package org.pgpainless.decryption_verification;

import java.io.IOException;
import java.io.InputStream;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignature;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator;
import org.bouncycastle.openpgp.operator.PGPContentVerifierBuilderProvider;
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;
import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.protection.SecretKeyRingProtector;

/* loaded from: input_file:org/pgpainless/decryption_verification/DecryptionStreamFactory.class */
public final class DecryptionStreamFactory {
    private static final Logger LOGGER = Logger.getLogger(DecryptionStreamFactory.class.getName());
    private static final Level LEVEL = Level.FINE;
    private final PGPSecretKeyRingCollection decryptionKeys;
    private final SecretKeyRingProtector decryptionKeyDecryptor;
    private final MissingPublicKeyCallback missingPublicKeyCallback;
    private final Set<PGPPublicKeyRing> verificationKeys = new HashSet();
    private final OpenPgpMetadata.Builder resultBuilder = OpenPgpMetadata.getBuilder();
    private final PGPContentVerifierBuilderProvider verifierBuilderProvider = new BcPGPContentVerifierBuilderProvider();
    private final KeyFingerPrintCalculator fingerCalc = new BcKeyFingerprintCalculator();
    private final Map<OpenPgpV4Fingerprint, PGPOnePassSignature> verifiableOnePassSignatures = new HashMap();

    private DecryptionStreamFactory(PGPSecretKeyRingCollection pGPSecretKeyRingCollection, SecretKeyRingProtector secretKeyRingProtector, Set<PGPPublicKeyRing> set, MissingPublicKeyCallback missingPublicKeyCallback) {
        this.decryptionKeys = pGPSecretKeyRingCollection;
        this.decryptionKeyDecryptor = secretKeyRingProtector;
        this.verificationKeys.addAll(set != null ? set : Collections.emptyList());
        this.missingPublicKeyCallback = missingPublicKeyCallback;
    }

    public static DecryptionStream create(InputStream inputStream, PGPSecretKeyRingCollection pGPSecretKeyRingCollection, SecretKeyRingProtector secretKeyRingProtector, Set<PGPPublicKeyRing> set, MissingPublicKeyCallback missingPublicKeyCallback) throws IOException, PGPException {
        DecryptionStreamFactory decryptionStreamFactory = new DecryptionStreamFactory(pGPSecretKeyRingCollection, secretKeyRingProtector, set, missingPublicKeyCallback);
        return new DecryptionStream(decryptionStreamFactory.wrap(new PGPObjectFactory(PGPUtil.getDecoderStream(inputStream), new BcKeyFingerprintCalculator())), decryptionStreamFactory.resultBuilder);
    }

    private InputStream wrap(PGPObjectFactory pGPObjectFactory) throws IOException, PGPException {
        Object nextObject;
        do {
            nextObject = pGPObjectFactory.nextObject();
            if (nextObject == null) {
                throw new PGPException("No Literal Data Packet found");
            }
            if (nextObject instanceof PGPEncryptedDataList) {
                LOGGER.log(LEVEL, "Encountered PGPEncryptedDataList");
                return wrap(new PGPObjectFactory(PGPUtil.getDecoderStream(decrypt((PGPEncryptedDataList) nextObject)), this.fingerCalc));
            }
            if (nextObject instanceof PGPCompressedData) {
                PGPCompressedData pGPCompressedData = (PGPCompressedData) nextObject;
                InputStream dataStream = pGPCompressedData.getDataStream();
                this.resultBuilder.setCompressionAlgorithm(CompressionAlgorithm.fromId(pGPCompressedData.getAlgorithm()));
                PGPObjectFactory pGPObjectFactory2 = new PGPObjectFactory(PGPUtil.getDecoderStream(dataStream), this.fingerCalc);
                LOGGER.log(LEVEL, "Encountered PGPCompressedData: " + CompressionAlgorithm.fromId(pGPCompressedData.getAlgorithm()));
                return wrap(pGPObjectFactory2);
            }
            if (nextObject instanceof PGPOnePassSignatureList) {
                PGPOnePassSignatureList pGPOnePassSignatureList = (PGPOnePassSignatureList) nextObject;
                LOGGER.log(LEVEL, "Encountered PGPOnePassSignatureList of size " + pGPOnePassSignatureList.size());
                initOnePassSignatures(pGPOnePassSignatureList);
                return wrap(pGPObjectFactory);
            }
        } while (!(nextObject instanceof PGPLiteralData));
        LOGGER.log(LEVEL, "Found PGPLiteralData");
        InputStream inputStream = ((PGPLiteralData) nextObject).getInputStream();
        if (!this.verifiableOnePassSignatures.isEmpty()) {
            return new SignatureVerifyingInputStream(inputStream, pGPObjectFactory, this.verifiableOnePassSignatures, this.resultBuilder);
        }
        LOGGER.log(LEVEL, "No OnePassSignatures found -> We are done");
        return inputStream;
    }

