package org.nhindirect.stagent;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.mail.Address;
import javax.mail.Header;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.internet.ContentType;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.InternetHeaders;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import javax.mail.util.ByteArrayDataSource;
import org.bouncycastle.cms.CMSSignedData;
import org.nhindirect.common.crypto.CryptoExtensions;
import org.nhindirect.common.options.OptionsManager;
import org.nhindirect.common.options.OptionsParameter;
import org.nhindirect.common.tx.TxUtil;
import org.nhindirect.common.tx.model.TxMessageType;
import org.nhindirect.policy.PolicyExpression;
import org.nhindirect.policy.PolicyFilter;
import org.nhindirect.policy.PolicyFilterFactory;
import org.nhindirect.policy.PolicyParseException;
import org.nhindirect.policy.PolicyProcessException;
import org.nhindirect.policy.PolicyRequiredException;
import org.nhindirect.stagent.cert.CertificateResolver;
import org.nhindirect.stagent.cert.X509CertificateEx;
import org.nhindirect.stagent.cryptography.Cryptographer;
import org.nhindirect.stagent.cryptography.SMIMECryptographerImpl;
import org.nhindirect.stagent.cryptography.SMIMEStandard;
import org.nhindirect.stagent.cryptography.SignedEntity;
import org.nhindirect.stagent.mail.Message;
import org.nhindirect.stagent.mail.MimeEntity;
import org.nhindirect.stagent.mail.MimeError;
import org.nhindirect.stagent.mail.MimeException;
import org.nhindirect.stagent.mail.MimeStandard;
import org.nhindirect.stagent.mail.WrappedMessage;
import org.nhindirect.stagent.parser.EntitySerializer;
import org.nhindirect.stagent.policy.PolicyResolver;
import org.nhindirect.stagent.trust.TrustAnchorResolver;
import org.nhindirect.stagent.trust.TrustEnforcementStatus;
import org.nhindirect.stagent.trust.TrustError;
import org.nhindirect.stagent.trust.TrustException;
import org.nhindirect.stagent.trust.TrustModel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/agent-8.0.0.jar:org/nhindirect/stagent/DefaultNHINDAgent.class */
public class DefaultNHINDAgent implements NHINDAgent, MutableAgent {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultNHINDAgent.class);
    private static boolean initialConstruct = true;
    static MimeMultipart lastMMPart = null;
    protected final ReentrantReadWriteLock readWriteLock;
    protected Cryptographer cryptographer;
    protected CertificateResolver privateCertResolver;
    protected Collection<CertificateResolver> publicCertResolver;
    protected TrustAnchorResolver trustAnchors;
    protected TrustModel trustModel;
    protected TrustEnforcementStatus minTrustRequirement;
    protected Collection<String> domains;
    protected NHINDAgentEventListener m_listener;
    protected PolicyResolver publicPolicyResolver;
    protected PolicyResolver privatePolicyResolver;
    protected PolicyFilter policyFilter;
    private boolean encryptionEnabled;

    public DefaultNHINDAgent(String str, CertificateResolver certificateResolver, CertificateResolver certificateResolver2, TrustAnchorResolver trustAnchorResolver) {
        this(str, certificateResolver, certificateResolver2, trustAnchorResolver, TrustModel.Default, SMIMECryptographerImpl.Default);
    }

    public DefaultNHINDAgent(Collection<String> collection, CertificateResolver certificateResolver, CertificateResolver certificateResolver2, TrustAnchorResolver trustAnchorResolver) {
        this(collection, certificateResolver, certificateResolver2, trustAnchorResolver, TrustModel.Default, SMIMECryptographerImpl.Default);
    }

    public DefaultNHINDAgent(String str, CertificateResolver certificateResolver, CertificateResolver certificateResolver2, TrustAnchorResolver trustAnchorResolver, TrustModel trustModel, Cryptographer cryptographer) {
        this(Arrays.asList(str), certificateResolver, Arrays.asList(certificateResolver2), trustAnchorResolver, trustModel, cryptographer);
    }

