package de.adorsys.docusafe.service.impl.cmsencryption.services;

import de.adorsys.common.exceptions.BaseExceptionHandler;
import de.adorsys.dfs.connection.api.domain.Payload;
import de.adorsys.dfs.connection.api.service.impl.SimplePayloadImpl;
import de.adorsys.docusafe.service.api.cmsencryption.CMSEncryptionService;
import de.adorsys.docusafe.service.api.exceptions.DecryptionException;
import de.adorsys.docusafe.service.api.keystore.types.KeyID;
import de.adorsys.docusafe.service.api.keystore.types.KeyStoreAccess;
import de.adorsys.docusafe.service.impl.cmsencryption.exceptions.AsymmetricEncryptionException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.util.Iterator;
import javax.crypto.SecretKey;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.CMSEnvelopedDataParser;
import org.bouncycastle.cms.CMSEnvelopedDataStreamGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.KEKRecipientId;
import org.bouncycastle.cms.KeyTransRecipientId;
import org.bouncycastle.cms.RecipientId;
import org.bouncycastle.cms.RecipientInfoGenerator;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientInformationStore;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKEKEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKEKRecipientInfoGenerator;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/adorsys/docusafe/service/impl/cmsencryption/services/CMSEncryptionServiceImpl.class */
public class CMSEncryptionServiceImpl implements CMSEncryptionService {
    private static final Logger log = LoggerFactory.getLogger(CMSEncryptionServiceImpl.class);
    private ASN1ObjectIdentifier algorithm = CMSAlgorithm.AES256_CBC;

    /* loaded from: input_file:de/adorsys/docusafe/service/impl/cmsencryption/services/CMSEncryptionServiceImpl$MyFileInputStream.class */
    public static class MyFileInputStream extends FileInputStream {
        private static final Logger LOGGER = LoggerFactory.getLogger(MyFileInputStream.class);
        File file;
        boolean hereItBecomeseUgly;

        public MyFileInputStream(File file) throws FileNotFoundException {
            super(file);
            this.file = null;
            this.hereItBecomeseUgly = false;
            this.file = file;
            LOGGER.debug("temp fis " + file);
        }

        @Override // java.io.FileInputStream, java.io.InputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() {
            if (this.hereItBecomeseUgly) {
                return;
            }
            try {
                LOGGER.debug("close fis " + this.file);
                this.hereItBecomeseUgly = true;
                super.close();
                this.hereItBecomeseUgly = false;
                LOGGER.debug("closed fis " + this.file);
                delete();
            } catch (Exception e) {
                BaseExceptionHandler.handle(e);
            }
        }

        public void delete() {
            try {
                if (this.file != null) {
                    LOGGER.debug("delete file " + this.file);
                    FileUtils.forceDelete(this.file);
                    LOGGER.debug("deleted file " + this.file);
                    this.file = null;
                }
            } catch (Exception e) {
                BaseExceptionHandler.handle(e);
            }
        }
    }

    /* loaded from: input_file:de/adorsys/docusafe/service/impl/cmsencryption/services/CMSEncryptionServiceImpl$MyFileOutputStream.class */
    public static class MyFileOutputStream extends FileOutputStream {
        private static final Logger LOGGER = LoggerFactory.getLogger(MyFileOutputStream.class);
        File file;

        public MyFileOutputStream(File file) throws FileNotFoundException {
            super(file);
            this.file = null;
            this.file = file;
            LOGGER.debug("temp fos is " + file);
        }

        @Override // java.io.FileOutputStream, java.io.OutputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() {
            try {
                LOGGER.debug("close fos " + this.file);
                super.close();
            } catch (Exception e) {
                BaseExceptionHandler.handle(e);
            }
        }
    }