    private InputStream decrypt(PGPEncryptedDataList pGPEncryptedDataList) throws PGPException {
        Iterator encryptedDataObjects = pGPEncryptedDataList.getEncryptedDataObjects();
        if (!encryptedDataObjects.hasNext()) {
            throw new PGPException("Decryption failed - EncryptedDataList has no items");
        }
        PGPPrivateKey pGPPrivateKey = null;
        PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData = null;
        while (encryptedDataObjects.hasNext()) {
            PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData2 = (PGPPublicKeyEncryptedData) encryptedDataObjects.next();
            long keyID = pGPPublicKeyEncryptedData2.getKeyID();
            this.resultBuilder.addRecipientKeyId(Long.valueOf(keyID));
            LOGGER.log(LEVEL, "PGPEncryptedData is encrypted for key " + Long.toHexString(keyID));
            PGPSecretKey secretKey = this.decryptionKeys.getSecretKey(keyID);
            if (secretKey != null) {
                LOGGER.log(LEVEL, "Found respective secret key " + Long.toHexString(keyID));
                pGPPublicKeyEncryptedData = pGPPublicKeyEncryptedData2;
                pGPPrivateKey = secretKey.extractPrivateKey(this.decryptionKeyDecryptor.getDecryptor(Long.valueOf(keyID)));
                this.resultBuilder.setDecryptionFingerprint(new OpenPgpV4Fingerprint(secretKey));
            }
        }
        if (pGPPrivateKey == null) {
            throw new PGPException("Decryption failed - No suitable decryption key found");
        }
        BcPublicKeyDataDecryptorFactory bcPublicKeyDataDecryptorFactory = new BcPublicKeyDataDecryptorFactory(pGPPrivateKey);
        SymmetricKeyAlgorithm fromId = SymmetricKeyAlgorithm.fromId(pGPPublicKeyEncryptedData.getSymmetricAlgorithm(bcPublicKeyDataDecryptorFactory));
        LOGGER.log(LEVEL, "Message is encrypted using " + fromId);
        this.resultBuilder.setSymmetricKeyAlgorithm(fromId);
        if (pGPPublicKeyEncryptedData.isIntegrityProtected()) {
            LOGGER.log(LEVEL, "Message is integrity protected");
            this.resultBuilder.setIntegrityProtected(true);
        } else {
            LOGGER.log(LEVEL, "Message is not integrity protected");
            this.resultBuilder.setIntegrityProtected(false);
        }
        return pGPPublicKeyEncryptedData.getDataStream(bcPublicKeyDataDecryptorFactory);
    }

    private void initOnePassSignatures(PGPOnePassSignatureList pGPOnePassSignatureList) throws PGPException {
        Iterator it = pGPOnePassSignatureList.iterator();
        if (!it.hasNext()) {
            throw new PGPException("Verification failed - No OnePassSignatures found");
        }
        while (it.hasNext()) {
            PGPOnePassSignature pGPOnePassSignature = (PGPOnePassSignature) it.next();
            long keyID = pGPOnePassSignature.getKeyID();
            this.resultBuilder.addUnverifiedSignatureKeyId(Long.valueOf(keyID));
            LOGGER.log(LEVEL, "Message contains OnePassSignature from " + Long.toHexString(keyID));
            PGPPublicKey pGPPublicKey = null;
            Iterator<PGPPublicKeyRing> it2 = this.verificationKeys.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                pGPPublicKey = it2.next().getPublicKey(keyID);
                if (pGPPublicKey != null) {
                    LOGGER.log(LEVEL, "Found respective public key " + Long.toHexString(keyID));
                    break;
                }
            }
            if (pGPPublicKey == null) {
                LOGGER.log(Level.INFO, "No public key for signature of " + Long.toHexString(keyID) + " found.");
                if (this.missingPublicKeyCallback == null) {
                    LOGGER.log(Level.INFO, "Skip signature of " + Long.toHexString(keyID));
                } else {
                    PGPPublicKey onMissingPublicKeyEncountered = this.missingPublicKeyCallback.onMissingPublicKeyEncountered(Long.valueOf(keyID));
                    if (onMissingPublicKeyEncountered == null) {
                        LOGGER.log(Level.INFO, "Skip signature of " + Long.toHexString(keyID));
                    } else {
                        if (onMissingPublicKeyEncountered.getKeyID() != keyID) {
                            throw new IllegalArgumentException("KeyID of the provided public key differs from the signatures keyId. The signature was created from " + Long.toHexString(keyID) + " while the provided key has ID " + Long.toHexString(onMissingPublicKeyEncountered.getKeyID()));
                        }
                        pGPPublicKey = onMissingPublicKeyEncountered;
                    }
                }
            }
            pGPOnePassSignature.init(this.verifierBuilderProvider, pGPPublicKey);
            this.verifiableOnePassSignatures.put(new OpenPgpV4Fingerprint(pGPPublicKey), pGPOnePassSignature);
        }
    }
}
