package hk.hku.cecid.piazza.commons.security;

import hk.hku.cecid.edi.as2.pkg.AS2Header;
import hk.hku.cecid.piazza.commons.activation.Mailcap;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.security.DigestInputStream;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.activation.CommandInfo;
import javax.activation.CommandMap;
import javax.activation.MailcapCommandMap;
import javax.mail.Session;
import javax.mail.internet.InternetHeaders;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMultipart;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
import org.bouncycastle.asn1.smime.SMIMECapability;
import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
import org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.cms.jcajce.ZlibCompressor;
import org.bouncycastle.cms.jcajce.ZlibExpanderProvider;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMECompressed;
import org.bouncycastle.mail.smime.SMIMECompressedGenerator;
import org.bouncycastle.mail.smime.SMIMEEnveloped;
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESigned;
import org.bouncycastle.mail.smime.SMIMESignedGenerator;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.util.encoders.Base64;

/* JADX WARN: Classes with same name are omitted:
  input_file:hermes2_bin.zip:webapps/corvus/WEB-INF/lib/piazza-commons-1.0.jar:hk/hku/cecid/piazza/commons/security/SMimeMessage.class
 */
/* loaded from: input_file:hermes2_bin.zip:sample/lib/piazza-commons.jar:hk/hku/cecid/piazza/commons/security/SMimeMessage.class */
public class SMimeMessage {
    private static Mailcap[] mailcaps;
    public static final String DIGEST_ALG_MD5 = SMIMESignedGenerator.DIGEST_MD5;
    public static final String DIGEST_ALG_SHA1 = SMIMESignedGenerator.DIGEST_SHA1;
    public static final String ENCRYPT_ALG_DES_EDE3_CBC = SMIMEEnvelopedGenerator.DES_EDE3_CBC;
    public static final String ENCRYPT_ALG_RC2_CBC = SMIMEEnvelopedGenerator.RC2_CBC;
    public static final String CONTENT_TRANSFER_ENC_BASE64 = "base64";
    public static final String CONTENT_TRANSFER_ENC_BINARY = "binary";
    private static final String SECURITY_PROVIDER = "BC";
    private MimeBodyPart bodyPart;
    private Session session;
    private PrivateKey privateKey;
    private X509Certificate cert;
    private String digestAlgorithm;
    private String encryptAlgorithm;
    private String contentTransferEncoding;

    public SMimeMessage(MimeBodyPart mimeBodyPart) {
        this(mimeBodyPart, (X509Certificate) null);
    }

    public SMimeMessage(MimeBodyPart mimeBodyPart, X509Certificate x509Certificate) {
        this(mimeBodyPart, x509Certificate, null, null);
    }

    public SMimeMessage(MimeBodyPart mimeBodyPart, X509Certificate x509Certificate, Session session) {
        this(mimeBodyPart, x509Certificate, null, session);
    }

    public SMimeMessage(MimeBodyPart mimeBodyPart, X509Certificate x509Certificate, PrivateKey privateKey) {
        this(mimeBodyPart, x509Certificate, privateKey, null);
    }

    public SMimeMessage(MimeBodyPart mimeBodyPart, X509Certificate x509Certificate, PrivateKey privateKey, Session session) {
        this.bodyPart = mimeBodyPart;
        this.cert = x509Certificate;
        this.privateKey = privateKey;
        this.session = session;
    }

    protected SMimeMessage(MimeBodyPart mimeBodyPart, SMimeMessage sMimeMessage) {
        this(mimeBodyPart, sMimeMessage.cert, sMimeMessage.privateKey, sMimeMessage.session);
        this.digestAlgorithm = sMimeMessage.digestAlgorithm;
        this.encryptAlgorithm = sMimeMessage.encryptAlgorithm;
        this.contentTransferEncoding = sMimeMessage.contentTransferEncoding;
    }

