package com.inet.helpdesk.plugins.pgp.server.processor;

import com.inet.helpdesk.core.HDLogger;
import com.inet.helpdesk.core.mail.AutoMailerFactory;
import com.inet.helpdesk.core.utils.MailAttachmentUtilities;
import com.inet.helpdesk.core.utils.PartHandler;
import com.inet.helpdesk.plugins.pgp.server.dao.KeyDataAccessor;
import com.inet.helpdesk.plugins.pgp.server.mail.DecryptedMimeMessage;
import com.inet.lib.util.IOFunctions;
import com.inet.mail.api.processor.InMailProcessor;
import com.inet.plugin.ServerPluginManager;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.activation.DataHandler;
import javax.annotation.Nullable;
import javax.annotation.SuppressFBWarnings;
import javax.mail.Address;
import javax.mail.BodyPart;
import javax.mail.Header;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.Multipart;
import javax.mail.Part;
import javax.mail.Session;
import javax.mail.internet.ContentType;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import javax.mail.util.ByteArrayDataSource;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;

/* loaded from: input_file:com/inet/helpdesk/plugins/pgp/server/processor/PGPInMailProcessor.class */
public class PGPInMailProcessor implements InMailProcessor {
    private static final String MARKER_BEGIN_PGP_MESSAGE = "-----BEGIN PGP MESSAGE-----";
    private static final long LOCAL_CACHE_DURATION = 10000;
    public static final String MAIL_TEMPLATE_NAME = "pgpkeyreceived";
    private static final int MAX_PART_SIZE_FOR_KEY_EXTRACT = 262144;
    private PGPSecretKeyRingCollection secretKeyRing;
    private KeyDataAccessor dataAccessor;
    private long secretKeyRingTimestamp;
    private Charset charset = Charset.forName("US-ASCII");
    private Set<String> encryptedAttachmentSuffixSet = new HashSet();

    public PGPInMailProcessor() {
        this.encryptedAttachmentSuffixSet.add("pgp");
        this.encryptedAttachmentSuffixSet.add("gpg");
    }

    public void setDataAccessor(KeyDataAccessor keyDataAccessor) {
        this.dataAccessor = keyDataAccessor;
    }

    public Message process(Message message) {
        if (this.dataAccessor == null) {
            return message;
        }
        if (getSecretKeyRingCollection() == null) {
            HDLogger.error("No valid private key configured. PGPPlugin won't work.");
            return message;
        }
        try {
            Message decryptMail = decryptMail(message);
            try {
                extractPublicKeys(decryptMail);
            } catch (SQLException e) {
                HDLogger.error(e);
            }
            return decryptMail;
        } catch (Throwable th) {
            HDLogger.error(th);
            return message;
        }
    }

