package eu.peppol.as2;

import eu.peppol.security.KeystoreManager;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.mail.BodyPart;
import javax.mail.MessagingException;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMESignedParser;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/peppol/as2/SignedMimeMessageInspector.class */
public class SignedMimeMessageInspector {
    private static final Logger log = LoggerFactory.getLogger(SignedMimeMessageInspector.class);
    private static final String PROVIDER_NAME = "BC";
    private final MimeMessage mimeMessage;
    private X509Certificate signersX509Certificate;

    public SignedMimeMessageInspector(MimeMessage mimeMessage) {
        Security.addProvider(new BouncyCastleProvider());
        this.mimeMessage = mimeMessage;
        verifyContentType();
        parseSignedMessage();
    }

    private void verifyContentType() {
        try {
            log.debug("Verifying " + this.mimeMessage.getClass().getName() + " with content type " + this.mimeMessage.getContentType());
            String contentType = ((MimeMultipart) this.mimeMessage.getContent()).getContentType();
            if (contentType.startsWith("multipart/signed")) {
            } else {
                throw new IllegalStateException("MimeMessage is not multipart/signed, it is : " + contentType);
            }
        } catch (Exception e) {
            throw new IllegalStateException("Unable to retrieve content type from MimeMessage. " + e.getMessage(), e);
        }
    }

    void parseSignedMessage() {
        try {
            SMIMESignedParser sMIMESignedParser = new SMIMESignedParser((MimeMultipart) this.mimeMessage.getContent());
            try {
                Store certificates = sMIMESignedParser.getCertificates();
                try {
                    Iterator it = sMIMESignedParser.getSignerInfos().getSigners().iterator();
                    if (!it.hasNext()) {
                        throw new IllegalStateException("There is no signer information available");
                    }
                    SignerInformation signerInformation = (SignerInformation) it.next();
                    Iterator it2 = certificates.getMatches(signerInformation.getSID()).iterator();
                    if (!it2.hasNext()) {
                        throw new IllegalStateException("Signers certificate was not found, unable to verify the signature");
                    }
                    try {
                        this.signersX509Certificate = new JcaX509CertificateConverter().setProvider(PROVIDER_NAME).getCertificate((X509CertificateHolder) it2.next());
                        try {
                            if (!signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(PROVIDER_NAME).build(this.signersX509Certificate))) {
                                throw new IllegalStateException("Verification of signer failed");
                            }
                            log.debug("Verify the certificate issuer : " + this.signersX509Certificate.getIssuerDN().toString());
                            validateCertificate(this.signersX509Certificate);
                        } catch (OperatorCreationException e) {
                            throw new IllegalStateException("Unable to verify the signer. " + e.getMessage(), e);
                        } catch (CMSException e2) {
                            throw new IllegalStateException("Unable to verify the signer. " + e2.getMessage(), e2);
                        }
                    } catch (CertificateException e3) {
                        throw new IllegalStateException("Unable to fetch certificate for signer. " + e3.getMessage(), e3);
                    }
                } catch (CMSException e4) {
                    throw new IllegalStateException("Unable to get the Signer information from message. " + e4.getMessage(), e4);
                }
            } catch (CMSException e5) {
                throw new IllegalStateException("Unable to retrieve the certificates from signed message.");
            }
        } catch (MessagingException e6) {
            throw new IllegalStateException("Unable to get content of message." + e6.getMessage(), e6);
        } catch (IOException e7) {
            throw new IllegalStateException("Unable to get content of message. " + e7.getMessage(), e7);
        } catch (CMSException e8) {
            throw new IllegalStateException("Unable to get content of message. " + e8.getMessage(), e8);
        }
    }

    private void validateCertificate(X509Certificate x509Certificate) {
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(arrayList);
            PKIXParameters pKIXParameters = new PKIXParameters(KeystoreManager.getInstance().getPeppolTruststore());
            pKIXParameters.setRevocationEnabled(false);
            log.debug("Trusted cert was : {}", ((PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX", PROVIDER_NAME).validate(generateCertPath, pKIXParameters)).getTrustAnchor().getTrustedCert().getSubjectDN().toString());
        } catch (Exception e) {
            throw new IllegalStateException("Unable to trust the signer : " + e.getMessage(), e);
        }
    }

    public InputStream getPayload() {
        try {
            return ((MimeMultipart) this.mimeMessage.getContent()).getBodyPart(0).getInputStream();
        } catch (MessagingException e) {
            throw new IllegalStateException("Unable to access the contents of the payload in first body part. " + e.getMessage(), e);
        } catch (IOException e2) {
            throw new IllegalStateException("Unable to access the contents of the payload in first body part. " + e2.getMessage(), e2);
        }
    }

    public MimeMessage getMimeMessage() {
        return this.mimeMessage;
    }

    public X509Certificate getSignersX509Certificate() {
        return this.signersX509Certificate;
    }

    public Mic calculateMic(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str, PROVIDER_NAME);
            BodyPart bodyPart = ((MimeMultipart) this.mimeMessage.getContent()).getBodyPart(0);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            bodyPart.writeTo(byteArrayOutputStream);
            messageDigest.update(byteArrayOutputStream.toByteArray());
            return new Mic(new String(Base64.encode(messageDigest.digest())), str);
        } catch (MessagingException e) {
            throw new IllegalStateException("Unable to handle mime body part. " + e.getMessage(), e);
        } catch (IOException e2) {
            throw new IllegalStateException("Unable to read data from digest input. " + e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new IllegalStateException(str + " not found", e3);
        } catch (NoSuchProviderException e4) {
            throw new IllegalStateException("Security provider BC not found. Do you have BouncyCastle on your path?");
        }
    }

    private InputStream getInputStreamForMimeMessage() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            getMimeMessage().writeTo(byteArrayOutputStream);
            return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            throw new IllegalStateException("Unable to write MIME message to byte array output stream: " + e.getMessage(), e);
        } catch (MessagingException e2) {
            throw new IllegalStateException("Unable to read contents of MIME message; " + e2.getMessage(), e2);
        }
    }
}