    public DefaultNHINDAgent(Collection<String> collection, CertificateResolver certificateResolver, Collection<CertificateResolver> collection2, TrustAnchorResolver trustAnchorResolver, TrustModel trustModel, Cryptographer cryptographer) {
        this.readWriteLock = new ReentrantReadWriteLock(true);
        this.m_listener = null;
        this.encryptionEnabled = true;
        if (collection == null || collection.size() == 0 || certificateResolver == null || collection2 == null || trustAnchorResolver == null || trustModel == null || cryptographer == null) {
            throw new IllegalArgumentException();
        }
        if (initialConstruct) {
            StringBuilder sb = new StringBuilder("Initializing NHINDAgent\r\nLocal domains:");
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                sb.append("\r\n\t" + it.next());
            }
            log.info(sb.toString());
            initialConstruct = false;
        }
        this.domains = collection;
        this.privateCertResolver = certificateResolver;
        this.publicCertResolver = collection2;
        this.cryptographer = cryptographer;
        this.trustAnchors = trustAnchorResolver;
        this.trustModel = trustModel;
        this.minTrustRequirement = TrustEnforcementStatus.Success_Offline;
        if (this.trustModel.getCertChainValidator() != null && !this.trustModel.getCertChainValidator().isCertificateResolver()) {
            this.trustModel.getCertChainValidator().setCertificateResolver(this.publicCertResolver);
        }
        try {
            this.policyFilter = PolicyFilterFactory.getInstance();
        } catch (PolicyParseException e) {
            throw new AgentException(AgentError.Unexpected, "Failed to create policy filter object.", e);
        }
    }

    public DefaultNHINDAgent(Collection<String> collection, CertificateResolver certificateResolver, CertificateResolver certificateResolver2, TrustAnchorResolver trustAnchorResolver, TrustModel trustModel, Cryptographer cryptographer) {
        this(collection, certificateResolver, Arrays.asList(certificateResolver2), trustAnchorResolver, trustModel, cryptographer);
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public void setDomains(Collection<String> collection) {
        ReentrantReadWriteLock.WriteLock writeLock = this.readWriteLock.writeLock();
        writeLock.lock();
        this.domains = collection;
        writeLock.unlock();
    }

    @Override // org.nhindirect.stagent.NHINDAgent, org.nhindirect.stagent.MutableAgent
    public Collection<String> getDomains() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            return Collections.unmodifiableCollection(this.domains);
        } finally {
            readLock.unlock();
        }
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public Cryptographer getCryptographer() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            return this.cryptographer;
        } finally {
            readLock.unlock();
        }
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public void setCryptographer(Cryptographer cryptographer) {
        ReentrantReadWriteLock.WriteLock writeLock = this.readWriteLock.writeLock();
        writeLock.lock();
        this.cryptographer = cryptographer;
        writeLock.unlock();
    }

    public boolean isEncryptMessages() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            return this.encryptionEnabled;
        } finally {
            readLock.unlock();
        }
    }

    public void setEncryptMessages(boolean z) {
        ReentrantReadWriteLock.WriteLock writeLock = this.readWriteLock.writeLock();
        writeLock.lock();
        this.encryptionEnabled = z;
        writeLock.unlock();
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public boolean isWrappingEnabled() {
        return true;
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public void setWrappingEnabled(boolean z) {
    }

    public CertificateResolver getPublicCertResolver() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            if (this.publicCertResolver == null || this.publicCertResolver.size() <= 0) {
                return null;
            }
            return this.publicCertResolver.iterator().next();
        } finally {
            readLock.unlock();
        }
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public Collection<CertificateResolver> getPublicCertResolvers() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            return this.publicCertResolver;
        } finally {
            readLock.unlock();
        }
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public void setPublicCertResolvers(Collection<CertificateResolver> collection) {
        ReentrantReadWriteLock.WriteLock writeLock = this.readWriteLock.writeLock();
        writeLock.lock();
        this.publicCertResolver = collection;
        writeLock.unlock();
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public CertificateResolver getPrivateCertResolver() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            return this.privateCertResolver;
        } finally {
            readLock.unlock();
        }
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public void setPrivateCertResolver(CertificateResolver certificateResolver) {
        ReentrantReadWriteLock.WriteLock writeLock = this.readWriteLock.writeLock();
        writeLock.lock();
        this.privateCertResolver = certificateResolver;
        writeLock.unlock();
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public TrustAnchorResolver getTrustAnchors() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            return this.trustAnchors;
        } finally {
            readLock.unlock();
        }
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public void setTrustAnchorResolver(TrustAnchorResolver trustAnchorResolver) {
        ReentrantReadWriteLock.WriteLock writeLock = this.readWriteLock.writeLock();
        writeLock.lock();
        this.trustAnchors = trustAnchorResolver;
        writeLock.unlock();
    }