    private Message decryptMail(Message message) throws MessagingException, IOException, PGPException {
        String mimeType = getMimeType(message);
        if (mimeType.equals("multipart/encrypted")) {
            Object content = message.getContent();
            if (content instanceof Multipart) {
                MimeBodyPart decryptMultipart = decryptMultipart((Multipart) content);
                MimeMessage createMimeMessageWithSameHeaders = createMimeMessageWithSameHeaders(message, message.getSession());
                Multipart multipart = (Multipart) decryptMultipart.getContent();
                createMimeMessageWithSameHeaders.setContent(multipart, decryptMultipart.getContentType());
                copyHeadersFromDecryptedPartToMessage(createMimeMessageWithSameHeaders, multipart);
                createMimeMessageWithSameHeaders.saveChanges();
                try {
                    this.dataAccessor.incrementUseCounter("");
                } catch (SQLException e) {
                    HDLogger.error(e);
                }
                if (HDLogger.isInfo()) {
                    HDLogger.info("PGPPlugin: Decrypted PGP/MIME mail from " + message.getHeader("From"));
                }
                return createMimeMessageWithSameHeaders;
            }
        } else if (mimeType.equals("text/plain")) {
            Object content2 = message.getContent();
            if (content2 instanceof String) {
                String str = (String) content2;
                if (str.indexOf(MARKER_BEGIN_PGP_MESSAGE) != -1) {
                    byte[] decrypt = decrypt(new ByteArrayInputStream(str.getBytes(this.charset)));
                    MimeMessage createMimeMessageWithSameHeaders2 = createMimeMessageWithSameHeaders(message, message.getSession());
                    createMimeMessageWithSameHeaders2.setDataHandler(new DataHandler(new ByteArrayDataSource(decrypt, message.getContentType())));
                    try {
                        this.dataAccessor.incrementUseCounter("");
                    } catch (SQLException e2) {
                        HDLogger.error(e2);
                    }
                    if (HDLogger.isInfo()) {
                        HDLogger.info("PGPPlugin: Decrypted Inline PGP mail from " + Arrays.asList(message.getHeader("From")));
                    }
                    return createMimeMessageWithSameHeaders2;
                }
            }
        } else if (mimeType.equals("multipart/mixed")) {
            Object content3 = message.getContent();
            if (content3 instanceof Multipart) {
                Multipart multipart2 = (Multipart) content3;
                boolean z = false;
                int count = multipart2.getCount();
                int i = 0;
                while (true) {
                    if (i >= count) {
                        break;
                    }
                    BodyPart bodyPart = multipart2.getBodyPart(i);
                    if (getMimeType(bodyPart).equals("text/plain")) {
                        if (String.valueOf(bodyPart.getContent()).contains(MARKER_BEGIN_PGP_MESSAGE)) {
                            z = true;
                            break;
                        }
                        i++;
                    } else {
                        if (this.encryptedAttachmentSuffixSet.contains(lowerCaseSuffixOf(bodyPart.getFileName()))) {
                            z = true;
                            break;
                        }
                        i++;
                    }
                }
                if (z) {
                    MimeMultipart mimeMultipart = new MimeMultipart();
                    for (int i2 = 0; i2 < count; i2++) {
                        BodyPart bodyPart2 = multipart2.getBodyPart(i2);
                        Object content4 = bodyPart2.getContent();
                        String mimeType2 = getMimeType(bodyPart2);
                        if (mimeType2.equals("text/plain") && (content4 instanceof String)) {
                            String str2 = (String) content4;
                            if (str2.indexOf(MARKER_BEGIN_PGP_MESSAGE) != -1) {
                                byte[] decrypt2 = decrypt(new ByteArrayInputStream(str2.getBytes(this.charset)));
                                bodyPart2 = new MimeBodyPart();
                                bodyPart2.setDataHandler(new DataHandler(new ByteArrayDataSource(decrypt2, mimeType2)));
                            }
                        } else if (this.encryptedAttachmentSuffixSet.contains(lowerCaseSuffixOf(bodyPart2.getFileName()))) {
                            try {
                                byte[] decrypt3 = decrypt(bodyPart2.getInputStream());
                                String fileName = bodyPart2.getFileName();
                                bodyPart2 = new MimeBodyPart();
                                bodyPart2.setDataHandler(new DataHandler(new ByteArrayDataSource(decrypt3, mimeType2)));
                                bodyPart2.setFileName(fileName.substring(0, fileName.length() - 4));
                            } catch (PGPException e3) {
                            } catch (IOException e4) {
                            }
                        }
                        mimeMultipart.addBodyPart(bodyPart2);
                    }
                    MimeMessage createMimeMessageWithSameHeaders3 = createMimeMessageWithSameHeaders(message, message.getSession());
                    createMimeMessageWithSameHeaders3.setContent(mimeMultipart);
                    createMimeMessageWithSameHeaders3.saveChanges();
                    if (HDLogger.isInfo()) {
                        HDLogger.info("PGPPlugin: Decrypted Inline/Attachment PGP mail from " + Arrays.asList(message.getHeader("From")));
                    }
                    return createMimeMessageWithSameHeaders3;
                }
            }
        }
        return message;
    }

    private void copyHeadersFromDecryptedPartToMessage(MimeMessage mimeMessage, Multipart multipart) throws MessagingException {
        for (int i = 0; i < multipart.getCount(); i++) {
            BodyPart bodyPart = multipart.getBodyPart(i);
            if (bodyPart.getContentType().contains("multipart/mixed")) {
                Enumeration allHeaders = bodyPart.getAllHeaders();
                while (allHeaders.hasMoreElements()) {
                    Header header = (Header) allHeaders.nextElement();
                    mimeMessage.setHeader(header.getName(), header.getValue());
                }
            }
        }
    }

