package io.vertx.ext.mail.impl.dkim;

import io.vertx.core.AsyncResult;
import io.vertx.core.Context;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Promise;
import io.vertx.core.Vertx;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.impl.logging.Logger;
import io.vertx.core.impl.logging.LoggerFactory;
import io.vertx.core.streams.Pipe;
import io.vertx.core.streams.ReadStream;
import io.vertx.core.streams.StreamBase;
import io.vertx.core.streams.WriteStream;
import io.vertx.ext.mail.CanonicalizationAlgorithm;
import io.vertx.ext.mail.DKIMSignOptions;
import io.vertx.ext.mail.mailencoder.EncodedPart;
import io.vertx.ext.mail.mailencoder.Utils;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Scanner;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.regex.Pattern;
import java.util.stream.Collectors;

/* loaded from: input_file:io/vertx/ext/mail/impl/dkim/DKIMSigner.class */
public class DKIMSigner {
    public static final String DKIM_SIGNATURE_HEADER = "DKIM-Signature";
    private final DKIMSignOptions dkimSignOptions;
    private final String signatureTemplate;
    private final Signature signatureService;
    private static final Logger logger = LoggerFactory.getLogger(DKIMSigner.class);
    private static final Pattern DELIMITER = Pattern.compile("\n");

    public DKIMSigner(DKIMSignOptions dKIMSignOptions, Vertx vertx) {
        this.dkimSignOptions = dKIMSignOptions;
        validate(this.dkimSignOptions);
        this.signatureTemplate = dkimSignatureTemplate();
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            String privateKey = dKIMSignOptions.getPrivateKey();
            PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.getMimeDecoder().decode(privateKey == null ? vertx.fileSystem().readFileBlocking(dKIMSignOptions.getPrivateKeyPath()).toString() : privateKey)));
            this.signatureService = Signature.getInstance(dKIMSignOptions.getSignAlgo().signatureAlgorithm());
            this.signatureService.initSign(generatePrivate);
        } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new IllegalStateException("Failed to init the Signature", e);
        }
    }

    private void validate(DKIMSignOptions dKIMSignOptions) throws IllegalStateException {
        checkRequiredFields(dKIMSignOptions);
        String auid = dKIMSignOptions.getAuid();
        if (auid != null) {
            String sdid = dKIMSignOptions.getSdid();
            if (!auid.toLowerCase().endsWith("@" + sdid.toLowerCase()) && !auid.toLowerCase().endsWith("." + sdid.toLowerCase())) {
                throw new IllegalStateException("Identity domain mismatch, expected is: [xx]@[xx.]sdid");
            }
        }
        if (dKIMSignOptions.getSignedHeaders().stream().noneMatch(str -> {
            return str.equalsIgnoreCase("from");
        })) {
            throw new IllegalStateException("From field must be selected to sign.");
        }
    }

    private void checkRequiredFields(DKIMSignOptions dKIMSignOptions) {
        if (dKIMSignOptions.getSignAlgo() == null) {
            throw new IllegalStateException("Sign Algorithm is required: rsa-sha1 or rsa-sha256");
        }
        if (dKIMSignOptions.getPrivateKey() == null && dKIMSignOptions.getPrivateKeyPath() == null) {
            throw new IllegalStateException("Either private key or private key file path must be specified to sign");
        }
        if (dKIMSignOptions.getSignedHeaders() == null || dKIMSignOptions.getSignedHeaders().isEmpty()) {
            throw new IllegalStateException("Email header fields to sign must be set");
        }
        if (dKIMSignOptions.getSdid() == null) {
            throw new IllegalStateException("Singing Domain Identifier(SDID) must be specified");
        }
        if (dKIMSignOptions.getSelector() == null) {
            throw new IllegalStateException("The selector must be specified to be able to verify");
        }
    }