    public TrustEnforcementStatus getMinTrustRequirement() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            return this.minTrustRequirement;
        } finally {
            readLock.unlock();
        }
    }

    public void setMinTrustRequirement(TrustEnforcementStatus trustEnforcementStatus) {
        ReentrantReadWriteLock.WriteLock writeLock = this.readWriteLock.writeLock();
        writeLock.lock();
        try {
            if (trustEnforcementStatus.compareTo(TrustEnforcementStatus.Success_Offline) < 0) {
                throw new IllegalArgumentException();
            }
            this.minTrustRequirement = trustEnforcementStatus;
        } finally {
            writeLock.unlock();
        }
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public void setEventListener(NHINDAgentEventListener nHINDAgentEventListener) {
        ReentrantReadWriteLock.WriteLock writeLock = this.readWriteLock.writeLock();
        writeLock.lock();
        this.m_listener = nHINDAgentEventListener;
        writeLock.unlock();
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public NHINDAgentEventListener getEventListener() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            return this.m_listener;
        } finally {
            readLock.unlock();
        }
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public void setPublicPolicyResolver(PolicyResolver policyResolver) {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        this.publicPolicyResolver = policyResolver;
        readLock.unlock();
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public PolicyResolver getPublicPolicyResolver() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            return this.publicPolicyResolver;
        } finally {
            readLock.unlock();
        }
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public void setPrivatePolicyResolver(PolicyResolver policyResolver) {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        this.privatePolicyResolver = policyResolver;
        readLock.unlock();
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public PolicyResolver getPrivatePolicyResolver() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            return this.privatePolicyResolver;
        } finally {
            readLock.unlock();
        }
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public void setPolicyFilter(PolicyFilter policyFilter) {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        this.policyFilter = policyFilter;
        readLock.unlock();
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public PolicyFilter getPolicyFilter() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            return this.policyFilter;
        } finally {
            readLock.unlock();
        }
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public void setTrustModel(TrustModel trustModel) {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        this.trustModel = trustModel;
        readLock.unlock();
    }

    @Override // org.nhindirect.stagent.MutableAgent
    public TrustModel getTrustModel() {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            return this.trustModel;
        } finally {
            readLock.unlock();
        }
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public IncomingMessage processIncoming(String str) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException();
        }
        return processIncoming(new IncomingMessage(str));
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public IncomingMessage processIncoming(String str, NHINDAddressCollection nHINDAddressCollection, NHINDAddress nHINDAddress) {
        checkEnvelopeAddresses(nHINDAddressCollection, nHINDAddress);
        return processIncoming(new IncomingMessage(str, nHINDAddressCollection, nHINDAddress));
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public IncomingMessage processIncoming(MessageEnvelope messageEnvelope) {
        if (messageEnvelope == null) {
            throw new IllegalArgumentException();
        }
        checkEnvelopeAddresses(messageEnvelope);
        return processIncoming(new IncomingMessage(messageEnvelope));
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public IncomingMessage processIncoming(MimeMessage mimeMessage) {
        if (mimeMessage == null) {
            throw new IllegalArgumentException();
        }
        try {
            return processIncoming(new IncomingMessage(new Message(mimeMessage)));
        } catch (MessagingException e) {
            throw new MimeException(MimeError.InvalidMimeEntity, e);
        }
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public IncomingMessage processIncoming(IncomingMessage incomingMessage) {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            if (incomingMessage == null) {
                throw new IllegalArgumentException();
            }
            if (log.isDebugEnabled()) {
                log.debug("Processing incoming message:\r\n  {} \r\n", incomingMessage.toString());
            }
            try {
                try {
                    incomingMessage.setAgent(this);
                    incomingMessage.validate();
                    if (this.m_listener != null) {
                        this.m_listener.preProcessIncoming(incomingMessage);
                    }
                    processMessage(incomingMessage);
                    if (this.m_listener != null) {
                        this.m_listener.postProcessIncoming(incomingMessage);
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Completed processing incoming message.  Result message:\r\n {} \r\n", EntitySerializer.Default.serialize(incomingMessage.getMessage()));
                    }
                    return incomingMessage;
                } catch (Exception e) {
                    NHINDException nHINDException = new NHINDException(AgentError.Unexpected, e);
                    if (this.m_listener != null) {
                        this.m_listener.errorIncoming(incomingMessage, e);
                    }
                    throw nHINDException;
                }
            } catch (AgentException e2) {
                if (this.m_listener != null) {
                    this.m_listener.errorIncoming(incomingMessage, e2);
                }
                throw e2;
            } catch (NHINDException e3) {
                if (this.m_listener != null) {
                    this.m_listener.errorIncoming(incomingMessage, e3);
                }
                throw e3;
            }
        } finally {
            readLock.unlock();
        }
    }

