package net.markenwerk.utils.mail.dkim;

import com.sun.mail.util.CRLFOutputStream;
import com.sun.mail.util.QPEncoderStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.mail.Header;
import javax.mail.MessagingException;
import net.iharder.Base64;
import net.markenwerk.utils.data.fetcher.BufferedFetcher;

/* loaded from: input_file:net/markenwerk/utils/mail/dkim/DkimSigner.class */
public class DkimSigner {
    private static final String DKIM_SIGNATUR_HEADER = "DKIM-Signature";
    private static final int MAX_HEADER_LENGTH = 67;
    private static final List<String> MIMIMUM_HEADERS_TO_SIGN = new ArrayList(3);
    private static final List<String> DEFAULT_HEADERS_TO_SIGN = new ArrayList(28);
    private final Set<String> headersToSign;
    private SigningAlgorithm signingAlgorithm;
    private Signature signature;
    private MessageDigest messageDigest;
    private String signingDomain;
    private String selector;
    private String identity;
    private boolean lengthParam;
    private boolean zParam;
    private Canonicalization headerCanonicalization;
    private Canonicalization bodyCanonicalization;
    private boolean checkDomainKey;
    private RSAPrivateKey privateKey;

    public DkimSigner(String str, String str2, RSAPrivateKey rSAPrivateKey) throws DkimException {
        this.headersToSign = new HashSet(DEFAULT_HEADERS_TO_SIGN);
        this.signingAlgorithm = SigningAlgorithm.SHA256_WITH_RSA;
        this.headerCanonicalization = Canonicalization.RELAXED;
        this.bodyCanonicalization = Canonicalization.SIMPLE;
        this.checkDomainKey = true;
        initDkimSigner(str, str2, rSAPrivateKey);
    }

    public DkimSigner(String str, String str2, File file) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, DkimException {
        this(str, str2, new FileInputStream(file));
    }

    public DkimSigner(String str, String str2, InputStream inputStream) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        this.headersToSign = new HashSet(DEFAULT_HEADERS_TO_SIGN);
        this.signingAlgorithm = SigningAlgorithm.SHA256_WITH_RSA;
        this.headerCanonicalization = Canonicalization.RELAXED;
        this.bodyCanonicalization = Canonicalization.SIMPLE;
        this.checkDomainKey = true;
        initDkimSigner(str, str2, (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(new BufferedFetcher().fetch(inputStream))));
    }

    private void initDkimSigner(String str, String str2, RSAPrivateKey rSAPrivateKey) throws DkimException {
        if (!isValidDomain(str)) {
            throw new DkimException(str + " is an invalid signing domain");
        }
        this.signingDomain = str;
        this.selector = str2.trim();
        this.privateKey = rSAPrivateKey;
        setSigningAlgorithm(this.signingAlgorithm);
    }

    public String getIdentity() {
        return this.identity;
    }

    public void setIdentity(String str) throws DkimException {
        if (null != str) {
            str = str.trim();
            if (!str.endsWith("@" + this.signingDomain) && !str.endsWith("." + this.signingDomain)) {
                throw new DkimException("The domain part of " + str + " has to be " + this.signingDomain + " or a subdomain thereof");
            }
        }
        this.identity = str;
    }

    public Canonicalization getBodyCanonicalization() {
        return this.bodyCanonicalization;
    }

    public void setBodyCanonicalization(Canonicalization canonicalization) {
        this.bodyCanonicalization = canonicalization;
    }

    public Canonicalization getHeaderCanonicalization() {
        return this.headerCanonicalization;
    }

    public void setHeaderCanonicalization(Canonicalization canonicalization) {
        this.headerCanonicalization = canonicalization;
    }

    public void addHeaderToSign(String str) {
        if (null == str || 0 == str.length()) {
            return;
        }
        this.headersToSign.add(str);
    }

    public void removeHeaderToSign(String str) {
        if (null == str || 0 == str.length() || MIMIMUM_HEADERS_TO_SIGN.contains(str)) {
            return;
        }
        this.headersToSign.remove(str);
    }

    public boolean getLengthParam() {
        return this.lengthParam;
    }

    public void setLengthParam(boolean z) {
        this.lengthParam = z;
    }

    public boolean isZParam() {
        return this.zParam;
    }

    public void setZParam(boolean z) {
        this.zParam = z;
    }

    public SigningAlgorithm getSigningAlgorithm() {
        return this.signingAlgorithm;
    }

