package com.helger.as2lib.crypto;

import com.helger.as2lib.exception.AS2Exception;
import com.helger.as2lib.util.AS2HttpHelper;
import com.helger.as2lib.util.AS2IOHelper;
import com.helger.as2lib.util.AS2ResourceHelper;
import com.helger.bc.PBCProvider;
import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.Nonempty;
import com.helger.commons.collection.CollectionHelper;
import com.helger.commons.collection.impl.CommonsArrayList;
import com.helger.commons.datetime.PDTFactory;
import com.helger.commons.equals.EqualsHelper;
import com.helger.commons.io.file.FileHelper;
import com.helger.commons.io.stream.NonBlockingByteArrayOutputStream;
import com.helger.commons.io.stream.NullOutputStream;
import com.helger.commons.lang.ClassHelper;
import com.helger.commons.lang.priviledged.AccessControllerHelper;
import com.helger.commons.string.StringHelper;
import com.helger.commons.system.SystemProperties;
import com.helger.mail.cte.EContentTransferEncoding;
import com.helger.security.keystore.IKeyStoreType;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.DigestOutputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.function.Consumer;
import javax.activation.CommandMap;
import javax.activation.MailcapCommandMap;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.WillNotClose;
import javax.mail.MessagingException;
import javax.mail.internet.ContentType;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMultipart;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import org.bouncycastle.mail.smime.SMIMEEnvelopedParser;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESignedGenerator;
import org.bouncycastle.mail.smime.SMIMESignedParser;
import org.bouncycastle.mail.smime.SMIMEUtil;
import org.bouncycastle.mail.smime.handlers.multipart_signed;
import org.bouncycastle.mail.smime.handlers.pkcs7_mime;
import org.bouncycastle.mail.smime.handlers.pkcs7_signature;
import org.bouncycastle.mail.smime.handlers.x_pkcs7_mime;
import org.bouncycastle.mail.smime.handlers.x_pkcs7_signature;
import org.bouncycastle.mail.smime.util.FileBackedMimeBodyPart;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/helger/as2lib/crypto/BCCryptoHelper.class */
public final class BCCryptoHelper implements ICryptoHelper {
    private static final File DUMP_DECRYPTED_DIR_PATH;
    private static final String DEFAULT_SECURITY_PROVIDER_NAME;
    private String m_sSecurityProviderName = DEFAULT_SECURITY_PROVIDER_NAME;
    private static final Logger LOGGER = LoggerFactory.getLogger(BCCryptoHelper.class);
    private static final byte[] EOL_BYTES = AS2IOHelper.getAllAsciiBytes("\r\n");

    public BCCryptoHelper() {
        MailcapCommandMap defaultCommandMap = CommandMap.getDefaultCommandMap();
        defaultCommandMap.addMailcap("application/pkcs7-signature;; x-java-content-handler=" + pkcs7_signature.class.getName());
        defaultCommandMap.addMailcap("application/pkcs7-mime;; x-java-content-handler=" + pkcs7_mime.class.getName());
        defaultCommandMap.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=" + x_pkcs7_signature.class.getName());
        defaultCommandMap.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=" + x_pkcs7_mime.class.getName());
        defaultCommandMap.addMailcap("multipart/signed;; x-java-content-handler=" + multipart_signed.class.getName());
        AccessControllerHelper.run(() -> {
            CommandMap.setDefaultCommandMap(defaultCommandMap);
            return null;
        });
    }

    @Nonnull
    @Nonempty
    public String getSecurityProviderName() {
        return this.m_sSecurityProviderName;
    }

    @Nonnull
    public BCCryptoHelper setSecurityProviderName(@Nonnull @Nonempty String str) {
        ValueEnforcer.notEmpty(str, "SecurityProviderName");
        this.m_sSecurityProviderName = str;
        return this;
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public KeyStore createNewKeyStore(@Nonnull IKeyStoreType iKeyStoreType) throws GeneralSecurityException {
        try {
            return iKeyStoreType.getKeyStore(this.m_sSecurityProviderName);
        } catch (Exception e) {
            return iKeyStoreType.getKeyStore();
        }
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public KeyStore loadKeyStore(@Nonnull IKeyStoreType iKeyStoreType, @WillNotClose @Nullable InputStream inputStream, @Nonnull char[] cArr) throws Exception {
        KeyStore createNewKeyStore = createNewKeyStore(iKeyStoreType);
        if (inputStream != null) {
            createNewKeyStore.load(inputStream, cArr);
        }
        return createNewKeyStore;
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    public boolean isEncrypted(@Nonnull MimeBodyPart mimeBodyPart) throws MessagingException {
