package com.mulesoft.connectors.rosettanet.extension.crypto.signature;

import com.mulesoft.connectors.rosettanet.extension.internal.rnif.MimeUtils;
import com.mulesoft.connectors.rosettanet.extension.internal.utils.RosettaNetBouncyCastleProvider;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.activation.CommandMap;
import javax.activation.MailcapCommandMap;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMultipart;
import org.bouncycastle.shaded.cert.jcajce.JcaCertStore;
import org.bouncycastle.shaded.cert.jcajce.JcaCertStoreBuilder;
import org.bouncycastle.shaded.cms.SignerInformation;
import org.bouncycastle.shaded.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.shaded.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.shaded.cms.jcajce.JcaX509CertSelectorConverter;
import org.bouncycastle.shaded.mail.smime.SMIMESigned;
import org.bouncycastle.shaded.mail.smime.SMIMESignedGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mulesoft/connectors/rosettanet/extension/crypto/signature/MultiPartCryptoSigner.class */
public class MultiPartCryptoSigner implements CryptoSigner {
    private static final Logger logger = LoggerFactory.getLogger(MultiPartCryptoSigner.class);
    private KeyStore keyStore;
    private String signAlias;
    private char[] keyPass;
    private JcaX509CertSelectorConverter selectorConverter;

    /* loaded from: input_file:com/mulesoft/connectors/rosettanet/extension/crypto/signature/MultiPartCryptoSigner$ValidationInformation.class */
    public static class ValidationInformation {
        private final byte[] digestValue;
        private final String certificateAlias;

        private ValidationInformation(byte[] bArr, String str) {
            this.digestValue = bArr;
            this.certificateAlias = str;
        }

        public byte[] getDigestValue() {
            return this.digestValue;
        }

        public String getCertificateAlias() {
            return this.certificateAlias;
        }
    }

    public MultiPartCryptoSigner(KeyStore keyStore, String str, char[] cArr) {
        this.selectorConverter = new JcaX509CertSelectorConverter();
        this.keyStore = keyStore;
        this.signAlias = str;
        this.keyPass = cArr;
    }

    public MultiPartCryptoSigner(KeyStore keyStore) {
        this(keyStore, null, null);
    }

    @Override // com.mulesoft.connectors.rosettanet.extension.crypto.signature.CryptoSigner
    public MimeMultipart sign(MimeMultipart mimeMultipart) {
        try {
            X509Certificate x509Certificate = (X509Certificate) this.keyStore.getCertificate(this.signAlias);
            PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(this.signAlias, this.keyPass);
            SMIMESignedGenerator sMIMESignedGenerator = new SMIMESignedGenerator();
            sMIMESignedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(RosettaNetBouncyCastleProvider.getBouncyCastleProvider()).build("SHA1withRSA", privateKey, x509Certificate));
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            sMIMESignedGenerator.addCertificates(new JcaCertStore(arrayList));
            MimeBodyPart mimeBodyPart = new MimeBodyPart();
            mimeBodyPart.setContent(mimeMultipart);
            return sMIMESignedGenerator.generate(mimeBodyPart);
        } catch (Exception e) {
            throw new RuntimeException("Error creating message signature", e);
        }
    }

    @Override // com.mulesoft.connectors.rosettanet.extension.crypto.signature.CryptoSigner
    public boolean isSigned(MimeMultipart mimeMultipart) {
        return MimeSignedUtils.getSigned(mimeMultipart) != null;
    }

    @Override // com.mulesoft.connectors.rosettanet.extension.crypto.signature.CryptoSigner
    public MimeMultipart getSignedContent(MimeMultipart mimeMultipart) {
        return MimeSignedUtils.getSignedContent(mimeMultipart);
    }

    @Override // com.mulesoft.connectors.rosettanet.extension.crypto.signature.CryptoSigner
    public List<ValidationInformation> validateSignature(MimeMultipart mimeMultipart) {
        SMIMESigned signed = MimeSignedUtils.getSigned(mimeMultipart);
        return (List) MimeUtils.runJavaMail(() -> {
            JcaCertStoreBuilder jcaCertStoreBuilder = new JcaCertStoreBuilder();
            jcaCertStoreBuilder.addCertificates(signed.getCertificates());
            jcaCertStoreBuilder.setProvider(RosettaNetBouncyCastleProvider.getBouncyCastleProvider());
            ArrayList arrayList = new ArrayList();
            try {
                CertStore build = jcaCertStoreBuilder.build();
                for (SignerInformation signerInformation : signed.getSignerInfos().getSigners()) {
                    Iterator<? extends Certificate> it = build.getCertificates(this.selectorConverter.getCertSelector(signerInformation.getSID())).iterator();
                    while (it.hasNext()) {
                        X509Certificate x509Certificate = (X509Certificate) it.next();
                        if (verifySigningCertificate(x509Certificate, signerInformation)) {
                            Enumeration<String> aliases = this.keyStore.aliases();
                            while (aliases.hasMoreElements()) {
                                String nextElement = aliases.nextElement();
                                if (this.keyStore.getCertificate(nextElement).equals(x509Certificate)) {
                                    logger.debug("Found certificate in keystore with alias " + nextElement);
                                    arrayList.add(new ValidationInformation(signerInformation.getContentDigest(), nextElement));
                                }
                            }
                        }
                    }
                }
                return arrayList;
            } catch (Exception e) {
                throw new RuntimeException("Error in message signature verification", e);
            }
        });
    }

    private boolean verifySigningCertificate(X509Certificate x509Certificate, SignerInformation signerInformation) throws Exception {
        String name = x509Certificate.getSubjectDN().getName();
        logger.debug("Checking signature with certificate for " + name + " from truststore");
        JcaSimpleSignerInfoVerifierBuilder jcaSimpleSignerInfoVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder();
        jcaSimpleSignerInfoVerifierBuilder.setProvider(RosettaNetBouncyCastleProvider.getBouncyCastleProvider());
        if (signerInformation.verify(jcaSimpleSignerInfoVerifierBuilder.build(x509Certificate.getPublicKey()))) {
            logger.debug("Signature validation succeeded with certificate for " + name);
            return true;
        }
        logger.debug("Signature validation failed with certificate for " + name);
        return false;
    }

    static {
        final MailcapCommandMap defaultCommandMap = CommandMap.getDefaultCommandMap();
        defaultCommandMap.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.shaded.mail.smime.handlers.pkcs7_signature");
        defaultCommandMap.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.shaded.mail.smime.handlers.pkcs7_mime");
        defaultCommandMap.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.shaded.mail.smime.handlers.x_pkcs7_signature");
        defaultCommandMap.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.shaded.mail.smime.handlers.x_pkcs7_mime");
        defaultCommandMap.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.shaded.mail.smime.handlers.multipart_signed");
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.mulesoft.connectors.rosettanet.extension.crypto.signature.MultiPartCryptoSigner.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                CommandMap.setDefaultCommandMap(defaultCommandMap);
                return null;
            }
        });
    }
}
