package org.subshare.core.pgp.gnupg;

import co.codewizards.cloudstore.core.auth.SignatureException;
import co.codewizards.cloudstore.core.io.ByteArrayInputStream;
import co.codewizards.cloudstore.core.io.ByteArrayOutputStream;
import co.codewizards.cloudstore.core.io.StreamUtil;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignature;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider;
import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;
import org.bouncycastle.util.io.Streams;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.subshare.core.observable.ModificationEventType;
import org.subshare.core.pgp.AbstractPgpDecoder;
import org.subshare.core.pgp.MissingSigningPgpKeyException;
import org.subshare.core.pgp.PgpKey;
import org.subshare.core.pgp.PgpKeyId;

/* loaded from: input_file:org/subshare/core/pgp/gnupg/BcPgpDecoder.class */
public class BcPgpDecoder extends AbstractPgpDecoder {
    private static final Logger logger = LoggerFactory.getLogger(BcPgpDecoder.class);
    private final BcWithLocalGnuPgPgp pgp;

    public BcPgpDecoder(BcWithLocalGnuPgPgp bcWithLocalGnuPgPgp) {
        this.pgp = (BcWithLocalGnuPgPgp) Objects.requireNonNull(bcWithLocalGnuPgPgp, "pgp");
    }

    @Override // org.subshare.core.pgp.PgpDecoder
    public void decode() throws SignatureException, IOException {
        setDecryptPgpKey(null);
        setSignPgpKey(null);
        setPgpSignature(null);
        setSignPgpKeyIds(null);
        InputStream castStream = StreamUtil.castStream(getInputStreamOrFail());
        InputStream castStream2 = StreamUtil.castStream(getSignInputStream());
        if (castStream2 == null) {
            castStream = PGPUtil.getDecoderStream(castStream);
        }
        if (castStream2 != null) {
            decodePlainWithDetachedSignature(castStream, PGPUtil.getDecoderStream(castStream2));
            return;
        }
        PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(castStream, new BcKeyFingerprintCalculator());
        PGPEncryptedDataList pGPEncryptedDataList = null;
        PGPCompressedData pGPCompressedData = null;
        Object nextObject = pGPObjectFactory.nextObject();
        if (nextObject instanceof PGPEncryptedDataList) {
            pGPEncryptedDataList = (PGPEncryptedDataList) nextObject;
        } else if (nextObject instanceof PGPCompressedData) {
            pGPEncryptedDataList = null;
            pGPCompressedData = (PGPCompressedData) nextObject;
        } else {
            Object nextObject2 = pGPObjectFactory.nextObject();
            if (nextObject2 instanceof PGPEncryptedDataList) {
                pGPEncryptedDataList = (PGPEncryptedDataList) nextObject2;
            } else if (nextObject2 instanceof PGPCompressedData) {
                pGPEncryptedDataList = null;
                pGPCompressedData = (PGPCompressedData) nextObject2;
            }
        }
        if (pGPEncryptedDataList != null) {
            decodeEncrypted(pGPEncryptedDataList);
        } else {
            if (pGPCompressedData == null) {
                throw new IllegalStateException("WTF?!");
            }
            decodeCompressed(pGPCompressedData);
        }
    }

    private void decodePlainWithDetachedSignature(InputStream inputStream, InputStream inputStream2) throws SignatureException, IOException {
        Objects.requireNonNull(inputStream, "in");
        Objects.requireNonNull(inputStream2, "signIn");
        PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(inputStream2, new BcKeyFingerprintCalculator());
        PGPOnePassSignatureList pGPOnePassSignatureList = null;
        PGPSignatureList pGPSignatureList = null;
        try {
            for (Object nextObject = pGPObjectFactory.nextObject(); nextObject != null; nextObject = pGPObjectFactory.nextObject()) {
                if (nextObject instanceof PGPOnePassSignatureList) {
                    pGPOnePassSignatureList = (PGPOnePassSignatureList) nextObject;
                } else {
                    if (!(nextObject instanceof PGPSignatureList)) {
                        throw new PGPException("message unknown message type.");
                    }
                    pGPSignatureList = (PGPSignatureList) nextObject;
                }
            }
            if (pGPOnePassSignatureList == null || pGPSignatureList == null) {
                throw new PGPException("Poor PGP. Signatures not found.");
            }
            verifySignature(pGPOnePassSignatureList, pGPSignatureList, inputStream, StreamUtil.castStream(getOutputStreamOrFail()));
        } catch (PGPException e) {
            throw new IOException((Throwable) e);
        }
    }

