package de.governikus.bea.beaToolkit.crypto;

import de.bos_bremen.commons.base64.Base64;
import de.brak.bea.application.dto.encryption.EncKeyInfo;
import de.brak.bea.application.dto.encryption.EncryptedObject;
import de.brak.bea.application.dto.rest.AttachmentDTO;
import de.brak.bea.application.dto.rest.EncryptedDataDTO;
import de.brak.bea.application.dto.rest.FolderOverviewDTO;
import de.brak.bea.application.dto.rest.MessageDTO;
import de.brak.bea.application.dto.rest.MessageOverviewDTO;
import de.brak.bea.application.dto.rest.RecipientDTO;
import de.brak.bea.application.dto.rest.SubjectDTO;
import de.governikus.bea.beaToolkit.BeaToolkitContext;
import de.governikus.bea.beaToolkit.crypto.handler.AESHandler;
import de.governikus.bea.beaToolkit.exceptions.BeaAttachmentHashException;
import de.governikus.bea.beaToolkit.logging.BeaServerLogger;
import de.governikus.bea.beaToolkit.util.SizeConvertUtil;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FilterInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.security.DigestInputStream;
import java.security.DigestOutputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Instant;
import org.apache.commons.io.output.NullOutputStream;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.crypto.InvalidCipherTextException;

/* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/HandleCrypto.class */
public class HandleCrypto {
    protected static Logger log = LogManager.getLogger(HandleCrypto.class);
    private static final byte[] DUMMY_BUF = new byte[4096];
    public static final String SHA_256 = "SHA256";

    /* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/HandleCrypto$Attachment.class */
    public static class Attachment {
        public static synchronized DigestInputStream decryptAndHashAttachmentAsStream(AttachmentDTO attachmentDTO, EncryptedDataDTO encryptedDataDTO, AESHandler aESHandler) throws GeneralSecurityException, IllegalStateException, InvalidCipherTextException, BeaAttachmentHashException {
            AESHandler aESHandler2 = new AESHandler(aESHandler.decrypt(encryptedDataDTO));
            String symEncAlgorithm = attachmentDTO.getSymEncAlgorithm();
            return HandleCrypto.digestInputStream(aESHandler2.decrypt(attachmentDTO.getIv(), (symEncAlgorithm == null || !symEncAlgorithm.endsWith("gcm")) ? new ByteArrayInputStream(attachmentDTO.getData()) : new TagAppendingInputStream(new ByteArrayInputStream(attachmentDTO.getData()), attachmentDTO.getTag()), symEncAlgorithm), attachmentDTO.getHashAlgorithm());
        }

        public static synchronized AttachmentDTO encrypt(File file, EncryptedDataDTO encryptedDataDTO, AESHandler aESHandler, String str, X509Certificate x509Certificate, String str2, String str3, Long l, String str4) throws GeneralSecurityException, IOException, IllegalStateException, InvalidCipherTextException {
            byte[] decrypt = aESHandler.decrypt(encryptedDataDTO);
            byte[][] encrypt = new AESHandler(decrypt).encrypt(file, str, str4);
            String attachmentHashAlgorithm = getAttachmentHashAlgorithm();
            Instant now = Instant.now();
            byte[] encrypt2 = RSAEncrypter.encrypt(decrypt, x509Certificate);
            BeaServerLogger.getInstance().writeToInfoLogIfEncryptionAndDecryptionFeatureToggleActive(str4, BeaServerLogger.getInstance().createLogEntryForPerformanceCheck("RSA encryption for attachment", x509Certificate.getPublicKey(), now, Instant.now(), new String[0]));
            return AttachmentDTO.builder().withKey(encrypt2).withSymEncAlgorithm(str).withIv(encrypt[0]).withData(encrypt[1]).withTag(encrypt[2]).withReference(HandleCrypto.getValidFileName(str2)).withAlias(str3).withHashValue(HandleCrypto.generateAttachmentHash(file, attachmentHashAlgorithm)).withSizeKB(l).withHashAlgorithm(attachmentHashAlgorithm).withSizeEncryptedKB(Long.valueOf(SizeConvertUtil.getFileSizeInKB(encrypt[1].length).longValue())).build();
        }