    private String getMimeType(Part part) throws MessagingException {
        String contentType = part.getContentType();
        return contentType == null ? "text/plain" : new ContentType(contentType).getBaseType();
    }

    public void extractPublicKeys(Message message) throws Exception, SQLException {
        InternetAddress[] from = message.getFrom();
        if (from != null && from.length == 1 && (from[0] instanceof InternetAddress)) {
            String address = from[0].getAddress();
            ArrayList arrayList = new ArrayList();
            MailAttachmentUtilities.fetchParts(message, arrayList, false);
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                extractPublicKeys(address, ((PartHandler) it.next()).getPart(), message.getAllRecipients());
            }
        }
    }

    private void extractPublicKeys(String str, Part part, Address[] addressArr) throws IOException, MessagingException, SQLException {
        InputStream inputStream;
        String mimeType = getMimeType(part);
        String lowerCaseSuffixOf = lowerCaseSuffixOf(part.getFileName());
        if (part.getSize() > MAX_PART_SIZE_FOR_KEY_EXTRACT) {
            if (HDLogger.isDebug()) {
                HDLogger.debug("PGPPlugin: Public key extraction skipped for mail part due to size (" + part.getSize() + ")");
                return;
            }
            return;
        }
        if (!mimeType.equals("text/plain") && !mimeType.equals("application/pgp-keys") && (mimeType.equals("application/pgp-signature") || (!lowerCaseSuffixOf.equals("asc") && !lowerCaseSuffixOf.equals("pgp") && !lowerCaseSuffixOf.equals("gpg")))) {
            if (HDLogger.isDebug()) {
                HDLogger.debug("PGPPlugin: Public key extraction skipped for mail part, mime-type: " + mimeType + ", suffix: " + lowerCaseSuffixOf);
                return;
            }
            return;
        }
        Object content = part.getContent();
        if (content instanceof String) {
            String obj = content.toString();
            int indexOf = obj.indexOf("-----BEGIN PGP PUBLIC KEY BLOCK-----");
            if (indexOf == -1) {
                return;
            } else {
                inputStream = new ByteArrayInputStream(obj.substring(indexOf).getBytes());
            }
        } else {
            inputStream = part.getInputStream();
        }
        try {
            PGPPublicKeyRingCollection pGPPublicKeyRingCollection = new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(inputStream), new BcKeyFingerprintCalculator());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(byteArrayOutputStream);
            pGPPublicKeyRingCollection.encode(armoredOutputStream);
            armoredOutputStream.close();
            this.dataAccessor.putKey(str, new String(byteArrayOutputStream.toByteArray()));
            HDLogger.info("PGPPlugin: Found a public key for " + str);
            ((AutoMailerFactory) ServerPluginManager.getInstance().getSingleInstance(AutoMailerFactory.class)).create().setSenderByAnyHelpDeskAddressOf(addressArr).setTo(str).setTemplate(MAIL_TEMPLATE_NAME).send();
        } catch (PGPException e) {
            HDLogger.error("PGPPlugin: Failure during public key extraction for " + str + ", mime-type: " + mimeType + ", suffix: " + lowerCaseSuffixOf);
            HDLogger.error(e);
        }
    }

    private String lowerCaseSuffixOf(@Nullable String str) {
        int lastIndexOf;
        return (str == null || (lastIndexOf = str.lastIndexOf(46)) == -1) ? "" : str.substring(lastIndexOf + 1).toLowerCase();
    }

    @SuppressFBWarnings(value = {"SMTP_HEADER_INJECTION"}, justification = "An internal copy of the message is created here. Since the original message is duplicated, no additional injection can take place.")
    private MimeMessage createMimeMessageWithSameHeaders(Message message, Session session) throws MessagingException {
        DecryptedMimeMessage decryptedMimeMessage = new DecryptedMimeMessage(session, message.getReceivedDate());
        Enumeration allHeaders = message.getAllHeaders();
        while (allHeaders.hasMoreElements()) {
            Header header = (Header) allHeaders.nextElement();
            decryptedMimeMessage.addHeader(header.getName(), header.getValue());
        }
        return decryptedMimeMessage;
    }

