package org.pgpainless.key;

import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyRing;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.util.KeyRingUtils;
import org.pgpainless.policy.Policy;
import org.pgpainless.signature.SelectSignatureFromKey;
import org.pgpainless.signature.SignatureCreationDateComparator;
import org.pgpainless.signature.SignatureValidator;
import org.pgpainless.util.CollectionUtils;

/* loaded from: input_file:org/pgpainless/key/KeyRingValidator.class */
public class KeyRingValidator {
    private static final Logger LOGGER = Logger.getLogger(KeyRingValidator.class.getName());

    public static <R extends PGPKeyRing> R validate(R r, Policy policy) {
        try {
            return (R) validate(r, policy, policy.getSignatureValidationDate());
        } catch (PGPException e) {
            return null;
        }
    }

    public static <R extends PGPKeyRing> R validate(R r, Policy policy, Date date) throws PGPException {
        return (R) getKeyRingAtDate(r, policy, date);
    }

    private static <R extends PGPKeyRing> R getKeyRingAtDate(R r, Policy policy, Date date) throws PGPException {
        PGPPublicKey evaluatePrimaryKey = evaluatePrimaryKey(r.getPublicKey(), policy, date);
        if (r instanceof PGPPublicKeyRing) {
            r = PGPPublicKeyRing.insertPublicKey((PGPPublicKeyRing) r, evaluatePrimaryKey);
        }
        return r;
    }

