package org.apache.james.transport.mailets;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.mail.MessagingException;
import javax.mail.Multipart;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import org.apache.james.transport.KeyStoreHolder;
import org.apache.james.transport.SMIMESignerInfo;
import org.apache.mailet.Attribute;
import org.apache.mailet.AttributeName;
import org.apache.mailet.AttributeValue;
import org.apache.mailet.Mail;
import org.apache.mailet.MailetConfig;
import org.apache.mailet.base.GenericMailet;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESigned;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/james/transport/mailets/SMIMECheckSignature.class */
public class SMIMECheckSignature extends GenericMailet {
    private static final Logger LOGGER = LoggerFactory.getLogger(SMIMECheckSignature.class);
    private KeyStoreHolder trustedCertificateStore;
    private boolean stripSignature = false;
    private boolean onlyTrusted = true;
    private AttributeName mailAttribute = AttributeName.of("org.apache.james.SMIMECheckSignature");

    public void init() throws MessagingException {
        MailetConfig mailetConfig = getMailetConfig();
        String initParameter = mailetConfig.getInitParameter("strip");
        if (initParameter != null) {
            this.stripSignature = Boolean.valueOf(initParameter).booleanValue();
        }
        String initParameter2 = mailetConfig.getInitParameter("onlyTrusted");
        if (initParameter2 != null) {
            this.onlyTrusted = Boolean.valueOf(initParameter2).booleanValue();
        }
        String initParameter3 = mailetConfig.getInitParameter("mailAttribute");
        if (initParameter3 != null) {
            this.mailAttribute = AttributeName.of(initParameter3);
        }
        String initParameter4 = mailetConfig.getInitParameter("keyStoreType");
        String initParameter5 = mailetConfig.getInitParameter("keyStoreFileName");
        String initParameter6 = mailetConfig.getInitParameter("keyStorePassword");
        try {
            if (initParameter5 != null) {
                this.trustedCertificateStore = new KeyStoreHolder(initParameter5, initParameter6, initParameter4);
            } else {
                LOGGER.info("No trusted store path specified, using default store.");
                this.trustedCertificateStore = new KeyStoreHolder(initParameter6);
            }
        } catch (Exception e) {
            throw new MessagingException("Error loading the trusted certificate store", e);
        }
    }

    public void service(Mail mail) throws MessagingException {
        MimeMessage message = mail.getMessage();
        MimeBodyPart mimeBodyPart = null;
        List<SMIMESignerInfo> list = null;
        try {
            Object content = message.getContent();
            SMIMESigned sMIMESigned = content instanceof MimeMultipart ? new SMIMESigned((MimeMultipart) message.getContent()) : content instanceof SMIMESigned ? (SMIMESigned) content : content instanceof byte[] ? new SMIMESigned(message) : null;
            if (sMIMESigned != null) {
                list = this.trustedCertificateStore.verifySignatures(sMIMESigned);
                mimeBodyPart = sMIMESigned.getContent();
            } else {
                LOGGER.info("Content not identified as signed");
            }
        } catch (CMSException | SMIMEException e) {
            LOGGER.error("Error during the analysis of the signed message", e);
            list = null;
        } catch (IOException e2) {
            LOGGER.error("IO error during the analysis of the signed message", e2);
            list = null;
        } catch (Exception e3) {
            LOGGER.error("Generic error occured during the analysis of the message", e3);
            list = null;
        }
        if (list != null) {
            ArrayList arrayList = new ArrayList();
            for (SMIMESignerInfo sMIMESignerInfo : list) {
                if (sMIMESignerInfo.isSignValid() && (!this.onlyTrusted || sMIMESignerInfo.getCertPath() != null)) {
                    arrayList.add(sMIMESignerInfo.getSignerCertificate());
                }
            }
            if (arrayList.size() > 0) {
                mail.setAttribute(new Attribute(this.mailAttribute, AttributeValue.ofAny(arrayList)));
            } else {
                mimeBodyPart = null;
            }
        }
        if (!this.stripSignature || mimeBodyPart == null) {
            return;
        }
        try {
            Object content2 = mimeBodyPart.getContent();
            if (content2 instanceof Multipart) {
                message.setContent((Multipart) content2);
            } else {
                message.setContent(content2, mimeBodyPart.getContentType());
            }
            message.saveChanges();
            mail.setMessage(message);
        } catch (Exception e4) {
            throw new MessagingException("Error during the extraction of the signed content from the message.", e4);
        }
    }
}
