package org.nhindirect.gateway.smtp;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.nhind.config.rest.AnchorService;
import org.nhind.config.rest.CertPolicyService;
import org.nhind.config.rest.CertificateService;
import org.nhind.config.rest.DomainService;
import org.nhind.config.rest.SettingService;
import org.nhind.config.rest.TrustBundleService;
import org.nhindirect.common.audit.Auditor;
import org.nhindirect.common.crypto.KeyStoreProtectionManager;
import org.nhindirect.config.model.CertPolicy;
import org.nhindirect.config.model.CertPolicyGroupDomainReltn;
import org.nhindirect.config.model.CertPolicyGroupUse;
import org.nhindirect.config.model.CertPolicyUse;
import org.nhindirect.config.model.EntityStatus;
import org.nhindirect.config.model.Setting;
import org.nhindirect.config.model.TrustBundle;
import org.nhindirect.config.model.TrustBundleAnchor;
import org.nhindirect.config.model.utils.CertUtils;
import org.nhindirect.gateway.smtp.config.cert.impl.ConfigServiceRESTCertificateStore;
import org.nhindirect.policy.PolicyExpression;
import org.nhindirect.policy.PolicyLexicon;
import org.nhindirect.policy.PolicyLexiconParserFactory;
import org.nhindirect.policy.PolicyParseException;
import org.nhindirect.stagent.DefaultNHINDAgent;
import org.nhindirect.stagent.NHINDAgent;
import org.nhindirect.stagent.cert.CertificateResolver;
import org.nhindirect.stagent.cert.CertificateStore;
import org.nhindirect.stagent.cert.impl.DNSCertificateStore;
import org.nhindirect.stagent.cert.impl.EmployLdapAuthInformation;
import org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore;
import org.nhindirect.stagent.cert.impl.LDAPCertificateStore;
import org.nhindirect.stagent.cert.impl.LdapCertificateStoreFactory;
import org.nhindirect.stagent.cert.impl.LdapPublicCertUtilImpl;
import org.nhindirect.stagent.cert.impl.LdapStoreConfiguration;
import org.nhindirect.stagent.cert.impl.TrustAnchorCertificateStore;
import org.nhindirect.stagent.cert.impl.UniformCertificateStore;
import org.nhindirect.stagent.cryptography.SMIMECryptographerImpl;
import org.nhindirect.stagent.policy.PolicyResolver;
import org.nhindirect.stagent.policy.impl.DomainPolicyResolver;
import org.nhindirect.stagent.trust.DefaultTrustAnchorResolver;
import org.nhindirect.stagent.trust.TrustAnchorResolver;
import org.nhindirect.stagent.trust.TrustModel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/nhindirect/gateway/smtp/SmtpAgentFactory.class */
public class SmtpAgentFactory {
    private static final Logger log = LoggerFactory.getLogger(SmtpAgentFactory.class);
    protected static SmtpAgentFactory INSTANCE;
    protected static final String MESSAGE_SETTING_RAW = "Raw";
    protected static final String MESSAGE_SETTING_INCOMING = "Incoming";
    protected static final String MESSAGE_SETTING_OUTGOING = "Outgoing";
    protected static final String MESSAGE_SETTING_BAD = "Bad";
    protected static final String ANCHOR_RES_TYPE_UNIFORM = "uniform";
    protected static final String ANCHOR_RES_TYPE_MULTIDOMAIN = "multidomain";
    protected static final String STORE_TYPE_WS = "WS";
    protected static final String STORE_TYPE_LDAP = "LDAP";
    protected static final String STORE_TYPE_PUBLIC_LDAP = "PublicLDAP";
    protected static final String STORE_TYPE_KEYSTORE = "keystore";
    protected static final String STORE_TYPE_DNS = "DNS";
    protected final CertificateService certService;
    protected final TrustBundleService bundleService;
    protected final DomainService domainService;
    protected final AnchorService anchorService;
    protected final SettingService settingService;
    protected final CertPolicyService polService;
    protected final Auditor auditor;
    protected final KeyStoreProtectionManager keyStoreMgr;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/nhindirect/gateway/smtp/SmtpAgentFactory$PolicyResolvers.class */
    public static class PolicyResolvers {
        private final PolicyResolver publicResolver;
        private final PolicyResolver privateResolver;
        private final PolicyResolver trustResolver;

