package org.simplejavamail.utils.mail.dkim;

import com.sun.mail.util.CRLFOutputStream;
import com.sun.mail.util.QPEncoderStream;
import jakarta.mail.Header;
import jakarta.mail.MessagingException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.regex.Pattern;
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
import net.markenwerk.utils.data.fetcher.BufferedDataFetcher;
import net.markenwerk.utils.data.fetcher.DataFetchException;

/* loaded from: input_file:org/simplejavamail/utils/mail/dkim/DkimSigner.class */
public class DkimSigner {
    private static final int MAX_HEADER_LENGTH = 67;
    private static final String DKIM_SIGNATUR_HEADER = "DKIM-Signature";
    private static final Pattern SIGNING_DOMAIN_PATTERN = Pattern.compile("(.+)\\.(.+)");
    private static final Set<String> MANDATORY_HEADERS_TO_SIGN = new TreeSet(String.CASE_INSENSITIVE_ORDER);
    private static final Set<String> DEFAULT_HEADERS_TO_SIGN = new HashSet();
    private final Set<String> headersToSign;
    private final String signingDomain;
    private final String selector;
    private final KeyPairType keyPairType;
    private final PrivateKey privateKey;
    private SigningAlgorithm signingAlgorithm;
    private MessageDigest messageDigest;
    private Signature signature;
    private Canonicalization headerCanonicalization;
    private Canonicalization bodyCanonicalization;
    private String identity;
    private boolean lengthParam;
    private boolean copyHeaderFields;
    private boolean checkDomainKey;

    public DkimSigner(String str, String str2, File file) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, DkimException {
        this(str, str2, new FileInputStream(file));
    }

    public DkimSigner(String str, String str2, InputStream inputStream) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        this(str, str2, readPrivateKey(inputStream));
    }

    private static RSAPrivateKey readPrivateKey(InputStream inputStream) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(new BufferedDataFetcher().fetch(inputStream, true)));
    }

    public DkimSigner(String str, String str2, RSAPrivateKey rSAPrivateKey) throws DkimException {
        this.headersToSign = new TreeSet(String.CASE_INSENSITIVE_ORDER);
        checkSigningDomain(str);
        this.headersToSign.addAll(DEFAULT_HEADERS_TO_SIGN);
        this.signingDomain = str;
        this.selector = str2.trim();
        this.keyPairType = KeyPairType.RSA;
        this.privateKey = rSAPrivateKey;
        setSigningAlgorithm(this.keyPairType.getDefaultSigningAlgorithm());
        setHeaderCanonicalization(Canonicalization.RELAXED);
        setBodyCanonicalization(Canonicalization.SIMPLE);
        setCheckDomainKey(true);
    }

    public DkimSigner(String str, String str2, EdDSAPrivateKey edDSAPrivateKey) throws DkimException {
        this.headersToSign = new TreeSet(String.CASE_INSENSITIVE_ORDER);
        checkSigningDomain(str);
        this.headersToSign.addAll(DEFAULT_HEADERS_TO_SIGN);
        this.signingDomain = str;
        this.selector = str2.trim();
        this.keyPairType = KeyPairType.ED25519;
        this.privateKey = edDSAPrivateKey;
        this.keyPairType.initialize();
        setSigningAlgorithm(this.keyPairType.getDefaultSigningAlgorithm());
        setHeaderCanonicalization(Canonicalization.RELAXED);
        setBodyCanonicalization(Canonicalization.SIMPLE);
        setCheckDomainKey(true);
    }

    private void checkSigningDomain(String str) {
        if (null == str || !SIGNING_DOMAIN_PATTERN.matcher(str).matches()) {
            throw new DkimException(str + " is an invalid signing domain");
        }
    }

    public void addHeaderToSign(String str) {
        if (null == str || 0 == str.length()) {
            return;
        }
        this.headersToSign.add(str);
    }

    public void removeHeaderToSign(String str) {
        if (null == str || 0 == str.length() || isMandatoryHeader(str)) {
            return;
        }
        this.headersToSign.remove(str);
    }

    private static boolean isMandatoryHeader(String str) {
        return MANDATORY_HEADERS_TO_SIGN.contains(str);
    }

    public SigningAlgorithm getSigningAlgorithm() {
        return this.signingAlgorithm;
    }

