package org.pgpainless.decryption_verification;

import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyRing;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignature;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPBEEncryptedData;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator;
import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory;
import org.bouncycastle.openpgp.operator.PGPContentVerifierBuilderProvider;
import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.StreamEncoding;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.exception.MessageNotIntegrityProtectedException;
import org.pgpainless.exception.UnacceptableAlgorithmException;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.protection.UnlockSecretKey;
import org.pgpainless.signature.DetachedSignature;
import org.pgpainless.signature.OnePassSignature;
import org.pgpainless.util.IntegrityProtectedInputStream;
import org.pgpainless.util.Passphrase;

/* loaded from: input_file:org/pgpainless/decryption_verification/DecryptionStreamFactory.class */
public final class DecryptionStreamFactory {
    private static final int MAX_RECURSION_DEPTH = 16;
    private final PGPSecretKeyRingCollection decryptionKeys;
    private final SecretKeyRingProtector decryptionKeyDecryptor;
    private final Passphrase decryptionPassphrase;
    private final MissingPublicKeyCallback missingPublicKeyCallback;
    private static final Logger LOGGER = Logger.getLogger(DecryptionStreamFactory.class.getName());
    private static final Level LEVEL = Level.FINE;
    private static final PGPContentVerifierBuilderProvider verifierBuilderProvider = ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider();
    private static final KeyFingerPrintCalculator keyFingerprintCalculator = ImplementationFactory.getInstance().getKeyFingerprintCalculator();
    private final Set<PGPPublicKeyRing> verificationKeys = new HashSet();
    private final OpenPgpMetadata.Builder resultBuilder = OpenPgpMetadata.getBuilder();
    private final Map<OpenPgpV4Fingerprint, OnePassSignature> verifiableOnePassSignatures = new HashMap();
    private final List<IntegrityProtectedInputStream> integrityProtectedStreams = new ArrayList();

    private DecryptionStreamFactory(@Nullable PGPSecretKeyRingCollection pGPSecretKeyRingCollection, @Nullable SecretKeyRingProtector secretKeyRingProtector, @Nullable Passphrase passphrase, @Nullable Set<PGPPublicKeyRing> set, @Nullable MissingPublicKeyCallback missingPublicKeyCallback) {
        this.decryptionKeys = pGPSecretKeyRingCollection;
        this.decryptionKeyDecryptor = secretKeyRingProtector;
        this.decryptionPassphrase = passphrase;
        this.verificationKeys.addAll(set != null ? set : Collections.emptyList());
        this.missingPublicKeyCallback = missingPublicKeyCallback;
    }

    public static DecryptionStream create(@Nonnull InputStream inputStream, @Nullable PGPSecretKeyRingCollection pGPSecretKeyRingCollection, @Nullable SecretKeyRingProtector secretKeyRingProtector, @Nullable Passphrase passphrase, @Nullable List<PGPSignature> list, @Nullable Set<PGPPublicKeyRing> set, @Nullable MissingPublicKeyCallback missingPublicKeyCallback) throws IOException, PGPException {
        InputStream processPGPPackets;
        DecryptionStreamFactory decryptionStreamFactory = new DecryptionStreamFactory(pGPSecretKeyRingCollection, secretKeyRingProtector, passphrase, set, missingPublicKeyCallback);
        if (list != null) {
            processPGPPackets = inputStream;
            for (PGPSignature pGPSignature : list) {
                PGPPublicKeyRing findSignatureVerificationKeyRing = decryptionStreamFactory.findSignatureVerificationKeyRing(pGPSignature.getKeyID());
                if (findSignatureVerificationKeyRing != null) {
                    pGPSignature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), findSignatureVerificationKeyRing.getPublicKey(pGPSignature.getKeyID()));
                    decryptionStreamFactory.resultBuilder.addDetachedSignature(new DetachedSignature(pGPSignature, findSignatureVerificationKeyRing, new SubkeyIdentifier((PGPKeyRing) findSignatureVerificationKeyRing, pGPSignature.getKeyID())));
                }
            }
        } else {
            processPGPPackets = decryptionStreamFactory.processPGPPackets(new PGPObjectFactory(PGPUtil.getDecoderStream(inputStream), keyFingerprintCalculator), 1);
        }
        return new DecryptionStream(processPGPPackets, decryptionStreamFactory.resultBuilder, decryptionStreamFactory.integrityProtectedStreams);
    }

