        }
        return str2;
    }
}
