package org.apache.jmeter.assertions;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.mail.MessagingException;
import javax.mail.Session;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.io.IOUtils;
import org.apache.jmeter.samplers.SampleResult;
import org.apache.jorphan.logging.LoggingManager;
import org.apache.log.Logger;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.jce.PrincipalUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESignedParser;
import org.bouncycastle.x509.extension.X509ExtensionUtil;

/* loaded from: input_file:org/apache/jmeter/assertions/SMIMEAssertion.class */
class SMIMEAssertion {
    private static final Logger log = LoggingManager.getLoggerForShortName(SMIMEAssertionTestElement.class.getName());

    SMIMEAssertion() {
    }

    public static AssertionResult getResult(SMIMEAssertionTestElement sMIMEAssertionTestElement, SampleResult sampleResult, String str) {
        MimeMessage messageFromResponse;
        checkForBouncycastle();
        AssertionResult assertionResult = new AssertionResult(str);
        try {
            int specificMessagePositionAsInt = sMIMEAssertionTestElement.getSpecificMessagePositionAsInt();
            if (specificMessagePositionAsInt < 0) {
                SampleResult[] subResults = sampleResult.getSubResults();
                int length = subResults.length + specificMessagePositionAsInt;
                log.debug("Getting message number: " + length + " of " + subResults.length);
                messageFromResponse = getMessageFromResponse(sampleResult, length);
            } else {
                log.debug("Getting message number: " + specificMessagePositionAsInt);
                messageFromResponse = getMessageFromResponse(sampleResult, specificMessagePositionAsInt);
            }
            SMIMESignedParser sMIMESignedParser = null;
            if (log.isDebugEnabled()) {
                log.debug("Content-type: " + messageFromResponse.getContentType());
            }
            if (messageFromResponse.isMimeType("multipart/signed")) {
                sMIMESignedParser = new SMIMESignedParser((MimeMultipart) messageFromResponse.getContent());
            } else if (messageFromResponse.isMimeType("application/pkcs7-mime") || messageFromResponse.isMimeType("application/x-pkcs7-mime")) {
                sMIMESignedParser = new SMIMESignedParser(messageFromResponse);
            }
            if (null != sMIMESignedParser) {
                log.debug("Found signature");
                if (sMIMEAssertionTestElement.isNotSigned()) {
                    assertionResult.setFailure(true);
                    assertionResult.setFailureMessage("Mime message is signed");
                } else if (sMIMEAssertionTestElement.isVerifySignature() || !sMIMEAssertionTestElement.isSignerNoCheck()) {
                    assertionResult = verifySignature(sMIMEAssertionTestElement, sMIMESignedParser, str);
                }
            } else {
                log.debug("Did not find signature");
                if (!sMIMEAssertionTestElement.isNotSigned()) {
                    assertionResult.setFailure(true);
                    assertionResult.setFailureMessage("Mime message is not signed");
                }
            }
        } catch (IOException e) {
            log.error("Cannot read mime message content: " + e.getMessage(), e);
            assertionResult.setError(true);
            assertionResult.setFailureMessage(e.getMessage());
        } catch (SMIMEException e2) {
            assertionResult.setFailure(true);
            assertionResult.setFailureMessage("Cannot extract signed body part from signature: " + e2.getMessage());
        } catch (MessagingException e3) {
            String str2 = "Cannot parse mime msg: " + e3.getMessage();
            log.warn(str2, e3);
            assertionResult.setFailure(true);
            assertionResult.setFailureMessage(str2);
        } catch (CMSException e4) {
            assertionResult.setFailure(true);
            assertionResult.setFailureMessage("Error reading the signature: " + e4.getMessage());
        }
        return assertionResult;
    }