        public PolicyResolvers(PolicyResolver policyResolver, PolicyResolver policyResolver2, PolicyResolver policyResolver3) {
            this.publicResolver = policyResolver;
            this.privateResolver = policyResolver2;
            this.trustResolver = policyResolver3;
        }

        public PolicyResolver getPublicResolver() {
            return this.publicResolver;
        }

        public PolicyResolver getPrivateResolver() {
            return this.privateResolver;
        }

        public PolicyResolver getTrustResolver() {
            return this.trustResolver;
        }
    }

    public static SmtpAgentFactory getInstance(CertificateService certificateService, TrustBundleService trustBundleService, DomainService domainService, AnchorService anchorService, SettingService settingService, CertPolicyService certPolicyService, Auditor auditor, KeyStoreProtectionManager keyStoreProtectionManager) {
        INSTANCE = new SmtpAgentFactory(certificateService, trustBundleService, domainService, anchorService, settingService, certPolicyService, auditor, keyStoreProtectionManager);
        return INSTANCE;
    }

    protected SmtpAgentFactory(CertificateService certificateService, TrustBundleService trustBundleService, DomainService domainService, AnchorService anchorService, SettingService settingService, CertPolicyService certPolicyService, Auditor auditor, KeyStoreProtectionManager keyStoreProtectionManager) {
        this.certService = certificateService;
        this.bundleService = trustBundleService;
        this.domainService = domainService;
        this.anchorService = anchorService;
        this.settingService = settingService;
        this.polService = certPolicyService;
        this.auditor = auditor;
        this.keyStoreMgr = keyStoreProtectionManager;
    }

    public SmtpAgent createSmtpAgent() throws SmtpAgentException {
        return new DefaultSmtpAgent(createSMTPAgentSetting(), createNHINDAgent(), this.auditor);
    }

    public NHINDAgent createNHINDAgent() throws SmtpAgentException {
        List<String> domains = getDomains();
        TrustAnchorResolver trustAnchorResolver = getTrustAnchorResolver(domains);
        Collection<CertificateResolver> publicCertResolvers = getPublicCertResolvers();
        CertificateResolver privateCertResolver = getPrivateCertResolver();
        PolicyResolvers policyResolvers = getPolicyResolvers();
        NHINDAgent defaultNHINDAgent = new DefaultNHINDAgent(domains, privateCertResolver, publicCertResolvers, trustAnchorResolver, TrustModel.Default, SMIMECryptographerImpl.Default);
        defaultNHINDAgent.setPrivatePolicyResolver(policyResolvers.getPrivateResolver());
        defaultNHINDAgent.setPublicPolicyResolver(policyResolvers.getPublicResolver());
        defaultNHINDAgent.getTrustModel().setTrustPolicyResolver(policyResolvers.getTrustResolver());
        return defaultNHINDAgent;
    }

    protected SmtpAgentSettings createSMTPAgentSetting() {
        MessageProcessingSettings messageProcessingSetting = getMessageProcessingSetting("RawMessageSaveFolder");
        MessageProcessingSettings messageProcessingSetting2 = getMessageProcessingSetting("OutgoingMessageSaveFolder");
        MessageProcessingSettings messageProcessingSetting3 = getMessageProcessingSetting("IncomingMessageSaveFolder");
        MessageProcessingSettings messageProcessingSetting4 = getMessageProcessingSetting("BadMessageSaveFolder");
        Setting safeSetting = getSafeSetting("MDNProdName");
        Setting safeSetting2 = getSafeSetting("MDNText");
        return new SmtpAgentSettings(messageProcessingSetting, messageProcessingSetting2, messageProcessingSetting3, messageProcessingSetting4, new NotificationProducer(new NotificationSettings(true, safeSetting == null ? "" : safeSetting.getValue(), safeSetting2 == null ? "" : safeSetting2.getValue())));
    }

    protected List<String> getDomains() {
        try {
            List<String> list = (List) this.domainService.searchDomains("", (EntityStatus) null).stream().map(domain -> {
                return domain.getDomainName();
            }).collect(Collectors.toList());
            if (list.size() == 0) {
                throw new SmtpAgentException(SmtpAgentError.MissingDomains);
            }
            return list;
        } catch (Exception e) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting domains list: " + e.getMessage(), e);
        }
    }

