package org.simplejavamail.utils.mail.dkim;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import org.bouncycastle.jcajce.interfaces.EdDSAPublicKey;

/* loaded from: input_file:org/simplejavamail/utils/mail/dkim/DomainKey.class */
public final class DomainKey {
    private static final String DKIM_VERSION = "DKIM1";
    private static final String EMAIL_SERVICE_TYPE = "email";
    private final long timestamp = System.currentTimeMillis();
    private final Pattern granularity;
    private final KeyPairType keyPairType;
    private final PublicKey publicKey;
    private final Set<String> serviceTypes;
    private final Map<Character, String> tags;

    public DomainKey(Map<Character, String> map) throws DkimException {
        this.tags = Collections.unmodifiableMap(map);
        if (!DKIM_VERSION.equals(getTagValue('v', DKIM_VERSION))) {
            throw new DkimException("Incompatible version v=" + getTagValue('v') + ".");
        }
        this.granularity = getGranularityPattern(getTagValue('g', "*"));
        this.keyPairType = getPublicKeyType(getTagValue('k', KeyPairType.RSA.getDkimNotation()));
        if (null == this.keyPairType) {
            throw new DkimException("Incompatible key type k=" + getTagValue('k') + ".");
        }
        this.keyPairType.initialize();
        this.serviceTypes = getServiceTypes(getTagValue('s', "*"));
        if (!this.serviceTypes.contains("*") && !this.serviceTypes.contains(EMAIL_SERVICE_TYPE)) {
            throw new DkimException("Incompatible service type s=" + getTagValue('s') + ".");
        }
        String tagValue = getTagValue('p');
        this.publicKey = getPublicKey(tagValue);
        if (null == tagValue) {
            throw new DkimException("Incompatible public key p=" + getTagValue('p') + ".");
        }
    }

    private KeyPairType getPublicKeyType(String str) {
        for (KeyPairType keyPairType : KeyPairType.values()) {
            if (keyPairType.getDkimNotation().equals(str)) {
                return keyPairType;
            }
        }
        return null;
    }

    private Set<String> getServiceTypes(String str) {
        HashSet hashSet = new HashSet();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ":", false);
        while (stringTokenizer.hasMoreElements()) {
            hashSet.add(stringTokenizer.nextToken().trim());
        }
        return hashSet;
    }

    private String getTagValue(char c) {
        return getTagValue(c, null);
    }

    private String getTagValue(char c, String str) {
        String str2 = this.tags.get(Character.valueOf(c));
        return null == str2 ? str : str2;
    }

    private PublicKey getPublicKey(String str) throws DkimException {
        if (null == str) {
            throw new DkimException("Missing public key value.");
        }
        switch (this.keyPairType) {
            case RSA:
                return getRsaPublicKey(str);
            case ED25519:
                return getEd25519PublicKey(str);
            default:
                throw new DkimException("Unknown public key type " + this.keyPairType + ".");
        }
    }

    private RSAPublicKey getRsaPublicKey(String str) {
        try {
            return (RSAPublicKey) KeyFactory.getInstance(KeyPairType.RSA.getJavaNotation()).generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str)));
        } catch (IllegalArgumentException e) {
            throw new DkimException("The public key " + str + " couldn't be read.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new DkimException("RSA algorithm not found by JVM");
        } catch (InvalidKeySpecException e3) {
            throw new DkimException("The public key " + str + " couldn't be decoded.", e3);
        }
    }

    private EdDSAPublicKey getEd25519PublicKey(String str) {
        try {
            return KeyFactory.getInstance(KeyPairType.ED25519.getJavaNotation(), "BC").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str)));
        } catch (IllegalArgumentException e) {
            throw new DkimException("The public key " + str + " couldn't be read.", e);
        } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new DkimException("Ed25519 algorithm not found by JVM");
        } catch (InvalidKeySpecException e3) {
            throw new DkimException("The public key " + str + " couldn't be decoded.", e3);
        }
    }

    private Pattern getGranularityPattern(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, "*", true);
        StringBuffer stringBuffer = new StringBuffer();
        while (stringTokenizer.hasMoreElements()) {
            String nextToken = stringTokenizer.nextToken();
            if ("*".equals(nextToken)) {
                stringBuffer.append(".*");
            } else {
                stringBuffer.append(Pattern.quote(nextToken));
            }
        }
        return Pattern.compile(stringBuffer.toString());
    }

    public long getTimestamp() {
        return this.timestamp;
    }

    public Pattern getGranularity() {
        return this.granularity;
    }

    public Set<String> getServiceTypes() {
        return this.serviceTypes;
    }

    public KeyPairType getPublicKeyType() {
        return this.keyPairType;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public Map<Character, String> getTags() {
        return this.tags;
    }

    public String toString() {
        return "DomainKey [timestamp=" + this.timestamp + ", tags=" + this.tags + "]";
    }

    public void check(String str, PrivateKey privateKey) throws DkimSigningException {
        checkIdentity(str);
        checkKeyCompatiblilty(privateKey);
    }

    private void checkIdentity(String str) throws DkimAcceptanceException {
        if (null != str && !str.contains("@")) {
            throw new DkimAcceptanceException("Invalid identity: " + str);
        }
        if (!this.granularity.matcher(null == str ? "" : str.substring(0, str.indexOf(64))).matches()) {
            throw new DkimAcceptanceException("Incompatible identity for granularity " + getTagValue('g') + ": " + str);
        }
    }

    private void checkKeyCompatiblilty(PrivateKey privateKey) throws DkimSigningException {
        try {
            SigningAlgorithm defaultSigningAlgorithm = this.keyPairType.getDefaultSigningAlgorithm();
            Signature signature = Signature.getInstance(defaultSigningAlgorithm.getJavaNotation());
            signature.initSign(privateKey);
            signature.update("01189998819991197253".getBytes(StandardCharsets.UTF_8));
            byte[] sign = signature.sign();
            Signature signature2 = Signature.getInstance(defaultSigningAlgorithm.getJavaNotation());
            signature2.initVerify(this.publicKey);
            signature2.update("01189998819991197253".getBytes(StandardCharsets.UTF_8));
            if (signature2.verify(sign)) {
            } else {
                throw new DkimAcceptanceException("Incompatible private and public key.");
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new DkimSigningException("Performing cryptography failed.", e);
        }
    }
}
