package com.zollsoft.kvc;

import com.zollsoft.kvc.certificate.KVCertificate;
import com.zollsoft.kvc.message.KVMIME;
import com.zollsoft.kvc.message.MakeMimeMultipart;
import com.zollsoft.kvc.rest.RESTClient;
import com.zollsoft.kvc.security.Crypto;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.mail.internet.MimeMultipart;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSEnvelopedDataParser;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedDataParser;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Store;

/* loaded from: input_file:com/zollsoft/kvc/ImpfpassFactory.class */
public class ImpfpassFactory {
    private RESTClient rest;
    private Crypto crypto;

    public ImpfpassFactory(Crypto crypto, RESTClient rESTClient) {
        this.rest = rESTClient;
        this.crypto = crypto;
    }

    public String prepareSend(String str, String str2, String str3) {
        KVMIME kvmime = new KVMIME(makeBody(str, str3));
        PrivateKey privateKey = this.crypto.getPrivateKey();
        X509Certificate personalCert = this.crypto.getKvKeystore().getPersonalCert();
        X509Certificate[] x509CertificateArr = {personalCert};
        X509Certificate loadServerCert = loadServerCert(str2);
        ArrayList arrayList = new ArrayList();
        arrayList.add(loadServerCert);
        kvmime.sign(personalCert, privateKey, x509CertificateArr);
        kvmime.encrypt(personalCert, privateKey, arrayList);
        return kvmime.writeToString("encrypt", str3);
    }

    private MimeMultipart makeBody(String str, String str2) {
        MakeMimeMultipart makeMimeMultipart = new MakeMimeMultipart();
        if (str2.equals("ISO-8859-1")) {
            makeMimeMultipart.addMessageXml(str, str2);
        } else {
            makeMimeMultipart.addMessage(str);
        }
        makeMimeMultipart.addMessage(str);
        return makeMimeMultipart.getMulti();
    }

    private X509Certificate loadServerCert(String str) {
        return new KVCertificate((String) this.rest.getImpfServerCert(str).readEntity(String.class)).getSingleCertificate();
    }

    private RecipientInformation getRecipientInfo(CMSEnvelopedDataParser cMSEnvelopedDataParser) {
        Iterator it = cMSEnvelopedDataParser.getRecipientInfos().getRecipients().iterator();
        if (it.hasNext()) {
            return (RecipientInformation) it.next();
        }
        throw new RuntimeException("Konnte Empfänger nicht finden.");
    }

    public String decryptAndVerify(InputStream inputStream) throws CMSException, IOException, OperatorCreationException, CertificateException {
        InputStream decryptAndVerifyStream = decryptAndVerifyStream(inputStream);
        return decryptAndVerifyStream == null ? "Nachricht konnte nicht verifiziert werden." : getStringFromInputStream(decryptAndVerifyStream);
    }

    public InputStream decryptAndVerifyStream(InputStream inputStream) throws CMSException, IOException, OperatorCreationException, CertificateException {
        Security.addProvider(new BouncyCastleProvider());
        ByteArrayOutputStream copyStream = copyStream(decrypt(inputStream, this.crypto.getPrivateKey()));
        boolean verify = verify(new ByteArrayInputStream(copyStream.toByteArray()));
        InputStream contentStream = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), new ByteArrayInputStream(copyStream.toByteArray())).getSignedContent().getContentStream();
        System.out.println("Verified the signature: " + verify);
        if (verify) {
            return contentStream;
        }
        return null;
    }

    private InputStream decrypt(InputStream inputStream, PrivateKey privateKey) throws CMSException, IOException {
        return getRecipientInfo(new CMSEnvelopedDataParser(inputStream)).getContentStream(new JceKeyTransEnvelopedRecipient(privateKey)).getContentStream();
    }

    private boolean verify(InputStream inputStream) throws OperatorCreationException, IOException, CertificateException {
        try {
            CMSSignedDataParser cMSSignedDataParser = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), inputStream);
            cMSSignedDataParser.getSignedContent().drain();
            Store certificates = cMSSignedDataParser.getCertificates();
            Iterator it = cMSSignedDataParser.getSignerInfos().getSigners().iterator();
            if (!it.hasNext()) {
                return false;
            }
            SignerInformation signerInformation = (SignerInformation) it.next();
            return signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build((X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next()));
        } catch (Error | CMSException e) {
            e.printStackTrace();
            return false;
        }
    }

    private ByteArrayOutputStream copyStream(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= -1) {
                byteArrayOutputStream.flush();
                inputStream.close();
                return byteArrayOutputStream;
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private String getStringFromInputStream(InputStream inputStream) {
        StringBuilder sb = new StringBuilder();
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, "UTF-8"));
            Throwable th = null;
            while (true) {
                try {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        sb.append(readLine);
                    } finally {
                    }
                } finally {
                }
            }
            if (bufferedReader != null) {
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    bufferedReader.close();
                }
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        return sb.toString();
    }
}
