package mitm.common.security.smime.handler;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.cert.CertSelector;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.mail.MessagingException;
import javax.mail.Part;
import javax.mail.internet.MimeMessage;
import mitm.common.mail.BodyPartUtils;
import mitm.common.mail.HeaderUtils;
import mitm.common.security.PKISecurityServices;
import mitm.common.security.certificate.CertificateUtils;
import mitm.common.security.certificate.X509CertificateInspector;
import mitm.common.security.certificate.validator.CertificateValidator;
import mitm.common.security.certificate.validator.CertificateValidatorChain;
import mitm.common.security.certificate.validator.IsValidForSMIMESigning;
import mitm.common.security.certificate.validator.PKITrustCheckCertificateValidatorFactory;
import mitm.common.security.cms.CryptoMessageSyntaxException;
import mitm.common.security.cms.RecipientInfo;
import mitm.common.security.cms.SignerIdentifier;
import mitm.common.security.cms.SignerInfo;
import mitm.common.security.cms.SignerInfoException;
import mitm.common.security.smime.SMIMEEncryptionAlgorithm;
import mitm.common.security.smime.SMIMEEnvelopedInspector;
import mitm.common.security.smime.SMIMEInspector;
import mitm.common.security.smime.SMIMESecurityInfoHeader;
import mitm.common.security.smime.SMIMESignedInspector;
import mitm.common.security.smime.SMIMEType;
import mitm.common.util.BigIntegerUtils;
import mitm.common.util.Check;
import mitm.common.util.HexUtils;
import mitm.common.util.MiscStringUtils;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.ObjectUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class SMIMEInfoHandlerImpl implements SMIMEInfoHandler {
    private static final int DEFAULT_MAX_HEADER_LENGTH = 4096;
    private static final int DEFAULT_MAX_RECIPIENTS = 50;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SMIMEInfoHandlerImpl.class);
    private final PKISecurityServices securityServices;
    private int maxHeaderLength = 4096;
    private int maxRecipients = 50;
    private boolean addCertificates = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: mitm.common.security.smime.handler.SMIMEInfoHandlerImpl$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$mitm$common$security$smime$SMIMEType;

        static {
            int[] iArr = new int[SMIMEType.values().length];
            $SwitchMap$mitm$common$security$smime$SMIMEType = iArr;
            try {
                iArr[SMIMEType.SIGNED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$mitm$common$security$smime$SMIMEType[SMIMEType.ENCRYPTED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$mitm$common$security$smime$SMIMEType[SMIMEType.COMPRESSED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public SMIMEInfoHandlerImpl(PKISecurityServices pKISecurityServices) {
        Check.notNull(pKISecurityServices, "securityServices");
        this.securityServices = pKISecurityServices;
    }

    private void addSignerIdentifierInfo(Part part, int i, SignerInfo signerInfo, SignerIdentifier signerIdentifier, int i2) throws MessagingException {
        setHeader(SMIMESecurityInfoHeader.SIGNER_ID + i, ObjectUtils.toString(signerIdentifier.getIssuer()) + "/" + BigIntegerUtils.hexEncode(signerIdentifier.getSerialNumber()) + "/" + HexUtils.hexEncode(signerIdentifier.getSubjectKeyIdentifier(), "") + "/" + signerInfo.getEncryptionAlgorithmOID(), i2, part);
    }

    private MimeMessage handleCompressed(MimeMessage mimeMessage, SMIMEInspector sMIMEInspector, int i) throws MessagingException {
        setHeader(SMIMESecurityInfoHeader.COMPRESSED, "True", i, mimeMessage);
        return mimeMessage;
    }