    private InputStream processPGPPackets(@Nonnull PGPObjectFactory pGPObjectFactory, int i) throws IOException, PGPException {
        Object nextObject;
        if (i >= MAX_RECURSION_DEPTH) {
            throw new PGPException("Maximum recursion depth of packages exceeded.");
        }
        do {
            nextObject = pGPObjectFactory.nextObject();
            if (nextObject == null) {
                throw new PGPException("No Literal Data Packet found");
            }
            if (nextObject instanceof PGPEncryptedDataList) {
                return processPGPEncryptedDataList((PGPEncryptedDataList) nextObject, i);
            }
            if (nextObject instanceof PGPCompressedData) {
                return processPGPCompressedData((PGPCompressedData) nextObject, i);
            }
            if (nextObject instanceof PGPOnePassSignatureList) {
                return processOnePassSignatureList(pGPObjectFactory, (PGPOnePassSignatureList) nextObject, i);
            }
        } while (!(nextObject instanceof PGPLiteralData));
        return processPGPLiteralData(pGPObjectFactory, (PGPLiteralData) nextObject);
    }

    private InputStream processPGPEncryptedDataList(PGPEncryptedDataList pGPEncryptedDataList, int i) throws PGPException, IOException {
        LOGGER.log(LEVEL, "Encountered PGPEncryptedDataList");
        return processPGPPackets(new PGPObjectFactory(PGPUtil.getDecoderStream(decrypt(pGPEncryptedDataList)), keyFingerprintCalculator), i + 1);
    }

    private InputStream processPGPCompressedData(PGPCompressedData pGPCompressedData, int i) throws PGPException, IOException {
        CompressionAlgorithm fromId = CompressionAlgorithm.fromId(pGPCompressedData.getAlgorithm());
        LOGGER.log(LEVEL, "Encountered PGPCompressedData: " + fromId);
        this.resultBuilder.setCompressionAlgorithm(fromId);
        return processPGPPackets(new PGPObjectFactory(PGPUtil.getDecoderStream(pGPCompressedData.getDataStream()), keyFingerprintCalculator), i + 1);
    }

    private InputStream processOnePassSignatureList(@Nonnull PGPObjectFactory pGPObjectFactory, PGPOnePassSignatureList pGPOnePassSignatureList, int i) throws PGPException, IOException {
        LOGGER.log(LEVEL, "Encountered PGPOnePassSignatureList of size " + pGPOnePassSignatureList.size());
        initOnePassSignatures(pGPOnePassSignatureList);
        return processPGPPackets(pGPObjectFactory, i + 1);
    }

    private InputStream processPGPLiteralData(@Nonnull PGPObjectFactory pGPObjectFactory, PGPLiteralData pGPLiteralData) {
        LOGGER.log(LEVEL, "Found PGPLiteralData");
        InputStream inputStream = pGPLiteralData.getInputStream();
        this.resultBuilder.setFileInfo(new OpenPgpMetadata.FileInfo(pGPLiteralData.getFileName(), pGPLiteralData.getModificationTime(), StreamEncoding.fromCode(pGPLiteralData.getFormat())));
        if (!this.verifiableOnePassSignatures.isEmpty()) {
            return new SignatureVerifyingInputStream(inputStream, pGPObjectFactory, this.verifiableOnePassSignatures, this.resultBuilder);
        }
        LOGGER.log(LEVEL, "No OnePassSignatures found -> We are done");
        return inputStream;
    }

