package org.openas2.lib.helper;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.DigestInputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Hashtable;
import java.util.Map;
import javax.activation.CommandMap;
import javax.activation.MailcapCommandMap;
import javax.mail.MessagingException;
import javax.mail.internet.ContentType;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMultipart;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.KeyTransRecipientId;
import org.bouncycastle.cms.KeyTransRecipientInformation;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.bc.BcRSAKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.cms.jcajce.ZlibCompressor;
import org.bouncycastle.cms.jcajce.ZlibExpanderProvider;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMECompressed;
import org.bouncycastle.mail.smime.SMIMECompressedGenerator;
import org.bouncycastle.mail.smime.SMIMEEnveloped;
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESigned;
import org.bouncycastle.mail.smime.SMIMESignedGenerator;
import org.bouncycastle.mail.smime.SMIMESignedParser;
import org.bouncycastle.mail.smime.SMIMEUtil;
import org.bouncycastle.mail.smime.util.CRLFOutputStream;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.OutputEncryptor;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.openas2.DispositionException;
import org.openas2.OpenAS2Exception;
import org.openas2.Session;
import org.openas2.message.AS2Message;
import org.openas2.message.Message;
import org.openas2.processor.receiver.AS2ReceiverModule;
import org.openas2.util.AS2Util;
import org.openas2.util.DispositionType;
import org.openas2.util.HTTPUtil;

/* loaded from: input_file:org/openas2/lib/helper/BCCryptoHelper.class */
public class BCCryptoHelper implements ICryptoHelper {
    private Log logger = LogFactory.getLog(BCCryptoHelper.class.getSimpleName());

    @Override // org.openas2.lib.helper.ICryptoHelper
    public boolean isEncrypted(MimeBodyPart mimeBodyPart) throws MessagingException {
        ContentType contentType = new ContentType(mimeBodyPart.getContentType());
        String lowerCase = contentType.getBaseType().toLowerCase();
        if (!lowerCase.equalsIgnoreCase("application/pkcs7-mime")) {
            if (!this.logger.isDebugEnabled()) {
                return false;
            }
            this.logger.debug("Check for encrypted data failed on BASE content type: " + lowerCase);
            return false;
        }
        String parameter = contentType.getParameter("smime-type");
        boolean z = parameter != null && parameter.equalsIgnoreCase("enveloped-data");
        if (!z && this.logger.isDebugEnabled()) {
            this.logger.debug("Check for encrypted data failed on SMIME content type: " + parameter);
        }
        return z;
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public boolean isSigned(MimeBodyPart mimeBodyPart) throws MessagingException {
        return new ContentType(mimeBodyPart.getContentType()).getBaseType().toLowerCase().equalsIgnoreCase("multipart/signed");
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public boolean isCompressed(MimeBodyPart mimeBodyPart) throws MessagingException {
        ContentType contentType = new ContentType(mimeBodyPart.getContentType());
        String lowerCase = contentType.getBaseType().toLowerCase();
        if (this.logger.isTraceEnabled()) {
            try {
                this.logger.trace("Compression check.  MIME Base Content-Type:" + contentType.getBaseType());
                this.logger.trace("Compression check.  SMIME-TYPE:" + contentType.getParameter("smime-type"));
                this.logger.trace("Compressed MIME msg AFTER COMPRESSION Content-Disposition:" + mimeBodyPart.getDisposition());
            } catch (MessagingException e) {
                this.logger.trace("Compression check: no data available.");
            }
        }
        if (!lowerCase.equalsIgnoreCase("application/pkcs7-mime")) {
            if (!this.logger.isDebugEnabled()) {
                return false;
            }
            this.logger.debug("Check for compressed data failed on BASE content type: " + lowerCase);