    protected TrustAnchorResolver getTrustAnchorResolver(List<String> list) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        try {
            Setting safeSetting = getSafeSetting("AnchorStoreType");
            String value = (safeSetting == null || safeSetting.getValue() == null || safeSetting.getValue().isEmpty()) ? STORE_TYPE_WS : safeSetting.getValue();
            if (value.equalsIgnoreCase(STORE_TYPE_WS)) {
                try {
                    Map unmodifiableMap = Collections.unmodifiableMap((Map) this.bundleService.getTrustBundles(true).stream().collect(Collectors.toMap((v0) -> {
                        return v0.getBundleName();
                    }, Function.identity())));
                    try {
                        Collection anchors = this.anchorService.getAnchors();
                        for (String str : list) {
                            hashMap.put(str, new ArrayList());
                            hashMap2.put(str, new ArrayList());
                        }
                        anchors.forEach(anchor -> {
                            X509Certificate x509Certificate = CertUtils.toX509Certificate(anchor.getCertificateData());
                            if (anchor.isIncoming()) {
                                ((Collection) hashMap.get(anchor.getOwner())).add(x509Certificate);
                            }
                            if (anchor.isOutgoing()) {
                                ((Collection) hashMap2.get(anchor.getOwner())).add(x509Certificate);
                            }
                        });
                        try {
                            this.bundleService.getAllTrustBundleDomainReltns(false).stream().forEach(trustBundleDomainReltn -> {
                                TrustBundle trustBundle = (TrustBundle) unmodifiableMap.get(trustBundleDomainReltn.getTrustBundle().getBundleName());
                                if (trustBundle == null || trustBundle.getTrustBundleAnchors() == null) {
                                    return;
                                }
                                Iterator it = trustBundle.getTrustBundleAnchors().iterator();
                                while (it.hasNext()) {
                                    X509Certificate x509Certificate = CertUtils.toX509Certificate(((TrustBundleAnchor) it.next()).getAnchorData());
                                    if (trustBundleDomainReltn.isIncoming()) {
                                        ((Collection) hashMap.get(trustBundleDomainReltn.getDomain().getDomainName())).add(x509Certificate);
                                    }
                                    if (trustBundleDomainReltn.isOutgoing()) {
                                        ((Collection) hashMap2.get(trustBundleDomainReltn.getDomain().getDomainName())).add(x509Certificate);
                                    }
                                }
                            });
                        } catch (Exception e) {
                            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting trust bundle/domain relationships: " + e.getMessage(), e);
                        }
                    } catch (Exception e2) {
                        throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchors: " + e2.getMessage(), e2);
                    }
                } catch (Exception e3) {
                    throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting trust bundles: " + e3.getMessage(), e3);
                }
            } else {
                getAnchorsFromNonWS(hashMap, hashMap2, value, list);
            }
            if (hashMap.size() == 0 && hashMap2.size() == 0) {
                throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "No trust anchors defined.");
            }
            try {
                Setting safeSetting2 = getSafeSetting("AnchorResolverType");
                String value2 = (safeSetting2 == null || safeSetting2.getValue() == null || safeSetting2.getValue().isEmpty()) ? ANCHOR_RES_TYPE_MULTIDOMAIN : safeSetting2.getValue();
                if (value2.equalsIgnoreCase(ANCHOR_RES_TYPE_UNIFORM)) {
                    return new DefaultTrustAnchorResolver(new UniformCertificateStore(hashMap.size() > 0 ? hashMap.values().iterator().next() : hashMap2.values().iterator().next()));
                }
                if (value2.equalsIgnoreCase(ANCHOR_RES_TYPE_MULTIDOMAIN)) {
                    return new DefaultTrustAnchorResolver(new TrustAnchorCertificateStore(hashMap2), new TrustAnchorCertificateStore(hashMap));
                }
                throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings);
            } catch (Exception e4) {
                throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor resolver type: " + e4.getMessage(), e4);
            }
        } catch (Exception e5) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor store type: " + e5.getMessage(), e5);
        }
    }

