package org.pgpainless.signature;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.bcpg.sig.KeyExpirationTime;
import org.bouncycastle.bcpg.sig.RevocationReason;
import org.bouncycastle.bcpg.sig.SignatureExpirationTime;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyRing;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.util.KeyRingUtils;
import org.pgpainless.key.util.OpenPgpKeyAttributeUtil;
import org.pgpainless.key.util.RevocationAttributes;
import org.pgpainless.policy.Policy;
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;

/* loaded from: input_file:org/pgpainless/signature/SignatureUtils.class */
public class SignatureUtils {
    public static PGPSignatureGenerator getSignatureGeneratorFor(PGPSecretKey pGPSecretKey) {
        return getSignatureGeneratorFor(pGPSecretKey.getPublicKey());
    }

    public static PGPSignatureGenerator getSignatureGeneratorFor(PGPPublicKey pGPPublicKey) {
        return new PGPSignatureGenerator(getPgpContentSignerBuilderForKey(pGPPublicKey));
    }

    private static PGPContentSignerBuilder getPgpContentSignerBuilderForKey(PGPPublicKey pGPPublicKey) {
        List<HashAlgorithm> preferredHashAlgorithms = OpenPgpKeyAttributeUtil.getPreferredHashAlgorithms(pGPPublicKey);
        if (preferredHashAlgorithms.isEmpty()) {
            preferredHashAlgorithms = OpenPgpKeyAttributeUtil.guessPreferredHashAlgorithms(pGPPublicKey);
        }
        return ImplementationFactory.getInstance().getPGPContentSignerBuilder(pGPPublicKey.getAlgorithm(), negotiateHashAlgorithm(preferredHashAlgorithms).getAlgorithmId());
    }

    private static HashAlgorithm negotiateHashAlgorithm(List<HashAlgorithm> list) {
        Policy policy = PGPainless.getPolicy();
        for (HashAlgorithm hashAlgorithm : list) {
            if (policy.getSignatureHashAlgorithmPolicy().isAcceptable(hashAlgorithm)) {
                return hashAlgorithm;
            }
        }
        return PGPainless.getPolicy().getSignatureHashAlgorithmPolicy().defaultHashAlgorithm();
    }

    public static PGPSignature getLatestValidSignature(PGPPublicKey pGPPublicKey, List<PGPSignature> list, PGPKeyRing pGPKeyRing) throws PGPException {
        ArrayList arrayList = new ArrayList();
        for (PGPSignature pGPSignature : list) {
            PGPPublicKey publicKeyFrom = KeyRingUtils.getPublicKeyFrom(pGPKeyRing, pGPSignature.getKeyID());
            if (publicKeyFrom != null && isSignatureValid(pGPSignature, publicKeyFrom, pGPPublicKey) && !isSignatureExpired(pGPSignature)) {
                arrayList.add(pGPSignature);
            }
        }
        sortByCreationTimeAscending(arrayList);
        if (arrayList.isEmpty()) {
            return null;
        }
        return (PGPSignature) arrayList.get(arrayList.size() - 1);
    }

    public static boolean isSignatureValid(PGPSignature pGPSignature, PGPPublicKey pGPPublicKey, PGPPublicKey pGPPublicKey2) throws PGPException {
        switch (SignatureType.valueOf(pGPSignature.getSignatureType())) {
            case BINARY_DOCUMENT:
            case CANONICAL_TEXT_DOCUMENT:
            case STANDALONE:
            case TIMESTAMP:
            case THIRD_PARTY_CONFIRMATION:
                throw new IllegalArgumentException("Signature is not a key signature.");
            case GENERIC_CERTIFICATION:
            case NO_CERTIFICATION:
            case CASUAL_CERTIFICATION:
            case POSITIVE_CERTIFICATION:
            case DIRECT_KEY:
                return isSelfSignatureValid(pGPSignature, pGPPublicKey);
            case KEY_REVOCATION:
            case CERTIFICATION_REVOCATION:
                return isRevocationSignatureValid(pGPSignature, pGPPublicKey);
            case SUBKEY_BINDING:
            case PRIMARYKEY_BINDING:
            case SUBKEY_REVOCATION:
                return isKeyOnKeySignatureValid(pGPSignature, pGPPublicKey, pGPPublicKey2);
            default:
                return false;
        }
    }

    public static boolean isKeyOnKeySignatureValid(PGPSignature pGPSignature, PGPPublicKey pGPPublicKey, PGPPublicKey pGPPublicKey2) throws PGPException {
        pGPSignature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), pGPPublicKey);
        return pGPSignature.verifyCertification(pGPPublicKey, pGPPublicKey2);
    }

    public static boolean isSelfSignatureValid(PGPSignature pGPSignature, PGPPublicKey pGPPublicKey) throws PGPException {
        if (!PGPainless.getPolicy().getSignatureHashAlgorithmPolicy().isAcceptable(pGPSignature.getHashAlgorithm())) {
            return false;
        }
        Iterator userIDs = pGPPublicKey.getUserIDs();
        while (userIDs.hasNext()) {
            if (isSelfSignatureOnUserIdValid(pGPSignature, (String) userIDs.next(), pGPPublicKey)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isRevocationSignatureValid(PGPSignature pGPSignature, PGPPublicKey pGPPublicKey) throws PGPException {
        if (!PGPainless.getPolicy().getRevocationSignatureHashAlgorithmPolicy().isAcceptable(pGPSignature.getHashAlgorithm())) {
            return false;
        }
        Iterator userIDs = pGPPublicKey.getUserIDs();
        while (userIDs.hasNext()) {
            if (isSelfSignatureOnUserIdValid(pGPSignature, (String) userIDs.next(), pGPPublicKey)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isSelfSignatureOnUserIdValid(PGPSignature pGPSignature, String str, PGPPublicKey pGPPublicKey) throws PGPException {
        pGPSignature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), pGPPublicKey);
        return pGPSignature.verifyCertification(str, pGPPublicKey);
    }

