package org.bouncycastle.mail.smime.examples;

import ch.qos.logback.classic.net.SyslogAppender;
import java.io.FileInputStream;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import javax.mail.Authenticator;
import javax.mail.Session;
import javax.mail.internet.MimeMessage;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.i18n.ErrorBundle;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.validator.SignedMailValidator;
import org.bouncycastle.x509.PKIXCertPathReviewer;
import org.bouncycastle.x509.extension.X509ExtensionUtil;

/* loaded from: input_file:WEB-INF/lib/bcmail-jdk15-1.45.jar:org/bouncycastle/mail/smime/examples/ValidateSignedMail.class */
public class ValidateSignedMail {
    public static final boolean useCaCerts = false;
    public static final int TITLE = 0;
    public static final int TEXT = 1;
    public static final int SUMMARY = 2;
    public static final int DETAIL = 3;
    static int dbgLvl = 3;
    private static final String RESOURCE_NAME = "org.bouncycastle.mail.smime.validator.SignedMailValidatorMessages";

    public static void main(String[] strArr) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        MimeMessage mimeMessage = new MimeMessage(Session.getDefaultInstance(System.getProperties(), (Authenticator) null), new FileInputStream("signed.message"));
        HashSet hashSet = new HashSet();
        TrustAnchor trustAnchor = getTrustAnchor("trustanchor");
        if (trustAnchor == null) {
            System.out.println("no trustanchor file found, using a dummy trustanchor");
            trustAnchor = getDummyTrustAnchor();
        }
        hashSet.add(trustAnchor);
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        ArrayList arrayList = new ArrayList();
        X509CRL loadCRL = loadCRL("crl.file");
        if (loadCRL != null) {
            arrayList.add(loadCRL);
        }
        pKIXParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC"));
        pKIXParameters.setRevocationEnabled(true);
        verifySignedMail(mimeMessage, pKIXParameters);
    }

    public static void verifySignedMail(MimeMessage mimeMessage, PKIXParameters pKIXParameters) throws Exception {
        Locale locale = Locale.ENGLISH;
        SignedMailValidator signedMailValidator = new SignedMailValidator(mimeMessage, pKIXParameters);
        Iterator it = signedMailValidator.getSignerInformationStore().getSigners().iterator();
        while (it.hasNext()) {
            SignedMailValidator.ValidationResult validationResult = signedMailValidator.getValidationResult((SignerInformation) it.next());
            if (validationResult.isValidSignature()) {
                System.out.println(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.sigValid").getText(locale));
            } else {
                System.out.println(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.sigInvalid").getText(locale));
                System.out.println("Errors:");
                for (ErrorBundle errorBundle : validationResult.getErrors()) {
                    if (dbgLvl == 3) {
                        System.out.println("\t\t" + errorBundle.getDetail(locale));
                    } else {
                        System.out.println("\t\t" + errorBundle.getText(locale));
                    }
                }
            }
            if (!validationResult.getNotifications().isEmpty()) {
                System.out.println("Notifications:");
                for (ErrorBundle errorBundle2 : validationResult.getNotifications()) {
                    if (dbgLvl == 3) {
                        System.out.println("\t\t" + errorBundle2.getDetail(locale));
                    } else {
                        System.out.println("\t\t" + errorBundle2.getText(locale));
                    }
                }
            }
            PKIXCertPathReviewer certPathReview = validationResult.getCertPathReview();
            if (certPathReview != null) {
                if (certPathReview.isValidCertPath()) {
                    System.out.println("Certificate path valid");
                } else {
                    System.out.println("Certificate path invalid");
                }
                System.out.println("\nCertificate path validation results:");
                System.out.println("Errors:");
                for (ErrorBundle errorBundle3 : certPathReview.getErrors(-1)) {
                    if (dbgLvl == 3) {
                        System.out.println("\t\t" + errorBundle3.getDetail(locale));
                    } else {
                        System.out.println("\t\t" + errorBundle3.getText(locale));
                    }
                }
                System.out.println("Notifications:");
                Iterator it2 = certPathReview.getNotifications(-1).iterator();
                while (it2.hasNext()) {
                    System.out.println(SyslogAppender.DEFAULT_STACKTRACE_PATTERN + ((ErrorBundle) it2.next()).getText(locale));
                }
                Iterator<? extends Certificate> it3 = certPathReview.getCertPath().getCertificates().iterator();
                int i = 0;
                while (it3.hasNext()) {
                    X509Certificate x509Certificate = (X509Certificate) it3.next();
                    System.out.println("\nCertificate " + i + "\n========");
                    System.out.println("Issuer: " + x509Certificate.getIssuerDN().getName());
                    System.out.println("Subject: " + x509Certificate.getSubjectDN().getName());
                    System.out.println("\tErrors:");
                    for (ErrorBundle errorBundle4 : certPathReview.getErrors(i)) {
                        if (dbgLvl == 3) {
                            System.out.println("\t\t" + errorBundle4.getDetail(locale));
                        } else {
                            System.out.println("\t\t" + errorBundle4.getText(locale));
                        }
                    }
                    System.out.println("\tNotifications:");
                    for (ErrorBundle errorBundle5 : certPathReview.getNotifications(i)) {
                        if (dbgLvl == 3) {
                            System.out.println("\t\t" + errorBundle5.getDetail(locale));
                        } else {
                            System.out.println("\t\t" + errorBundle5.getText(locale));
                        }
                    }
                    i++;
                }
            }
        }
    }

    protected static TrustAnchor getTrustAnchor(String str) throws Exception {
        X509Certificate loadCert = loadCert(str);
        if (loadCert == null) {
            return null;
        }
        byte[] extensionValue = loadCert.getExtensionValue(X509Extensions.NameConstraints.getId());
        return extensionValue != null ? new TrustAnchor(loadCert, X509ExtensionUtil.fromExtensionValue(extensionValue).getDEREncoded()) : new TrustAnchor(loadCert, null);
    }

    protected static X509Certificate loadCert(String str) {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new FileInputStream(str));
        } catch (Exception e) {
            System.out.println("certfile \"" + str + "\" not found - classpath is " + System.getProperty("java.class.path"));
        }
        return x509Certificate;
    }

    protected static X509CRL loadCRL(String str) {
        X509CRL x509crl = null;
        try {
            x509crl = (X509CRL) CertificateFactory.getInstance("X.509", "BC").generateCRL(new FileInputStream(str));
        } catch (Exception e) {
            System.out.println("crlfile \"" + str + "\" not found - classpath is " + System.getProperty("java.class.path"));
        }
        return x509crl;
    }

    private static TrustAnchor getDummyTrustAnchor() throws Exception {
        X500Principal x500Principal = new X500Principal("CN=Dummy Trust Anchor");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(1024, new SecureRandom());
        return new TrustAnchor(x500Principal, keyPairGenerator.generateKeyPair().getPublic(), (byte[]) null);
    }
}