        String parameter;
        ValueEnforcer.notNull(mimeBodyPart, "Part");
        ContentType parseContentType = AS2HttpHelper.parseContentType(mimeBodyPart.getContentType());
        return parseContentType != null && parseContentType.getBaseType().toLowerCase(Locale.US).equals("application/pkcs7-mime") && (parameter = parseContentType.getParameter("smime-type")) != null && parameter.equalsIgnoreCase("enveloped-data");
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    public boolean isSigned(@Nonnull MimeBodyPart mimeBodyPart) throws MessagingException {
        ValueEnforcer.notNull(mimeBodyPart, "Part");
        ContentType parseContentType = AS2HttpHelper.parseContentType(mimeBodyPart.getContentType());
        if (parseContentType == null) {
            return false;
        }
        return parseContentType.getBaseType().equalsIgnoreCase("multipart/signed");
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    public boolean isCompressed(@Nonnull String str) throws AS2Exception {
        String parameter;
        ValueEnforcer.notNull(str, "ContentType");
        ContentType parseContentType = AS2HttpHelper.parseContentType(str);
        return (parseContentType == null || (parameter = parseContentType.getParameter("smime-type")) == null || !parameter.equalsIgnoreCase("compressed-data")) ? false : true;
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public MIC calculateMIC(@Nonnull MimeBodyPart mimeBodyPart, @Nonnull ECryptoAlgorithmSign eCryptoAlgorithmSign, boolean z) throws GeneralSecurityException, MessagingException, IOException {
        ValueEnforcer.notNull(mimeBodyPart, "MimeBodyPart");
        ValueEnforcer.notNull(eCryptoAlgorithmSign, "DigestAlgorithm");
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("BCCryptoHelper.calculateMIC (" + eCryptoAlgorithmSign + " [" + eCryptoAlgorithmSign.getOID().getId() + "], " + z + ")");
        }
        MessageDigest messageDigest = MessageDigest.getInstance(eCryptoAlgorithmSign.getOID().getId(), this.m_sSecurityProviderName);
        if (z) {
            Enumeration allHeaderLines = mimeBodyPart.getAllHeaderLines();
            while (allHeaderLines.hasMoreElements()) {
                String str = (String) allHeaderLines.nextElement();
                messageDigest.update(AS2IOHelper.getAllAsciiBytes(str));
                messageDigest.update(EOL_BYTES);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Using header line '" + str + "' for MIC calculation");
                }
            }
            messageDigest.update(EOL_BYTES);
        }
        String encoding = mimeBodyPart.getEncoding();
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Using encoding '" + encoding + "' for MIC calculation");
        }
        DigestOutputStream digestOutputStream = new DigestOutputStream(new NullOutputStream(), messageDigest);
        Throwable th = null;
        try {
            OutputStream contentTransferEncodingAwareOutputStream = AS2IOHelper.getContentTransferEncodingAwareOutputStream(digestOutputStream, encoding);
            Throwable th2 = null;
            try {
                try {
                    mimeBodyPart.getDataHandler().writeTo(contentTransferEncodingAwareOutputStream);
                    if (contentTransferEncodingAwareOutputStream != null) {
                        if (0 != 0) {
                            try {
                                contentTransferEncodingAwareOutputStream.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            contentTransferEncodingAwareOutputStream.close();
                        }
                    }
                    MIC mic = new MIC(messageDigest.digest(), eCryptoAlgorithmSign);
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("  Calculated MIC = " + mic.getAsAS2String());
                    }
                    return mic;
                } finally {
                }
            } catch (Throwable th4) {
                if (contentTransferEncodingAwareOutputStream != null) {
                    if (th2 != null) {
                        try {
                            contentTransferEncodingAwareOutputStream.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        contentTransferEncodingAwareOutputStream.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (digestOutputStream != null) {
                if (0 != 0) {
                    try {
                        digestOutputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    digestOutputStream.close();
                }
            }
        }
    }