    protected void processMessage(IncomingMessage incomingMessage) {
        if (incomingMessage.getSender() == null) {
            throw new TrustException(TrustError.UntrustedSender);
        }
        incomingMessage.categorizeRecipients(getDomains());
        if (!incomingMessage.hasDomainRecipients()) {
            throw new AgentException(AgentError.NoTrustedRecipients);
        }
        bindAddresses(incomingMessage);
        decryptSignedContent(incomingMessage);
        incomingMessage.setMessage(unwrapMessage(incomingMessage.getMessage()));
        if (OptionsParameter.getParamValueAsBoolean(OptionsManager.getInstance().getParameter("UseOutgoingPolicyForIncomingNotifications"), false)) {
            TxMessageType messageType = TxUtil.getMessageType(incomingMessage.getMessage());
            if (messageType.equals(TxMessageType.DSN) || messageType.equals(TxMessageType.MDN)) {
                Iterator<NHINDAddress> it = incomingMessage.getDomainRecipients().iterator();
                while (it.hasNext()) {
                    NHINDAddress next = it.next();
                    try {
                        ArrayList arrayList = new ArrayList(this.trustAnchors.getIncomingAnchors().getCertificates(next));
                        arrayList.addAll(this.trustAnchors.getOutgoingAnchors().getCertificates(next));
                        next.setTrustAnchors(arrayList);
                    } catch (Exception e) {
                        log.warn("Exception getting anchors for inbound notification policy.", (Throwable) e);
                    }
                }
            }
        }
        enforceTamperPolicy(incomingMessage);
        this.trustModel.enforce(incomingMessage);
        if (incomingMessage.hasDomainRecipients()) {
            incomingMessage.categorizeRecipients(this.minTrustRequirement);
        }
        if (!incomingMessage.hasDomainRecipients()) {
            throw new TrustException(TrustError.NoTrustedRecipients);
        }
        incomingMessage.updateRoutingHeaders();
    }

    protected void enforceTamperPolicy(MessageEnvelope messageEnvelope) throws NHINDException {
        boolean paramValueAsBoolean = OptionsParameter.getParamValueAsBoolean(OptionsManager.getInstance().getParameter(OptionsParameter.REJECT_ON_ROUTING_TAMPER), true);
        try {
            ArrayList arrayList = new ArrayList();
            if (messageEnvelope.getMessage().getRecipients(Message.RecipientType.TO) != null) {
                Arrays.stream(messageEnvelope.getMessage().getRecipients(Message.RecipientType.TO)).forEach(address -> {
                    arrayList.add(((InternetAddress) address).getAddress().toLowerCase());
                });
            }
            if (messageEnvelope.getMessage().getRecipients(Message.RecipientType.CC) != null) {
                Arrays.stream(messageEnvelope.getMessage().getRecipients(Message.RecipientType.CC)).forEach(address2 -> {
                    arrayList.add(((InternetAddress) address2).getAddress().toLowerCase());
                });
            }
            if (messageEnvelope.getRecipients() != null) {
                Iterator<NHINDAddress> it = messageEnvelope.getRecipients().iterator();
                while (it.hasNext()) {
                    NHINDAddress next = it.next();
                    if (!arrayList.contains(next.getAddress().toLowerCase())) {
                        String str = "Recipient " + next.getAddress() + " was not found in the authoritative headers";
                        if (paramValueAsBoolean) {
                            throw new AgentException(AgentError.MessageTamperDectection, str);
                        }
                        log.warn(str);
                    }
                }
            }
            NHINDAddress sender = messageEnvelope.getSender();
            if (sender != null) {
                boolean z = false;
                if (messageEnvelope.getMessage().getFrom() != null) {
                    Address[] from = messageEnvelope.getMessage().getFrom();
                    int length = from.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        if (((InternetAddress) from[i]).getAddress().equalsIgnoreCase(sender.getAddress())) {
                            z = true;
                            break;
                        }
                        i++;
                    }
                }
                if (!z && messageEnvelope.getMessage().getSender() != null && ((InternetAddress) messageEnvelope.getMessage().getSender()).getAddress().equalsIgnoreCase(sender.getAddress())) {
                    z = true;
                }
                if (!z) {
                    String str2 = "Sender " + sender.getAddress() + " was not found in the authoritative headers";
                    if (paramValueAsBoolean) {
                        throw new AgentException(AgentError.MessageTamperDectection, str2);
                    }
                    log.warn(str2);
                }
            }
        } catch (MessagingException e) {
            throw new NHINDException(AgentError.Unexpected, "Invalid internet address format.", e);
        }
    }