    public SMimeMessage sign() throws SMimeException {
        String str;
        try {
            if (this.privateKey == null) {
                throw new SMimeException("Private key not found");
            }
            try {
                setDefaults();
                SMIMECapabilityVector sMIMECapabilityVector = new SMIMECapabilityVector();
                sMIMECapabilityVector.addCapability(SMIMECapability.dES_EDE3_CBC);
                sMIMECapabilityVector.addCapability(SMIMECapability.rC2_CBC, 128);
                sMIMECapabilityVector.addCapability(SMIMECapability.dES_CBC);
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                aSN1EncodableVector.add(new SMIMEEncryptionKeyPreferenceAttribute(new IssuerAndSerialNumber(new X509Name(this.cert.getIssuerDN().getName()), this.cert.getSerialNumber())));
                aSN1EncodableVector.add(new SMIMECapabilitiesAttribute(sMIMECapabilityVector));
                SMIMESignedGenerator sMIMESignedGenerator = new SMIMESignedGenerator();
                sMIMESignedGenerator.setContentTransferEncoding(getContentTransferEncoding());
                String algorithm = MessageDigest.getInstance(getDigestAlgorithm(), "BC").getAlgorithm();
                boolean z = -1;
                switch (algorithm.hashCode()) {
                    case 76158:
                        if (algorithm.equals(MessageDigestAlgorithms.MD5)) {
                            z = true;
                            break;
                        }
                        break;
                    case 78861104:
                        if (algorithm.equals("SHA-1")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        str = "SHA1withRSA";
                        break;
                    case true:
                        str = "MD5withRSA";
                        break;
                    default:
                        throw new SMimeException("Unsupported digest algorithm: " + algorithm);
                }
                sMIMESignedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC").setSignedAttributeGenerator(new AttributeTable(aSN1EncodableVector)).build(str, this.privateKey, this.cert));
                ArrayList arrayList = new ArrayList();
                arrayList.add(this.cert);
                sMIMESignedGenerator.addCertificates(new JcaCertStore(arrayList));
                MimeMultipart generate = sMIMESignedGenerator.generate(this.bodyPart);
                InternetHeaders internetHeaders = new InternetHeaders();
                internetHeaders.setHeader("Content-Type", new Boolean(System.getProperty("mail.mime.foldtext", "true")).booleanValue() ? generate.getContentType() : generate.getContentType().replaceAll("\\s", " "));
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                generate.writeTo(byteArrayOutputStream);
                return new SMimeMessage(new MimeBodyPart(internetHeaders, byteArrayOutputStream.toByteArray()), this);
            } catch (SMIMEException e) {
                throw new SMimeException(e.getMessage(), e.getUnderlyingException());
            }
        } catch (Exception e2) {
            throw new SMimeException("Unable to sign body part", e2);
        }
    }

    public SMimeMessage unsign() throws SMimeException {
        try {
            setDefaults();
            MimeBodyPart content = new SMIMESigned((MimeMultipart) this.bodyPart.getContent()).getContent();
            if (content == null) {
                throw new SMimeException("No signed part");
            }
            return new SMimeMessage(content, this);
        } catch (Exception e) {
            e = e;
            if (e instanceof CMSException) {
                e = ((CMSException) e).getUnderlyingException();
            }
            throw new SMimeException("Unable to unsign body part", e);
        }
    }

    public SMimeMessage verify() throws SMimeException {
        return verify(this.cert);
    }

    public SMimeMessage verify(X509Certificate x509Certificate) throws SMimeException {
        try {
            if (x509Certificate == null) {
                throw new SMimeException("No certificate for verification");
            }
            setDefaults();
            SMIMESigned sMIMESigned = new SMIMESigned((MimeMultipart) this.bodyPart.getContent());
            Iterator<SignerInformation> it = sMIMESigned.getSignerInfos().getSigners().iterator();
            while (it.hasNext()) {
                if (!it.next().verify(new BcRSASignerInfoVerifierBuilder(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(new JcaX509CertificateHolder(x509Certificate)))) {
                    throw new SMimeException("Verification failed");
                }
            }
            MimeBodyPart content = sMIMESigned.getContent();
            if (content == null) {
                throw new SMimeException("Unable to extract signed part");
            }
            return new SMimeMessage(content, this);
        } catch (Exception e) {
            e = e;
            if (e instanceof CMSException) {
                e = ((CMSException) e).getUnderlyingException();
            }
            throw new SMimeException("Unable to verify body part", e);
        }
    }