    public void setSigningAlgorithm(SigningAlgorithm signingAlgorithm) throws DkimException {
        try {
            this.messageDigest = MessageDigest.getInstance(signingAlgorithm.getHashNotation());
            try {
                this.signature = Signature.getInstance(signingAlgorithm.getJavaNotation());
                try {
                    this.signature.initSign(this.privateKey);
                    this.signingAlgorithm = signingAlgorithm;
                } catch (InvalidKeyException e) {
                    throw new DkimException("The provided private key is invalid", e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new DkimException("The signing algorithm " + signingAlgorithm.getJavaNotation() + " is not known by the JVM", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new DkimException("The hashing algorithm " + signingAlgorithm.getHashNotation() + " is not known by the JVM", e3);
        }
    }

    public boolean isCheckDomainKey() {
        return this.checkDomainKey;
    }

    public void setCheckDomainKey(boolean z) {
        this.checkDomainKey = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String sign(DkimMessage dkimMessage) throws DkimAcceptanceException, DkimSigningException {
        if (this.checkDomainKey) {
            try {
                DomainKeyUtil.getDomainKey(this.signingDomain, this.selector).check(this.identity, this.privateKey);
            } catch (DkimException e) {
                throw new DkimSigningException("Obtaining the domain key for " + this.signingDomain + "." + this.selector + " failed", e);
            }
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("v", "1");
        linkedHashMap.put("a", this.signingAlgorithm.getRfc4871Notation());
        linkedHashMap.put("q", "dns/txt");
        linkedHashMap.put("c", getHeaderCanonicalization().getType() + "/" + getBodyCanonicalization().getType());
        linkedHashMap.put("t", (new Date().getTime() / 1000) + "");
        linkedHashMap.put("s", this.selector);
        linkedHashMap.put("d", this.signingDomain);
        if (this.identity != null) {
            linkedHashMap.put("i", quotedPrintable(this.identity));
        }
        ArrayList arrayList = new ArrayList(MIMIMUM_HEADERS_TO_SIGN);
        StringBuffer stringBuffer = new StringBuffer();
        StringBuffer stringBuffer2 = new StringBuffer();
        StringBuffer stringBuffer3 = new StringBuffer();
        try {
            Enumeration allHeaders = dkimMessage.getAllHeaders();
            while (allHeaders.hasMoreElements()) {
                Header header = (Header) allHeaders.nextElement();
                String name = header.getName();
                if (this.headersToSign.contains(name)) {
                    String value = header.getValue();
                    stringBuffer.append(name).append(":");
                    stringBuffer2.append(this.headerCanonicalization.canonicalizeHeader(name, value));
                    stringBuffer2.append("\r\n");
                    arrayList.remove(name);
                    if (this.zParam) {
                        stringBuffer3.append(name);
                        stringBuffer3.append(":");
                        stringBuffer3.append(quotedPrintable(value.trim()).replace("|", "=7C"));
                        stringBuffer3.append("|");
                    }
                }
            }
            if (!arrayList.isEmpty()) {
                throw new DkimSigningException("Could not find the header fields " + concatList(arrayList, ", ") + " for signing");
            }
            linkedHashMap.put("h", stringBuffer.substring(0, stringBuffer.length() - 1));
            if (this.zParam) {
                String stringBuffer4 = stringBuffer3.toString();
                linkedHashMap.put("z", stringBuffer4.substring(0, stringBuffer4.length() - 1));
            }
            String encodedBody = dkimMessage.getEncodedBody();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CRLFOutputStream cRLFOutputStream = new CRLFOutputStream(byteArrayOutputStream);
            try {
                cRLFOutputStream.write(encodedBody.getBytes());
                cRLFOutputStream.close();
                String canonicalizeBody = this.bodyCanonicalization.canonicalizeBody(byteArrayOutputStream.toString());
                if (this.lengthParam) {
                    linkedHashMap.put("l", Integer.toString(canonicalizeBody.length()));
                }
                linkedHashMap.put("bh", base64Encode(this.messageDigest.digest(canonicalizeBody.getBytes())));
                String serializeDkimSignature = serializeDkimSignature(linkedHashMap);
                try {
                    stringBuffer2.append(this.headerCanonicalization.canonicalizeHeader(DKIM_SIGNATUR_HEADER, serializeDkimSignature));
                    this.signature.update(stringBuffer2.toString().getBytes());
                    return "DKIM-Signature: " + serializeDkimSignature + foldSignedSignature(base64Encode(this.signature.sign()), 3);
                } catch (SignatureException e2) {
                    throw new DkimSigningException("The signing operation by Java security failed", e2);
                }
            } catch (IOException e3) {
                throw new DkimSigningException("The body conversion to MIME canonical CRLF line terminator failed", e3);
            }
        } catch (MessagingException e4) {
            throw new DkimSigningException("Could not find the header fields " + concatList(arrayList, ", ") + " for signing", e4);
        }
    }