    String dkimSignatureTemplate() {
        StringBuilder sb = new StringBuilder();
        sb.append("v=1; ");
        sb.append("a=").append(this.dkimSignOptions.getSignAlgo().dkimAlgoName()).append("; ");
        CanonicalizationAlgorithm bodyCanonAlgo = this.dkimSignOptions.getBodyCanonAlgo();
        sb.append("c=").append(this.dkimSignOptions.getHeaderCanonAlgo().algoName()).append("/").append(bodyCanonAlgo.algoName()).append("; ");
        String dkimQuotedPrintable = dkimQuotedPrintable(this.dkimSignOptions.getSdid());
        sb.append("d=").append(dkimQuotedPrintable).append("; ");
        String auid = this.dkimSignOptions.getAuid();
        if (auid != null) {
            sb.append("i=").append(dkimQuotedPrintable(auid)).append("; ");
        } else {
            sb.append("i=").append("@").append(dkimQuotedPrintable).append("; ");
        }
        sb.append("s=").append(dkimQuotedPrintable(this.dkimSignOptions.getSelector())).append("; ");
        sb.append("h=").append(String.join(":", this.dkimSignOptions.getSignedHeaders())).append("; ");
        if (this.dkimSignOptions.getBodyLimit() > 0) {
            sb.append("l=").append(this.dkimSignOptions.getBodyLimit()).append("; ");
        }
        if (this.dkimSignOptions.isSignatureTimestamp() || this.dkimSignOptions.getExpireTime() > 0) {
            long currentTimeMillis = System.currentTimeMillis() / 1000;
            sb.append("t=").append(currentTimeMillis).append("; ");
            if (this.dkimSignOptions.getExpireTime() > 0) {
                sb.append("x=").append(currentTimeMillis + this.dkimSignOptions.getExpireTime()).append("; ");
            }
        }
        return sb.toString();
    }

    public Future<String> signEmail(Context context, EncodedPart encodedPart) {
        return bodyHashing(context, encodedPart).map(str -> {
            String sb;
            if (logger.isDebugEnabled()) {
                logger.debug("DKIM Body Hash: " + str);
            }
            try {
                StringBuilder append = dkimTagList(encodedPart).append("bh=").append(str).append("; b=");
                String sb2 = headersToSign(encodedPart).append(canonicHeader(DKIM_SIGNATURE_HEADER, append.toString())).toString();
                if (logger.isDebugEnabled()) {
                    logger.debug("To be signed DKIM header: " + sb2);
                }
                synchronized (this.signatureService) {
                    this.signatureService.update(sb2.getBytes());
                    sb = append.append(Base64.getEncoder().encodeToString(this.signatureService.sign())).toString();
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("DKIM-Signature: " + sb);
                }
                return sb;
            } catch (Exception e) {
                throw new RuntimeException("Cannot sign email", e);
            }
        });
    }

    private void walkThroughAttachStream(final MessageDigest messageDigest, ReadStream<Buffer> readStream, final AtomicInteger atomicInteger, Promise<Void> promise) {
        Pipe pipe = readStream.pipe();
        Promise promise2 = Promise.promise();
        promise2.future().onComplete(asyncResult -> {
            pipe.close();
            if (asyncResult.succeeded()) {
                promise.complete();
            } else {
                promise.fail(asyncResult.cause());
            }
        });
        pipe.to(new WriteStream<Buffer>() { // from class: io.vertx.ext.mail.impl.dkim.DKIMSigner.1
            private final AtomicBoolean ended = new AtomicBoolean(false);

            public WriteStream<Buffer> exceptionHandler(Handler<Throwable> handler) {
                return this;
            }

            public Future<Void> write(Buffer buffer) {
                Promise promise3 = Promise.promise();
                write(buffer, (Handler<AsyncResult<Void>>) promise3);
                return promise3.future();
            }

            public void write(Buffer buffer, Handler<AsyncResult<Void>> handler) {
                if (!this.ended.get() && !DKIMSigner.this.digest(messageDigest, buffer.getBytes(), atomicInteger)) {
                    this.ended.set(true);
                }
                if (handler != null) {
                    handler.handle(Future.succeededFuture());
                }
            }

            public void end(Handler<AsyncResult<Void>> handler) {
                this.ended.compareAndSet(false, true);
                if (handler != null) {
                    handler.handle(Future.succeededFuture());
                }
            }

            public WriteStream<Buffer> setWriteQueueMaxSize(int i) {
                return this;
            }

            public boolean writeQueueFull() {
                return false;
            }

            public WriteStream<Buffer> drainHandler(Handler<Void> handler) {
                return this;
            }

            public /* bridge */ /* synthetic */ void write(Object obj, Handler handler) {
                write((Buffer) obj, (Handler<AsyncResult<Void>>) handler);
            }