    private static void _dumpDecrypted(@Nonnull byte[] bArr) {
        File file;
        int i = 0;
        do {
            file = new File(DUMP_DECRYPTED_DIR_PATH, "as2-decrypted-" + Long.toString(PDTFactory.getCurrentMillis()) + "-" + i + ".part");
            i++;
        } while (file.exists());
        LOGGER.info("Dumping decrypted MIME part to file " + file.getAbsolutePath());
        try {
            FileOutputStream outputStream = FileHelper.getOutputStream(file);
            Throwable th = null;
            try {
                try {
                    outputStream.write(bArr);
                    if (outputStream != null) {
                        if (0 != 0) {
                            try {
                                outputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            outputStream.close();
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (IOException e) {
            if (LOGGER.isErrorEnabled()) {
                LOGGER.error("Failed to dump decrypted MIME part to file " + file.getAbsolutePath(), e);
            }
        }
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public MimeBodyPart decrypt(@Nonnull MimeBodyPart mimeBodyPart, @Nonnull X509Certificate x509Certificate, @Nonnull PrivateKey privateKey, boolean z, @Nonnull AS2ResourceHelper aS2ResourceHelper) throws GeneralSecurityException, MessagingException, CMSException, SMIMEException, IOException {
        ValueEnforcer.notNull(mimeBodyPart, "MimeBodyPart");
        ValueEnforcer.notNull(x509Certificate, "X509Cert");
        ValueEnforcer.notNull(privateKey, "PrivateKey");
        ValueEnforcer.notNull(aS2ResourceHelper, "ResHelper");
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("BCCryptoHelper.decrypt; X509 subject=" + x509Certificate.getSubjectX500Principal().getName() + "; forceDecrypt=" + z);
        }
        if (!z && !isEncrypted(mimeBodyPart)) {
            throw new GeneralSecurityException("Content-Type '" + mimeBodyPart.getContentType() + "' indicates data isn't encrypted");
        }
        RecipientInformation recipientInformation = null;
        try {
            recipientInformation = new SMIMEEnvelopedParser(mimeBodyPart).getRecipientInfos().get(new JceKeyTransRecipientId(x509Certificate));
        } catch (Exception e) {
            LOGGER.error("Error retrieving RecipientInformation", e);
        }
        if (recipientInformation == null) {
            throw new GeneralSecurityException("Certificate does not match part signature");
        }
        FileBackedMimeBodyPart mimeBodyPart2 = SMIMEUtil.toMimeBodyPart(recipientInformation.getContentStream(new JceKeyTransEnvelopedRecipient(privateKey).setProvider(this.m_sSecurityProviderName)), aS2ResourceHelper.createTempFile());
        if (DUMP_DECRYPTED_DIR_PATH != null) {
            NonBlockingByteArrayOutputStream nonBlockingByteArrayOutputStream = new NonBlockingByteArrayOutputStream(mimeBodyPart2.getSize());
            Throwable th = null;
            try {
                try {
                    mimeBodyPart2.writeTo(nonBlockingByteArrayOutputStream);
                    _dumpDecrypted(nonBlockingByteArrayOutputStream.toByteArray());
                    if (nonBlockingByteArrayOutputStream != null) {
                        if (0 != 0) {
                            try {
                                nonBlockingByteArrayOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            nonBlockingByteArrayOutputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (nonBlockingByteArrayOutputStream != null) {
                    if (th != null) {
                        try {
                            nonBlockingByteArrayOutputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        nonBlockingByteArrayOutputStream.close();
                    }
                }
                throw th3;
            }
        }
        return mimeBodyPart2;
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public MimeBodyPart encrypt(@Nonnull MimeBodyPart mimeBodyPart, @Nonnull X509Certificate x509Certificate, @Nonnull ECryptoAlgorithmCrypt eCryptoAlgorithmCrypt, @Nonnull EContentTransferEncoding eContentTransferEncoding) throws GeneralSecurityException, SMIMEException, CMSException {
        ValueEnforcer.notNull(mimeBodyPart, "MimeBodyPart");
        ValueEnforcer.notNull(x509Certificate, "X509Cert");
        ValueEnforcer.notNull(eCryptoAlgorithmCrypt, "Algorithm");
        ValueEnforcer.notNull(eContentTransferEncoding, "ContentTransferEncoding");
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("BCCryptoHelper.encrypt; X509 subject=" + x509Certificate.getSubjectX500Principal().getName() + "; algorithm=" + eCryptoAlgorithmCrypt + "; CTE=" + eContentTransferEncoding);
