package net.markenwerk.utils.mail.dkim;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import net.iharder.Base64;

/* loaded from: input_file:net/markenwerk/utils/mail/dkim/DomainKey.class */
public final class DomainKey {
    private static final String RSA_MODE = "RSA/ECB/NoPadding";
    private static final String DKIM_VERSION = "DKIM1";
    private static final String RSA_KEY_TYPE = "rsa";
    private static final String EMAIL_SERVICE_TYPE = "email";
    private final long timestamp = System.currentTimeMillis();
    private final Pattern granularity;
    private final Set<String> serviceTypes;
    private final RSAPublicKey publicKey;
    private final Map<Character, String> tags;

    public DomainKey(Map<Character, String> map) throws DkimException {
        this.tags = Collections.unmodifiableMap(map);
        if (!DKIM_VERSION.equals(getTagValue('v', DKIM_VERSION))) {
            throw new DkimException("Incompatible version v=" + getTagValue('v') + ".");
        }
        this.granularity = getGranularityPattern(getTagValue('g', "*"));
        if (!RSA_KEY_TYPE.equals(getTagValue('k', RSA_KEY_TYPE))) {
            throw new DkimException("Incompatible key type k=" + getTagValue('k') + ".");
        }
        this.serviceTypes = getServiceTypes(getTagValue('s', "*"));
        if (!this.serviceTypes.contains("*") && !this.serviceTypes.contains(EMAIL_SERVICE_TYPE)) {
            throw new DkimException("Incompatible service type s=" + getTagValue('s') + ".");
        }
        String tagValue = getTagValue('p');
        if (null == tagValue) {
            throw new DkimException("No public key available.");
        }
        this.publicKey = getPublicKey(tagValue);
    }

    private Set<String> getServiceTypes(String str) {
        HashSet hashSet = new HashSet();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ":", false);
        while (stringTokenizer.hasMoreElements()) {
            hashSet.add(stringTokenizer.nextToken().trim());
        }
        return hashSet;
    }

    private String getTagValue(char c) {
        return getTagValue(c, null);
    }

    private String getTagValue(char c, String str) {
        String str2 = this.tags.get(Character.valueOf(c));
        return null == str2 ? str : str2;
    }

    private RSAPublicKey getPublicKey(String str) throws DkimException {
        try {
            return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(str)));
        } catch (IOException e) {
            throw new DkimException("The public key " + str + " couldn't be read.");
        } catch (NoSuchAlgorithmException e2) {
            throw new DkimException("RSA algorithm not found by JVM");
        } catch (InvalidKeySpecException e3) {
            throw new DkimException("The public key " + str + " couldn't be decoded.");
        }
    }

    private Pattern getGranularityPattern(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, "*", true);
        StringBuffer stringBuffer = new StringBuffer();
        while (stringTokenizer.hasMoreElements()) {
            String nextToken = stringTokenizer.nextToken();
            if ("*".equals(nextToken)) {
                stringBuffer.append(".*");
            } else {
                stringBuffer.append(Pattern.quote(nextToken));
            }
        }
        return Pattern.compile(stringBuffer.toString());
    }

    public long getTimestamp() {
        return this.timestamp;
    }

    public Pattern getGranularity() {
        return this.granularity;
    }

    public Set<String> getServiceTypes() {
        return this.serviceTypes;
    }

    public RSAPublicKey getPublicKey() {
        return this.publicKey;
    }

    public Map<Character, String> getTags() {
        return this.tags;
    }

    public String toString() {
        return "Entry [timestamp=" + this.timestamp + ", tags=" + this.tags + "]";
    }

    public void check(String str, RSAPrivateKey rSAPrivateKey) throws DkimSigningException {
        if (!this.granularity.matcher(null == str ? "" : str.substring(0, str.indexOf(64))).matches()) {
            throw new DkimAcceptanceException("Incompatible identity (" + str + ") for granularity g=" + getTagValue('g') + " ");
        }
        try {
            Cipher cipher = Cipher.getInstance(RSA_MODE);
            byte[] bArr = new byte[this.publicKey.getModulus().bitLength() / 8];
            int length = bArr.length;
            for (int i = 0; i < length; i++) {
                bArr[i] = (byte) i;
            }
            cipher.init(1, rSAPrivateKey);
            byte[] doFinal = cipher.doFinal(bArr);
            cipher.init(2, this.publicKey);
            if (!Arrays.equals(bArr, cipher.doFinal(doFinal))) {
                throw new DkimAcceptanceException("Incompatible private key for public key p=" + getTagValue('p') + " ");
            }
        } catch (InvalidKeyException e) {
            throw new DkimSigningException("Performing RSA cryptography failed.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new DkimSigningException("No JCE provider supports RSA/ECB/NoPadding ciphers.", e2);
        } catch (BadPaddingException e3) {
            throw new DkimSigningException("Performing RSA cryptography failed.", e3);
        } catch (IllegalBlockSizeException e4) {
            throw new DkimSigningException("Performing RSA cryptography failed.", e4);
        } catch (NoSuchPaddingException e5) {
            throw new DkimSigningException("No JCE provider supports RSA/ECB/NoPadding ciphers.", e5);
        }
    }
}