            return false;
        }
        String parameter = contentType.getParameter("smime-type");
        boolean z = parameter != null && parameter.equalsIgnoreCase("compressed-data");
        if (!z && this.logger.isDebugEnabled()) {
            this.logger.debug("Check for compressed data failed on SMIME content type: " + parameter);
        }
        return z;
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public String calculateMIC(MimeBodyPart mimeBodyPart, String str, boolean z) throws GeneralSecurityException, MessagingException, IOException {
        return calculateMIC(mimeBodyPart, str, z, false);
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public String calculateMIC(MimeBodyPart mimeBodyPart, String str, boolean z, boolean z2) throws GeneralSecurityException, MessagingException, IOException {
        String convertAlgorithm = convertAlgorithm(str, true);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Calc MIC called with digest: " + str + " ::: Incl headers? " + z + " ::: Prevent canonicalization: " + z2 + " ::: Encoding: " + mimeBodyPart.getEncoding());
        }
        MessageDigest messageDigest = MessageDigest.getInstance(convertAlgorithm, "BC");
        if (z && this.logger.isTraceEnabled()) {
            this.logger.trace("Calculating MIC on MIMEPART Headers: " + AS2Util.printHeaders(mimeBodyPart.getAllHeaders()));
        }
        CRLFOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        String encoding = mimeBodyPart.getEncoding();
        if (encoding == null) {
            encoding = Session.DEFAULT_CONTENT_TRANSFER_ENCODING;
        }
        CRLFOutputStream cRLFOutputStream = (Session.DEFAULT_CONTENT_TRANSFER_ENCODING.equals(encoding) || z2) ? byteArrayOutputStream : new CRLFOutputStream(byteArrayOutputStream);
        if (z) {
            mimeBodyPart.writeTo(cRLFOutputStream);
        } else {
            IOUtils.copy(mimeBodyPart.getInputStream(), cRLFOutputStream);
        }
        DigestInputStream digestInputStream = new DigestInputStream(trimCRLFPrefix(byteArrayOutputStream.toByteArray()), messageDigest);
        do {
        } while (digestInputStream.read(new byte[4096]) >= 0);
        byteArrayOutputStream.close();
        StringBuffer stringBuffer = new StringBuffer(new String(Base64.encode(digestInputStream.getMessageDigest().digest())));
        stringBuffer.append(", ").append(str);
        return stringBuffer.toString();
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public MimeBodyPart decrypt(MimeBodyPart mimeBodyPart, Certificate certificate, Key key) throws GeneralSecurityException, MessagingException, CMSException, IOException, SMIMEException {
        if (!isEncrypted(mimeBodyPart)) {
            throw new GeneralSecurityException("Content-Type indicates data isn't encrypted");
        }
        X509Certificate castCertificate = castCertificate(certificate);
        SMIMEEnveloped sMIMEEnveloped = new SMIMEEnveloped(mimeBodyPart);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Extracted X500 info::  PRINCIPAL : " + castCertificate.getIssuerX500Principal() + " ::  NAME : " + castCertificate.getIssuerX500Principal().getName());
        }
        KeyTransRecipientId keyTransRecipientId = new KeyTransRecipientId(new X500Name(castCertificate.getIssuerX500Principal().getName()), castCertificate.getSerialNumber());
        Collection<RecipientInformation> recipients = sMIMEEnveloped.getRecipientInfos().getRecipients();
        if (recipients == null) {
            throw new GeneralSecurityException("Certificate recipients could not be extracted");
        }
        for (RecipientInformation recipientInformation : recipients) {
            if (recipientInformation instanceof KeyTransRecipientInformation) {
                if (keyTransRecipientId.match(recipientInformation) && 0 == 0) {
                    return SMIMEUtil.toMimeBodyPart(recipientInformation.getContent(new BcRSAKeyTransEnvelopedRecipient(PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(key.getEncoded())))));
                }