    private InputStream decrypt(@Nonnull PGPEncryptedDataList pGPEncryptedDataList) throws PGPException {
        Iterator encryptedDataObjects = pGPEncryptedDataList.getEncryptedDataObjects();
        if (!encryptedDataObjects.hasNext()) {
            throw new PGPException("Decryption failed - EncryptedDataList has no items");
        }
        PGPPrivateKey pGPPrivateKey = null;
        PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData = null;
        while (encryptedDataObjects.hasNext()) {
            PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData2 = (PGPEncryptedData) encryptedDataObjects.next();
            if (!pGPPublicKeyEncryptedData2.isIntegrityProtected()) {
                throw new MessageNotIntegrityProtectedException();
            }
            if (pGPPublicKeyEncryptedData2 instanceof PGPPBEEncryptedData) {
                PGPPBEEncryptedData pGPPBEEncryptedData = (PGPPBEEncryptedData) pGPPublicKeyEncryptedData2;
                if (this.decryptionPassphrase != null) {
                    PBEDataDecryptorFactory pBEDataDecryptorFactory = ImplementationFactory.getInstance().getPBEDataDecryptorFactory(this.decryptionPassphrase);
                    SymmetricKeyAlgorithm fromId = SymmetricKeyAlgorithm.fromId(pGPPBEEncryptedData.getSymmetricAlgorithm(pBEDataDecryptorFactory));
                    throwIfAlgorithmIsRejected(fromId);
                    this.resultBuilder.setSymmetricKeyAlgorithm(fromId);
                    try {
                        return pGPPBEEncryptedData.getDataStream(pBEDataDecryptorFactory);
                    } catch (PGPException e) {
                        LOGGER.log(LEVEL, "Probable passphrase mismatch, skip PBE encrypted data block", e);
                    }
                } else {
                    continue;
                }
            } else if (pGPPublicKeyEncryptedData2 instanceof PGPPublicKeyEncryptedData) {
                PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData3 = pGPPublicKeyEncryptedData2;
                long keyID = pGPPublicKeyEncryptedData3.getKeyID();
                if (this.decryptionKeys != null) {
                    if (keyID != 0) {
                        LOGGER.log(LEVEL, "PGPEncryptedData is encrypted for key " + Long.toHexString(keyID));
                        this.resultBuilder.addRecipientKeyId(Long.valueOf(keyID));
                        PGPSecretKey secretKey = this.decryptionKeys.getSecretKey(keyID);
                        if (secretKey != null) {
                            LOGGER.log(LEVEL, "Found respective secret key " + Long.toHexString(keyID));
                            pGPPublicKeyEncryptedData = pGPPublicKeyEncryptedData3;
                            pGPPrivateKey = UnlockSecretKey.unlockSecretKey(secretKey, this.decryptionKeyDecryptor);
                            this.resultBuilder.setDecryptionFingerprint(new OpenPgpV4Fingerprint(secretKey));
                        }
                    } else {
                        LOGGER.log(LEVEL, "Hidden recipient detected. Try to decrypt with all available secret keys.");
                        Iterator it = this.decryptionKeys.iterator();
                        while (it.hasNext()) {
                            Iterator it2 = ((PGPSecretKeyRing) it.next()).iterator();
                            while (it2.hasNext()) {
                                PGPSecretKey pGPSecretKey = (PGPSecretKey) it2.next();
                                PGPPrivateKey extractPrivateKey = pGPSecretKey.extractPrivateKey(this.decryptionKeyDecryptor.getDecryptor(Long.valueOf(pGPSecretKey.getKeyID())));
                                try {
                                    pGPPublicKeyEncryptedData3.getSymmetricAlgorithm(ImplementationFactory.getInstance().getPublicKeyDataDecryptorFactory(extractPrivateKey));
                                    LOGGER.log(LEVEL, "Found correct key " + Long.toHexString(pGPSecretKey.getKeyID()) + " for hidden recipient decryption.");
                                    pGPPrivateKey = extractPrivateKey;
                                    this.resultBuilder.setDecryptionFingerprint(new OpenPgpV4Fingerprint(pGPSecretKey));
                                    pGPPublicKeyEncryptedData = pGPPublicKeyEncryptedData3;
                                    break;
                                } catch (PGPException | ClassCastException e2) {
                                    LOGGER.log(LEVEL, "Skipping wrong key " + Long.toHexString(pGPSecretKey.getKeyID()) + " for hidden recipient decryption.", e2);
                                }
                            }
                        }
                    }
                }
            }
        }
        if (pGPPrivateKey == null) {
            throw new PGPException("Decryption failed - No suitable decryption key or passphrase found");
        }
        PublicKeyDataDecryptorFactory publicKeyDataDecryptorFactory = ImplementationFactory.getInstance().getPublicKeyDataDecryptorFactory(pGPPrivateKey);
        SymmetricKeyAlgorithm fromId2 = SymmetricKeyAlgorithm.fromId(pGPPublicKeyEncryptedData.getSymmetricAlgorithm(publicKeyDataDecryptorFactory));
        if (fromId2 == SymmetricKeyAlgorithm.NULL) {
            LOGGER.log(LEVEL, "Message is unencrypted");
        } else {
            LOGGER.log(LEVEL, "Message is encrypted using " + fromId2);
        }
        throwIfAlgorithmIsRejected(fromId2);
        this.resultBuilder.setSymmetricKeyAlgorithm(fromId2);
        IntegrityProtectedInputStream integrityProtectedInputStream = new IntegrityProtectedInputStream(pGPPublicKeyEncryptedData.getDataStream(publicKeyDataDecryptorFactory), pGPPublicKeyEncryptedData);
        this.integrityProtectedStreams.add(integrityProtectedInputStream);
        return integrityProtectedInputStream;
    }

