package badpenguin.dkim;

import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:badpenguin/dkim/Verifier.class */
public class Verifier {
    private Signature sig = null;
    private String sigPref = null;
    private DkimSignature dkimSig = null;
    private String mailBody = null;
    private String mailHeaders = null;
    private NSKeyStore keyStore = null;
    private boolean tryBoth = false;

    public Verifier(NSKeyStore nSKeyStore, String str, boolean z) {
        _Verifier(nSKeyStore, str, this.tryBoth);
    }

    public Verifier(NSKeyStore nSKeyStore, String str) {
        _Verifier(nSKeyStore, str, true);
    }

    public Verifier(NSKeyStore nSKeyStore) {
        _Verifier(nSKeyStore, "DKIM", true);
    }

    private void _Verifier(NSKeyStore nSKeyStore, String str, boolean z) {
        this.tryBoth = z;
        this.sigPref = str;
        this.keyStore = nSKeyStore;
    }

    public void tryBoth(boolean z) {
        this.tryBoth = z;
    }

    private boolean checkBodyHash() {
        MessageDigest messageDigest = null;
        try {
            messageDigest = this.dkimSig.getJavaAlg().equals("SHA256withRSA") ? MessageDigest.getInstance("SHA-256") : MessageDigest.getInstance("SHA-1");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        messageDigest.update(this.mailBody.getBytes());
        return new BASE64Encoder().encode(messageDigest.digest()).equals(this.dkimSig.getBodyHash());
    }

    private boolean processGranularity(DkimSignature dkimSignature, NSKey nSKey) {
        int indexOf;
        String granularity = nSKey.getGranularity();
        if (granularity.equals("*")) {
            return true;
        }
        String itag = dkimSignature.getItag();
        return itag.equals("��") || (indexOf = itag.indexOf("@")) <= 0 || itag.substring(0, indexOf).matches(granularity);
    }

    public boolean verifyMail(InputStream inputStream) throws IOException, DkimException {
        Canonicaliser canonicaliser = new Canonicaliser(this.sigPref);
        MailMessage mailMessage = new MailMessage();
        mailMessage.processMail(inputStream);
        this.dkimSig = new DkimSignature(canonicaliser.initVerify(mailMessage.getHeaders(), this.tryBoth));
        this.mailHeaders = canonicaliser.processHeaders(this.dkimSig);
        this.dkimSig.checkValidity();
        boolean isDKIM = this.dkimSig.isDKIM();
        this.mailBody = canonicaliser.processBody(mailMessage.getBody(), this.dkimSig.getLtag(), this.dkimSig.getBodyMethod());
        NSKey retrieveKey = this.keyStore.retrieveKey(this.dkimSig.getDnsRecord());
        if (isDKIM && !checkBodyHash()) {
            return false;
        }
        if (!processGranularity(this.dkimSig, retrieveKey)) {
            if (isDKIM) {
                throw new DkimException(DkimError.PERMFAIL, "Inapplicable key");
            }
            throw new DkimException(DkimError.NOKEY, "Inapplicable key");
        }
        byte[] decodeBuffer = new BASE64Decoder().decodeBuffer(this.dkimSig.getMessageSignature());
        try {
            this.sig = Signature.getInstance(this.dkimSig.getJavaAlg());
            this.sig.initVerify(retrieveKey.getKey());
            this.sig.update(this.mailHeaders.getBytes());
            if (!isDKIM) {
                this.sig.update("\r\n".getBytes());
                this.sig.update(this.mailBody.getBytes());
            }
            return this.sig.verify(decodeBuffer);
        } catch (InvalidKeyException e) {
            if (isDKIM) {
                throw new DkimException(DkimError.PERMFAIL, "The Key found was invalid", e);
            }
            throw new DkimException(DkimError.BADFORMAT, "The Key found was invalid", e);
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return false;
        } catch (SignatureException e3) {
            if (isDKIM) {
                throw new DkimException(DkimError.PERMFAIL, "Could not process the signature data", e3);
            }
            throw new DkimException(DkimError.BADFORMAT, "The Key found was invalid", e3);
        }
    }
}