        }
        x509Certificate.checkValidity();
        ASN1ObjectIdentifier oid = eCryptoAlgorithmCrypt.getOID();
        SMIMEEnvelopedGenerator sMIMEEnvelopedGenerator = new SMIMEEnvelopedGenerator();
        sMIMEEnvelopedGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(x509Certificate).setProvider(this.m_sSecurityProviderName));
        sMIMEEnvelopedGenerator.setContentTransferEncoding(eContentTransferEncoding.getID());
        return sMIMEEnvelopedGenerator.generate(mimeBodyPart, new JceCMSContentEncryptorBuilder(oid).setProvider(this.m_sSecurityProviderName).build());
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public MimeBodyPart sign(@Nonnull MimeBodyPart mimeBodyPart, @Nonnull X509Certificate x509Certificate, @Nonnull PrivateKey privateKey, @Nonnull ECryptoAlgorithmSign eCryptoAlgorithmSign, boolean z, boolean z2, boolean z3, @Nonnull EContentTransferEncoding eContentTransferEncoding) throws GeneralSecurityException, SMIMEException, MessagingException, OperatorCreationException {
        ValueEnforcer.notNull(mimeBodyPart, "MimeBodyPart");
        ValueEnforcer.notNull(x509Certificate, "X509Cert");
        ValueEnforcer.notNull(privateKey, "PrivateKey");
        ValueEnforcer.notNull(eCryptoAlgorithmSign, "Algorithm");
        ValueEnforcer.notNull(eContentTransferEncoding, "ContentTransferEncoding");
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("BCCryptoHelper.sign; X509 subject=" + x509Certificate.getSubjectX500Principal().getName() + "; algorithm=" + eCryptoAlgorithmSign + "; includeCertificateInSignedContent=" + z + "; CTE=" + eContentTransferEncoding);
        }
        x509Certificate.checkValidity();
        JcaCertStore jcaCertStore = new JcaCertStore(new CommonsArrayList(x509Certificate));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        SMIMECapabilityVector sMIMECapabilityVector = new SMIMECapabilityVector();
        sMIMECapabilityVector.addCapability(eCryptoAlgorithmSign.getOID());
        aSN1EncodableVector.add(new SMIMECapabilitiesAttribute(sMIMECapabilityVector));
        SMIMESignedGenerator sMIMESignedGenerator = new SMIMESignedGenerator(z2 ? SMIMESignedGenerator.RFC3851_MICALGS : SMIMESignedGenerator.RFC5751_MICALGS);
        sMIMESignedGenerator.setContentTransferEncoding(eContentTransferEncoding.getID());
        SignerInfoGenerator build = new JcaSimpleSignerInfoGeneratorBuilder().setProvider(this.m_sSecurityProviderName).setSignedAttributeGenerator(new AttributeTable(aSN1EncodableVector)).build(eCryptoAlgorithmSign.getSignAlgorithmName(), privateKey, x509Certificate);
        if (z3) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Removing CMS AlgorithmProtect attribute, if it is present");
            }
            final CMSAttributeTableGenerator signedAttributeTableGenerator = build.getSignedAttributeTableGenerator();
            build = new SignerInfoGenerator(build, new DefaultSignedAttributeTableGenerator() { // from class: com.helger.as2lib.crypto.BCCryptoHelper.1
                public AttributeTable getAttributes(Map map) {
                    return signedAttributeTableGenerator.getAttributes(map).remove(CMSAttributes.cmsAlgorithmProtect);
                }
            }, build.getUnsignedAttributeTableGenerator());
        }
        sMIMESignedGenerator.addSignerInfoGenerator(build);
        if (z) {
            sMIMESignedGenerator.addCertificates(jcaCertStore);
        }
        MimeMultipart generate = sMIMESignedGenerator.generate(mimeBodyPart);
        MimeBodyPart mimeBodyPart2 = new MimeBodyPart();
        mimeBodyPart2.setContent(generate);
        mimeBodyPart2.setHeader("Content-Type", generate.getContentType());
        return mimeBodyPart2;
    }

    @Nonnull
    private X509Certificate _verifyFindCertificate(@Nullable X509Certificate x509Certificate, boolean z, @Nonnull SMIMESignedParser sMIMESignedParser) throws CMSException, GeneralSecurityException {
        X509Certificate x509Certificate2 = x509Certificate;
        if (z) {
            SignerId signerId = null;
            Iterator it = sMIMESignedParser.getSignerInfos().getSigners().iterator();
            if (it.hasNext()) {
                signerId = ((SignerInformation) it.next()).getSID();
            }
            Collection matches = sMIMESignedParser.getCertificates().getMatches(signerId);
            if (!matches.isEmpty()) {
                if (matches.size() > 1 && LOGGER.isWarnEnabled()) {
                    LOGGER.warn("Signed part contains " + matches.size() + " certificates - using the first one!");
                }