    private MimeMessage handleEncrypted(MimeMessage mimeMessage, SMIMEInspector sMIMEInspector, int i, boolean z) throws MessagingException {
        SMIMEEnvelopedInspector envelopedInspector = sMIMEInspector.getEnvelopedInspector();
        String encryptionAlgorithmOID = envelopedInspector.getEncryptionAlgorithmOID();
        SMIMEEncryptionAlgorithm fromOID = SMIMEEncryptionAlgorithm.fromOID(encryptionAlgorithmOID);
        if (fromOID != null) {
            encryptionAlgorithmOID = fromOID.toString();
            try {
                encryptionAlgorithmOID = encryptionAlgorithmOID + ", Key size: " + SMIMEEncryptionAlgorithm.getKeySize(fromOID, envelopedInspector.getEncryptionAlgorithmParameters());
            } catch (CryptoMessageSyntaxException unused) {
                logger.error("Error getting encryption algorithm parameters");
            }
        }
        setHeader(SMIMESecurityInfoHeader.ENCRYPTION_ALGORITHM, encryptionAlgorithmOID, i, mimeMessage);
        try {
            List<RecipientInfo> recipients = envelopedInspector.getRecipients();
            int size = recipients.size();
            if (size > this.maxRecipients) {
                logger.warn("There are more recipients but the maximum has been reached.");
                size = this.maxRecipients;
            }
            for (int i2 = 0; i2 < size; i2++) {
                setHeader(SMIMESecurityInfoHeader.ENCRYPTION_RECIPIENT + i2, recipients.get(i2).toString(), i, mimeMessage);
            }
            onEncrypted(mimeMessage, sMIMEInspector, i, z);
            return mimeMessage;
        } catch (CryptoMessageSyntaxException e) {
            throw new MessagingException("Error getting encryption recipients.", e);
        }
    }

    private MimeMessage handlePart(MimeMessage mimeMessage, SMIMEInspector sMIMEInspector, int i, boolean z) throws MessagingException {
        int i2 = AnonymousClass1.$SwitchMap$mitm$common$security$smime$SMIMEType[sMIMEInspector.getSMIMEType().ordinal()];
        return i2 != 1 ? i2 != 2 ? i2 != 3 ? mimeMessage : handleCompressed(mimeMessage, sMIMEInspector, i) : handleEncrypted(mimeMessage, sMIMEInspector, i, z) : handleSigned(mimeMessage, sMIMEInspector, i);
    }