    private static PGPPublicKey evaluatePrimaryKey(PGPPublicKey pGPPublicKey, Policy policy, Date date) throws PGPException {
        PGPPublicKey pGPPublicKey2 = new PGPPublicKey(pGPPublicKey.getPublicKeyPacket(), ImplementationFactory.getInstance().getKeyFingerprintCalculator());
        List<PGPSignature> iteratorToList = CollectionUtils.iteratorToList(pGPPublicKey.getSignaturesOfType(SignatureType.DIRECT_KEY.getCode()));
        Collections.sort(iteratorToList, new SignatureCreationDateComparator(SignatureCreationDateComparator.Order.NEW_TO_OLD));
        for (PGPSignature pGPSignature : iteratorToList) {
            try {
                if (SignatureValidator.verifyDirectKeySignature(pGPSignature, pGPPublicKey2, policy, date)) {
                    pGPPublicKey2 = PGPPublicKey.addCertification(pGPPublicKey2, pGPSignature);
                }
            } catch (SignatureValidationException e) {
                LOGGER.log(Level.INFO, "Rejecting direct key signature", (Throwable) e);
            }
        }
        List<PGPSignature> iteratorToList2 = CollectionUtils.iteratorToList(pGPPublicKey.getSignaturesOfType(SignatureType.KEY_REVOCATION.getCode()));
        Collections.sort(iteratorToList2, new SignatureCreationDateComparator(SignatureCreationDateComparator.Order.NEW_TO_OLD));
        for (PGPSignature pGPSignature2 : iteratorToList2) {
            try {
                if (SignatureValidator.verifyKeyRevocationSignature(pGPSignature2, pGPPublicKey, policy, date)) {
                    pGPPublicKey2 = PGPPublicKey.addCertification(pGPPublicKey2, pGPSignature2);
                }
            } catch (SignatureValidationException e2) {
                LOGGER.log(Level.INFO, "Rejecting key revocation signature", (Throwable) e2);
            }
        }
        Iterator userIDs = pGPPublicKey.getUserIDs();
        while (userIDs.hasNext()) {
            String str = (String) userIDs.next();
            List<PGPSignature> iteratorToList3 = CollectionUtils.iteratorToList(pGPPublicKey.getSignaturesForID(str));
            Collections.sort(iteratorToList3, new SignatureCreationDateComparator(SignatureCreationDateComparator.Order.NEW_TO_OLD));
            for (PGPSignature pGPSignature3 : iteratorToList3) {
                try {
                    if (SignatureType.valueOf(pGPSignature3.getSignatureType()) == SignatureType.CERTIFICATION_REVOCATION) {
                        if (SignatureValidator.verifyUserIdRevocation(str, pGPSignature3, pGPPublicKey, policy, date)) {
                            pGPPublicKey2 = PGPPublicKey.addCertification(pGPPublicKey2, str, pGPSignature3);
                        }
                    } else if (SignatureValidator.verifyUserIdCertification(str, pGPSignature3, pGPPublicKey, policy, date)) {
                        pGPPublicKey2 = PGPPublicKey.addCertification(pGPPublicKey2, str, pGPSignature3);
                    }
                } catch (SignatureValidationException e3) {
                    LOGGER.log(Level.INFO, "Rejecting user-id certification for user-id " + str, (Throwable) e3);
                }
            }
        }
        Iterator userAttributes = pGPPublicKey.getUserAttributes();
        while (userAttributes.hasNext()) {
            PGPUserAttributeSubpacketVector pGPUserAttributeSubpacketVector = (PGPUserAttributeSubpacketVector) userAttributes.next();
            Iterator signaturesForUserAttribute = pGPPublicKey.getSignaturesForUserAttribute(pGPUserAttributeSubpacketVector);
            while (signaturesForUserAttribute.hasNext()) {
                PGPSignature pGPSignature4 = (PGPSignature) signaturesForUserAttribute.next();
                try {
                    if (SignatureType.valueOf(pGPSignature4.getSignatureType()) == SignatureType.CERTIFICATION_REVOCATION) {
                        if (SignatureValidator.verifyUserAttributesRevocation(pGPUserAttributeSubpacketVector, pGPSignature4, pGPPublicKey, policy, date)) {
                            pGPPublicKey2 = PGPPublicKey.addCertification(pGPPublicKey2, pGPUserAttributeSubpacketVector, pGPSignature4);
                        }
                    } else if (SignatureValidator.verifyUserAttributesCertification(pGPUserAttributeSubpacketVector, pGPSignature4, pGPPublicKey, policy, date)) {
                        pGPPublicKey2 = PGPPublicKey.addCertification(pGPPublicKey2, pGPUserAttributeSubpacketVector, pGPSignature4);
                    }
                } catch (SignatureValidationException e4) {
                    LOGGER.log(Level.INFO, "Rejecting user-attribute signature", (Throwable) e4);
                }
            }
        }
        return pGPPublicKey2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11, types: [org.bouncycastle.openpgp.PGPKeyRing] */
    /* JADX WARN: Type inference failed for: r0v13, types: [org.bouncycastle.openpgp.PGPKeyRing] */
    public static <R extends PGPKeyRing> R getKeyRingAtDate(R r, KeyRingInfo keyRingInfo) {
        Iterator publicKeys = r.getPublicKeys();
        while (publicKeys.hasNext()) {
            PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKeys.next();
            r = pGPPublicKey.isMasterKey() ? assessPrimaryKeyAtDate(pGPPublicKey, r, keyRingInfo) : assessSubkeyAtDate(pGPPublicKey, r, keyRingInfo);
        }
        return r;
    }

    private static <R extends PGPKeyRing> R assessPrimaryKeyAtDate(PGPPublicKey pGPPublicKey, PGPKeyRing pGPKeyRing, KeyRingInfo keyRingInfo) {
        if (!pGPPublicKey.isMasterKey()) {
            throw new IllegalArgumentException("Passed in key is not a primary key");
        }
        keyRingInfo.getCurrentDirectKeySelfSignature();
        keyRingInfo.getRevocationSelfSignature();
        Iterator userIDs = pGPPublicKey.getUserIDs();
        while (userIDs.hasNext()) {
            String str = (String) userIDs.next();
            boolean z = false;
            Iterator signaturesForID = pGPPublicKey.getSignaturesForID(str);
            while (signaturesForID.hasNext()) {
                PGPSignature pGPSignature = (PGPSignature) signaturesForID.next();
                if (SelectSignatureFromKey.isValidSignatureOnUserId(str, pGPPublicKey).accept(pGPSignature, pGPPublicKey, pGPKeyRing)) {
                    z = true;
                } else {
                    pGPPublicKey = PGPPublicKey.removeCertification(pGPPublicKey, str, pGPSignature);
                }
            }
            if (!z) {
                pGPPublicKey = PGPPublicKey.removeCertification(pGPPublicKey, str);
            }
        }
        Iterator signaturesOfType = pGPPublicKey.getSignaturesOfType(SignatureType.KEY_REVOCATION.getCode());
        while (signaturesOfType.hasNext()) {
            PGPSignature pGPSignature2 = (PGPSignature) signaturesOfType.next();
            if (!SelectSignatureFromKey.isValidKeyRevocationSignature(pGPPublicKey).accept(pGPSignature2, pGPPublicKey, pGPKeyRing)) {
                pGPPublicKey = PGPPublicKey.removeCertification(pGPPublicKey, pGPSignature2);
            }
        }
        return (R) replacePublicKey(pGPKeyRing, pGPPublicKey);
    }

