package dev.dsf.bpe.mail;

import de.rwh.utils.crypto.context.SSLContextFactory;
import dev.dsf.bpe.v1.service.MailService;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Properties;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Stream;
import javax.mail.Authenticator;
import javax.mail.BodyPart;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.AddressException;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import javax.net.ssl.SSLSocketFactory;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.core.Filter;
import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.StringLayout;
import org.apache.logging.log4j.core.appender.AbstractAppender;
import org.apache.logging.log4j.core.appender.AbstractManager;
import org.apache.logging.log4j.core.config.Property;
import org.apache.logging.log4j.core.filter.ThresholdFilter;
import org.apache.logging.log4j.core.layout.ByteBufferDestination;
import org.apache.logging.log4j.core.layout.HtmlLayout;
import org.apache.logging.log4j.core.net.MailManager;
import org.apache.logging.log4j.core.net.SmtpManager;
import org.apache.logging.log4j.core.net.ssl.SslConfiguration;
import org.apache.logging.log4j.util.Strings;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
import org.bouncycastle.asn1.smime.SMIMECapability;
import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESignedGenerator;
import org.bouncycastle.operator.OperatorCreationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:dev/dsf/bpe/mail/SmtpMailService.class */
public class SmtpMailService implements MailService, InitializingBean {
    private static final Logger logger = LoggerFactory.getLogger(SmtpMailService.class);
    public static final String DEFAULT_DEBUG_LOG_LOCATION = "/opt/bpe/log/bpe.log";
    private final InternetAddress fromAddress;
    private final InternetAddress[] toAddresses;
    private final InternetAddress[] toAddressesCc;
    private final InternetAddress[] replyToAddresses;
    private final Session session;
    private final SMIMESignedGenerator smimeSignedGenerator;
    private final Log4jAppender log4jAppender;

    /* loaded from: input_file:dev/dsf/bpe/mail/SmtpMailService$Layout.class */
    private static final class Layout implements StringLayout {
        final HtmlLayout delegate = HtmlLayout.newBuilder().setDatePattern("yyyy-MM-dd HH:mm:ss.nnnn").build();
        final String debugLogLocation;

        Layout(String str) {
            this.debugLogLocation = str;
        }

        public byte[] getFooter() {
            StringBuilder sb = new StringBuilder();
            sb.append("</table>").append(Strings.LINE_SEPARATOR);
            sb.append("<br>").append(Strings.LINE_SEPARATOR);
            sb.append("For more details see debug log at <i>").append(Strings.LINE_SEPARATOR);
            sb.append(this.debugLogLocation).append(Strings.LINE_SEPARATOR);
            sb.append("</i>").append(Strings.LINE_SEPARATOR);
            sb.append("<br>").append(Strings.LINE_SEPARATOR);
            sb.append("</body></html>").append(Strings.LINE_SEPARATOR);
            return sb.toString().getBytes(getCharset());
        }

        public byte[] getHeader() {
            return this.delegate.getHeader();
        }

        public byte[] toByteArray(LogEvent logEvent) {
            return this.delegate.toByteArray(logEvent);
        }

        public String getContentType() {
            return this.delegate.getContentType();
        }

        public Map<String, String> getContentFormat() {
            return this.delegate.getContentFormat();
        }

        public void encode(LogEvent logEvent, ByteBufferDestination byteBufferDestination) {
            this.delegate.encode(logEvent, byteBufferDestination);
        }

        public Charset getCharset() {
            return this.delegate.getCharset();
        }

        /* renamed from: toSerializable, reason: merged with bridge method [inline-methods] */
        public String m15toSerializable(LogEvent logEvent) {
            return this.delegate.toSerializable(logEvent);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:dev/dsf/bpe/mail/SmtpMailService$Log4jAppender.class */
    public static final class Log4jAppender extends AbstractAppender {
        private final MailManager manager;

        private Log4jAppender(Session session, MimeMessage mimeMessage, String str, int i, String str2) {
            super("SmtpMailService.Log4jAppender", ThresholdFilter.createFilter((Level) null, (Filter.Result) null, (Filter.Result) null), new Layout(str2), false, (Property[]) null);
            this.manager = AbstractManager.getManager("SmtpMailService.Log4jAppender.Manager", (str3, factoryData) -> {
                return new SmtpManager(str3, session, mimeMessage, factoryData) { // from class: dev.dsf.bpe.mail.SmtpMailService.Log4jAppender.1
                };
            }, new MailManager.FactoryData((String) null, (String) null, (String) null, (String) null, (String) null, (String) null, logEvent -> {
                return str;
            }, (String) null, (String) null, 0, (String) null, (String) null, false, i, (SslConfiguration) null, (String) null));
        }

        public boolean isFiltered(LogEvent logEvent) {
            boolean isFiltered = super.isFiltered(logEvent);
            if (isFiltered) {
                this.manager.add(logEvent);
            }
            return isFiltered;
        }

        public void append(LogEvent logEvent) {
            this.manager.sendEvents(getLayout(), logEvent);
        }
    }