        public static synchronized AttachmentDTO encrypt(byte[] bArr, EncryptedDataDTO encryptedDataDTO, AESHandler aESHandler, String str, X509Certificate x509Certificate, String str2, String str3, Long l, String str4) throws GeneralSecurityException, IOException, IllegalStateException, InvalidCipherTextException {
            byte[] decrypt = aESHandler.decrypt(encryptedDataDTO);
            byte[][] encrypt = new AESHandler(decrypt).encrypt(bArr, str, str4);
            String attachmentHashAlgorithm = getAttachmentHashAlgorithm();
            Instant now = Instant.now();
            byte[] encrypt2 = RSAEncrypter.encrypt(decrypt, x509Certificate);
            BeaServerLogger.getInstance().writeToInfoLogIfEncryptionAndDecryptionFeatureToggleActive(str4, BeaServerLogger.getInstance().createLogEntryForPerformanceCheck("RSA encryption for attachment", x509Certificate.getPublicKey(), now, Instant.now(), new String[0]));
            return AttachmentDTO.builder().withKey(encrypt2).withSymEncAlgorithm(str).withIv(encrypt[0]).withData(encrypt[1]).withTag(encrypt[2]).withReference(HandleCrypto.getValidFileName(str2)).withAlias(str3).withHashValue(HandleCrypto.generateAttachmentHash(bArr, attachmentHashAlgorithm)).withSizeKB(l).withHashAlgorithm(attachmentHashAlgorithm).withSizeEncryptedKB(Long.valueOf(SizeConvertUtil.getFileSizeInKB(encrypt[1].length).longValue())).build();
        }

        private static String getAttachmentHashAlgorithm() {
            String attachmentHashAlgorithm = BeaToolkitContext.getInstance().getAttachmentHashAlgorithm();
            return StringUtils.isNotEmpty(attachmentHashAlgorithm) ? attachmentHashAlgorithm : HandleCrypto.SHA_256;
        }
    }

    /* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/HandleCrypto$ForMessage.class */
    public static class ForMessage {
        public static synchronized void decrypt(MessageDTO messageDTO, AESHandler aESHandler) throws GeneralSecurityException, IllegalStateException, InvalidCipherTextException {
            for (EncryptedObject encryptedObject : messageDTO.getEncryptedObject()) {
                encryptedObject.setEnc_data(new AESHandler(aESHandler.decrypt(encryptedObject.getEncKeyInfo()[0].getEncKey())).decrypt(encryptedObject.getIv(), encryptedObject.getEnc_data(), encryptedObject.getTag(), messageDTO.getSymEncAlgorithm()));
            }
            decryptSubject(messageDTO.getMetaData().getSubject(), aESHandler);
        }

        public static synchronized void encrypt(MessageDTO messageDTO, AESHandler aESHandler, String str) throws GeneralSecurityException, IllegalStateException, InvalidCipherTextException, UnsupportedEncodingException {
            byte[] bArr = null;
            AESHandler aESHandler2 = null;
            for (EncryptedObject encryptedObject : messageDTO.getEncryptedObject()) {
                EncKeyInfo encKeyInfo = encryptedObject.getEncKeyInfo()[0];
                if (null == encryptedObject.getEncKeyInfo()[0].getEncKey().getIv() || null == encryptedObject.getEncKeyInfo()[0].getEncKey().getTag()) {
                    encKeyInfo.setEncCertificate(messageDTO.getMetaData().getSender().getCertificate());
                    aESHandler2 = new AESHandler(bArr);
                    byte[][] encrypt = aESHandler2.encrypt(encryptedObject.getEnc_data(), messageDTO.getSymEncAlgorithm(), str);
                    encryptedObject.setIv(encrypt[0]);
                    encryptedObject.setEnc_data(encrypt[1]);
                    encryptedObject.setTag(encrypt[2]);
                    encKeyInfo.setSafeId(messageDTO.getMetaData().getSender().getSafeId());
                } else {
                    byte[] decrypt = aESHandler.decrypt(encKeyInfo.getEncKey());
                    bArr = decrypt;
                    aESHandler2 = new AESHandler(decrypt);
                    byte[][] encrypt2 = aESHandler2.encrypt(encryptedObject.getEnc_data(), messageDTO.getSymEncAlgorithm(), str);
                    encryptedObject.setIv(encrypt2[0]);
                    encryptedObject.setEnc_data(encrypt2[1]);
                    encryptedObject.setTag(encrypt2[2]);
                    encKeyInfo.setEncCertificate(messageDTO.getMetaData().getSender().getCertificate());
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(encKeyInfo.getEncCertificate()));
                    Instant now = Instant.now();
                    encKeyInfo.getEncKey().setValue(RSAEncrypter.encrypt(decrypt, x509Certificate));
                    BeaServerLogger.getInstance().writeToInfoLogIfEncryptionAndDecryptionFeatureToggleActive(str, BeaServerLogger.getInstance().createLogEntryForPerformanceCheck("RSA encryption for message", x509Certificate.getPublicKey(), now, Instant.now(), new String[0]));
                    encKeyInfo.getEncKey().setIv((byte[]) null);
                    encKeyInfo.getEncKey().setTag((byte[]) null);
                }
            }
            if (messageDTO.getAttachments() != null) {
                for (AttachmentDTO attachmentDTO : messageDTO.getAttachments()) {
                    X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(messageDTO.getMetaData().getSender().getCertificate()));
                    Instant now2 = Instant.now();
                    attachmentDTO.setKey(RSAEncrypter.encrypt(bArr, x509Certificate2));
                    BeaServerLogger.getInstance().writeToInfoLogIfEncryptionAndDecryptionFeatureToggleActive(str, BeaServerLogger.getInstance().createLogEntryForPerformanceCheck("RSA encryption for message", x509Certificate2.getPublicKey(), now2, Instant.now(), new String[0]));
                }
            }
            encryptSubject(messageDTO.getMetaData().getSubject(), aESHandler2, BeaToolkitContext.getInstance().getSymmetricSubjectEncryption());
        }