    protected void getAnchorsFromNonWS(Map<String, Collection<X509Certificate>> map, Map<String, Collection<X509Certificate>> map2, String str, Collection<String> collection) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (String str2 : collection) {
            arrayList.add(str2 + "IncomingAnchorAliases");
            arrayList2.add(str2 + "OutgoingAnchorAliases");
        }
        ArrayList<Setting> arrayList3 = new ArrayList();
        ArrayList<Setting> arrayList4 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                Setting safeSetting = getSafeSetting((String) it.next());
                if (safeSetting != null) {
                    arrayList3.add(safeSetting);
                }
            } catch (Exception e) {
                throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e.getMessage(), e);
            }
        }
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            try {
                Setting safeSetting2 = getSafeSetting((String) it2.next());
                if (safeSetting2 != null) {
                    arrayList4.add(safeSetting2);
                }
            } catch (Exception e2) {
                throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e2.getMessage(), e2);
            }
        }
        if (!str.equalsIgnoreCase(STORE_TYPE_KEYSTORE)) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "Unknow anchor store type: " + str);
        }
        try {
            Setting safeSetting3 = getSafeSetting("AnchorKeyStoreFile");
            Setting safeSetting4 = getSafeSetting("AnchorKeyStoreFilePass");
            Setting safeSetting5 = getSafeSetting("AnchorKeyStorePrivKeyPass");
            KeyStoreCertificateStore keyStoreCertificateStore = new KeyStoreCertificateStore(safeSetting3 == null ? null : safeSetting3.getValue(), safeSetting4 == null ? "DefaultFilePass" : safeSetting4.getValue(), safeSetting5 == null ? "DefaultKeyPass" : safeSetting5.getValue());
            if (arrayList3 != null) {
                for (Setting setting : arrayList3) {
                    ArrayList arrayList5 = new ArrayList();
                    for (String str3 : setting.getValue().split(",")) {
                        X509Certificate byAlias = keyStoreCertificateStore.getByAlias(str3);
                        if (byAlias != null) {
                            arrayList5.add(byAlias);
                        }
                    }
                    map.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), arrayList5);
                }
            }
            if (arrayList4 != null) {
                for (Setting setting2 : arrayList4) {
                    ArrayList arrayList6 = new ArrayList();
                    for (String str4 : setting2.getValue().split(",")) {
                        X509Certificate byAlias2 = keyStoreCertificateStore.getByAlias(str4);
                        if (byAlias2 != null) {
                            arrayList6.add(byAlias2);
                        }
                    }
                    map2.put(setting2.getName().substring(0, setting2.getName().lastIndexOf("OutgoingAnchorAliases")), arrayList6);
                }
            }
        } catch (Exception e3) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor key store settings: " + e3.getMessage(), e3);
        }
    }

    protected Collection<CertificateResolver> getPublicCertResolvers() {
        DNSCertificateStore keyStoreCertificateStore;
        ArrayList arrayList = new ArrayList();
        try {
            Setting safeSetting = getSafeSetting("PublicStoreType");
            for (String str : ((safeSetting == null || safeSetting.getValue() == null || safeSetting.getValue().isEmpty()) ? "DNS,PublicLDAP,WS" : safeSetting.getValue()).split(",")) {
                if (str.equalsIgnoreCase(STORE_TYPE_KEYSTORE)) {
                    try {
                        Setting safeSetting2 = getSafeSetting("PublicStoreFile");
                        Setting safeSetting3 = getSafeSetting("PublicStoreFilePass");
                        Setting safeSetting4 = getSafeSetting("PublicStorePrivKeyPass");
                        keyStoreCertificateStore = new KeyStoreCertificateStore(safeSetting2 == null ? "PublicStoreKeyFile" : safeSetting2.getValue(), safeSetting3 == null ? "DefaultFilePass" : safeSetting3.getValue(), safeSetting4 == null ? "DefaultKeyPass" : safeSetting4.getValue());
                    } catch (Exception e) {
                        throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting public store file settings: " + e.getMessage(), e);
                    }
                } else {
                    keyStoreCertificateStore = str.equalsIgnoreCase(STORE_TYPE_DNS) ? new DNSCertificateStore(Collections.emptyList(), (CertificateStore) null, new DNSCertificateStore.DefaultDNSCachePolicy()) : str.equalsIgnoreCase(STORE_TYPE_WS) ? new ConfigServiceRESTCertificateStore(this.certService, null, new ConfigServiceRESTCertificateStore.DefaultConfigStoreCachePolicy(), this.keyStoreMgr) : str.equalsIgnoreCase(STORE_TYPE_PUBLIC_LDAP) ? new LDAPCertificateStore(new LdapPublicCertUtilImpl(), (CertificateStore) null, new LDAPCertificateStore.DefaultLDAPCachePolicy()) : new DNSCertificateStore(Collections.emptyList(), (CertificateStore) null, new DNSCertificateStore.DefaultDNSCachePolicy());
                }
                arrayList.add(keyStoreCertificateStore);
            }
            return arrayList;
        } catch (Exception e2) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting public store type: " + e2.getMessage(), e2);
        }
    }

