package org.subshare.core.user;

import co.codewizards.cloudstore.core.Uid;
import co.codewizards.cloudstore.core.auth.SignatureException;
import co.codewizards.cloudstore.core.io.ByteArrayInputStream;
import co.codewizards.cloudstore.core.io.ByteArrayOutputStream;
import co.codewizards.cloudstore.core.io.IOutputStream;
import co.codewizards.cloudstore.core.util.AssertUtil;
import co.codewizards.cloudstore.core.util.Util;
import java.io.IOException;
import java.io.InputStream;
import java.util.Date;
import java.util.Set;
import java.util.UUID;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.subshare.core.dto.SignatureDto;
import org.subshare.core.dto.UserRepoKeyDto;
import org.subshare.core.io.InputStreamSource;
import org.subshare.core.io.MultiInputStream;
import org.subshare.core.pgp.PgpDecoder;
import org.subshare.core.pgp.PgpEncoder;
import org.subshare.core.pgp.PgpKey;
import org.subshare.core.pgp.PgpRegistry;
import org.subshare.core.sign.Signature;
import org.subshare.core.user.UserRepoKey;
import org.subshare.crypto.CryptoRegistry;

/* loaded from: input_file:org/subshare/core/user/UserRepoKeyImpl.class */
public class UserRepoKeyImpl implements UserRepoKey {
    private final Uid userRepoKeyId;
    private final UUID serverRepositoryId;
    private AsymmetricCipherKeyPair keyPair;
    private final Date validTo;
    private final boolean invitation;
    private PublicKeyWithSignatureImpl publicKey;
    private final byte[] encryptedSignedPrivateKeyData;
    private final byte[] signedPublicKeyData;

    /* loaded from: input_file:org/subshare/core/user/UserRepoKeyImpl$PublicKeyImpl.class */
    public static class PublicKeyImpl implements UserRepoKey.PublicKey {
        private final Uid userRepoKeyId;
        private final UUID serverRepositoryId;
        private final AsymmetricKeyParameter publicKey;
        private final Date validTo;
        private final boolean invitation;

        public PublicKeyImpl(Uid uid, UUID uuid, AsymmetricKeyParameter asymmetricKeyParameter, Date date, boolean z) {
            this.userRepoKeyId = (Uid) AssertUtil.assertNotNull(uid, "userRepoKeyId");
            this.serverRepositoryId = (UUID) AssertUtil.assertNotNull(uuid, "serverRepositoryId");
            this.publicKey = (AsymmetricKeyParameter) AssertUtil.assertNotNull(asymmetricKeyParameter, "publicKey");
            this.validTo = date;
            this.invitation = z;
        }

        @Override // org.subshare.core.user.UserRepoKey.PublicKey
        public Uid getUserRepoKeyId() {
            return this.userRepoKeyId;
        }

        @Override // org.subshare.core.user.UserRepoKey.PublicKey
        public UUID getServerRepositoryId() {
            return this.serverRepositoryId;
        }

        @Override // org.subshare.core.user.UserRepoKey.PublicKey
        public AsymmetricKeyParameter getPublicKey() {
            return this.publicKey;
        }

        @Override // org.subshare.core.user.UserRepoKey.PublicKey
        public Date getValidTo() {
            return this.validTo;
        }

        @Override // org.subshare.core.user.UserRepoKey.PublicKey
        public boolean isInvitation() {
            return this.invitation;
        }

        public String toString() {
            return String.format("%s[userRepoKeyId=%s, invitation=%s, validTo=%s]", getClass().getSimpleName(), this.userRepoKeyId, Boolean.valueOf(this.invitation), this.validTo);
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (obj != null && obj.getClass() == getClass()) {
                return this.userRepoKeyId.equals(((PublicKeyImpl) obj).getUserRepoKeyId());
            }
            return false;
        }

        public int hashCode() {
            return this.userRepoKeyId.hashCode();
        }
    }