    public void setSigningAlgorithm(SigningAlgorithm signingAlgorithm) throws DkimException {
        if (!this.keyPairType.supportsSigningAlgorithm(signingAlgorithm)) {
            throw new DkimException("Unsupported signing algorithm: " + signingAlgorithm);
        }
        try {
            this.messageDigest = MessageDigest.getInstance(signingAlgorithm.getHashNotation());
            try {
                this.signature = Signature.getInstance(signingAlgorithm.getJavaNotation());
                this.signature.initSign(this.privateKey);
                this.signingAlgorithm = signingAlgorithm;
            } catch (InvalidKeyException e) {
                throw new DkimException("Invalid private key", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new DkimException("Unknown signing algorithm " + signingAlgorithm.getJavaNotation(), e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new DkimException("Unknown hashing algorithm: " + signingAlgorithm.getHashNotation(), e3);
        }
    }

    public Canonicalization getHeaderCanonicalization() {
        return this.headerCanonicalization;
    }

    public void setHeaderCanonicalization(Canonicalization canonicalization) {
        this.headerCanonicalization = canonicalization;
    }

    public Canonicalization getBodyCanonicalization() {
        return this.bodyCanonicalization;
    }

    public void setBodyCanonicalization(Canonicalization canonicalization) {
        this.bodyCanonicalization = canonicalization;
    }

    public String getIdentity() {
        return this.identity;
    }

    public void setIdentity(String str) throws DkimException {
        if (null != str) {
            checkIdentity(str);
        }
        this.identity = str;
    }

    private void checkIdentity(String str) {
        if (!str.endsWith("@" + this.signingDomain) && !str.endsWith("." + this.signingDomain)) {
            throw new DkimException("The domain part of " + str + " isn't " + this.signingDomain + " or a subdomain thereof");
        }
    }

    public boolean getLengthParam() {
        return this.lengthParam;
    }

    public void setLengthParam(boolean z) {
        this.lengthParam = z;
    }

    @Deprecated
    public boolean isZParam() {
        return isCopyHeaderFields();
    }

    @Deprecated
    public void setZParam(boolean z) {
        setCopyHeaderFields(z);
    }

    public boolean isCopyHeaderFields() {
        return this.copyHeaderFields;
    }

    public void setCopyHeaderFields(boolean z) {
        this.copyHeaderFields = z;
    }

    public boolean isCheckDomainKey() {
        return this.checkDomainKey;
    }

    public void setCheckDomainKey(boolean z) {
        this.checkDomainKey = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String sign(DkimMessage dkimMessage) throws MessagingException {
        if (this.checkDomainKey) {
            checkDomainKey();
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("v", "1");
        linkedHashMap.put("a", this.signingAlgorithm.getDkimNotation());
        linkedHashMap.put("q", "dns/txt");
        linkedHashMap.put("c", getHeaderCanonicalization().getType() + "/" + getBodyCanonicalization().getType());
        linkedHashMap.put("t", Long.toString(getSentDate(dkimMessage).getTime() / 1000));
        linkedHashMap.put("s", this.selector);
        linkedHashMap.put("d", this.signingDomain);
        if (null != this.identity) {
            linkedHashMap.put("i", quotedPrintable(this.identity));
        }
        StringBuilder sb = new StringBuilder();
        StringBuilder sb2 = new StringBuilder();
        StringBuilder sb3 = new StringBuilder();
        Set<String> compileMandatoryHeaders = compileMandatoryHeaders();
        for (Header header : compileHeadersToSign(dkimMessage)) {
            String name = header.getName();
            String value = header.getValue();
            sb.append(name).append(":");
            sb2.append(this.headerCanonicalization.canonicalizeHeader(name, value));
            sb2.append("\r\n");
            compileMandatoryHeaders.remove(name);
            if (this.copyHeaderFields) {
                sb3.append(name);
                sb3.append(":");
                sb3.append(quotedPrintable(value.trim()).replace("|", "=7C"));
                sb3.append("|");
            }
        }
        if (!compileMandatoryHeaders.isEmpty()) {
            throw new DkimSigningException("Could not find mandatory headers: " + join(compileMandatoryHeaders, ", "));
        }
        linkedHashMap.put("h", sb.substring(0, sb.length() - 1));
        if (this.copyHeaderFields) {
            linkedHashMap.put("z", sb3.substring(0, sb3.length() - 1));
        }
        String canonicalizeBody = canonicalizeBody(dkimMessage);
        if (this.lengthParam) {
            linkedHashMap.put("l", Integer.toString(canonicalizeBody.length()));
        }
        linkedHashMap.put("bh", base64Encode(this.messageDigest.digest(canonicalizeBody.getBytes(StandardCharsets.UTF_8))));
        String serializeSignature = serializeSignature(linkedHashMap);
        sb2.append(this.headerCanonicalization.canonicalizeHeader(DKIM_SIGNATUR_HEADER, serializeSignature));
        return "DKIM-Signature: " + serializeSignature + fold(base64Encode(createSignature(sb2.toString().getBytes(StandardCharsets.UTF_8))), 3);
    }