    protected CertificateResolver getPrivateCertResolver() {
        CertificateResolver keyStoreCertificateStore;
        try {
            Setting safeSetting = getSafeSetting("PrivateStoreType");
            String value = (safeSetting == null || safeSetting.getValue() == null || safeSetting.getValue().isEmpty()) ? STORE_TYPE_WS : safeSetting.getValue();
            if (value.equalsIgnoreCase(STORE_TYPE_KEYSTORE)) {
                try {
                    Setting safeSetting2 = getSafeSetting("PrivateStoreFile");
                    Setting safeSetting3 = getSafeSetting("PrivateStoreFilePass");
                    Setting safeSetting4 = getSafeSetting("PrivateStorePrivKeyPass");
                    keyStoreCertificateStore = new KeyStoreCertificateStore(safeSetting2 == null ? "PublicStoreKeyFile" : safeSetting2.getValue(), safeSetting3 == null ? "DefaultFilePass" : safeSetting3.getValue(), safeSetting4 == null ? "DefaultKeyPass" : safeSetting4.getValue());
                } catch (Exception e) {
                    throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting public store file settings: " + e.getMessage(), e);
                }
            } else if (value.equalsIgnoreCase(STORE_TYPE_LDAP)) {
                keyStoreCertificateStore = getPrivateLdapCertificateStore("PrivateStore", "LDAPPrivateCertStore");
            } else {
                if (!value.equalsIgnoreCase(STORE_TYPE_WS)) {
                    throw new SmtpAgentException(SmtpAgentError.InvalidPrivateCertStoreSettings);
                }
                keyStoreCertificateStore = new ConfigServiceRESTCertificateStore(this.certService, null, new ConfigServiceRESTCertificateStore.DefaultConfigStoreCachePolicy(), this.keyStoreMgr);
            }
            return keyStoreCertificateStore;
        } catch (Exception e2) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting private store type: " + e2.getMessage(), e2);
        }
    }

    protected MessageProcessingSettings getMessageProcessingSetting(String str) {
        MessageProcessingSettings messageProcessingSettings = new MessageProcessingSettings();
        try {
            Setting safeSetting = getSafeSetting(str);
            if (safeSetting != null && !StringUtils.isEmpty(safeSetting.getValue())) {
                messageProcessingSettings.setSaveMessageFolder(new File(safeSetting.getValue()));
            }
        } catch (Exception e) {
            log.warn("Could not get setting " + str, e);
        }
        return messageProcessingSettings;
    }

    protected Setting getSafeSetting(String str) {
        try {
            return this.settingService.getSetting(str);
        } catch (Exception e) {
            log.info("Could not get setting " + str);
            return null;
        }
    }

    protected CertificateResolver getPrivateLdapCertificateStore(String str, String str2) {
        try {
            Setting safeSetting = getSafeSetting(str + "LDAPUrl");
            Setting safeSetting2 = getSafeSetting(str + "LDAPSearchBase");
            Setting safeSetting3 = getSafeSetting(str + "LDAPSearchAttr");
            Setting safeSetting4 = getSafeSetting(str + "LDAPCertAttr");
            Setting safeSetting5 = getSafeSetting(str + "LDAPCertFormat");
            Setting safeSetting6 = getSafeSetting(str + "LDAPUser");
            Setting safeSetting7 = getSafeSetting(str + "LDAPPassword");
            Setting safeSetting8 = getSafeSetting(str + "LDAPConnTimeout");
            Setting safeSetting9 = getSafeSetting(str + "LDAPCertPassphrase");
            if (safeSetting == null || safeSetting.getValue() == null || safeSetting.getValue().isEmpty()) {
                throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "Missing LDAP URL");
            }
            String value = safeSetting2 == null ? null : safeSetting2.getValue();
            String value2 = safeSetting3 == null ? null : safeSetting3.getValue();
            String value3 = safeSetting4 == null ? null : safeSetting4.getValue();
            String value4 = safeSetting5 == null ? null : safeSetting5.getValue();
            String[] split = safeSetting.getValue().split(",");
            if (split[0].isEmpty() || value.isEmpty() || value2.isEmpty() || value3.isEmpty() || value4.isEmpty()) {
                throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "Missing required LDAP parameters.");
            }
            String value5 = safeSetting6 == null ? null : safeSetting6.getValue();
            String value6 = safeSetting7 == null ? null : safeSetting7.getValue();
            String value7 = safeSetting8 == null ? null : safeSetting8.getValue();
            String value8 = safeSetting9 == null ? null : safeSetting9.getValue();
            if (value4.equalsIgnoreCase("pkcs12") && (value8 == null || value8.isEmpty())) {
                throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat);
            }
            LdapStoreConfiguration ldapStoreConfiguration = new LdapStoreConfiguration(split, value, value2, value3, value4);
            if (value5 != null && !value5.isEmpty() && value6 != null && !value6.isEmpty()) {
                ldapStoreConfiguration.setEmployLdapAuthInformation(new EmployLdapAuthInformation(value5, value6));
            }
            if (value7 != null && !value7.isEmpty()) {
                ldapStoreConfiguration.setLdapConnectionTimeOut(value7);
            }
            if (value8 != null && !value8.isEmpty()) {
                ldapStoreConfiguration.setLdapCertPassphrase(value8);
            }
            return LdapCertificateStoreFactory.createInstance(ldapStoreConfiguration, (CertificateStore) null, new LDAPCertificateStore.DefaultLDAPCachePolicy());
        } catch (Exception e) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting LDAP store settings: " + e.getMessage(), e);
        }
    }