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Failed match on recipient ID's:\n     RID from msg:" + recipientInformation.getRID().toString() + "    \n     RID from priv cert: " + keyTransRecipientId.toString());
                }
            }
        }
        throw new GeneralSecurityException("Matching certificate recipient could not be found");
    }

    public void deinitialize() {
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public MimeBodyPart encrypt(MimeBodyPart mimeBodyPart, Certificate certificate, String str, String str2) throws GeneralSecurityException, SMIMEException, MessagingException {
        X509Certificate castCertificate = castCertificate(certificate);
        SMIMEEnvelopedGenerator sMIMEEnvelopedGenerator = new SMIMEEnvelopedGenerator();
        sMIMEEnvelopedGenerator.setContentTransferEncoding(getEncoding(str2));
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Encrypting on MIME part containing the following headers: " + AS2Util.printHeaders(mimeBodyPart.getAllHeaders()));
        }
        sMIMEEnvelopedGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(castCertificate).setProvider("BC"));
        return sMIMEEnvelopedGenerator.generate(mimeBodyPart, getOutputEncryptor(str));
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public void initialize() {
        Security.addProvider(new BouncyCastleProvider());
        MailcapCommandMap defaultCommandMap = CommandMap.getDefaultCommandMap();
        defaultCommandMap.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
        defaultCommandMap.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
        defaultCommandMap.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
        defaultCommandMap.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
        defaultCommandMap.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");
        CommandMap.setDefaultCommandMap(defaultCommandMap);
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public MimeBodyPart sign(MimeBodyPart mimeBodyPart, Certificate certificate, Key key, String str, String str2, boolean z, boolean z2) throws GeneralSecurityException, SMIMEException, MessagingException {
        X509Certificate castCertificate = castCertificate(certificate);
        PrivateKey castKey = castKey(key);
        String algorithm = certificate.getPublicKey().getAlgorithm();
        SMIMESignedGenerator sMIMESignedGenerator = new SMIMESignedGenerator(z ? SMIMESignedGenerator.RFC3851_MICALGS : SMIMESignedGenerator.RFC5751_MICALGS);
        sMIMESignedGenerator.setContentTransferEncoding(getEncoding(str2));
        try {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Params for creating SMIME signed generator:: SIGN DIGEST: " + str + " PUB ENCRYPT ALG: " + algorithm + " X509 CERT: " + castCertificate);
                this.logger.debug("Signing on MIME part containing the following headers: " + AS2Util.printHeaders(mimeBodyPart.getAllHeaders()));
            }
            if (str.toUpperCase().startsWith("SHA-")) {
                str = str.replaceAll("-", "");
            }
            SignerInfoGenerator build = new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC").build(str + "with" + algorithm, castKey, castCertificate);
            if (z2) {
                final CMSAttributeTableGenerator signedAttributeTableGenerator = build.getSignedAttributeTableGenerator();
                build = new SignerInfoGenerator(build, new DefaultSignedAttributeTableGenerator() { // from class: org.openas2.lib.helper.BCCryptoHelper.1
                    public AttributeTable getAttributes(Map map) {
                        return signedAttributeTableGenerator.getAttributes(map).remove(CMSAttributes.cmsAlgorithmProtect);
                    }
                }, build.getUnsignedAttributeTableGenerator());
            }
            sMIMESignedGenerator.addSignerInfoGenerator(build);
            MimeMultipart generate = sMIMESignedGenerator.generate(mimeBodyPart);
            MimeBodyPart mimeBodyPart2 = new MimeBodyPart();
            mimeBodyPart2.setContent(generate);
            mimeBodyPart2.setHeader(HTTPUtil.HEADER_CONTENT_TYPE, generate.getContentType());
            return mimeBodyPart2;
        } catch (OperatorCreationException e) {