    private void checkDomainKey() throws DkimSigningException {
        try {
            DomainKeyUtil.getDomainKey(this.signingDomain, this.selector).check(this.identity, this.privateKey);
        } catch (DkimException e) {
            throw new DkimSigningException("Failed to obtain the domain key for " + this.signingDomain + "." + this.selector, e);
        }
    }

    private Date getSentDate(DkimMessage dkimMessage) throws MessagingException {
        Date sentDate = dkimMessage.getSentDate();
        if (null == sentDate) {
            sentDate = new Date();
        }
        return sentDate;
    }

    private Set<String> compileMandatoryHeaders() {
        TreeSet treeSet = new TreeSet(String.CASE_INSENSITIVE_ORDER);
        treeSet.addAll(MANDATORY_HEADERS_TO_SIGN);
        return treeSet;
    }

    private List<Header> compileHeadersToSign(DkimMessage dkimMessage) throws DkimSigningException {
        LinkedList linkedList = new LinkedList();
        for (Header header : getMessageHeaders(dkimMessage)) {
            if (this.headersToSign.contains(header.getName())) {
                linkedList.add(0, header);
            }
        }
        return linkedList;
    }

    private Iterable<Header> getMessageHeaders(DkimMessage dkimMessage) throws DkimSigningException {
        try {
            return headerIterable(dkimMessage.getAllHeaders());
        } catch (MessagingException e) {
            throw new DkimSigningException("Could not retrieve the header fields for signing", e);
        }
    }

    private Iterable<Header> headerIterable(final Enumeration<Header> enumeration) throws MessagingException {
        return new Iterable<Header>() { // from class: org.simplejavamail.utils.mail.dkim.DkimSigner.1
            @Override // java.lang.Iterable
            public Iterator<Header> iterator() {
                return DkimSigner.this.headerIterator(enumeration);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Iterator<Header> headerIterator(final Enumeration<Header> enumeration) {
        return new Iterator<Header>() { // from class: org.simplejavamail.utils.mail.dkim.DkimSigner.2
            @Override // java.util.Iterator
            public boolean hasNext() {
                return enumeration.hasMoreElements();
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.Iterator
            public Header next() {
                return (Header) enumeration.nextElement();
            }
        };
    }

    private String canonicalizeBody(DkimMessage dkimMessage) throws DkimSigningException {
        try {
            byte[] bytes = dkimMessage.getEncodedBody().getBytes(StandardCharsets.UTF_8);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new BufferedDataFetcher().copy(new ByteArrayInputStream(bytes), new CRLFOutputStream(byteArrayOutputStream));
            return this.bodyCanonicalization.canonicalizeBody(byteArrayOutputStream.toString(StandardCharsets.UTF_8.name()));
        } catch (DataFetchException | UnsupportedEncodingException e) {
            throw new DkimSigningException("Failed to canonicalize the line terminators of the message body", e);
        }
    }

    private String serializeSignature(Map<String, String> map) {
        int i = 0;
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            StringBuilder sb2 = new StringBuilder();
            sb2.append(entry.getKey()).append("=").append(entry.getValue()).append(";");
            if (i + sb2.length() + 1 > MAX_HEADER_LENGTH) {
                i = sb2.length();
                sb.append("\r\n\t").append((CharSequence) sb2);
            } else {
                sb.append(" ").append((CharSequence) sb2);
                i += 1 + sb2.length();
            }
        }
        sb.append("\r\n\tb=");
        return sb.toString().trim();
    }