        public static synchronized void encryptSubject(EncryptedDataDTO encryptedDataDTO, AESHandler aESHandler, String str) throws GeneralSecurityException {
            byte[][] encryptSubject = aESHandler.encryptSubject(encryptedDataDTO.getValue(), str);
            encryptedDataDTO.setIv(encryptSubject[0]);
            encryptedDataDTO.setValue(encryptSubject[1]);
            encryptedDataDTO.setTag(encryptSubject[2]);
        }

        public static synchronized MessageDTO encryptEGVPSubject(String str, MessageDTO messageDTO, AESHandler aESHandler, String str2) throws GeneralSecurityException, IllegalStateException, InvalidCipherTextException, UnsupportedEncodingException {
            byte[] decrypt = aESHandler.decrypt(messageDTO.getEncryptedObject()[0].getEncKeyInfo()[0].getEncKey());
            AESHandler aESHandler2 = new AESHandler(decrypt);
            byte[] certificate = ((RecipientDTO) messageDTO.getMetaData().getAddressee().get(0)).getCertificate();
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(certificate));
            byte[][] encryptSubject = aESHandler2.encryptSubject(str.getBytes(BeaToolkitContext.getInstance().getDefaultEncoding()), BeaToolkitContext.getInstance().getSymmetricSubjectEncryption());
            SubjectDTO subject = messageDTO.getMetaData().getSubject();
            subject.setIv(encryptSubject[0]);
            subject.setValue(encryptSubject[1]);
            subject.setTag(encryptSubject[2]);
            messageDTO.getMetaData().setSubject(subject);
            MessageDTO messageDTO2 = new MessageDTO();
            messageDTO2.setMetaData(messageDTO.getMetaData());
            EncryptedObject encryptedObject = new EncryptedObject();
            EncKeyInfo encKeyInfo = new EncKeyInfo();
            EncryptedDataDTO encryptedDataDTO = new EncryptedDataDTO();
            Instant now = Instant.now();
            encryptedDataDTO.setValue(RSAEncrypter.encrypt(decrypt, x509Certificate));
            BeaServerLogger.getInstance().writeToInfoLogIfEncryptionAndDecryptionFeatureToggleActive(str2, BeaServerLogger.getInstance().createLogEntryForPerformanceCheck("RSA encryption for message", x509Certificate.getPublicKey(), now, Instant.now(), "EGVPsubject"));
            encKeyInfo.setEncKey(encryptedDataDTO);
            encKeyInfo.setEncCertificate(certificate);
            encryptedObject.setEncKeyInfo(new EncKeyInfo[]{encKeyInfo});
            messageDTO2.setEncryptedObject(new EncryptedObject[]{encryptedObject});
            return messageDTO2;
        }

        private static void decryptSubject(EncryptedDataDTO encryptedDataDTO, AESHandler aESHandler) throws GeneralSecurityException, IllegalStateException, InvalidCipherTextException {
            if (encryptedDataDTO.getValue() != null) {
                encryptedDataDTO.setValue(aESHandler.decrypt(encryptedDataDTO));
                encryptedDataDTO.setIv((byte[]) null);
                encryptedDataDTO.setTag((byte[]) null);
            }
        }
    }