            throw new GeneralSecurityException((Throwable) e);
        }
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public MimeBodyPart verifySignature(MimeBodyPart mimeBodyPart, Certificate certificate) throws GeneralSecurityException, IOException, MessagingException, CMSException, OperatorCreationException {
        if (!isSigned(mimeBodyPart)) {
            throw new GeneralSecurityException("Content-Type indicates data isn't signed");
        }
        X509Certificate castCertificate = castCertificate(certificate);
        MimeMultipart mimeMultipart = (MimeMultipart) mimeBodyPart.getContent();
        SMIMESigned sMIMESigned = new SMIMESigned(mimeMultipart);
        DigestCalculatorProvider build = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
        String encoding = sMIMESigned.getContent().getEncoding();
        if (encoding == null || encoding.length() < 1) {
            encoding = Session.DEFAULT_CONTENT_TRANSFER_ENCODING;
        }
        SMIMESignedParser sMIMESignedParser = new SMIMESignedParser(build, mimeMultipart, encoding);
        SignerInformationStore signerInfos = sMIMESignedParser.getSignerInfos();
        if (this.logger.isTraceEnabled()) {
            try {
                this.logger.trace("Headers on MimeBodyPart passed in to signature verifier: " + AS2Util.printHeaders(mimeBodyPart.getAllHeaders()));
                this.logger.trace("Checking signature on SIGNED MIME part extracted from multipart contains headers: " + AS2Util.printHeaders(sMIMESignedParser.getContent().getAllHeaders()));
            } catch (Throwable th) {
                this.logger.trace("Error logging mime part for signer: " + org.openas2.logging.Log.getExceptionMsg(th), th);
            }
        }
        SignerInformationVerifier build2 = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(castCertificate);
        for (SignerInformation signerInformation : signerInfos.getSigners()) {
            if (this.logger.isTraceEnabled()) {
                try {
                    Hashtable hashtable = signerInformation.getSignedAttributes().toHashtable();
                    StringBuilder sb = new StringBuilder();
                    for (Map.Entry entry : hashtable.entrySet()) {
                        sb.append("\n\t").append(entry.getKey()).append(":=");
                        for (ASN1Encodable aSN1Encodable : ((Attribute) entry.getValue()).getAttributeValues()) {
                            sb.append(aSN1Encodable).append(";");
                        }
                    }
                    this.logger.trace("Signer Attributes: " + sb.toString());
                    this.logger.trace("\t**** Signed Attribute Message-Digest := " + Hex.toHexString(signerInformation.getSignedAttributes().get(CMSAttributes.messageDigest).getAttrValues().getObjectAt(0).getOctets()));
                    this.logger.trace("\t**** Signed Content-Digest := " + Hex.toHexString(signerInformation.getContentDigest()));
                } catch (Exception e) {
                    this.logger.trace("Signer Attributes: data not available.");
                }
            }
            if (signerInformation.verify(build2)) {
                logSignerInfo("Verified signature for signer info", signerInformation, mimeBodyPart, castCertificate);
                return sMIMESigned.getContent();
            }
            logSignerInfo("Failed to verify signature for signer info", signerInformation, mimeBodyPart, castCertificate);
        }
        throw new SignatureException("Signature Verification failed");
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public MimeBodyPart compress(Message message, MimeBodyPart mimeBodyPart, String str, String str2) throws SMIMEException, OpenAS2Exception {
        ZlibCompressor zlibCompressor = null;
        if (str != null) {
            if (!str.equalsIgnoreCase(ICryptoHelper.COMPRESSION_ZLIB)) {
                throw new OpenAS2Exception("Unsupported compression type: " + str);
            }
            zlibCompressor = new ZlibCompressor();
        }
        SMIMECompressedGenerator sMIMECompressedGenerator = new SMIMECompressedGenerator();