    protected void bindAddresses(IncomingMessage incomingMessage) {
        incomingMessage.getSender().setCertificates(new ArrayList());
        Iterator<NHINDAddress> it = incomingMessage.getDomainRecipients().iterator();
        while (it.hasNext()) {
            NHINDAddress next = it.next();
            Collection<X509Certificate> filterCertificatesByPolicy = filterCertificatesByPolicy(next, this.privatePolicyResolver, resolvePrivateCerts(next, false, true), true);
            if (filterCertificatesByPolicy == null || filterCertificatesByPolicy.size() == 0) {
                log.warn("bindAddresses(IncomingMessage message) - Could not resolve a private certificate for recipient {} ", next.getAddress());
            }
            next.setCertificates(filterCertificatesByPolicy);
            ArrayList arrayList = null;
            try {
                arrayList = new ArrayList(this.trustAnchors.getIncomingAnchors().getCertificates(next));
            } catch (Exception e) {
                log.warn("Exception getting incoming anchors for recipient {} ", next.getAddress());
            }
            if (arrayList == null || arrayList.size() == 0) {
                log.warn("bindAddresses(IncomingMessage message) - Could not obtain incoming trust anchors for recipient {}", next.getAddress());
            }
            next.setTrustAnchors(arrayList);
        }
    }

    protected void decryptSignedContent(IncomingMessage incomingMessage) {
        CMSSignedData deserializeSignatureEnvelope;
        MimeEntity content;
        MimeEntity decryptMessage = decryptMessage(incomingMessage);
        try {
            if (SMIMEStandard.isContentEnvelopedSignature(new ContentType(decryptMessage.getContentType()))) {
                deserializeSignatureEnvelope = this.cryptographer.deserializeEnvelopedSignature(decryptMessage);
                content = new MimeEntity(new ByteArrayInputStream(deserializeSignatureEnvelope.toASN1Structure().getEncoded()));
            } else {
                if (!SMIMEStandard.isContentMultipartSignature(new ContentType(decryptMessage.getContentType()))) {
                    throw new AgentException(AgentError.UnsignedMessage);
                }
                SignedEntity load = SignedEntity.load(new MimeMultipart(new ByteArrayDataSource(decryptMessage.getRawInputStream(), decryptMessage.getContentType())));
                deserializeSignatureEnvelope = this.cryptographer.deserializeSignatureEnvelope(load);
                content = load.getContent();
            }
            incomingMessage.setSignature(deserializeSignatureEnvelope);
            InternetHeaders internetHeaders = new InternetHeaders();
            Enumeration<Header> allHeaders = incomingMessage.getMessage().getAllHeaders();
            while (allHeaders.hasMoreElements()) {
                Header nextElement = allHeaders.nextElement();
                if (!MimeStandard.startsWith(nextElement.getName(), MimeStandard.HeaderPrefix)) {
                    internetHeaders.setHeader(nextElement.getName(), nextElement.getValue());
                }
            }
            Enumeration<Header> allHeaders2 = content.getAllHeaders();
            while (allHeaders2.hasMoreElements()) {
                Header nextElement2 = allHeaders2.nextElement();
                internetHeaders.setHeader(nextElement2.getName(), nextElement2.getValue());
            }
            incomingMessage.setMessage(new org.nhindirect.stagent.mail.Message(internetHeaders, content.getContentAsBytes()));
        } catch (IOException e) {
            throw new MimeException(MimeError.InvalidBody, e);
        } catch (MessagingException e2) {
            throw new MimeException(MimeError.InvalidBody, e2);
        }
    }