    public static Date getKeyExpirationDate(Date date, PGPSignature pGPSignature) {
        KeyExpirationTime keyExpirationTime = SignatureSubpacketsUtil.getKeyExpirationTime(pGPSignature);
        return datePlusSeconds(date, keyExpirationTime == null ? 0L : keyExpirationTime.getTime());
    }

    public static Date getSignatureExpirationDate(PGPSignature pGPSignature) {
        Date creationTime = pGPSignature.getCreationTime();
        SignatureExpirationTime signatureExpirationTime = SignatureSubpacketsUtil.getSignatureExpirationTime(pGPSignature);
        return datePlusSeconds(creationTime, signatureExpirationTime == null ? 0L : signatureExpirationTime.getTime());
    }

    public static Date datePlusSeconds(Date date, long j) {
        if (j == 0) {
            return null;
        }
        return new Date(date.getTime() + (1000 * j));
    }

    public static boolean isSignatureExpired(PGPSignature pGPSignature) {
        return isSignatureExpired(pGPSignature, new Date());
    }

    public static boolean isSignatureExpired(PGPSignature pGPSignature, Date date) {
        Date signatureExpirationDate = getSignatureExpirationDate(pGPSignature);
        return signatureExpirationDate != null && date.after(signatureExpirationDate);
    }

    public static void sortByCreationTimeAscending(List<PGPSignature> list) {
        Collections.sort(list, new Comparator<PGPSignature>() { // from class: org.pgpainless.signature.SignatureUtils.1
            @Override // java.util.Comparator
            public int compare(PGPSignature pGPSignature, PGPSignature pGPSignature2) {
                return pGPSignature.getCreationTime().compareTo(pGPSignature2.getCreationTime());
            }
        });
    }

    public static List<PGPSignature> getBindingSignatures(PGPPublicKey pGPPublicKey, long j) {
        ArrayList arrayList = new ArrayList();
        for (PGPSignature pGPSignature : getSignaturesOfTypes(pGPPublicKey, SignatureType.SUBKEY_BINDING)) {
            if (pGPSignature.getKeyID() == j) {
                arrayList.add(pGPSignature);
            }
        }
        return arrayList;
    }

    public static List<PGPSignature> getSignaturesOfTypes(PGPPublicKey pGPPublicKey, SignatureType... signatureTypeArr) {
        ArrayList arrayList = new ArrayList();
        for (SignatureType signatureType : signatureTypeArr) {
            Iterator signaturesOfType = pGPPublicKey.getSignaturesOfType(signatureType.getCode());
            while (signaturesOfType.hasNext()) {
                Object next = signaturesOfType.next();
                if (next instanceof PGPSignature) {
                    arrayList.add((PGPSignature) next);
                }
            }
        }
        sortByCreationTimeAscending(arrayList);
        return arrayList;
    }

    public static List<PGPSignature> getSignaturesForUserId(PGPPublicKey pGPPublicKey, String str) {
        ArrayList arrayList = new ArrayList();
        Iterator signaturesForID = pGPPublicKey.getSignaturesForID(str);
        while (signaturesForID != null && signaturesForID.hasNext()) {
            Object next = signaturesForID.next();
            if (next instanceof PGPSignature) {
                arrayList.add((PGPSignature) next);
            }
        }
        sortByCreationTimeAscending(arrayList);
        return arrayList;
    }

    public static PGPSignature getLatestSelfSignatureForUserId(PGPPublicKey pGPPublicKey, String str) throws PGPException {
        ArrayList arrayList = new ArrayList();
        for (PGPSignature pGPSignature : getSignaturesForUserId(pGPPublicKey, str)) {
            if (isSelfSignatureOnUserIdValid(pGPSignature, str, pGPPublicKey)) {
                arrayList.add(pGPSignature);
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (PGPSignature) arrayList.get(arrayList.size() - 1);
    }

    public static boolean isUserIdValid(PGPPublicKey pGPPublicKey, String str) throws PGPException {
        return isUserIdValid(pGPPublicKey, str, new Date());
    }

    public static boolean isUserIdValid(PGPPublicKey pGPPublicKey, String str, Date date) throws PGPException {
        PGPSignature latestSelfSignatureForUserId = getLatestSelfSignatureForUserId(pGPPublicKey, str);
        return (latestSelfSignatureForUserId == null || latestSelfSignatureForUserId.getCreationTime().after(date) || isSignatureExpired(latestSelfSignatureForUserId, date) || latestSelfSignatureForUserId.getSignatureType() == SignatureType.CERTIFICATION_REVOCATION.getCode()) ? false : true;
    }

    public static boolean isHardRevocation(PGPSignature pGPSignature) {
        SignatureType valueOf = SignatureType.valueOf(pGPSignature.getSignatureType());
        if (valueOf != SignatureType.KEY_REVOCATION && valueOf != SignatureType.SUBKEY_REVOCATION && valueOf != SignatureType.CERTIFICATION_REVOCATION) {
            return false;
        }
        RevocationReason revocationReason = SignatureSubpacketsUtil.getRevocationReason(pGPSignature);
        if (revocationReason == null) {
            return true;
        }
        return RevocationAttributes.Reason.isHardRevocation(revocationReason.getRevocationReason());
    }
}