    private MimeBodyPart decryptMultipart(Multipart multipart) throws MessagingException, IOException, PGPException {
        if (multipart.getCount() != 2) {
            throw new IOException("Expected 2 parts, got " + multipart.getCount());
        }
        String contentType = multipart.getBodyPart(0).getContentType();
        ContentType contentType2 = new ContentType(contentType);
        if (contentType == null || !contentType2.getBaseType().equalsIgnoreCase("application/pgp-encrypted")) {
            throw new IOException("Expected first part of type application/pgp-encrypted, got " + contentType);
        }
        BodyPart bodyPart = multipart.getBodyPart(1);
        String contentType3 = bodyPart.getContentType();
        ContentType contentType4 = new ContentType(contentType3);
        if (contentType3 == null || !contentType4.getBaseType().equalsIgnoreCase("application/octet-stream")) {
            throw new IOException("Expected second part of type application/octet-stream, got " + contentType3);
        }
        return new MimeBodyPart(new ByteArrayInputStream(decrypt(bodyPart.getInputStream())));
    }

    private byte[] decrypt(InputStream inputStream) throws IOException, PGPException {
        PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(PGPUtil.getDecoderStream(inputStream), new BcKeyFingerprintCalculator());
        Object nextObject = pGPObjectFactory.nextObject();
        Iterator encryptedDataObjects = ((PGPEncryptedDataList) (nextObject instanceof PGPEncryptedDataList ? nextObject : pGPObjectFactory.nextObject())).getEncryptedDataObjects();
        while (encryptedDataObjects.hasNext()) {
            PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData = (PGPEncryptedData) encryptedDataObjects.next();
            if (pGPPublicKeyEncryptedData instanceof PGPPublicKeyEncryptedData) {
                PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData2 = pGPPublicKeyEncryptedData;
                PGPSecretKey secretKey = getSecretKeyRingCollection().getSecretKey(pGPPublicKeyEncryptedData2.getKeyID());
                if (secretKey == null) {
                    continue;
                } else {
                    PGPObjectFactory pGPObjectFactory2 = new PGPObjectFactory(pGPPublicKeyEncryptedData2.getDataStream(new BcPublicKeyDataDecryptorFactory(secretKey.extractPrivateKey(new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(new char[0])))), new BcKeyFingerprintCalculator());
                    Object nextObject2 = pGPObjectFactory2.nextObject();
                    if (nextObject2 instanceof PGPCompressedData) {
                        pGPObjectFactory2 = new PGPObjectFactory(((PGPCompressedData) nextObject2).getDataStream(), new BcKeyFingerprintCalculator());
                        nextObject2 = pGPObjectFactory2.nextObject();
                    }
                    if (nextObject2 instanceof PGPOnePassSignatureList) {
                        nextObject2 = pGPObjectFactory2.nextObject();
                    }
                    if (nextObject2 instanceof PGPLiteralData) {
                        byte[] readBytes = IOFunctions.readBytes(((PGPLiteralData) nextObject2).getInputStream());
                        if (!pGPPublicKeyEncryptedData2.isIntegrityProtected() || pGPPublicKeyEncryptedData2.verify()) {
                            return readBytes;
                        }
                        throw new PGPException("Integrity check failed");
                    }
                }
            }
        }
        throw new PGPException("Message does not contain literal data which can be decrypted with our secret keys");
    }

    private PGPSecretKeyRingCollection getSecretKeyRingCollection() {
        if (this.secretKeyRing == null || this.secretKeyRingTimestamp + LOCAL_CACHE_DURATION < System.currentTimeMillis()) {
            try {
                String key = this.dataAccessor.getKey(KeyDataAccessor.PRIVATE_KEY_IDENTIFIER);
                if (key == null) {
                    return null;
                }
                this.secretKeyRing = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(new ByteArrayInputStream(key.getBytes("US-ASCII"))), new BcKeyFingerprintCalculator());
                this.secretKeyRingTimestamp = System.currentTimeMillis();
            } catch (SQLException e) {
                HDLogger.error(e);
            } catch (PGPException e2) {
                HDLogger.error(e2);
            } catch (IOException e3) {
                HDLogger.error(e3);
            }
        }
        return this.secretKeyRing;
    }
}