    private String serializeDkimSignature(Map<String, String> map) {
        Set<Map.Entry<String, String>> entrySet = map.entrySet();
        StringBuffer stringBuffer = new StringBuffer();
        int i = 0;
        for (Map.Entry<String, String> entry : entrySet) {
            StringBuffer stringBuffer2 = new StringBuffer();
            stringBuffer2.append(entry.getKey()).append("=").append(entry.getValue()).append(";");
            if (i + stringBuffer2.length() + 1 > MAX_HEADER_LENGTH) {
                i = stringBuffer2.length();
                stringBuffer.append("\r\n\t").append(stringBuffer2);
            } else {
                stringBuffer.append(" ").append(stringBuffer2);
                i += stringBuffer2.length() + 1;
            }
        }
        stringBuffer.append("\r\n\tb=");
        return stringBuffer.toString().trim();
    }

    private String foldSignedSignature(String str, int i) {
        int i2 = 0;
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            if (i > 0 && str.substring(i2).length() > MAX_HEADER_LENGTH - i) {
                stringBuffer.append(str.substring(i2, (i2 + MAX_HEADER_LENGTH) - i));
                i2 += MAX_HEADER_LENGTH - i;
                i = 0;
            } else {
                if (str.substring(i2).length() <= MAX_HEADER_LENGTH) {
                    stringBuffer.append("\r\n\t").append(str.substring(i2));
                    return stringBuffer.toString();
                }
                stringBuffer.append("\r\n\t").append(str.substring(i2, i2 + MAX_HEADER_LENGTH));
                i2 += MAX_HEADER_LENGTH;
            }
        }
    }

    private static String concatList(List<String> list, String str) {
        StringBuffer stringBuffer = new StringBuffer();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            stringBuffer.append(it.next());
            stringBuffer.append(str);
        }
        return stringBuffer.substring(0, stringBuffer.length() - str.length());
    }

    private static boolean isValidDomain(String str) {
        return Pattern.compile("(.+)\\.(.+)").matcher(str).matches();
    }

    private static String quotedPrintable(String str) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            QPEncoderStream qPEncoderStream = new QPEncoderStream(byteArrayOutputStream);
            qPEncoderStream.write(str.getBytes());
            qPEncoderStream.close();
            return byteArrayOutputStream.toString().replaceAll(";", "=3B").replaceAll(" ", "=20");
        } catch (IOException e) {
            return null;
        }
    }

    private static String base64Encode(byte[] bArr) {
        return Base64.encodeBytes(bArr).replace("\n", "").replace("\r", "");
    }

    static {
        MIMIMUM_HEADERS_TO_SIGN.add("From");
        MIMIMUM_HEADERS_TO_SIGN.add("To");
        MIMIMUM_HEADERS_TO_SIGN.add("Subject");
        DEFAULT_HEADERS_TO_SIGN.addAll(MIMIMUM_HEADERS_TO_SIGN);
        DEFAULT_HEADERS_TO_SIGN.add("Content-Description");
        DEFAULT_HEADERS_TO_SIGN.add("Content-ID");
        DEFAULT_HEADERS_TO_SIGN.add("Content-Type");
        DEFAULT_HEADERS_TO_SIGN.add("Content-Transfer-Encoding");
        DEFAULT_HEADERS_TO_SIGN.add("Cc");
        DEFAULT_HEADERS_TO_SIGN.add("Date");
        DEFAULT_HEADERS_TO_SIGN.add("In-Reply-To");
        DEFAULT_HEADERS_TO_SIGN.add("List-Subscribe");
        DEFAULT_HEADERS_TO_SIGN.add("List-Post");
        DEFAULT_HEADERS_TO_SIGN.add("List-Owner");
        DEFAULT_HEADERS_TO_SIGN.add("List-Id");
        DEFAULT_HEADERS_TO_SIGN.add("List-Archive");
        DEFAULT_HEADERS_TO_SIGN.add("List-Help");
        DEFAULT_HEADERS_TO_SIGN.add("List-Unsubscribe");
        DEFAULT_HEADERS_TO_SIGN.add("MIME-Version");
        DEFAULT_HEADERS_TO_SIGN.add("Message-ID");
        DEFAULT_HEADERS_TO_SIGN.add("Resent-Sender");
        DEFAULT_HEADERS_TO_SIGN.add("Resent-Cc");
        DEFAULT_HEADERS_TO_SIGN.add("Resent-Date");
        DEFAULT_HEADERS_TO_SIGN.add("Resent-To");
        DEFAULT_HEADERS_TO_SIGN.add("Reply-To");
        DEFAULT_HEADERS_TO_SIGN.add("References");
        DEFAULT_HEADERS_TO_SIGN.add("Resent-Message-ID");
        DEFAULT_HEADERS_TO_SIGN.add("Resent-From");
        DEFAULT_HEADERS_TO_SIGN.add("Sender");
    }
}
