package io.cloudslang.content.mail.utils;

import io.cloudslang.content.mail.constants.ExceptionMsgs;
import io.cloudslang.content.mail.entities.DecryptableMailInput;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.bouncycastle.cms.RecipientId;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:io/cloudslang/content/mail/utils/SecurityUtils.class */
public final class SecurityUtils {
    public static void addDecryptionSettings(KeyStore keyStore, RecipientId recipientId, DecryptableMailInput decryptableMailInput) throws Exception {
        char[] charArray = decryptableMailInput.getDecryptionKeystorePassword().toCharArray();
        Security.addProvider(new BouncyCastleProvider());
        InputStream openStream = new URL(decryptableMailInput.getDecryptionKeystore()).openStream();
        Throwable th = null;
        try {
            keyStore.load(openStream, charArray);
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    openStream.close();
                }
            }
            if ("".equals(decryptableMailInput.getDecryptionKeyAlias())) {
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (keyStore.isKeyEntry(nextElement)) {
                        decryptableMailInput.setDecryptionKeyAlias(nextElement);
                    }
                }
                if ("".equals(decryptableMailInput.getDecryptionKeyAlias())) {
                    throw new Exception(ExceptionMsgs.PRIVATE_KEY_ERROR_MESSAGE);
                }
            }
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(decryptableMailInput.getDecryptionKeyAlias());
            if (null == x509Certificate) {
                throw new Exception("Can't find a key pair with alias \"" + decryptableMailInput.getDecryptionKeyAlias() + "\" in the given keystore");
            }
            if (decryptableMailInput.isVerifyCertificate()) {
                x509Certificate.checkValidity();
            }
            recipientId.setSerialNumber(x509Certificate.getSerialNumber());
            recipientId.setIssuer(x509Certificate.getIssuerX500Principal().getEncoded());
        } catch (Throwable th3) {
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }
}