    private void throwIfAlgorithmIsRejected(SymmetricKeyAlgorithm symmetricKeyAlgorithm) throws UnacceptableAlgorithmException {
        if (PGPainless.getPolicy().getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(symmetricKeyAlgorithm)) {
        } else {
            throw new UnacceptableAlgorithmException("Data is " + (symmetricKeyAlgorithm == SymmetricKeyAlgorithm.NULL ? "unencrypted" : "encrypted with symmetric algorithm " + symmetricKeyAlgorithm) + " which is not acceptable as per PGPainless' policy.\nTo mark this algorithm as acceptable, use PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy().");
        }
    }

    private void initOnePassSignatures(@Nonnull PGPOnePassSignatureList pGPOnePassSignatureList) throws PGPException {
        Iterator<PGPOnePassSignature> it = pGPOnePassSignatureList.iterator();
        if (!it.hasNext()) {
            throw new PGPException("Verification failed - No OnePassSignatures found");
        }
        processOnePassSignatures(it);
    }

    private void processOnePassSignatures(Iterator<PGPOnePassSignature> it) throws PGPException {
        while (it.hasNext()) {
            processOnePassSignature(it.next());
        }
    }

    private void processOnePassSignature(PGPOnePassSignature pGPOnePassSignature) throws PGPException {
        long keyID = pGPOnePassSignature.getKeyID();
        LOGGER.log(LEVEL, "Message contains OnePassSignature from " + Long.toHexString(keyID));
        PGPPublicKeyRing findSignatureVerificationKeyRing = findSignatureVerificationKeyRing(keyID);
        if (findSignatureVerificationKeyRing == null) {
            LOGGER.log(LEVEL, "Missing verification key from " + Long.toHexString(keyID));
            return;
        }
        PGPPublicKey publicKey = findSignatureVerificationKeyRing.getPublicKey(keyID);
        pGPOnePassSignature.init(verifierBuilderProvider, publicKey);
        OpenPgpV4Fingerprint openPgpV4Fingerprint = new OpenPgpV4Fingerprint(publicKey);
        OnePassSignature onePassSignature = new OnePassSignature(pGPOnePassSignature, findSignatureVerificationKeyRing);
        this.resultBuilder.addOnePassSignature(onePassSignature);
        this.verifiableOnePassSignatures.put(openPgpV4Fingerprint, onePassSignature);
    }

    private PGPPublicKeyRing findSignatureVerificationKeyRing(long j) {
        PGPPublicKeyRing pGPPublicKeyRing = null;
        Iterator<PGPPublicKeyRing> it = this.verificationKeys.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            PGPPublicKeyRing next = it.next();
            if (next.getPublicKey(j) != null) {
                LOGGER.log(LEVEL, "Found public key " + Long.toHexString(j) + " for signature verification");
                pGPPublicKeyRing = next;
                break;
            }
        }
        return pGPPublicKeyRing;
    }
}