    /* loaded from: input_file:org/subshare/core/user/UserRepoKeyImpl$PublicKeyWithSignatureImpl.class */
    public static class PublicKeyWithSignatureImpl extends PublicKeyImpl implements UserRepoKey.PublicKeyWithSignature {
        private final byte[] signedPublicKeyData;
        private byte[] publicKeyData;
        private Signature signature;

        protected PublicKeyWithSignatureImpl(Uid uid, UUID uuid, AsymmetricKeyParameter asymmetricKeyParameter, byte[] bArr, Date date, boolean z) {
            super(uid, uuid, asymmetricKeyParameter, date, z);
            this.signedPublicKeyData = (byte[]) AssertUtil.assertNotNull(bArr, "signedPublicKeyData");
        }

        public PublicKeyWithSignatureImpl(Uid uid, UUID uuid, byte[] bArr, Date date, boolean z) {
            super(uid, uuid, UserRepoKeyImpl.verifyPublicKeyData(bArr), date, z);
            this.signedPublicKeyData = (byte[]) AssertUtil.assertNotNull(bArr, "signedPublicKeyData");
        }

        @Override // org.subshare.core.user.UserRepoKey.PublicKeyWithSignature
        public byte[] getSignedPublicKeyData() {
            return this.signedPublicKeyData;
        }

        @Override // org.subshare.core.user.UserRepoKey.PublicKeyWithSignature
        public byte[] getPublicKeyData() {
            if (this.publicKeyData == null) {
                this.publicKeyData = CryptoRegistry.getInstance().encodePublicKey(getPublicKey());
            }
            return this.publicKeyData;
        }

        @Override // org.subshare.core.sign.Signable
        public String getSignedDataType() {
            return UserRepoKeyDto.PUBLIC_KEY_SIGNED_DATA_TYPE;
        }

        @Override // org.subshare.core.sign.Signable
        public int getSignedDataVersion() {
            return 0;
        }

        @Override // org.subshare.core.sign.Signable
        public InputStream getSignedData(int i) {
            try {
                byte b = (byte) (0 + 1);
                return new MultiInputStream(InputStreamSource.Helper.createInputStreamSource(getUserRepoKeyId()), InputStreamSource.Helper.createInputStreamSource(b), InputStreamSource.Helper.createInputStreamSource(getServerRepositoryId()), InputStreamSource.Helper.createInputStreamSource((byte) (b + 1)), InputStreamSource.Helper.createInputStreamSource(getPublicKeyData()));
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }

        @Override // org.subshare.core.sign.Signable
        public Signature getSignature() {
            return this.signature;
        }

        @Override // org.subshare.core.sign.Signable
        public void setSignature(Signature signature) {
            if (Util.equal(this.signature, signature)) {
                return;
            }
            this.signature = SignatureDto.copyIfNeeded(signature);
        }
    }

    public UserRepoKeyImpl(UUID uuid, AsymmetricCipherKeyPair asymmetricCipherKeyPair, Set<PgpKey> set, PgpKey pgpKey, Date date) {
        this.userRepoKeyId = new Uid();
        this.serverRepositoryId = (UUID) AssertUtil.assertNotNull(uuid, "serverRepositoryId");
        this.keyPair = (AsymmetricCipherKeyPair) AssertUtil.assertNotNull(asymmetricCipherKeyPair, "keyPair");
        this.validTo = date;
        AssertUtil.assertNotNull(set, "pgpKeysForEncryption");
        AssertUtil.assertNotNull(pgpKey, "pgpKeyForSignature");
        this.encryptedSignedPrivateKeyData = encryptSignPrivateKeyData(set, pgpKey);
        this.signedPublicKeyData = signPublicKeyData(pgpKey);
        this.invitation = (set.size() == 1 && set.iterator().next() == pgpKey) ? false : true;
    }

    public UserRepoKeyImpl(Uid uid, UUID uuid, byte[] bArr, byte[] bArr2, Date date, boolean z) {
        this.userRepoKeyId = (Uid) AssertUtil.assertNotNull(uid, "userRepoKeyId");
        this.serverRepositoryId = (UUID) AssertUtil.assertNotNull(uuid, "serverRepositoryId");
        this.encryptedSignedPrivateKeyData = (byte[]) AssertUtil.assertNotNull(bArr, "encryptedSignedPrivateKeyData");
        this.signedPublicKeyData = (byte[]) AssertUtil.assertNotNull(bArr2, "signedPublicKeyData");
        this.validTo = date;
        this.invitation = z;
    }

    @Override // org.subshare.core.user.UserRepoKey
    public Uid getUserRepoKeyId() {
        return this.userRepoKeyId;
    }

    @Override // org.subshare.core.user.UserRepoKey
    public UUID getServerRepositoryId() {
        return this.serverRepositoryId;
    }