    protected MimeEntity decryptMessage(IncomingMessage incomingMessage) {
        MimeEntity mimeEntity = null;
        if (this.encryptionEnabled) {
            for (X509Certificate x509Certificate : incomingMessage.getDomainRecipients().getCertificates()) {
                try {
                } catch (Exception e) {
                    log.info("Could not decrypt with message private cert subject {} and serial number {}", x509Certificate.getSubjectDN().getName(), x509Certificate.getSerialNumber().toString(16), e);
                }
                if (x509Certificate instanceof X509CertificateEx) {
                    mimeEntity = this.cryptographer.decrypt(incomingMessage.getMessage(), (X509CertificateEx) x509Certificate);
                    break;
                }
                continue;
            }
        } else {
            try {
                mimeEntity = new MimeEntity(incomingMessage.getMessage().getRawInputStream());
            } catch (MessagingException e2) {
                throw new AgentException(AgentError.MissingMessage);
            }
        }
        if (mimeEntity == null) {
            throw new AgentException(AgentError.UntrustedMessage);
        }
        return mimeEntity;
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public OutgoingMessage processOutgoing(String str) {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        if (str != null) {
            try {
                if (str.length() != 0) {
                    OutgoingMessage processOutgoing = processOutgoing(new OutgoingMessage(wrapMessage(str)));
                    readLock.unlock();
                    return processOutgoing;
                }
            } catch (Throwable th) {
                readLock.unlock();
                throw th;
            }
        }
        throw new IllegalArgumentException();
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public OutgoingMessage processOutgoing(String str, NHINDAddressCollection nHINDAddressCollection, NHINDAddress nHINDAddress) {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            checkEnvelopeAddresses(nHINDAddressCollection, nHINDAddress);
            OutgoingMessage processOutgoing = processOutgoing(new OutgoingMessage(wrapMessage(str), nHINDAddressCollection, nHINDAddress));
            readLock.unlock();
            return processOutgoing;
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public OutgoingMessage processOutgoing(MessageEnvelope messageEnvelope) {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            if (messageEnvelope == null) {
                throw new IllegalArgumentException();
            }
            checkEnvelopeAddresses(messageEnvelope);
            OutgoingMessage processOutgoing = processOutgoing(new OutgoingMessage(messageEnvelope));
            readLock.unlock();
            return processOutgoing;
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    @Override // org.nhindirect.stagent.NHINDAgent
    public OutgoingMessage processOutgoing(OutgoingMessage outgoingMessage) {
        ReentrantReadWriteLock.ReadLock readLock = this.readWriteLock.readLock();
        readLock.lock();
        try {
            if (outgoingMessage == null) {
                throw new IllegalArgumentException();
            }
            outgoingMessage.setAgent(this);
            outgoingMessage.validate();
            try {
                if (this.m_listener != null) {
                    this.m_listener.preProcessOutgoing(outgoingMessage);
                }
                processMessage(outgoingMessage);
                if (this.m_listener != null) {
                    this.m_listener.postProcessOutgoing(outgoingMessage);
                }
                return outgoingMessage;
            } catch (Exception e) {
                NHINDException nHINDException = new NHINDException("Error processing outgoing message", e);
                if (this.m_listener != null) {
                    this.m_listener.errorOutgoing(outgoingMessage, e);
                }
                throw nHINDException;
            }
        } finally {
            readLock.unlock();
        }
    }

    protected void processMessage(OutgoingMessage outgoingMessage) {
        if (!WrappedMessage.isWrapped(outgoingMessage.getMessage())) {
            outgoingMessage.setMessage(wrapMessage(outgoingMessage.getMessage()));
        }
        if (outgoingMessage.getSender() == null) {
            throw new AgentException(AgentError.MissingFrom);
        }
        bindAddresses(outgoingMessage);
        if (!outgoingMessage.hasRecipients()) {
            throw new AgentException(AgentError.MissingTo);
        }
        outgoingMessage.categorizeRecipients(getDomains());
        this.trustModel.enforce(outgoingMessage);
        outgoingMessage.categorizeRecipients(this.minTrustRequirement);
        if (!outgoingMessage.hasRecipients()) {
            throw new AgentException(AgentError.NoTrustedRecipients);
        }
        outgoingMessage.updateRoutingHeaders();
        signAndEncryptMessage(outgoingMessage);
    }