    private MimeMessage handleSigned(MimeMessage mimeMessage, SMIMEInspector sMIMEInspector, int i) throws MessagingException {
        List<X509Certificate> list;
        int i2;
        Boolean bool;
        SMIMESignedInspector signedInspector = sMIMEInspector.getSignedInspector();
        Boolean bool2 = null;
        try {
            list = signedInspector.getCertificates();
        } catch (CryptoMessageSyntaxException e) {
            logger.error("Error getting certificates from signed message.", (Throwable) e);
            list = null;
        }
        HashSet hashSet = new HashSet();
        try {
            List<SignerInfo> signers = signedInspector.getSigners();
            Boolean bool3 = null;
            for (0; i2 < signers.size(); i2 + 1) {
                try {
                    SignerInfo signerInfo = signers.get(i2);
                    try {
                        SignerIdentifier signerId = signerInfo.getSignerId();
                        addSignerIdentifierInfo(mimeMessage, i2, signerInfo, signerId, i);
                        try {
                            CertSelector selector = signerId.getSelector();
                            Collection<X509Certificate> matchingCertificates = CertificateUtils.getMatchingCertificates(list, selector);
                            if (matchingCertificates.size() == 0 && this.securityServices.getKeyAndCertStore() != null) {
                                try {
                                    matchingCertificates = this.securityServices.getKeyAndCertStore().getCertificates(selector);
                                } catch (CertStoreException e2) {
                                    logger.error("Error getting certificates from the CertStore.", (Throwable) e2);
                                }
                            }
                            X509Certificate next = (matchingCertificates == null || matchingCertificates.size() <= 0) ? null : matchingCertificates.iterator().next();
                            if (next != null) {
                                bool = !verifySignature(mimeMessage, i2, signerInfo, next, i) ? false : null;
                                try {
                                    if (!verifySigningCertificate(mimeMessage, i2, next, list, i)) {
                                        bool = false;
                                    }
                                    if (bool == null) {
                                        bool = true;
                                    }
                                    try {
                                        hashSet.addAll(new X509CertificateInspector(next).getEmail());
                                    } catch (Exception e3) {
                                        logger.error("Error getting email addresses", (Throwable) e3);
                                    }
                                } catch (Throwable th) {
                                    th = th;
                                    bool2 = bool;
                                    if (BooleanUtils.isTrue(bool2) && bool3 == null) {
                                        Boolean.valueOf(true);
                                    }
                                    if (BooleanUtils.isFalse(bool2)) {
                                        Boolean.valueOf(false);
                                    }
                                    throw th;
                                }
                            } else {
                                logger.warn("Signing certificate could not be found.");
                                setHeader(SMIMESecurityInfoHeader.SIGNER_VERIFIED + i2, "False", i, mimeMessage);
                                setHeader(SMIMESecurityInfoHeader.SIGNER_VERIFICATION_INFO + i2, "Signing certificate could not be found.", i, mimeMessage);
                                bool = null;
                            }
                            if (BooleanUtils.isTrue(bool) && bool3 == null) {
                                bool3 = true;
                            }
                        } catch (IOException e4) {
                            logger.error("Error getting selector for signer", (Throwable) e4);
                            if (BooleanUtils.isTrue(null) && bool3 == null) {
                                bool3 = true;
                            }
                            if (!BooleanUtils.isFalse(null)) {
                            }
                        }
                    } catch (IOException e5) {
                        logger.error("Error getting signerId", (Throwable) e5);
                        if (BooleanUtils.isTrue(null) && bool3 == null) {
                            bool3 = true;
                        }
                        if (!BooleanUtils.isFalse(null)) {
                        }
                    }
                    i2 = BooleanUtils.isFalse(bool) ? 0 : i2 + 1;
                    bool3 = false;
                } catch (Throwable th2) {
                    th = th2;
                }
            }
            onSigned(mimeMessage, sMIMEInspector, i, BooleanUtils.isTrue(bool3), hashSet);
            return mimeMessage;
        } catch (CryptoMessageSyntaxException e6) {
            throw new MessagingException("Error getting signers.", e6);
        }
    }

    private void setHeader(String str, String str2, int i, Part part) throws MessagingException {
        if (str2 == null) {
            str2 = "";
        }
        String str3 = str + "-" + Integer.toString(i);
        String restrictLength = MiscStringUtils.restrictLength(str2, this.maxHeaderLength);
        try {
            restrictLength = HeaderUtils.encodeHeaderValue(str3, restrictLength);
        } catch (UnsupportedEncodingException e) {
            logger.warn("Header value cannot be encoded. Message: " + e.getMessage());
        }
        part.setHeader(str3, restrictLength);
    }

    private String signingCertificateNotTrusted(Part part, int i, String str, int i2) throws MessagingException {
        String str2 = (str != null ? "Signing certificate not trusted. Message: " + str : "Signing certificate not trusted") + ". Timestamp: " + System.currentTimeMillis();
        setHeader(SMIMESecurityInfoHeader.SIGNER_TRUSTED + i, "False", i2, part);
        setHeader(SMIMESecurityInfoHeader.SIGNER_TRUSTED_INFO + i, str2, i2, part);
        return str2;
    }

    private void signingCertificateNotTrusted(Part part, int i, Throwable th, int i2) throws MessagingException {
        Throwable rootCause = ExceptionUtils.getRootCause(th);
        if (rootCause == null) {
            rootCause = th;
        }
        logger.error(signingCertificateNotTrusted(part, i, rootCause.getMessage(), i2), th);
    }