    private static <R extends PGPKeyRing> R assessSubkeyAtDate(PGPPublicKey pGPPublicKey, PGPKeyRing pGPKeyRing, KeyRingInfo keyRingInfo) {
        if (pGPPublicKey.isMasterKey()) {
            throw new IllegalArgumentException("Passed in key is not a subkey");
        }
        Iterator signaturesOfType = pGPPublicKey.getSignaturesOfType(SignatureType.SUBKEY_BINDING.getCode());
        while (signaturesOfType.hasNext()) {
            PGPSignature pGPSignature = (PGPSignature) signaturesOfType.next();
            if (!SelectSignatureFromKey.isValidSubkeyBindingSignature(pGPKeyRing.getPublicKey(), pGPPublicKey).accept(pGPSignature, pGPPublicKey, pGPKeyRing)) {
                pGPPublicKey = PGPPublicKey.removeCertification(pGPPublicKey, pGPSignature);
            }
        }
        Iterator signaturesOfType2 = pGPPublicKey.getSignaturesOfType(SignatureType.SUBKEY_REVOCATION.getCode());
        while (signaturesOfType2.hasNext()) {
            PGPSignature pGPSignature2 = (PGPSignature) signaturesOfType2.next();
            if (!SelectSignatureFromKey.isValidSubkeyRevocationSignature().accept(pGPSignature2, pGPPublicKey, pGPKeyRing)) {
                pGPPublicKey = PGPPublicKey.removeCertification(pGPPublicKey, pGPSignature2);
            }
        }
        Iterator signaturesOfType3 = pGPPublicKey.getSignaturesOfType(SignatureType.DIRECT_KEY.getCode());
        while (signaturesOfType3.hasNext()) {
            PGPSignature pGPSignature3 = (PGPSignature) signaturesOfType3.next();
            PGPPublicKey publicKey = pGPKeyRing.getPublicKey(pGPSignature3.getKeyID());
            if (publicKey == null) {
                pGPPublicKey = PGPPublicKey.removeCertification(pGPPublicKey, pGPSignature3);
            } else if (!SelectSignatureFromKey.isValidDirectKeySignature(publicKey, pGPPublicKey).accept(pGPSignature3, pGPPublicKey, pGPKeyRing)) {
                pGPPublicKey = PGPPublicKey.removeCertification(pGPPublicKey, pGPSignature3);
            }
        }
        return (R) replacePublicKey(pGPKeyRing, pGPPublicKey);
    }

    private static PGPKeyRing replacePublicKey(PGPKeyRing pGPKeyRing, PGPPublicKey pGPPublicKey) {
        if (pGPKeyRing instanceof PGPPublicKeyRing) {
            pGPKeyRing = PGPPublicKeyRing.insertPublicKey((PGPPublicKeyRing) pGPKeyRing, pGPPublicKey);
        } else if (pGPKeyRing instanceof PGPSecretKeyRing) {
            PGPSecretKeyRing pGPSecretKeyRing = (PGPSecretKeyRing) pGPKeyRing;
            pGPKeyRing = PGPSecretKeyRing.replacePublicKeys(pGPSecretKeyRing, PGPPublicKeyRing.insertPublicKey(KeyRingUtils.publicKeyRingFrom(pGPSecretKeyRing), pGPPublicKey));
        }
        return pGPKeyRing;
    }
}