    protected void bindAddresses(OutgoingMessage outgoingMessage) {
        Collection<X509Certificate> filterCertificatesByPolicy = filterCertificatesByPolicy(outgoingMessage.getSender(), this.privatePolicyResolver, resolvePrivateCerts(outgoingMessage.getSender(), true, false), false);
        if (filterCertificatesByPolicy == null || filterCertificatesByPolicy.size() == 0) {
            log.warn("bindAddresses(OutgoingMessage message) - Could not resolve a private certificate for sender {}", outgoingMessage.getSender().getAddress());
        }
        outgoingMessage.getSender().setCertificates(filterCertificatesByPolicy);
        Collection<X509Certificate> collection = null;
        try {
            collection = this.trustAnchors.getOutgoingAnchors().getCertificates(outgoingMessage.getSender());
        } catch (Exception e) {
            log.warn("Exception getting outbound anchors for sender {}", outgoingMessage.getSender());
        }
        if (collection == null || collection.size() == 0) {
            log.warn("bindAddresses(OutgoingMessage message) - Could not obtain outgoing trust anchors for sender {}", outgoingMessage.getSender().getAddress());
        }
        outgoingMessage.getSender().setTrustAnchors(collection);
        Iterator<NHINDAddress> it = outgoingMessage.getRecipients().iterator();
        while (it.hasNext()) {
            NHINDAddress next = it.next();
            Collection<X509Certificate> filterCertificatesByPolicy2 = filterCertificatesByPolicy(outgoingMessage.getSender(), this.publicPolicyResolver, resolvePublicCerts(next, false, false), false);
            if (filterCertificatesByPolicy2 == null || filterCertificatesByPolicy2.size() == 0) {
                log.warn("bindAddresses(OutgoingMessage message) - Could not resolve a public certificate for recipient {}", next.getAddress());
            }
            next.setCertificates(filterCertificatesByPolicy2);
        }
    }

    protected org.nhindirect.stagent.mail.Message wrapMessage(String str) {
        try {
            return WrappedMessage.create(str, NHINDStandard.MailHeadersUsed);
        } catch (MessagingException e) {
            throw new MimeException(MimeError.InvalidMimeEntity, e);
        }
    }

    protected org.nhindirect.stagent.mail.Message wrapMessage(org.nhindirect.stagent.mail.Message message) {
        try {
            return WrappedMessage.isWrapped(message) ? message : WrappedMessage.create(message, NHINDStandard.MailHeadersUsed);
        } catch (MessagingException e) {
            throw new MimeException(MimeError.InvalidMimeEntity, e);
        }
    }

    protected org.nhindirect.stagent.mail.Message unwrapMessage(org.nhindirect.stagent.mail.Message message) {
        try {
            return !WrappedMessage.isWrapped(message) ? message : WrappedMessage.extract(message);
        } catch (MessagingException e) {
            throw new MimeException(MimeError.InvalidMimeEntity, e);
        }
    }

    protected void signAndEncryptMessage(OutgoingMessage outgoingMessage) {
        SignedEntity sign = this.cryptographer.sign(outgoingMessage.getMessage(), outgoingMessage.getSender().getCertificates());
        try {
            if (this.encryptionEnabled) {
                MimeEntity encrypt = this.cryptographer.encrypt(sign.getMimeMultipart(), outgoingMessage.getRecipients().getCertificates());
                InternetHeaders internetHeaders = new InternetHeaders();
                Enumeration<Header> allHeaders = outgoingMessage.getMessage().getAllHeaders();
                while (allHeaders.hasMoreElements()) {
                    Header nextElement = allHeaders.nextElement();
                    internetHeaders.setHeader(nextElement.getName(), nextElement.getValue());
                }
                Enumeration<Header> allHeaders2 = encrypt.getAllHeaders();
                while (allHeaders2.hasMoreElements()) {
                    Header nextElement2 = allHeaders2.nextElement();
                    internetHeaders.setHeader(nextElement2.getName(), nextElement2.getValue());
                }
                outgoingMessage.setMessage(new org.nhindirect.stagent.mail.Message(internetHeaders, encrypt.getContentAsBytes()));
            } else {
                InternetHeaders internetHeaders2 = new InternetHeaders();
                Enumeration<Header> allHeaders3 = outgoingMessage.getMessage().getAllHeaders();
                while (allHeaders3.hasMoreElements()) {
                    Header nextElement3 = allHeaders3.nextElement();
                    internetHeaders2.setHeader(nextElement3.getName(), nextElement3.getValue());
                }
                internetHeaders2.setHeader("Content-Type", sign.getMimeMultipart().getContentType());
                outgoingMessage.setMessage(new org.nhindirect.stagent.mail.Message(internetHeaders2, sign.getEntityBodyAsBytes()));
            }
        } catch (Exception e) {
            throw new MimeException(MimeError.InvalidMimeEntity, e);
        }
    }