        sMIMECompressedGenerator.setContentTransferEncoding(getEncoding(str2));
        MimeBodyPart generate = sMIMECompressedGenerator.generate(mimeBodyPart, zlibCompressor);
        if (this.logger.isTraceEnabled()) {
            try {
                this.logger.trace("Compressed MIME msg AFTER COMPRESSION Content-Type:" + generate.getContentType());
                this.logger.trace("Compressed MIME msg AFTER COMPRESSION Content-Disposition:" + generate.getDisposition());
            } catch (MessagingException e) {
            }
        }
        return generate;
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public void decompress(AS2Message aS2Message) throws DispositionException {
        try {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Decompressing a compressed message");
            }
            aS2Message.setData(SMIMEUtil.toMimeBodyPart(new SMIMECompressed(aS2Message.getData()).getContent(new ZlibExpanderProvider())));
        } catch (Exception e) {
            aS2Message.setLogMsg("Error decompressing received message: " + e.getCause());
            this.logger.error(aS2Message, e);
            throw new DispositionException(new DispositionType("automatic-action", "MDN-sent-automatically", "processed", "Error", "unexpected-processing-error"), AS2ReceiverModule.DISP_DECOMPRESSION_ERROR, e);
        }
    }

    protected String getEncoding(String str) {
        return Session.DEFAULT_CONTENT_TRANSFER_ENCODING.equalsIgnoreCase(str) ? Session.DEFAULT_CONTENT_TRANSFER_ENCODING : "base64";
    }

    protected X509Certificate castCertificate(Certificate certificate) throws GeneralSecurityException {
        if (certificate == null) {
            throw new GeneralSecurityException("Certificate is null");
        }
        if (certificate instanceof X509Certificate) {
            return (X509Certificate) certificate;
        }
        throw new GeneralSecurityException("Certificate must be an instance of X509Certificate");
    }

    protected PrivateKey castKey(Key key) throws GeneralSecurityException {
        if (key instanceof PrivateKey) {
            return (PrivateKey) key;
        }
        throw new GeneralSecurityException("Key must implement PrivateKey interface");
    }

    protected String convertAlgorithm(String str, boolean z) throws NoSuchAlgorithmException {
        if (str == null) {
            throw new NoSuchAlgorithmException("Algorithm is null");
        }
        if (!z) {
            if (str.equalsIgnoreCase(SMIMESignedGenerator.DIGEST_MD5)) {
                return ICryptoHelper.DIGEST_MD5;
            }
            if (str.equalsIgnoreCase(SMIMESignedGenerator.DIGEST_SHA1)) {
                return ICryptoHelper.DIGEST_SHA1;
            }
            if (str.equalsIgnoreCase(SMIMESignedGenerator.DIGEST_SHA224)) {
                return ICryptoHelper.DIGEST_SHA224;
            }
            if (str.equalsIgnoreCase(SMIMESignedGenerator.DIGEST_SHA256)) {
                return ICryptoHelper.DIGEST_SHA256;
            }
            if (str.equalsIgnoreCase(SMIMESignedGenerator.DIGEST_SHA384)) {
                return ICryptoHelper.DIGEST_SHA384;
            }
            if (str.equalsIgnoreCase(SMIMESignedGenerator.DIGEST_SHA512)) {
                return ICryptoHelper.DIGEST_SHA512;
            }
            if (str.equalsIgnoreCase("1.2.840.113533.7.66.10")) {
                return ICryptoHelper.CRYPT_CAST5;
            }
            if (str.equalsIgnoreCase(SMIMEEnvelopedGenerator.AES128_CBC)) {
                return ICryptoHelper.AES128_CBC;
            }
            if (str.equalsIgnoreCase(SMIMEEnvelopedGenerator.AES192_CBC)) {
                return ICryptoHelper.AES192_CBC;
            }
            if (str.equalsIgnoreCase(SMIMEEnvelopedGenerator.AES256_CBC)) {
                return ICryptoHelper.AES256_CBC;
            }
            if (str.equalsIgnoreCase(SMIMEEnvelopedGenerator.AES256_WRAP)) {
                return ICryptoHelper.AES256_WRAP;
            }
            if (str.equalsIgnoreCase(SMIMEEnvelopedGenerator.DES_EDE3_CBC)) {
                return ICryptoHelper.CRYPT_3DES;
            }