    public SMimeMessage encrypt() throws SMimeException {
        return encrypt(this.cert);
    }

    public SMimeMessage encrypt(X509Certificate x509Certificate) throws SMimeException {
        try {
            try {
                if (x509Certificate == null) {
                    throw new SMimeException("No certificate for encryption");
                }
                setDefaults();
                SMIMEEnvelopedGenerator sMIMEEnvelopedGenerator = new SMIMEEnvelopedGenerator();
                sMIMEEnvelopedGenerator.setContentTransferEncoding(getContentTransferEncoding());
                sMIMEEnvelopedGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(x509Certificate).setProvider("BC"));
                return new SMimeMessage(sMIMEEnvelopedGenerator.generate(this.bodyPart, new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(getEncryptAlgorithm())).setProvider("BC").build()), this);
            } catch (SMIMEException e) {
                throw new SMimeException(e.getMessage(), e.getUnderlyingException());
            }
        } catch (Exception e2) {
            throw new SMimeException("Unable to encrypt body part", e2);
        }
    }

    public SMimeMessage decrypt() throws SMimeException {
        return decrypt(this.privateKey);
    }

    public SMimeMessage decrypt(PrivateKey privateKey) throws SMimeException {
        if (privateKey == null) {
            throw new SMimeException("Private key not found");
        }
        try {
            setDefaults();
            SMIMEEnveloped sMIMEEnveloped = new SMIMEEnveloped(this.bodyPart);
            RecipientInformation recipientInformation = sMIMEEnveloped.getRecipientInfos().get(new JceKeyTransRecipientId(this.cert));
            if (recipientInformation == null) {
                throw new SMimeException("Invalid encrypted content");
            }
            JceKeyTransEnvelopedRecipient jceKeyTransEnvelopedRecipient = new JceKeyTransEnvelopedRecipient(privateKey);
            jceKeyTransEnvelopedRecipient.setProvider("BC");
            return new SMimeMessage(new MimeBodyPart(new ByteArrayInputStream(recipientInformation.getContent(jceKeyTransEnvelopedRecipient))), this);
        } catch (Exception e) {
            throw new SMimeException("Unable to decrypt body part", e);
        }
    }

    public SMimeMessage compress() throws SMimeException {
        try {
            try {
                setDefaults();
                SMIMECompressedGenerator sMIMECompressedGenerator = new SMIMECompressedGenerator();
                sMIMECompressedGenerator.setContentTransferEncoding(getContentTransferEncoding());
                return new SMimeMessage(sMIMECompressedGenerator.generate(this.bodyPart, new ZlibCompressor()), this);
            } catch (SMIMEException e) {
                throw new SMimeException(e.getMessage(), e.getUnderlyingException());
            }
        } catch (Exception e2) {
            throw new SMimeException("Unable to compress body part", e2);
        }
    }

    public SMimeMessage decompress() throws SMimeException {
        try {
            setDefaults();
            return new SMimeMessage(new MimeBodyPart(new ByteArrayInputStream(new SMIMECompressed(this.bodyPart).getContent(new ZlibExpanderProvider()))), this);
        } catch (Exception e) {
            throw new SMimeException("Unable to decompress body part", e);
        }
    }

    public String digest() throws SMimeException {
        return digest(getDigestAlgorithm(), true);
    }

    public String digest(String str, boolean z) throws SMimeException {
        InputStream inputStream;
        if (str == null) {
            try {
                str = DIGEST_ALG_SHA1;
            } catch (Exception e) {
                throw new SMimeException("Unable to compute message digest", e);
            }
        }
        MessageDigest messageDigest = MessageDigest.getInstance(str, "BC");
        if (z) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            this.bodyPart.writeTo(byteArrayOutputStream);
            inputStream = canonicalize(byteArrayOutputStream.toByteArray());
        } else {
            inputStream = this.bodyPart.getInputStream();
        }
        DigestInputStream digestInputStream = new DigestInputStream(inputStream, messageDigest);
        do {
        } while (digestInputStream.read(new byte[1024]) >= 0);
        return new String(Base64.encode(digestInputStream.getMessageDigest().digest()));
    }