    private Collection<X509Certificate> resolvePrivateCerts(InternetAddress internetAddress, boolean z, boolean z2) {
        Collection<X509Certificate> collection = null;
        try {
            try {
                collection = this.privateCertResolver.getCertificates(internetAddress);
            } catch (NHINDException e) {
                if (!e.getError().equals(AgentError.AllCertsInResolverInvalid)) {
                    throw e;
                }
            }
        } catch (AgentException e2) {
            log.warn("Exception thrown resolving private certs for address {}", internetAddress.getAddress(), e2);
            if (z) {
                throw e2;
            }
        } catch (NHINDException e3) {
            throw e3;
        } catch (Exception e4) {
            log.warn("Exception thrown resolving private certs for address {}", internetAddress.getAddress(), e4);
            if (z) {
                throw new NHINDException(AgentError.Unexpected, e4);
            }
        }
        if (collection != null || !z) {
            return collection;
        }
        if (z2) {
            throw new AgentException(AgentError.MissingRecipientCertificate);
        }
        throw new AgentException(AgentError.MissingSenderCertificate);
    }

    private Collection<X509Certificate> resolvePublicCerts(InternetAddress internetAddress, boolean z, boolean z2) throws NHINDException {
        Collection<X509Certificate> collection = null;
        try {
            Iterator<CertificateResolver> it = this.publicCertResolver.iterator();
            while (it.hasNext()) {
                try {
                    collection = it.next().getCertificates(internetAddress);
                    if (collection != null) {
                        break;
                    }
                } catch (NHINDException e) {
                    if (!e.getError().equals(AgentError.AllCertsInResolverInvalid)) {
                        throw e;
                    }
                }
            }
        } catch (AgentException e2) {
            log.warn("Exception thrown resolving public certs for address {}", internetAddress.getAddress(), e2);
            if (z) {
                throw e2;
            }
        } catch (NHINDException e3) {
            throw e3;
        } catch (Exception e4) {
            log.warn("Exception thrown resolving public certs for address {}", internetAddress.getAddress(), e4);
            if (z) {
                throw new NHINDException(AgentError.Unexpected, e4);
            }
        }
        if (collection != null || !z) {
            return collection;
        }
        if (z2) {
            throw new AgentException(AgentError.MissingSenderCertificate);
        }
        throw new AgentException(AgentError.MissingRecipientCertificate);
    }

    protected void checkEnvelopeAddresses(MessageEnvelope messageEnvelope) {
        checkEnvelopeAddresses(messageEnvelope.getRecipients(), messageEnvelope.getSender());
    }

    protected void checkEnvelopeAddresses(NHINDAddressCollection nHINDAddressCollection, NHINDAddress nHINDAddress) {
        if (nHINDAddressCollection == null || nHINDAddressCollection.size() == 0) {
            throw new AgentException(AgentError.NoRecipients);
        }
        if (nHINDAddress == null) {
            throw new AgentException(AgentError.NoSender);
        }
        nHINDAddressCollection.setSource(AddressSource.RcptTo);
        nHINDAddress.setSource(AddressSource.MailFrom);
    }

    protected Collection<X509Certificate> filterCertificatesByPolicy(InternetAddress internetAddress, PolicyResolver policyResolver, Collection<X509Certificate> collection, boolean z) {
        Collection<X509Certificate> collection2;
        if (collection == null || collection.isEmpty()) {
            return collection;
        }
        if (policyResolver != null) {
            collection2 = new ArrayList();
            Collection<PolicyExpression> incomingPolicy = z ? policyResolver.getIncomingPolicy(internetAddress) : policyResolver.getOutgoingPolicy(internetAddress);
            for (X509Certificate x509Certificate : collection) {
                boolean z2 = false;
                Iterator<PolicyExpression> it = incomingPolicy.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    try {
                        if (!this.policyFilter.isCompliant(x509Certificate, it.next())) {
                            z2 = true;
                            break;
                        }
                    } catch (PolicyRequiredException e) {
                        z2 = true;
                    } catch (PolicyProcessException e2) {
                        throw new AgentException(AgentError.InvalidPolicy, e2);
                    }
                }
                if (!z2) {
                    collection2.add(x509Certificate);
                }
            }
        } else {
            collection2 = collection;
        }
        return collection2;
    }

    static {
        CryptoExtensions.registerJCEProviders();
    }
}