    @Override // org.subshare.core.user.UserRepoKey
    public AsymmetricCipherKeyPair getKeyPair() {
        if (this.keyPair == null) {
            this.keyPair = new AsymmetricCipherKeyPair(verifyPublicKeyData(), decryptVerifyPrivateKeyData());
        }
        return this.keyPair;
    }

    @Override // org.subshare.core.user.UserRepoKey
    public UserRepoKey.PublicKeyWithSignature getPublicKey() {
        if (this.publicKey == null) {
            this.publicKey = new PublicKeyWithSignatureImpl(getUserRepoKeyId(), getServerRepositoryId(), this.keyPair == null ? verifyPublicKeyData() : this.keyPair.getPublic(), getSignedPublicKeyData(), getValidTo(), isInvitation());
        }
        return this.publicKey;
    }

    @Override // org.subshare.core.user.UserRepoKey
    public boolean isInvitation() {
        return this.invitation;
    }

    @Override // org.subshare.core.user.UserRepoKey
    public Date getValidTo() {
        return this.validTo;
    }

    private byte[] encryptSignPrivateKeyData(Set<PgpKey> set, PgpKey pgpKey) {
        if (set.size() == 1 && PgpKey.TEST_DUMMY_PGP_KEY == set.iterator().next()) {
            return new byte[0];
        }
        AssertUtil.assertNotNull(set, "pgpKeysForEncryption");
        AssertUtil.assertNotNull(pgpKey, "pgpKeyForSignature");
        byte[] encodePrivateKey = CryptoRegistry.getInstance().encodePrivateKey(this.keyPair.getPrivate());
        IOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PgpEncoder createEncoder = PgpRegistry.getInstance().getPgpOrFail().createEncoder(new ByteArrayInputStream(encodePrivateKey), byteArrayOutputStream);
        createEncoder.getEncryptPgpKeys().addAll(set);
        createEncoder.setSignPgpKey(pgpKey);
        try {
            createEncoder.encode();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private AsymmetricKeyParameter decryptVerifyPrivateKeyData() {
        IOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PgpDecoder createDecoder = PgpRegistry.getInstance().getPgpOrFail().createDecoder(new ByteArrayInputStream(this.encryptedSignedPrivateKeyData), byteArrayOutputStream);
        try {
            createDecoder.decode();
            if (createDecoder.getPgpSignature() == null) {
                throw new SignatureException("Missing signature!");
            }
            return CryptoRegistry.getInstance().decodePrivateKey(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private byte[] signPublicKeyData(PgpKey pgpKey) {
        if (PgpKey.TEST_DUMMY_PGP_KEY == pgpKey) {
            return new byte[0];
        }
        AssertUtil.assertNotNull(pgpKey, "pgpKey");
        byte[] encodePublicKey = CryptoRegistry.getInstance().encodePublicKey(this.keyPair.getPublic());
        IOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PgpEncoder createEncoder = PgpRegistry.getInstance().getPgpOrFail().createEncoder(new ByteArrayInputStream(encodePublicKey), byteArrayOutputStream);
        createEncoder.setSignPgpKey(pgpKey);
        try {
            createEncoder.encode();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private AsymmetricKeyParameter verifyPublicKeyData() throws SignatureException {
        return verifyPublicKeyData(this.signedPublicKeyData);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static AsymmetricKeyParameter verifyPublicKeyData(byte[] bArr) throws SignatureException {
        AssertUtil.assertNotNull(bArr, "signedPublicKeyData");
        IOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PgpDecoder createDecoder = PgpRegistry.getInstance().getPgpOrFail().createDecoder(new ByteArrayInputStream(bArr), byteArrayOutputStream);
        try {
            createDecoder.decode();
            if (createDecoder.getPgpSignature() == null) {
                throw new SignatureException("Missing signature!");
            }
            return CryptoRegistry.getInstance().decodePublicKey(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.subshare.core.user.UserRepoKey
    public byte[] getEncryptedSignedPrivateKeyData() {
        return this.encryptedSignedPrivateKeyData;
    }

    @Override // org.subshare.core.user.UserRepoKey
    public byte[] getSignedPublicKeyData() {
        return this.signedPublicKeyData;
    }

    public String toString() {
        return String.format("%s[userRepoKeyId=%s, invitation=%s]", getClass().getSimpleName(), this.userRepoKeyId, Boolean.valueOf(this.invitation));
    }
}