    public SmtpMailService(String str, List<String> list, String str2, int i) {
        this(str, list, null, null, false, str2, i, null, null, null, null, null, null, null, false, 0, DEFAULT_DEBUG_LOG_LOCATION);
    }

    public SmtpMailService(String str, List<String> list, List<String> list2, List<String> list3, boolean z, String str2, int i, String str3, char[] cArr, KeyStore keyStore, KeyStore keyStore2, char[] cArr2, KeyStore keyStore3, char[] cArr3, boolean z2, int i2, String str4) {
        this.fromAddress = toInternetAddress(str).orElse(null);
        this.toAddresses = list == null ? new InternetAddress[0] : (InternetAddress[]) list.stream().flatMap(str5 -> {
            return toInternetAddress(str5).stream();
        }).toArray(i3 -> {
            return new InternetAddress[i3];
        });
        this.toAddressesCc = list2 == null ? new InternetAddress[0] : (InternetAddress[]) list2.stream().flatMap(str6 -> {
            return toInternetAddress(str6).stream();
        }).toArray(i4 -> {
            return new InternetAddress[i4];
        });
        this.replyToAddresses = list3 == null ? new InternetAddress[0] : (InternetAddress[]) list3.stream().flatMap(str7 -> {
            return toInternetAddress(str7).stream();
        }).toArray(i5 -> {
            return new InternetAddress[i5];
        });
        this.session = createSession(z, str2, i, str3, cArr, keyStore, keyStore2, cArr2);
        this.smimeSignedGenerator = createSmimeSignedGenerator(str, keyStore3, cArr3);
        this.log4jAppender = !z2 ? null : new Log4jAppender(this.session, createMimeMessage("DSF BPE Error", null), "DSF BPE Error", i2, str4);
    }

    private Optional<InternetAddress> toInternetAddress(String str) {
        if (str == null || str.isBlank()) {
            return Optional.empty();
        }
        try {
            return Optional.of(new InternetAddress(str));
        } catch (AddressException e) {
            logger.warn("Unable to create {} from {}: {} - {}", new Object[]{InternetAddress.class.getName(), str, e.getClass().getName(), e.getMessage()});
            return Optional.empty();
        }
    }

    public void afterPropertiesSet() throws Exception {
        if (this.fromAddress == null) {
            throw new IllegalArgumentException("no valid from address configured");
        }
        if (this.toAddresses.length == 0) {
            throw new IllegalArgumentException("no valid to addresses configured");
        }
    }

    private Session createSession(boolean z, String str, int i, final String str2, final char[] cArr, KeyStore keyStore, KeyStore keyStore2, char[] cArr2) {
        Properties properties = new Properties();
        Authenticator authenticator = null;
        if (str2 != null && cArr != null) {
            authenticator = new Authenticator() { // from class: dev.dsf.bpe.mail.SmtpMailService.1
                protected PasswordAuthentication getPasswordAuthentication() {
                    return new PasswordAuthentication(str2, String.copyValueOf(cArr));
                }
            };
            properties.put("mail.smtp.auth", "true");
            if (!z) {
                logger.warn("Username/Password configured, SMTPS not enabled. Password will be send without encryption! Consider activating/using SMTP over TLS (aka SMTPS)");
            }
        }
        if (z) {
            properties.put("mail.smtp.ssl.enable", "true");
            properties.put("mail.transport.protocol", "smtps");
            properties.put("mail.smtp.socketFactory.fallback", "false");
            properties.put("mail.smtp.ssl.checkserveridentity", "true");
            properties.put("mail.smtp.ssl.socketFactory", createSslSocketFactory(keyStore, keyStore2, cArr2));
        }
        properties.put("mail.smtp.host", str);
        properties.put("mail.smtp.port", Integer.valueOf(i));
        return Session.getInstance(properties, authenticator);
    }

    public SSLSocketFactory createSslSocketFactory(KeyStore keyStore, KeyStore keyStore2, char[] cArr) {
        try {
            return new SSLContextFactory().createSSLContext(keyStore, keyStore2, cArr).getSocketFactory();
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            logger.warn("Unable to create custom ssl socket factory: {} - {}", e.getClass().getName(), e.getMessage());
            throw new RuntimeException(e);
        }
    }