            if (str.equalsIgnoreCase("1.3.6.1.4.1.188.7.1.1.2")) {
                return ICryptoHelper.CRYPT_IDEA;
            }
            if (str.equalsIgnoreCase(SMIMEEnvelopedGenerator.RC2_CBC)) {
                return ICryptoHelper.CRYPT_RC2;
            }
            throw new NoSuchAlgorithmException("Unknown algorithm: " + str);
        }
        if (str.toUpperCase().startsWith("SHA-")) {
            str = str.replaceAll("-", "");
        }
        if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_MD5)) {
            return SMIMESignedGenerator.DIGEST_MD5;
        }
        if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_SHA1)) {
            return SMIMESignedGenerator.DIGEST_SHA1;
        }
        if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_SHA224)) {
            return SMIMESignedGenerator.DIGEST_SHA224;
        }
        if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_SHA256)) {
            return SMIMESignedGenerator.DIGEST_SHA256;
        }
        if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_SHA384)) {
            return SMIMESignedGenerator.DIGEST_SHA384;
        }
        if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_SHA512)) {
            return SMIMESignedGenerator.DIGEST_SHA512;
        }
        if (str.equalsIgnoreCase(ICryptoHelper.CRYPT_3DES)) {
            return SMIMEEnvelopedGenerator.DES_EDE3_CBC;
        }
        if (str.equalsIgnoreCase(ICryptoHelper.CRYPT_CAST5)) {
            return "1.2.840.113533.7.66.10";
        }
        if (str.equalsIgnoreCase(ICryptoHelper.CRYPT_IDEA)) {
            return "1.3.6.1.4.1.188.7.1.1.2";
        }
        if (!str.equalsIgnoreCase(ICryptoHelper.CRYPT_RC2) && !str.equalsIgnoreCase(ICryptoHelper.CRYPT_RC2_CBC)) {
            if (str.equalsIgnoreCase(ICryptoHelper.AES256_CBC)) {
                return SMIMEEnvelopedGenerator.AES256_CBC;
            }
            if (str.equalsIgnoreCase(ICryptoHelper.AES192_CBC)) {
                return SMIMEEnvelopedGenerator.AES192_CBC;
            }
            if (str.equalsIgnoreCase(ICryptoHelper.AES128_CBC)) {
                return SMIMEEnvelopedGenerator.AES128_CBC;
            }
            if (str.equalsIgnoreCase(ICryptoHelper.AES256_WRAP)) {
                return SMIMEEnvelopedGenerator.AES256_WRAP;
            }
            throw new NoSuchAlgorithmException("Unsupported or invalid algorithm: " + str);
        }
        return SMIMEEnvelopedGenerator.RC2_CBC;
    }

    protected OutputEncryptor getOutputEncryptor(String str) throws NoSuchAlgorithmException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        if (str == null) {
            throw new NoSuchAlgorithmException("Algorithm is null");
        }
        int i = -1;
        if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_MD2)) {
            aSN1ObjectIdentifier = new ASN1ObjectIdentifier(PKCSObjectIdentifiers.md2.getId());
        } else if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_MD5)) {
            aSN1ObjectIdentifier = new ASN1ObjectIdentifier(PKCSObjectIdentifiers.md5.getId());
        } else if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_SHA1)) {
            aSN1ObjectIdentifier = new ASN1ObjectIdentifier(OIWObjectIdentifiers.idSHA1.getId());
        } else if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_SHA224)) {
            aSN1ObjectIdentifier = new ASN1ObjectIdentifier(NISTObjectIdentifiers.id_sha224.getId());
        } else if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_SHA256)) {
            aSN1ObjectIdentifier = new ASN1ObjectIdentifier(NISTObjectIdentifiers.id_sha256.getId());
        } else if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_SHA384)) {
            aSN1ObjectIdentifier = new ASN1ObjectIdentifier(NISTObjectIdentifiers.id_sha384.getId());
        } else if (str.equalsIgnoreCase(ICryptoHelper.DIGEST_SHA512)) {
            aSN1ObjectIdentifier = new ASN1ObjectIdentifier(NISTObjectIdentifiers.id_sha512.getId());
        } else if (str.equalsIgnoreCase(ICryptoHelper.CRYPT_3DES)) {
            aSN1ObjectIdentifier = new ASN1ObjectIdentifier(PKCSObjectIdentifiers.des_EDE3_CBC.getId());