    protected PolicyResolvers getPolicyResolvers() {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        HashMap hashMap4 = new HashMap();
        HashMap hashMap5 = new HashMap();
        try {
            Collection<CertPolicyGroupDomainReltn> policyGroupDomainReltns = this.polService.getPolicyGroupDomainReltns();
            if (policyGroupDomainReltns != null) {
                for (CertPolicyGroupDomainReltn certPolicyGroupDomainReltn : policyGroupDomainReltns) {
                    if (certPolicyGroupDomainReltn.getPolicyGroup().getPolicies() != null) {
                        for (CertPolicyGroupUse certPolicyGroupUse : certPolicyGroupDomainReltn.getPolicyGroup().getPolicies()) {
                            if (certPolicyGroupUse.getPolicyUse().equals(CertPolicyUse.PRIVATE_RESOLVER)) {
                                if (certPolicyGroupUse.isIncoming()) {
                                    addPolicyToMap(hashMap, certPolicyGroupDomainReltn.getDomain().getDomainName(), certPolicyGroupUse);
                                }
                                if (certPolicyGroupUse.isOutgoing()) {
                                    addPolicyToMap(hashMap2, certPolicyGroupDomainReltn.getDomain().getDomainName(), certPolicyGroupUse);
                                }
                            } else if (certPolicyGroupUse.getPolicyUse().equals(CertPolicyUse.PUBLIC_RESOLVER)) {
                                if (certPolicyGroupUse.isIncoming()) {
                                    addPolicyToMap(hashMap3, certPolicyGroupDomainReltn.getDomain().getDomainName(), certPolicyGroupUse);
                                }
                                if (certPolicyGroupUse.isOutgoing()) {
                                    addPolicyToMap(hashMap4, certPolicyGroupDomainReltn.getDomain().getDomainName(), certPolicyGroupUse);
                                }
                            } else if (certPolicyGroupUse.getPolicyUse().equals(CertPolicyUse.TRUST)) {
                                addPolicyToMap(hashMap5, certPolicyGroupDomainReltn.getDomain().getDomainName(), certPolicyGroupUse);
                            }
                        }
                    }
                }
            }
            return new PolicyResolvers(new DomainPolicyResolver(hashMap3, hashMap4), new DomainPolicyResolver(hashMap, hashMap2), new DomainPolicyResolver(hashMap5, hashMap5));
        } catch (Exception e) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting certificate policy configuration: " + e.getMessage(), e);
        }
    }

    public void addPolicyToMap(Map<String, Collection<PolicyExpression>> map, String str, CertPolicyGroupUse certPolicyGroupUse) {
        Collection<PolicyExpression> collection = map.get(str);
        if (collection == null) {
            collection = new ArrayList();
            map.put(str, collection);
        }
        CertPolicy policy = certPolicyGroupUse.getPolicy();
        PolicyLexicon lexicon = policy.getLexicon();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(policy.getPolicyData());
        try {
            try {
                collection.add(PolicyLexiconParserFactory.getInstance(lexicon).parse(byteArrayInputStream));
                IOUtils.closeQuietly(byteArrayInputStream);
            } catch (PolicyParseException e) {
                throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "Failed parse policy into policy expression: " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(byteArrayInputStream);
            throw th;
        }
    }
}