    private SMIMESignedGenerator createSmimeSignedGenerator(String str, KeyStore keyStore, char[] cArr) {
        if (keyStore == null) {
            return null;
        }
        try {
            Optional<Certificate[]> filter = getFirstCertificateChain(keyStore).filter(hasCertificateForAddress(str));
            if (filter.isEmpty()) {
                logger.warn("Mail signing certificate store has no S/MIME certificate for {}, not signing mails", str);
                return null;
            }
            Optional<PrivateKey> firstPrivateKey = getFirstPrivateKey(keyStore, cArr);
            if (firstPrivateKey.isEmpty()) {
                logger.warn("Mail signing certificate store has no private key, not signing mails", str);
                return null;
            }
            Certificate certificate = (Certificate) filter.flatMap(certificateArr -> {
                return Stream.of((Object[]) certificateArr).filter(hasSubjectAlternativeNameRfc822Name(str)).findFirst();
            }).get();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            SMIMECapabilityVector sMIMECapabilityVector = new SMIMECapabilityVector();
            sMIMECapabilityVector.addCapability(SMIMECapability.aES128_CBC);
            sMIMECapabilityVector.addCapability(SMIMECapability.aES256_CBC);
            aSN1EncodableVector.add(new SMIMECapabilitiesAttribute(sMIMECapabilityVector));
            SMIMESignedGenerator sMIMESignedGenerator = new SMIMESignedGenerator();
            sMIMESignedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(new BouncyCastleProvider()).setSignedAttributeGenerator(new AttributeTable(aSN1EncodableVector)).build("SHA256withRSA", firstPrivateKey.get(), new X509CertificateHolder(certificate.getEncoded())));
            sMIMESignedGenerator.addCertificates(new JcaCertStore((Collection) filter.map((v0) -> {
                return Arrays.asList(v0);
            }).get()));
            return sMIMESignedGenerator;
        } catch (KeyStoreException | CertificateException | OperatorCreationException | IOException e) {
            throw new RuntimeException(e);
        }
    }

    private Optional<Certificate[]> getFirstCertificateChain(KeyStore keyStore) throws KeyStoreException {
        return Collections.list(keyStore.aliases()).stream().map(getCertificateChain(keyStore)).findFirst();
    }

    private Function<String, Certificate[]> getCertificateChain(KeyStore keyStore) {
        return str -> {
            try {
                return keyStore.getCertificateChain(str);
            } catch (KeyStoreException e) {
                throw new RuntimeException(e);
            }
        };
    }

    private Predicate<Certificate[]> hasCertificateForAddress(String str) {
        return certificateArr -> {
            return hasSubjectAlternativeNameRfc822Name(str).test(certificateArr[0]);
        };
    }

    private Predicate<Certificate> hasSubjectAlternativeNameRfc822Name(String str) {
        return certificate -> {
            try {
                Collection<List<?>> subjectAlternativeNames = new JcaX509CertificateConverter().getCertificate(new X509CertificateHolder(certificate.getEncoded())).getSubjectAlternativeNames();
                if (subjectAlternativeNames == null) {
                    return false;
                }
                return subjectAlternativeNames.stream().anyMatch(list -> {
                    return Objects.equals(1, list.get(0)) && Objects.equals(str, list.get(1));
                });
            } catch (IOException | CertificateException e) {
                throw new RuntimeException(e);
            }
        };
    }

    private Optional<PrivateKey> getFirstPrivateKey(KeyStore keyStore, char[] cArr) throws KeyStoreException {
        return Collections.list(keyStore.aliases()).stream().map(getPrivateKey(keyStore, cArr)).findFirst().filter(key -> {
            return key instanceof PrivateKey;
        }).map(key2 -> {
            return (PrivateKey) key2;
        });
    }

    private Function<String, Key> getPrivateKey(KeyStore keyStore, char[] cArr) {
        return str -> {
            try {
                return keyStore.getKey(str, cArr);
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new RuntimeException(e);
            }
        };
    }

    private MimeMessage createMimeMessage(String str, MimeMultipart mimeMultipart) {
        try {
            MimeMessage mimeMessage = new MimeMessage(this.session);
            mimeMessage.setFrom(this.fromAddress);
            mimeMessage.setRecipients(Message.RecipientType.TO, this.toAddresses);
            mimeMessage.setRecipients(Message.RecipientType.CC, this.toAddressesCc);
            mimeMessage.setReplyTo(this.replyToAddresses);
            mimeMessage.setSubject(str);
            if (mimeMultipart != null) {
                mimeMessage.setContent(mimeMultipart);
            }
            mimeMessage.saveChanges();
            return mimeMessage;
        } catch (MessagingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private MimeMultipart signMessage(MimeBodyPart mimeBodyPart) {
        if (this.smimeSignedGenerator != null) {
            try {
                return this.smimeSignedGenerator.generate(mimeBodyPart);
            } catch (SMIMEException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
        try {
            return (mimeBodyPart.getContent() == null || !(mimeBodyPart.getContent() instanceof MimeMultipart)) ? new MimeMultipart(new BodyPart[]{mimeBodyPart}) : (MimeMultipart) mimeBodyPart.getContent();
        } catch (MessagingException | IOException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    public void send(String str, MimeBodyPart mimeBodyPart, Consumer<MimeMessage> consumer) {
        MimeMessage createMimeMessage = createMimeMessage(str, signMessage(mimeBodyPart));
        if (consumer != null) {
            consumer.accept(createMimeMessage);
        }
        try {
            Transport.send(createMimeMessage);
        } catch (MessagingException e) {
            logger.warn("Unable to send message: {} - {}", e.getClass().getName(), e.getMessage());
            throw new RuntimeException((Throwable) e);
        }
    }

    public Log4jAppender getLog4jAppender() {
        return this.log4jAppender;
    }
}