            /* renamed from: exceptionHandler, reason: collision with other method in class */
            public /* bridge */ /* synthetic */ StreamBase m135exceptionHandler(Handler handler) {
                return exceptionHandler((Handler<Throwable>) handler);
            }
        }, promise2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean digest(MessageDigest messageDigest, byte[] bArr, AtomicInteger atomicInteger) {
        if (this.dkimSignOptions.getBodyLimit() <= 0) {
            messageDigest.update(bArr);
            return true;
        }
        int bodyLimit = this.dkimSignOptions.getBodyLimit() - atomicInteger.get();
        if (bodyLimit <= 0) {
            return false;
        }
        int min = Math.min(bodyLimit, bArr.length);
        messageDigest.update(bArr, 0, min);
        atomicInteger.getAndAdd(min);
        return true;
    }

    private Future<Boolean> walkBoundaryStartAndHeadersFuture(MessageDigest messageDigest, String str, EncodedPart encodedPart, AtomicInteger atomicInteger) {
        Promise promise = Promise.promise();
        try {
            StringBuilder sb = new StringBuilder();
            sb.append(str);
            encodedPart.headers().forEach(entry -> {
                sb.append((String) entry.getKey()).append(": ").append((String) entry.getValue()).append("\r\n");
            });
            sb.append("\r\n");
            promise.complete(Boolean.valueOf(digest(messageDigest, sb.toString().getBytes(), atomicInteger)));
        } catch (Exception e) {
            promise.fail(e);
        }
        return promise.future();
    }

    private void walkThroughMultiPart(Context context, MessageDigest messageDigest, EncodedPart encodedPart, int i, AtomicInteger atomicInteger, Promise<Void> promise) {
        String str = "--" + encodedPart.boundary() + "\r\n";
        String str2 = "--" + encodedPart.boundary() + "--";
        if (i >= encodedPart.parts().size()) {
            digest(messageDigest, (str2 + "\r\n").getBytes(), atomicInteger);
            promise.complete();
        } else {
            EncodedPart encodedPart2 = encodedPart.parts().get(i);
            Promise promise2 = Promise.promise();
            promise2.future().onComplete(asyncResult -> {
                if (asyncResult.succeeded()) {
                    walkThroughMultiPart(context, messageDigest, encodedPart, i + 1, atomicInteger, promise);
                } else {
                    promise.fail(asyncResult.cause());
                }
            });
            walkBoundaryStartAndHeadersFuture(messageDigest, str, encodedPart2, atomicInteger).onComplete(asyncResult2 -> {
                if (!asyncResult2.succeeded()) {
                    promise.fail(asyncResult2.cause());
                    return;
                }
                if (!((Boolean) asyncResult2.result()).booleanValue()) {
                    promise.complete();
                    return;
                }
                if (encodedPart2.parts() != null && encodedPart2.parts().size() > 0) {
                    walkThroughMultiPart(context, messageDigest, encodedPart2, 0, atomicInteger, promise2);
                    return;
                }
                if (encodedPart2.body() != null) {
                    digest(messageDigest, dkimMailBody(encodedPart2.body()).getBytes(), atomicInteger);
                    promise2.complete();
                    return;
                }
                ReadStream<Buffer> dkimBodyStream = encodedPart2.dkimBodyStream(context);
                if (dkimBodyStream != null) {
                    walkThroughAttachStream(messageDigest, dkimBodyStream, atomicInteger, promise2);
                } else {
                    promise2.fail("No data and stream found.");
                }
            });
        }
    }