    /* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/HandleCrypto$ForMessageOverview.class */
    public static class ForMessageOverview {
        private static final Logger LOG = LogManager.getLogger(ForMessageOverview.class);

        public static synchronized void decrypt(FolderOverviewDTO folderOverviewDTO, AESHandler aESHandler) throws GeneralSecurityException, IllegalStateException, InvalidCipherTextException, UnsupportedEncodingException {
            for (MessageOverviewDTO messageOverviewDTO : folderOverviewDTO.getMessageOverviews()) {
                try {
                    messageOverviewDTO.getEncSubject().setValue((messageOverviewDTO.getEncSubject() != null ? new String(aESHandler.decrypt(messageOverviewDTO.getEncSubject()), BeaToolkitContext.getInstance().getDefaultEncoding()) : "---").getBytes(BeaToolkitContext.getInstance().getDefaultEncoding()));
                } catch (GeneralSecurityException e) {
                    LOG.error("can not encrypt subject from message with id " + messageOverviewDTO.getMessageId());
                }
            }
        }
    }

    /* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/HandleCrypto$TagAppendingInputStream.class */
    public static class TagAppendingInputStream extends FilterInputStream {
        byte[] tag;
        int tagPointer;

        public TagAppendingInputStream(InputStream inputStream, byte[] bArr) {
            super(inputStream);
            this.tagPointer = 0;
            this.tag = bArr;
        }

        @Override // java.io.FilterInputStream, java.io.InputStream
        public int read() throws IOException {
            int read = super.read();
            if (read != -1) {
                return read;
            }
            byte[] bArr = this.tag;
            int i = this.tagPointer;
            this.tagPointer = i + 1;
            return 255 & bArr[i];
        }

        @Override // java.io.FilterInputStream, java.io.InputStream
        public int read(byte[] bArr) throws IOException {
            return read(bArr, 0, bArr.length);
        }

        @Override // java.io.FilterInputStream, java.io.InputStream
        public int read(byte[] bArr, int i, int i2) throws IOException {
            int read = super.read(bArr, i, i2);
            if (read == -1) {
                if (this.tagPointer == this.tag.length) {
                    return -1;
                }
                int i3 = i;
                while (i3 < i + i2 && this.tagPointer < this.tag.length) {
                    byte[] bArr2 = this.tag;
                    int i4 = this.tagPointer;
                    this.tagPointer = i4 + 1;
                    bArr[i3] = bArr2[i4];
                    i3++;
                }
                read = 0 + i3;
            }
            return read;
        }
    }

    private HandleCrypto() {
    }

    public static String getValidFileName(String str) {
        return str.replace("ü", "ü").replace("ö", "ö").replace("ä", "ä").replace("Ü", "Ü").replace("Ö", "Ö").replace("Ä", "Ä").replace('/', ' ').replace(':', ' ').replace('*', ' ').replace('?', ' ').replace('\\', ' ').replace('<', ' ').replace('>', ' ').replace('|', ' ').replace('\\', ' ').replace('&', ' ').replace('\n', ' ').replace('\r', ' ');
    }

    public static String generateAttachmentHash(byte[] bArr, String str) throws NoSuchAlgorithmException {
        return Base64.toBase64String(MessageDigest.getInstance(str).digest(bArr));
    }

    public static String generateAttachmentHash(File file, String str) throws NoSuchAlgorithmException, IOException {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        FileInputStream fileInputStream = new FileInputStream(file);
        DigestOutputStream digestOutputStream = new DigestOutputStream(NullOutputStream.NULL_OUTPUT_STREAM, messageDigest);
        long size = Files.size(file.toPath());
        byte[] bArr = new byte[1048576];
        int i = 0;
        int read = fileInputStream.read(bArr);
        while (true) {
            int i2 = read;
            if (i2 <= 0) {
                digestOutputStream.close();
                fileInputStream.close();
                return Base64.toBase64String(messageDigest.digest());
            }
            digestOutputStream.write(bArr, 0, i2);
            i += i2 / 1024;
            log.info("hashed " + i + " [kb] out of " + (size / 1024) + "[kb]");
            read = fileInputStream.read(bArr);
        }
    }

    public static DigestInputStream digestInputStream(InputStream inputStream, String str) throws NoSuchAlgorithmException {
        return new DigestInputStream(inputStream, StringUtils.isNotEmpty(str) ? MessageDigest.getInstance(str) : StringUtils.isNotEmpty(BeaToolkitContext.getInstance().getAttachmentHashAlgorithm()) ? MessageDigest.getInstance(BeaToolkitContext.getInstance().getAttachmentHashAlgorithm()) : MessageDigest.getInstance(SHA_256));
    }

    public static void readAndDiscardFully(InputStream inputStream) throws IOException {
        do {
        } while (inputStream.read(DUMMY_BUF) != -1);
    }
}
