package badpenguin.dkim;

import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:badpenguin/dkim/Verifier.class */
public class Verifier {
    private String sigPref = null;
    private boolean leniency = false;
    private NSKeyStore keyStore = null;
    private boolean tryBoth = false;

    public Verifier(NSKeyStore nSKeyStore, String str, boolean z) {
        _Verifier(nSKeyStore, str, this.tryBoth);
    }

    public Verifier(NSKeyStore nSKeyStore, String str) {
        _Verifier(nSKeyStore, str, true);
    }

    public Verifier(NSKeyStore nSKeyStore) {
        _Verifier(nSKeyStore, "DKIM", true);
    }

    private void _Verifier(NSKeyStore nSKeyStore, String str, boolean z) {
        this.tryBoth = z;
        this.sigPref = str;
        this.keyStore = nSKeyStore;
        this.leniency = false;
    }

    public void setleniency(boolean z) {
        this.leniency = z;
    }

    public void tryBoth(boolean z) {
        this.tryBoth = z;
    }

    private boolean checkBodyHash(DkimSignature dkimSignature, String str) {
        MessageDigest messageDigest = null;
        try {
            messageDigest = dkimSignature.getJavaAlg().equals("SHA256withRSA") ? MessageDigest.getInstance("SHA-256") : MessageDigest.getInstance("SHA-1");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        messageDigest.update(str.getBytes());
        return new BASE64Encoder().encode(messageDigest.digest()).equals(dkimSignature.getBodyHash());
    }

    private boolean checkGranularity(DkimSignature dkimSignature, NSKey nSKey) {
        int indexOf;
        String granularity = nSKey.getGranularity();
        if (granularity.equals("*")) {
            return true;
        }
        if (this.leniency && granularity.isEmpty()) {
            return true;
        }
        String itag = dkimSignature.getItag();
        if (itag.equals("��") || (indexOf = itag.indexOf("@")) <= 0) {
            return true;
        }
        return itag.substring(0, indexOf).matches(granularity.replaceAll("\\*", ".*"));
    }

    private boolean checkSubdomains(DkimSignature dkimSignature, NSKey nSKey) {
        if (!nSKey.noSubdomains()) {
            return true;
        }
        String itag = dkimSignature.getItag();
        return itag.equals("��") || itag.substring(itag.indexOf(64) + 1).equals(dkimSignature.getDtag());
    }

    private boolean checkHashAlgorithm(DkimSignature dkimSignature, NSKey nSKey) {
        String atag = dkimSignature.getAtag();
        for (String str : nSKey.getHashAlgorithm().split(":")) {
            if (atag.endsWith(str)) {
                return true;
            }
        }
        return false;
    }

    public boolean verifyMail(InputStream inputStream) throws IOException, DkimException {
        Canonicaliser canonicaliser = new Canonicaliser(this.sigPref);
        MailMessage mailMessage = new MailMessage();
        mailMessage.processMail(inputStream);
        DkimSignature dkimSignature = new DkimSignature(canonicaliser.initVerify(mailMessage.getHeaders(), this.tryBoth), this.leniency);
        String processHeaders = canonicaliser.processHeaders(dkimSignature);
        dkimSignature.checkValidity();
        boolean isDKIM = dkimSignature.isDKIM();
        String processBody = canonicaliser.processBody(mailMessage.getBody(), dkimSignature.getLtag(), dkimSignature.getBodyMethod());
        NSKey retrieveKey = this.keyStore.retrieveKey(dkimSignature.getDnsRecord());
        if (!checkGranularity(dkimSignature, retrieveKey)) {
            if (isDKIM) {
                throw new DkimException(DkimError.PERMFAIL, "Inapplicable key");
            }
            throw new DkimException(DkimError.NOKEY, "Inapplicable key");
        }
        if (!checkSubdomains(dkimSignature, retrieveKey)) {
            throw new DkimException(DkimError.PERMFAIL, "Inapplicable key. Subdomains not allowed");
        }
        if (!checkHashAlgorithm(dkimSignature, retrieveKey)) {
            throw new DkimException(DkimError.PERMFAIL, "Inapplicable hash algorithm specified in public key record");
        }
        if (isDKIM && !checkBodyHash(dkimSignature, processBody)) {
            return false;
        }
        byte[] decodeBuffer = new BASE64Decoder().decodeBuffer(dkimSignature.getBtag());
        try {
            Signature signature = Signature.getInstance(dkimSignature.getJavaAlg());
            signature.initVerify(retrieveKey.getKey());
            signature.update(processHeaders.getBytes());
            if (!isDKIM) {
                signature.update("\r\n".getBytes());
                signature.update(processBody.getBytes());
            }
            if (signature.verify(decodeBuffer)) {
                return true;
            }
            System.err.println("Signature verification failed");
            return false;
        } catch (InvalidKeyException e) {
            if (isDKIM) {
                throw new DkimException(DkimError.PERMFAIL, "The Key found was invalid", e);
            }
            throw new DkimException(DkimError.BADFORMAT, "The Key found was invalid", e);
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return false;
        } catch (SignatureException e3) {
            if (isDKIM) {
                throw new DkimException(DkimError.PERMFAIL, "Could not process the signature data", e3);
            }
            throw new DkimException(DkimError.BADFORMAT, "The Key found was invalid", e3);
        }
    }
}