    private static AssertionResult verifySignature(SMIMEAssertionTestElement sMIMEAssertionTestElement, SMIMESignedParser sMIMESignedParser, String str) throws CMSException {
        AssertionResult assertionResult = new AssertionResult(str);
        try {
            CertStore certificatesAndCRLs = sMIMESignedParser.getCertificatesAndCRLs("Collection", "BC");
            Iterator it = sMIMESignedParser.getSignerInfos().getSigners().iterator();
            if (it.hasNext()) {
                SignerInformation signerInformation = (SignerInformation) it.next();
                Iterator<? extends Certificate> it2 = certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator();
                if (it2.hasNext()) {
                    X509Certificate x509Certificate = (X509Certificate) it2.next();
                    if (sMIMEAssertionTestElement.isVerifySignature() && !signerInformation.verify(x509Certificate.getPublicKey(), "BC")) {
                        assertionResult.setFailure(true);
                        assertionResult.setFailureMessage("Signature is invalid");
                    }
                    if (sMIMEAssertionTestElement.isSignerCheckConstraints()) {
                        StringBuilder sb = new StringBuilder();
                        String signerSerial = sMIMEAssertionTestElement.getSignerSerial();
                        if (signerSerial.trim().length() > 0) {
                            BigInteger readSerialNumber = readSerialNumber(signerSerial);
                            if (!readSerialNumber.equals(x509Certificate.getSerialNumber())) {
                                assertionResult.setFailure(true);
                                sb.append("Serial number ").append(readSerialNumber).append(" does not match serial from signer certificate: ").append(x509Certificate.getSerialNumber()).append("\n");
                            }
                        }
                        String signerEmail = sMIMEAssertionTestElement.getSignerEmail();
                        if (signerEmail.trim().length() > 0 && !getEmailFromCert(x509Certificate).contains(signerEmail)) {
                            assertionResult.setFailure(true);
                            sb.append("Email address \"").append(signerEmail).append("\" not present in signer certificate\n");
                        }
                        String signerDn = sMIMEAssertionTestElement.getSignerDn();
                        if (signerDn.length() > 0) {
                            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                            log.debug(subjectX500Principal.getName("CANONICAL"));
                            X500Principal x500Principal = new X500Principal(signerDn);
                            log.debug(x500Principal.getName("CANONICAL"));
                            if (!x500Principal.equals(subjectX500Principal)) {
                                assertionResult.setFailure(true);
                                sb.append("Distinguished name of signer certificate does not match \"").append(signerDn).append("\"\n");
                            }
                        }
                        String issuerDn = sMIMEAssertionTestElement.getIssuerDn();
                        if (issuerDn.length() > 0) {
                            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                            log.debug(issuerX500Principal.getName("CANONICAL"));
                            X500Principal x500Principal2 = new X500Principal(issuerDn);
                            log.debug(x500Principal2.getName("CANONICAL"));
                            if (!x500Principal2.equals(issuerX500Principal)) {
                                assertionResult.setFailure(true);
                                sb.append("Issuer distinguished name of signer certificate does not match \"").append(signerDn).append("\"\n");
                            }
                        }
                        if (sb.length() > 0) {
                            assertionResult.setFailureMessage(sb.toString());
                        }
                    }
                    if (sMIMEAssertionTestElement.isSignerCheckByFile()) {
                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                        FileInputStream fileInputStream = null;
                        try {
                            fileInputStream = new FileInputStream(sMIMEAssertionTestElement.getSignerCertFile());
                            X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                            IOUtils.closeQuietly(fileInputStream);
                            if (!x509Certificate2.equals(x509Certificate)) {
                                assertionResult.setFailure(true);
                                assertionResult.setFailureMessage("Signer certificate does not match certificate " + sMIMEAssertionTestElement.getSignerCertFile());
                            }
                        } catch (Throwable th) {
                            IOUtils.closeQuietly(fileInputStream);
                            throw th;
                        }
                    }
                } else {
                    assertionResult.setFailure(true);
                    assertionResult.setFailureMessage("No signer certificate found in signature");
                }
            }
            if (it.hasNext()) {
                log.warn("SMIME message contains multiple signers! Checking multiple signers is not supported.");
            }
        } catch (FileNotFoundException e) {
            assertionResult.setFailure(true);
            assertionResult.setFailureMessage("certificate file not found: " + e.getMessage());
        } catch (GeneralSecurityException e2) {
            log.error(e2.getMessage(), e2);
            assertionResult.setError(true);
            assertionResult.setFailureMessage(e2.getMessage());
        }
        return assertionResult;
    }

    private static MimeMessage getMessageFromResponse(SampleResult sampleResult, int i) throws MessagingException {
        SampleResult[] subResults = sampleResult.getSubResults();
        if (i >= subResults.length || i < 0) {
            throw new MessagingException("Message number not present in results: " + i);
        }
        SampleResult sampleResult2 = subResults[i];
        if (log.isDebugEnabled()) {
            log.debug("Bytes: " + sampleResult2.getBytes() + " CT: " + sampleResult2.getContentType());
        }
        MimeMessage mimeMessage = new MimeMessage(Session.getDefaultInstance(new Properties()), new ByteArrayInputStream(sampleResult2.getResponseData()));
        log.debug("msg.getSize() = " + mimeMessage.getSize());
        return mimeMessage;
    }

    private static BigInteger readSerialNumber(String str) {
        return (str.startsWith("0x") || str.startsWith("0X")) ? new BigInteger(str.substring(2), 16) : new BigInteger(str);
    }

    private static List<String> getEmailFromCert(X509Certificate x509Certificate) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        Iterator it = PrincipalUtil.getSubjectX509Principal(x509Certificate).getValues(X509Name.EmailAddress).iterator();
        while (it.hasNext()) {
            arrayList.add((String) it.next());
        }
        for (List list : X509ExtensionUtil.getSubjectAlternativeNames(x509Certificate)) {
            if (((Integer) list.get(0)).intValue() == 1) {
                arrayList.add((String) list.get(1));
            }
        }
        return arrayList;
    }

    private static void checkForBouncycastle() {
        if (null == Security.getProvider("BC")) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