    private static InputStream canonicalize(byte[] bArr) {
        if (bArr == null) {
            bArr = new byte[0];
        }
        int i = 0;
        for (int i2 = 0; i2 + 1 < bArr.length && bArr[i2] == 13 && bArr[i2 + 1] == 10; i2 += 2) {
            i += 2;
        }
        return new ByteArrayInputStream(bArr, i, bArr.length);
    }

    public boolean isEncrypted() throws SMimeException {
        try {
            String contentType = this.bodyPart.getContentType();
            if (contentType != null) {
                if (contentType.toLowerCase().indexOf("enveloped-data") != -1) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            throw new SMimeException("Unable to check if body part is encrypted.", e);
        }
    }

    public boolean isCompressed() throws SMimeException {
        try {
            String contentType = this.bodyPart.getContentType();
            if (contentType != null) {
                if (contentType.toLowerCase().indexOf("compressed-data") != -1) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            throw new SMimeException("Unable to check if body part is compressed.", e);
        }
    }

    public boolean isSigned() throws SMimeException {
        try {
            return this.bodyPart.isMimeType(AS2Header.CONTENT_TYPE_MULTIPART_SIGNED);
        } catch (Exception e) {
            throw new SMimeException("Unable to check if body part is signed.", e);
        }
    }

    public MimeBodyPart getBodyPart() {
        return this.bodyPart;
    }

    public String getDigestAlgorithm() {
        if (this.digestAlgorithm != null) {
            return this.digestAlgorithm;
        }
        if (this.privateKey == null) {
            return null;
        }
        return "DSA".equals(this.privateKey.getAlgorithm()) ? DIGEST_ALG_SHA1 : DIGEST_ALG_MD5;
    }

    public void setDigestAlgorithm(String str) {
        this.digestAlgorithm = str;
    }

    public String getEncryptAlgorithm() {
        return this.encryptAlgorithm == null ? ENCRYPT_ALG_DES_EDE3_CBC : this.encryptAlgorithm;
    }

    public void setEncryptAlgorithm(String str) {
        this.encryptAlgorithm = str;
    }

    public String getContentTransferEncoding() {
        return this.contentTransferEncoding == null ? CONTENT_TRANSFER_ENC_BASE64 : this.contentTransferEncoding;
    }

    public void setContentTransferEncoding(String str) {
        this.contentTransferEncoding = str;
    }

    private void setDefaults() {
        MailcapCommandMap mailcapCommandMap = (MailcapCommandMap) CommandMap.getDefaultCommandMap();
        for (int i = 0; i < mailcaps.length; i++) {
            CommandInfo command = mailcapCommandMap.getCommand(mailcaps[i].getMimeType(), mailcaps[i].getCommandName());
            if (command == null || !command.getCommandClass().equals(mailcaps[i].getClassName())) {
                mailcapCommandMap.addMailcap(mailcaps[i].toString());
            }
        }
        CommandMap.setDefaultCommandMap(mailcapCommandMap);
    }

    static {
        mailcaps = null;
        mailcaps = new Mailcap[]{new Mailcap("application/pkcs7-signature", "content-handler", "org.bouncycastle.mail.smime.handlers.pkcs7_signature"), new Mailcap("application/pkcs7-mime", "content-handler", "org.bouncycastle.mail.smime.handlers.pkcs7_mime"), new Mailcap("application/x-pkcs7-signature", "content-handler", "org.bouncycastle.mail.smime.handlers.x_pkcs7_signature"), new Mailcap("application/x-pkcs7-mime", "content-handler", "org.bouncycastle.mail.smime.handlers.x_pkcs7_mime"), new Mailcap(AS2Header.CONTENT_TYPE_MULTIPART_SIGNED, "content-handler", "org.bouncycastle.mail.smime.handlers.multipart_signed"), new Mailcap("text/xml", "content-handler", "com.sun.mail.handlers.text_xml")};
        Security.addProvider(new BouncyCastleProvider());
    }
}