                X509Certificate certificate = new JcaX509CertificateConverter().setProvider(this.m_sSecurityProviderName).getCertificate((X509CertificateHolder) CollectionHelper.getFirstElement(matches));
                if (x509Certificate != null && !x509Certificate.equals(certificate) && LOGGER.isWarnEnabled()) {
                    LOGGER.warn("Certificate mismatch! Provided certificate\n" + x509Certificate + " differs from certficate contained in message\n" + certificate);
                }
                x509Certificate2 = certificate;
            }
        }
        if (x509Certificate2 == null) {
            throw new GeneralSecurityException("No certificate provided" + (z ? " and none found in the message" : "") + "!");
        }
        return x509Certificate2;
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public MimeBodyPart verify(@Nonnull MimeBodyPart mimeBodyPart, @Nullable X509Certificate x509Certificate, boolean z, boolean z2, @Nullable Consumer<X509Certificate> consumer, @Nonnull AS2ResourceHelper aS2ResourceHelper) throws GeneralSecurityException, IOException, MessagingException, CMSException, OperatorCreationException {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("BCCryptoHelper.verify; X509 subject=" + (x509Certificate == null ? "null" : x509Certificate.getSubjectX500Principal().getName()) + "; useCertificateInBodyPart=" + z + "; forceVerify=" + z2);
        }
        if (!z2 && !isSigned(mimeBodyPart)) {
            throw new GeneralSecurityException("Content-Type indicates data isn't signed: " + mimeBodyPart.getContentType());
        }
        Object content = mimeBodyPart.getContent();
        if (!(content instanceof MimeMultipart)) {
            throw new IllegalStateException("Expected Part content to be MimeMultipart but it isn't. It is " + ClassHelper.getClassName(content));
        }
        SMIMESignedParser sMIMESignedParser = new SMIMESignedParser(new JcaDigestCalculatorProviderBuilder().setProvider(this.m_sSecurityProviderName).build(), (MimeMultipart) content, EContentTransferEncoding.AS2_DEFAULT.getID(), aS2ResourceHelper.createTempFile());
        X509Certificate _verifyFindCertificate = _verifyFindCertificate(x509Certificate, z, sMIMESignedParser);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug(EqualsHelper.identityEqual(_verifyFindCertificate, x509Certificate) ? "Verifying signature using the provided certificate (partnership)" : "Verifying signature using the certificate contained in the MIME body part");
        }
        if (consumer != null) {
            consumer.accept(_verifyFindCertificate);
        }
        _verifyFindCertificate.checkValidity();
        SignerInformationVerifier build = new JcaSimpleSignerInfoVerifierBuilder().setProvider(this.m_sSecurityProviderName).build(_verifyFindCertificate.getPublicKey());
        Iterator it = sMIMESignedParser.getSignerInfos().getSigners().iterator();
        while (it.hasNext()) {
            if (!((SignerInformation) it.next()).verify(build)) {
                throw new SignatureException("Verification failed");
            }
        }
        return sMIMESignedParser.getContent();
    }

    static {
        String str;
        try {
            Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
            str = PBCProvider.getProvider().getName();
        } catch (Exception e) {
            try {
                Class<?> cls = Class.forName("org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider");
                str = "BCFIPS";
                if (Security.getProvider(str) == null) {
                    Security.addProvider((Provider) cls.getConstructor(new Class[0]).newInstance(new Object[0]));
                }
            } catch (Exception e2) {
                throw new IllegalStateException("Neither regular BouncyCastle nor BouncyCastle FIPS are in the classpath", e2);
            }
        }
        DEFAULT_SECURITY_PROVIDER_NAME = str;
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Using security provider '" + DEFAULT_SECURITY_PROVIDER_NAME + "'.");
        }
        String propertyValueOrNull = SystemProperties.getPropertyValueOrNull("AS2.dumpDecryptedDirectory");
        if (!StringHelper.hasText(propertyValueOrNull)) {
            DUMP_DECRYPTED_DIR_PATH = null;
            return;
        }
        DUMP_DECRYPTED_DIR_PATH = new File(propertyValueOrNull);
        AS2IOHelper.getFileOperationManager().createDirIfNotExisting(DUMP_DECRYPTED_DIR_PATH);
        if (LOGGER.isInfoEnabled()) {
            LOGGER.info("Using directory " + DUMP_DECRYPTED_DIR_PATH.getAbsolutePath() + " to dump all decrypted AS2 body parts to.");
        }
    }
}