    private boolean verifySignature(Part part, int i, SignerInfo signerInfo, X509Certificate x509Certificate, int i2) throws MessagingException {
        try {
            if (!signerInfo.verify(x509Certificate.getPublicKey())) {
                throw new SignerInfoException("Message content cannot be verified with the signers public key.");
            }
            setHeader(SMIMESecurityInfoHeader.SIGNER_VERIFIED + i, "True", i2, part);
            return true;
        } catch (SignerInfoException e) {
            String str = "Signature could not be verified. Message: " + e.getMessage();
            Logger logger2 = logger;
            if (logger2.isDebugEnabled()) {
                logger2.warn(str, (Throwable) e);
            } else {
                logger2.warn(str);
            }
            setHeader(SMIMESecurityInfoHeader.SIGNER_VERIFIED + i, "False", i2, part);
            setHeader(SMIMESecurityInfoHeader.SIGNER_VERIFICATION_INFO + i, str, i2, part);
            return false;
        }
    }

    private boolean verifySigningCertificate(Part part, int i, X509Certificate x509Certificate, Collection<? extends Certificate> collection, int i2) throws MessagingException {
        CertificateValidatorChain certificateValidatorChain = new CertificateValidatorChain();
        boolean z = false;
        certificateValidatorChain.addValidators(new IsValidForSMIMESigning());
        CertificateValidator[] certificateValidatorArr = new CertificateValidator[1];
        PKITrustCheckCertificateValidatorFactory pKITrustCheckCertificateValidatorFactory = this.securityServices.getPKITrustCheckCertificateValidatorFactory();
        if (!this.addCertificates) {
            collection = null;
        }
        certificateValidatorArr[0] = pKITrustCheckCertificateValidatorFactory.createValidator(collection);
        certificateValidatorChain.addValidators(certificateValidatorArr);
        try {
            z = certificateValidatorChain.isValid(x509Certificate);
            if (z) {
                setHeader(SMIMESecurityInfoHeader.SIGNER_TRUSTED + i, "True", i2, part);
            } else {
                signingCertificateNotTrusted(part, i, certificateValidatorChain.getFailureMessage(), i2);
            }
        } catch (CertificateException e) {
            signingCertificateNotTrusted(part, i, e, i2);
        }
        return z;
    }

    public int getMaxHeaderLength() {
        return this.maxHeaderLength;
    }

    public int getMaxRecipients() {
        return this.maxRecipients;
    }

    protected MimeMessage handle(MimeMessage mimeMessage, SMIMEInspector sMIMEInspector, int i, boolean z) throws SMIMEHandlerException {
        try {
            MimeMessage handlePart = handlePart(mimeMessage, sMIMEInspector, i, z);
            return handlePart != null ? BodyPartUtils.toMessage(handlePart) : mimeMessage;
        } catch (Exception e) {
            logger.error("Error handling part.", (Throwable) e);
            return mimeMessage;
        }
    }

    @Override // mitm.common.security.smime.handler.SMIMEInfoHandler
    public MimeMessage handle(MimeMessage mimeMessage, SMIMEHandler sMIMEHandler, int i) throws SMIMEHandlerException {
        return handle(mimeMessage, sMIMEHandler.getSMIMEInspector(), i, sMIMEHandler.isDecrypted());
    }

    public boolean isAddCertificates() {
        return this.addCertificates;
    }

    protected void onEncrypted(MimeMessage mimeMessage, SMIMEInspector sMIMEInspector, int i, boolean z) throws MessagingException {
    }

    protected void onSigned(MimeMessage mimeMessage, SMIMEInspector sMIMEInspector, int i, boolean z, Set<String> set) throws MessagingException {
    }

    public void setAddCertificates(boolean z) {
        this.addCertificates = z;
    }

    public void setMaxHeaderLength(int i) {
        this.maxHeaderLength = i;
    }

    public void setMaxRecipients(int i) {
        this.maxRecipients = i;
    }
}