    private void decodeCompressed(PGPCompressedData pGPCompressedData) throws SignatureException, IOException {
        try {
            PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(pGPCompressedData.getDataStream(), new BcKeyFingerprintCalculator());
            PGPOnePassSignatureList pGPOnePassSignatureList = null;
            PGPSignatureList pGPSignatureList = null;
            Object nextObject = pGPObjectFactory.nextObject();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (nextObject != null) {
                if (nextObject instanceof PGPCompressedData) {
                    pGPObjectFactory = new PGPObjectFactory(((PGPCompressedData) nextObject).getDataStream(), new BcKeyFingerprintCalculator());
                    nextObject = pGPObjectFactory.nextObject();
                }
                if (nextObject instanceof PGPLiteralData) {
                    Streams.pipeAll(((PGPLiteralData) nextObject).getInputStream(), byteArrayOutputStream);
                } else if (nextObject instanceof PGPOnePassSignatureList) {
                    pGPOnePassSignatureList = (PGPOnePassSignatureList) nextObject;
                } else {
                    if (!(nextObject instanceof PGPSignatureList)) {
                        throw new PGPException("message unknown message type.");
                    }
                    pGPSignatureList = (PGPSignatureList) nextObject;
                }
                nextObject = pGPObjectFactory.nextObject();
            }
            byteArrayOutputStream.close();
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (pGPOnePassSignatureList == null || pGPSignatureList == null) {
                throw new PGPException("Poor PGP. Signatures not found.");
            }
            verifySignature(pGPOnePassSignatureList, pGPSignatureList, new ByteArrayInputStream(byteArray), StreamUtil.castStream(getOutputStreamOrFail()));
        } catch (PGPException e) {
            throw new IOException((Throwable) e);
        }
    }

    private void decodeEncrypted(PGPEncryptedDataList pGPEncryptedDataList) throws SignatureException, IOException {
        char[] cArr;
        try {
            Iterator encryptedDataObjects = pGPEncryptedDataList.getEncryptedDataObjects();
            PgpKey pgpKey = null;
            PGPPrivateKey pGPPrivateKey = null;
            PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData = null;
            ArrayList arrayList = new ArrayList();
            while (pGPPrivateKey == null && encryptedDataObjects.hasNext()) {
                pGPPublicKeyEncryptedData = (PGPPublicKeyEncryptedData) encryptedDataObjects.next();
                PgpKeyId pgpKeyId = new PgpKeyId(pGPPublicKeyEncryptedData.getKeyID());
                arrayList.add(pgpKeyId);
                BcPgpKey bcPgpKey = this.pgp.getBcPgpKey(pgpKeyId);
                if (bcPgpKey != null) {
                    PGPSecretKey secretKey = bcPgpKey.getSecretKey();
                    if (secretKey != null && !secretKey.isPrivateKeyEmpty()) {
                        if (secretKey.getKeyEncryptionAlgorithm() != 0) {
                            cArr = getPgpAuthenticationCallbackOrFail().getPassphrase(bcPgpKey.getPgpKey());
                            if (cArr == null) {
                                secretKey = null;
                            }
                        } else {
                            cArr = null;
                        }
                        if (secretKey != null) {
                            pGPPrivateKey = secretKey.extractPrivateKey(new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(cArr));
                            pgpKey = (PgpKey) Objects.requireNonNull(bcPgpKey.getPgpKey(), "bcPgpKey.pgpKey");
                        }
                    }
                }
            }
            logger.debug("decodeEncrypted: encryptingPgpKeyIds={}", arrayList);
            if (pGPPrivateKey == null) {
                if (!arrayList.isEmpty()) {
                    throw new IllegalArgumentException(String.format("Data is encrypted for the PGP keys %s, which we do not have a private key for!", arrayList));
                }
                throw new IllegalArgumentException("message not found.");
            }
            setDecryptPgpKey(pgpKey);
            PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(pGPPublicKeyEncryptedData.getDataStream(new BcPublicKeyDataDecryptorFactory(pGPPrivateKey)), new BcKeyFingerprintCalculator());
            PGPOnePassSignatureList pGPOnePassSignatureList = null;
            PGPSignatureList pGPSignatureList = null;
            Object nextObject = pGPObjectFactory.nextObject();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (nextObject != null) {
                if (nextObject instanceof PGPCompressedData) {
                    pGPObjectFactory = new PGPObjectFactory(((PGPCompressedData) nextObject).getDataStream(), new BcKeyFingerprintCalculator());
                    nextObject = pGPObjectFactory.nextObject();
                }
                if (nextObject instanceof PGPLiteralData) {
                    Streams.pipeAll(((PGPLiteralData) nextObject).getInputStream(), byteArrayOutputStream);
                } else if (nextObject instanceof PGPOnePassSignatureList) {
                    pGPOnePassSignatureList = (PGPOnePassSignatureList) nextObject;
                } else {
                    if (!(nextObject instanceof PGPSignatureList)) {
                        throw new PGPException("message unknown message type.");
                    }
                    pGPSignatureList = (PGPSignatureList) nextObject;
                }
                nextObject = pGPObjectFactory.nextObject();
            }
            byteArrayOutputStream.close();
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (pGPOnePassSignatureList != null && pGPSignatureList != null) {
                verifySignature(pGPOnePassSignatureList, pGPSignatureList, new ByteArrayInputStream(byteArray), StreamUtil.castStream(getOutputStreamOrFail()));
            }
            if (getPgpSignature() == null) {
                getOutputStreamOrFail().write(byteArray);
            }
            if (pGPPublicKeyEncryptedData.isIntegrityProtected() && !pGPPublicKeyEncryptedData.verify()) {
                throw new PGPException("Data is integrity protected but integrity is lost.");
            }
        } catch (PGPException e) {
            throw new IOException((Throwable) e);
        }
    }

