package de.papp.model.util;

import de.papp.common.exceptions.FaultException;
import de.papp.common.exceptions.GeneralFaultTypes;
import de.papp.model.content.ContentXmlConverter;
import de.papp.model.messages.PappMessageDTO;
import de.papp.model.messages.attachment.AttachmentHeader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.util.Base64;
import java.util.Collections;
import java.util.Iterator;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSProcessableFile;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.KeyTransRecipientInformation;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaAlgorithmParametersConverter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:de/papp/model/util/PappMessageEncryptionTool.class */
public class PappMessageEncryptionTool {
    private static ContentXmlConverter contentXmlConverter = new ContentXmlConverter();

    @NotNull
    public static synchronized PappMessageDTO encryptMessage(@NotNull PappMessageDTO pappMessageDTO, @NotNull PublicKey publicKey, @NotNull X509Certificate x509Certificate, @NotNull KeyPair keyPair) {
        if (pappMessageDTO.isEncrypted()) {
            return pappMessageDTO;
        }
        try {
            return new PappMessageDTO(pappMessageDTO.getIdentifier(), pappMessageDTO.getReceiverIdentifier(), signAndEncryptData(pappMessageDTO.getHeader(), publicKey, keyPair, x509Certificate), signAndEncryptData(pappMessageDTO.getBody(), publicKey, keyPair, x509Certificate), pappMessageDTO.getAttachmentIds(), pappMessageDTO.getExpirationDate(), pappMessageDTO.getSchemaVersion(), true, pappMessageDTO.isPushable());
        } catch (Throwable th) {
            throw new FaultException(GeneralFaultTypes.UNKNOWN, th);
        }
    }

    @NotNull
    public static byte[] signAndEncryptData(@NotNull byte[] bArr, @NotNull PublicKey publicKey, @NotNull KeyPair keyPair, @NotNull X509Certificate x509Certificate) throws OperatorCreationException, CertificateException, CMSException, IOException, InvalidAlgorithmParameterException {
        return bArr.length == 0 ? bArr : encryptData(signData(new CMSProcessableByteArray(bArr), keyPair, x509Certificate), publicKey);
    }

    @NotNull
    private static byte[] encryptData(@NotNull CMSSignedData cMSSignedData, @NotNull PublicKey publicKey) throws CMSException, InvalidAlgorithmParameterException, IOException {
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        JceKeyTransRecipientInfoGenerator jceKeyTransRecipientInfoGenerator = new JceKeyTransRecipientInfoGenerator("publicOSKey".getBytes(), new JcaAlgorithmParametersConverter().getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), PSource.PSpecified.DEFAULT)), publicKey);
        jceKeyTransRecipientInfoGenerator.setProvider("BC");
        cMSEnvelopedDataGenerator.addRecipientInfoGenerator(jceKeyTransRecipientInfoGenerator);
        return cMSEnvelopedDataGenerator.generate(new CMSProcessableByteArray(cMSSignedData.getEncoded()), new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES256_CBC).setProvider("BC").build()).getEncoded();
    }

    @NotNull
    private static CMSSignedData signData(@NotNull CMSTypedData cMSTypedData, @NotNull KeyPair keyPair, @NotNull X509Certificate x509Certificate) throws CertificateEncodingException, OperatorCreationException, CMSException {
        ContentSigner build = new JcaContentSignerBuilder("SHA512withRSA").setProvider("BC").build(keyPair.getPrivate());
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(build, x509Certificate));
        cMSSignedDataGenerator.addCertificates(new JcaCertStore(Collections.singletonList(x509Certificate)));
        return cMSSignedDataGenerator.generate(cMSTypedData, true);
    }

    @NotNull
    public static PappMessageDTO decryptMessage(@NotNull PappMessageDTO pappMessageDTO, @NotNull PrivateKey privateKey) {
        try {
            PappMessageDTO pappMessageDTO2 = new PappMessageDTO(pappMessageDTO.getIdentifier(), pappMessageDTO.getReceiverIdentifier(), decrypt(privateKey, pappMessageDTO.getHeader()), decrypt(privateKey, pappMessageDTO.getBody()), pappMessageDTO.getAttachmentIds(), pappMessageDTO.getExpirationDate(), pappMessageDTO.getSchemaVersion(), false, pappMessageDTO.isPushable());
            pappMessageDTO2.setIdentifier(pappMessageDTO.getIdentifier());
            return pappMessageDTO2;
        } catch (Throwable th) {
            throw new FaultException(GeneralFaultTypes.UNKNOWN, th);
        }
    }