    private Future<String> bodyHashing(Context context, EncodedPart encodedPart) {
        Promise promise = Promise.promise();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(this.dkimSignOptions.getSignAlgo().hashAlgorithm());
            if (encodedPart.parts() == null || encodedPart.parts().size() <= 0) {
                digest(messageDigest, dkimMailBody(encodedPart.body()).getBytes(), new AtomicInteger());
                promise.complete(Base64.getEncoder().encodeToString(messageDigest.digest()));
            } else {
                Promise<Void> promise2 = Promise.promise();
                promise2.future().onComplete(asyncResult -> {
                    if (!asyncResult.succeeded()) {
                        promise.fail(asyncResult.cause());
                        return;
                    }
                    try {
                        promise.complete(Base64.getEncoder().encodeToString(messageDigest.digest()));
                    } catch (Exception e) {
                        promise.fail(e);
                    }
                });
                walkThroughMultiPart(context, messageDigest, encodedPart, 0, new AtomicInteger(), promise2);
            }
        } catch (Exception e) {
            promise.fail(e);
        }
        return promise.future();
    }

    private StringBuilder headersToSign(EncodedPart encodedPart) {
        int intValue;
        StringBuilder sb = new StringBuilder();
        HashMap hashMap = new HashMap();
        for (String str : this.dkimSignOptions.getSignedHeaders()) {
            List all = encodedPart.headers().getAll(str);
            int size = all.size();
            if (size > 0 && (intValue = ((Integer) hashMap.computeIfAbsent(str.toUpperCase(Locale.ENGLISH), str2 -> {
                return Integer.valueOf(size - 1);
            })).intValue()) >= 0) {
                sb.append(canonicHeader(str, (String) all.get(intValue))).append("\r\n");
                hashMap.put(str.toUpperCase(Locale.ENGLISH), Integer.valueOf(intValue - 1));
            }
        }
        return sb;
    }

    private StringBuilder dkimTagList(EncodedPart encodedPart) {
        StringBuilder sb = new StringBuilder(this.signatureTemplate);
        if (this.dkimSignOptions.getCopiedHeaders() != null && this.dkimSignOptions.getCopiedHeaders().size() > 0) {
            sb.append("z=").append(copiedHeaders(this.dkimSignOptions.getCopiedHeaders(), encodedPart)).append("; ");
        }
        return sb;
    }

    private String copiedHeaders(List<String> list, EncodedPart encodedPart) {
        return (String) list.stream().map(str -> {
            String str = encodedPart.headers().get(str);
            if (str != null) {
                return str + ":" + dkimQuotedPrintableCopiedHeader(str);
            }
            throw new RuntimeException("Unknown email header: " + str + " in copied headers.");
        }).collect(Collectors.joining("|"));
    }

    private static String dkimQuotedPrintable(String str) {
        return Utils.encodeQP(str).replaceAll(";", "=3B").replaceAll(" ", "=20");
    }

    private String dkimQuotedPrintableCopiedHeader(String str) {
        return dkimQuotedPrintable(str).replaceAll("\\|", "=7C");
    }

    String canonicHeader(String str, String str2) {
        if (this.dkimSignOptions.getHeaderCanonAlgo() == CanonicalizationAlgorithm.SIMPLE) {
            return str + ": " + str2;
        }
        return str.trim().toLowerCase() + ":" + canonicalLine(str2, this.dkimSignOptions.getHeaderCanonAlgo());
    }

    String dkimMailBody(String str) {
        Scanner useDelimiter = new Scanner(str).useDelimiter(DELIMITER);
        StringBuilder sb = new StringBuilder();
        while (useDelimiter.hasNext()) {
            sb.append(canonicBodyLine(useDelimiter.nextLine()));
            sb.append("\r\n");
        }
        return sb.toString().replaceFirst("[\r\n]*$", "\r\n");
    }

    private String canonicalLine(String str, CanonicalizationAlgorithm canonicalizationAlgorithm) {
        if (CanonicalizationAlgorithm.RELAXED == canonicalizationAlgorithm) {
            str = str.replaceAll("[\r\n\t ]+", " ").replaceAll("[\r\n\t ]+$", "");
        }
        return str;
    }

    String canonicBodyLine(String str) {
        return canonicalLine(str, this.dkimSignOptions.getBodyCanonAlgo());
    }
}