    private void verifySignature(PGPOnePassSignatureList pGPOnePassSignatureList, PGPSignatureList pGPSignatureList, InputStream inputStream, OutputStream outputStream) throws SignatureException, IOException {
        BcPgpKey bcPgpKey;
        Objects.requireNonNull(pGPOnePassSignatureList, "onePassSignatureList");
        Objects.requireNonNull(pGPSignatureList, "signatureList");
        Objects.requireNonNull(inputStream, "signedDataIn");
        setSignPgpKey(null);
        setPgpSignature(null);
        setSignPgpKeyIds(null);
        if (pGPOnePassSignatureList.size() == 0) {
            return;
        }
        HashSet hashSet = new HashSet();
        for (int i = 0; i < pGPOnePassSignatureList.size(); i++) {
            try {
                PGPOnePassSignature pGPOnePassSignature = pGPOnePassSignatureList.get(i);
                hashSet.add(new PgpKeyId(pGPOnePassSignature.getKeyID()));
                if (getPgpSignature() == null && (bcPgpKey = this.pgp.getBcPgpKey(new PgpKeyId(pGPOnePassSignature.getKeyID()))) != null) {
                    pGPOnePassSignature.init(new BcPGPContentVerifierBuilderProvider(), bcPgpKey.getPublicKey());
                    byte[] bArr = new byte[ModificationEventType.SET_INDEXED];
                    while (true) {
                        int read = inputStream.read(bArr);
                        if (read <= 0) {
                            break;
                        }
                        pGPOnePassSignature.update(bArr, 0, read);
                        if (outputStream != null) {
                            outputStream.write(bArr, 0, read);
                        }
                    }
                    PGPSignature pGPSignature = pGPSignatureList.get(i);
                    if (!pGPOnePassSignature.verify(pGPSignature)) {
                        throw new SignatureException("Signature verification failed!");
                    }
                    setSignPgpKey(bcPgpKey.getPgpKey());
                    setPgpSignature(this.pgp.createPgpSignature(pGPSignature));
                }
            } catch (PGPException e) {
                throw new IOException((Throwable) e);
            }
        }
        setSignPgpKeyIds(hashSet);
        logger.debug("verifySignature: signingPgpKeyIds={}", hashSet);
        if (getPgpSignature() == null && isFailOnMissingSignPgpKey()) {
            throw new MissingSigningPgpKeyException(hashSet, "The data was signed using the following PGP-keys, of which none could be found in the local key-ring: " + hashSet);
        }
    }
}