    private byte[] createSignature(byte[] bArr) throws DkimSigningException {
        try {
            this.signature.update(bArr);
            return this.signature.sign();
        } catch (SignatureException e) {
            throw new DkimSigningException("Faild to create signature", e);
        }
    }

    private static String fold(String str, int i) {
        int i2 = 0;
        StringBuilder sb = new StringBuilder();
        while (true) {
            if (i > 0 && str.substring(i2).length() > MAX_HEADER_LENGTH - i) {
                sb.append(str.substring(i2, (i2 + MAX_HEADER_LENGTH) - i));
                i2 += MAX_HEADER_LENGTH - i;
                i = 0;
            } else {
                if (str.substring(i2).length() <= MAX_HEADER_LENGTH) {
                    sb.append("\r\n\t").append(str.substring(i2));
                    return sb.toString();
                }
                sb.append("\r\n\t").append(str.substring(i2, i2 + MAX_HEADER_LENGTH));
                i2 += MAX_HEADER_LENGTH;
            }
        }
    }

    private static String join(Collection<String> collection, String str) {
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            sb.append(str);
        }
        return sb.substring(0, sb.length() - str.length());
    }

    private static String quotedPrintable(String str) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            QPEncoderStream qPEncoderStream = new QPEncoderStream(byteArrayOutputStream);
            qPEncoderStream.write(str.getBytes(StandardCharsets.UTF_8));
            qPEncoderStream.close();
            return byteArrayOutputStream.toString(StandardCharsets.UTF_8.name()).replaceAll(";", "=3B").replaceAll(" ", "=20");
        } catch (IOException e) {
            return null;
        }
    }

    private static String base64Encode(byte[] bArr) {
        return Base64.getEncoder().encodeToString(bArr).replace("\n", "").replace("\r", "");
    }

    static {
        MANDATORY_HEADERS_TO_SIGN.add("From");
        DEFAULT_HEADERS_TO_SIGN.addAll(MANDATORY_HEADERS_TO_SIGN);
        DEFAULT_HEADERS_TO_SIGN.add("To");
        DEFAULT_HEADERS_TO_SIGN.add("Subject");
        DEFAULT_HEADERS_TO_SIGN.add("Content-Description");
        DEFAULT_HEADERS_TO_SIGN.add("Content-ID");
        DEFAULT_HEADERS_TO_SIGN.add("Content-Type");
        DEFAULT_HEADERS_TO_SIGN.add("Content-Transfer-Encoding");
        DEFAULT_HEADERS_TO_SIGN.add("Cc");
        DEFAULT_HEADERS_TO_SIGN.add("Date");
        DEFAULT_HEADERS_TO_SIGN.add("In-Reply-To");
        DEFAULT_HEADERS_TO_SIGN.add("List-Subscribe");
        DEFAULT_HEADERS_TO_SIGN.add("List-Post");
        DEFAULT_HEADERS_TO_SIGN.add("List-Owner");
        DEFAULT_HEADERS_TO_SIGN.add("List-Id");
        DEFAULT_HEADERS_TO_SIGN.add("List-Archive");
        DEFAULT_HEADERS_TO_SIGN.add("List-Help");
        DEFAULT_HEADERS_TO_SIGN.add("List-Unsubscribe");
        DEFAULT_HEADERS_TO_SIGN.add("MIME-Version");
        DEFAULT_HEADERS_TO_SIGN.add("Message-ID");
        DEFAULT_HEADERS_TO_SIGN.add("Resent-Sender");
        DEFAULT_HEADERS_TO_SIGN.add("Resent-Cc");
        DEFAULT_HEADERS_TO_SIGN.add("Resent-Date");
        DEFAULT_HEADERS_TO_SIGN.add("Resent-To");
        DEFAULT_HEADERS_TO_SIGN.add("Reply-To");
        DEFAULT_HEADERS_TO_SIGN.add("References");
        DEFAULT_HEADERS_TO_SIGN.add("Resent-Message-ID");
        DEFAULT_HEADERS_TO_SIGN.add("Resent-From");
        DEFAULT_HEADERS_TO_SIGN.add("Sender");
    }
}