    @Override // de.adorsys.docusafe.service.api.cmsencryption.CMSEncryptionService
    public CMSEnvelopedData encrypt(Payload payload, PublicKey publicKey, KeyID keyID) {
        try {
            CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
            cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(keyID.getValue().getBytes(), publicKey));
            return cMSEnvelopedDataGenerator.generate(new CMSProcessableByteArray(payload.getData()), new JceCMSContentEncryptorBuilder(this.algorithm).setProvider("BC").build());
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    @Override // de.adorsys.docusafe.service.api.cmsencryption.CMSEncryptionService
    public Payload decrypt(CMSEnvelopedData cMSEnvelopedData, KeyStoreAccess keyStoreAccess) {
        try {
            Iterator it = cMSEnvelopedData.getRecipientInfos().getRecipients().iterator();
            if (!it.hasNext()) {
                throw new AsymmetricEncryptionException("CMS Envelope doesn't contain recipients");
            }
            RecipientInformation recipientInformation = (RecipientInformation) it.next();
            if (it.hasNext()) {
                throw new AsymmetricEncryptionException("PROGRAMMING ERROR. HANDLE OF MORE THAN ONE RECIPIENT NOT DONE YET");
            }
            String str = new String(recipientInformation.getRID().getSubjectKeyIdentifier());
            log.debug("Private key ID from envelope: {}", str);
            return new SimplePayloadImpl(recipientInformation.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) keyStoreAccess.getKeyStore().getKey(str, keyStoreAccess.getKeyStoreAuth().getReadKeyPassword().getValue().toCharArray()))));
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    @Override // de.adorsys.docusafe.service.api.cmsencryption.CMSEncryptionService
    public InputStream buildEncryptionInputStream(InputStream inputStream, PublicKey publicKey, KeyID keyID) {
        try {
            File createTempFile = File.createTempFile("fos-encrypted-", "");
            MyFileOutputStream myFileOutputStream = new MyFileOutputStream(createTempFile);
            Throwable th = null;
            try {
                try {
                    readFromInputStreamAndWriteToOutputStream(inputStream, myFileOutputStream, new JceKeyTransRecipientInfoGenerator(keyID.getValue().getBytes(), publicKey));
                    MyFileInputStream myFileInputStream = new MyFileInputStream(createTempFile);
                    if (myFileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                myFileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            myFileOutputStream.close();
                        }
                    }
                    return myFileInputStream;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    @Override // de.adorsys.docusafe.service.api.cmsencryption.CMSEncryptionService
    public InputStream buildEncryptionInputStream(InputStream inputStream, SecretKey secretKey, KeyID keyID) {
        try {
            File createTempFile = File.createTempFile("fos-encrypted-", "");
            MyFileOutputStream myFileOutputStream = new MyFileOutputStream(createTempFile);
            Throwable th = null;
            try {
                readFromInputStreamAndWriteToOutputStream(inputStream, myFileOutputStream, new JceKEKRecipientInfoGenerator(keyID.getValue().getBytes(), secretKey));
                if (myFileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            myFileOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        myFileOutputStream.close();
                    }
                }
                return new MyFileInputStream(createTempFile);
            } finally {
            }
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    @Override // de.adorsys.docusafe.service.api.cmsencryption.CMSEncryptionService
    public InputStream buildDecryptionInputStream(InputStream inputStream, KeyStoreAccess keyStoreAccess) {
        try {
            RecipientInformationStore recipientInfos = new CMSEnvelopedDataParser(inputStream).getRecipientInfos();
            if (recipientInfos.size() == 0) {
                throw new DecryptionException("CMS Envelope doesn't contain recipients");
            }
            if (recipientInfos.size() > 1) {
                throw new DecryptionException("Programming error. Handling of more that one recipient not done yet");
            }
            RecipientInformation recipientInformation = (RecipientInformation) recipientInfos.getRecipients().stream().findFirst().get();
            RecipientId rid = recipientInformation.getRID();
            switch (rid.getType()) {
                case 0:
                    return recipientInformation.getContentStream(new JceKeyTransEnvelopedRecipient(privateKey(keyStoreAccess, rid))).getContentStream();
                case 1:
                    return recipientInformation.getContentStream(new JceKEKEnvelopedRecipient(secretKey(keyStoreAccess, rid))).getContentStream();
                default:
                    throw new DecryptionException("Programming error. Handling of more that one recipient not done yet");
            }
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    private SecretKey secretKey(KeyStoreAccess keyStoreAccess, RecipientId recipientId) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        String str = new String(((KEKRecipientId) recipientId).getKeyIdentifier());
        log.debug("Secret key ID from envelope: {}", str);
        return (SecretKey) keyStoreAccess.getKeyStore().getKey(str, keyStoreAccess.getKeyStoreAuth().getReadKeyPassword().getValue().toCharArray());
    }

    private PrivateKey privateKey(KeyStoreAccess keyStoreAccess, RecipientId recipientId) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        String str = new String(((KeyTransRecipientId) recipientId).getSubjectKeyIdentifier());
        log.debug("Private key ID from envelope: {}", str);
        return (PrivateKey) keyStoreAccess.getKeyStore().getKey(str, keyStoreAccess.getKeyStoreAuth().getReadKeyPassword().getValue().toCharArray());
    }

    private OutputStream streamEncrypt(OutputStream outputStream, RecipientInfoGenerator recipientInfoGenerator) throws CMSException, IOException {
        CMSEnvelopedDataStreamGenerator cMSEnvelopedDataStreamGenerator = new CMSEnvelopedDataStreamGenerator();
        cMSEnvelopedDataStreamGenerator.addRecipientInfoGenerator(recipientInfoGenerator);
        return cMSEnvelopedDataStreamGenerator.open(outputStream, new JceCMSContentEncryptorBuilder(this.algorithm).setProvider("BC").build());
    }

    private void readFromInputStreamAndWriteToOutputStream(InputStream inputStream, FileOutputStream fileOutputStream, RecipientInfoGenerator recipientInfoGenerator) {
        try {
            OutputStream streamEncrypt = streamEncrypt(fileOutputStream, recipientInfoGenerator);
            byte[] bArr = new byte[8192];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    streamEncrypt.flush();
                    IOUtils.closeQuietly(streamEncrypt);
                    IOUtils.closeQuietly(fileOutputStream);
                    return;
                }
                streamEncrypt.write(bArr, 0, read);
            }
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }
}