        } else if (str.equalsIgnoreCase(ICryptoHelper.CRYPT_RC2) || str.equalsIgnoreCase(ICryptoHelper.CRYPT_RC2_CBC)) {
            aSN1ObjectIdentifier = new ASN1ObjectIdentifier(PKCSObjectIdentifiers.RC2_CBC.getId());
            i = 40;
        } else if (str.equalsIgnoreCase(ICryptoHelper.AES128_CBC)) {
            aSN1ObjectIdentifier = CMSAlgorithm.AES128_CBC;
        } else if (str.equalsIgnoreCase(ICryptoHelper.AES192_CBC)) {
            aSN1ObjectIdentifier = CMSAlgorithm.AES192_CBC;
        } else if (str.equalsIgnoreCase(ICryptoHelper.AES256_CBC)) {
            aSN1ObjectIdentifier = CMSAlgorithm.AES256_CBC;
        } else if (str.equalsIgnoreCase(ICryptoHelper.AES256_WRAP)) {
            aSN1ObjectIdentifier = CMSAlgorithm.AES256_WRAP;
        } else if (str.equalsIgnoreCase(ICryptoHelper.CRYPT_CAST5)) {
            aSN1ObjectIdentifier = CMSAlgorithm.CAST5_CBC;
        } else {
            if (!str.equalsIgnoreCase(ICryptoHelper.CRYPT_IDEA)) {
                throw new NoSuchAlgorithmException("Unsupported or invalid algorithm: " + str);
            }
            aSN1ObjectIdentifier = CMSAlgorithm.IDEA_CBC;
        }
        try {
            return i < 0 ? new JceCMSContentEncryptorBuilder(aSN1ObjectIdentifier).setProvider("BC").build() : new JceCMSContentEncryptorBuilder(aSN1ObjectIdentifier, i).setProvider("BC").build();
        } catch (CMSException e) {
            throw new NoSuchAlgorithmException("Error creating encryptor builder using algorithm: " + str + " Cause:" + e.getCause());
        }
    }

    protected InputStream trimCRLFPrefix(byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        int length = bArr.length;
        for (int i = 0; i < length - 1 && new String(bArr, i, 2).equals("\r\n"); i += 2) {
            byteArrayInputStream.read();
            byteArrayInputStream.read();
        }
        return byteArrayInputStream;
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public KeyStore getKeyStore() throws KeyStoreException, NoSuchProviderException {
        return KeyStore.getInstance("PKCS12", "BC");
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public KeyStore loadKeyStore(InputStream inputStream, char[] cArr) throws Exception {
        KeyStore keyStore = getKeyStore();
        keyStore.load(inputStream, cArr);
        return keyStore;
    }

    @Override // org.openas2.lib.helper.ICryptoHelper
    public KeyStore loadKeyStore(String str, char[] cArr) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            KeyStore loadKeyStore = loadKeyStore(fileInputStream, cArr);
            fileInputStream.close();
            return loadKeyStore;
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    public String getHeaderValue(MimeBodyPart mimeBodyPart, String str) {
        try {
            String[] header = mimeBodyPart.getHeader(str);
            if (header == null) {
                return null;
            }
            return header[0];
        } catch (MessagingException e) {
            return null;
        }
    }

    public void logSignerInfo(String str, SignerInformation signerInformation, MimeBodyPart mimeBodyPart, X509Certificate x509Certificate) {
        if (this.logger.isDebugEnabled()) {
            try {
                this.logger.debug(str + ": \n    Digest Alg OID: " + signerInformation.getDigestAlgOID() + "\n    Encrypt Alg OID: " + signerInformation.getEncryptionAlgOID() + "\n    Signer Version: " + signerInformation.getVersion() + "\n    Content Digest: " + Arrays.toString(signerInformation.getContentDigest()) + "\n    Content Type: " + signerInformation.getContentType() + "\n    SID: " + signerInformation.getSID().getIssuer() + "\n    Signature: " + Arrays.toString(signerInformation.getSignature()) + "\n    Unsigned attribs: " + signerInformation.getUnsignedAttributes() + "\n    Content-transfer-encoding: " + mimeBodyPart.getEncoding() + "\n    Certificate: " + x509Certificate);
            } catch (Throwable th) {
                this.logger.debug("Error logging signer info: " + org.openas2.logging.Log.getExceptionMsg(th), th);
            }
        }
    }
}