    public static boolean verifyMessage(@NotNull PappMessageDTO pappMessageDTO, @NotNull PrivateKey privateKey, @NotNull PublicKey publicKey) {
        try {
            verifyMessage(privateKey, publicKey, pappMessageDTO.getBody());
            return true;
        } catch (IllegalStateException e) {
            return false;
        } catch (Throwable th) {
            throw new FaultException(GeneralFaultTypes.UNKNOWN, th);
        }
    }

    @NotNull
    private static byte[] verifyMessage(@NotNull PrivateKey privateKey, @NotNull PublicKey publicKey, @NotNull byte[] bArr) throws CMSException, OperatorCreationException {
        CMSSignedData cMSSignedData = new CMSSignedData(((KeyTransRecipientInformation) new CMSEnvelopedData(bArr).getRecipientInfos().getRecipients().stream().findFirst().orElseThrow(() -> {
            return new RuntimeException("Konnte Empfänger nicht finden.");
        })).getContent(new JceKeyTransEnvelopedRecipient(privateKey).setProvider("BC")));
        SignerInformationStore signerInfos = cMSSignedData.getSignerInfos();
        byte[] bArr2 = (byte[]) cMSSignedData.getSignedContent().getContent();
        Iterator it = signerInfos.getSigners().iterator();
        while (it.hasNext()) {
            try {
                if (!((SignerInformation) it.next()).verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey))) {
                    throw new IllegalStateException("Cannot verify message!");
                }
            } catch (CMSException e) {
                throw new IllegalStateException("Cannot verify message!", e);
            }
        }
        return bArr2;
    }

    @NotNull
    private static byte[] decrypt(@NotNull PrivateKey privateKey, @NotNull byte[] bArr) throws CMSException {
        return bArr.length == 0 ? bArr : (byte[]) new CMSSignedData(((KeyTransRecipientInformation) new CMSEnvelopedData(bArr).getRecipientInfos().getRecipients().stream().findFirst().orElseThrow(() -> {
            return new RuntimeException("Konnte Empfänger nicht finden.");
        })).getContent(new JceKeyTransEnvelopedRecipient(privateKey).setProvider("BC"))).getSignedContent().getContent();
    }

    @NotNull
    public static byte[] signAndEncryptFile(@NotNull File file, @NotNull PublicKey publicKey, @NotNull KeyPair keyPair, @NotNull X509Certificate x509Certificate) throws OperatorCreationException, CertificateException, CMSException, IOException, InvalidAlgorithmParameterException {
        return encryptData(signData(new CMSProcessableFile(file), keyPair, x509Certificate), publicKey);
    }

    public static void decryptFile(@NotNull OutputStream outputStream, @NotNull KeyPair keyPair, @NotNull byte[] bArr) throws CMSException, IOException {
        outputStream.write(decrypt(keyPair.getPrivate(), bArr));
    }

    @NotNull
    public static String encryptAttachmentHeaderToBase64(@NotNull AttachmentHeader attachmentHeader, @NotNull PublicKey publicKey, @NotNull KeyPair keyPair, @NotNull X509Certificate x509Certificate) throws OperatorCreationException, CertificateException, InvalidAlgorithmParameterException, CMSException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        contentXmlConverter.write(byteArrayOutputStream, attachmentHeader);
        return Base64.getEncoder().encodeToString(signAndEncryptData(byteArrayOutputStream.toByteArray(), publicKey, keyPair, x509Certificate));
    }

    @NotNull
    public static AttachmentHeader decryptAttachmentHeader(@NotNull byte[] bArr, @NotNull KeyPair keyPair) throws CMSException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decrypt(keyPair.getPrivate(), bArr));
        Throwable th = null;
        try {
            try {
                AttachmentHeader attachmentHeader = (AttachmentHeader) contentXmlConverter.read(AttachmentHeader.class, byteArrayInputStream);
                if (byteArrayInputStream != null) {
                    if (0 != 0) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                return attachmentHeader;
            } finally {
            }
        } catch (Throwable th3) {
            if (byteArrayInputStream != null) {
                if (th != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
            throw th3;
        }
    }
}
