package org.pgpainless.key.certification;

import java.util.Date;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.CertificationType;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.Trustworthiness;
import org.pgpainless.exception.KeyException;
import org.pgpainless.key.OpenPgpFingerprint;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.util.KeyRingUtils;
import org.pgpainless.signature.builder.ThirdPartyCertificationSignatureBuilder;
import org.pgpainless.signature.builder.ThirdPartyDirectKeySignatureBuilder;
import org.pgpainless.signature.subpackets.CertificationSubpackets;
import org.pgpainless.util.DateUtil;

/* loaded from: input_file:org/pgpainless/key/certification/CertifyCertificate.class */
public class CertifyCertificate {

    /* loaded from: input_file:org/pgpainless/key/certification/CertifyCertificate$CertificationOnUserId.class */
    public static class CertificationOnUserId {
        private final PGPPublicKeyRing certificate;
        private final String userId;
        private final CertificationType certificationType;

        CertificationOnUserId(@Nonnull String str, @Nonnull PGPPublicKeyRing pGPPublicKeyRing, @Nonnull CertificationType certificationType) {
            this.userId = str;
            this.certificate = pGPPublicKeyRing;
            this.certificationType = certificationType;
        }

        public CertificationOnUserIdWithSubpackets withKey(@Nonnull PGPSecretKeyRing pGPSecretKeyRing, @Nonnull SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
            return new CertificationOnUserIdWithSubpackets(this.certificate, this.userId, new ThirdPartyCertificationSignatureBuilder(this.certificationType.asSignatureType(), CertifyCertificate.getCertifyingSecretKey(pGPSecretKeyRing), secretKeyRingProtector));
        }
    }

    /* loaded from: input_file:org/pgpainless/key/certification/CertifyCertificate$CertificationOnUserIdWithSubpackets.class */
    public static class CertificationOnUserIdWithSubpackets {
        private final PGPPublicKeyRing certificate;
        private final String userId;
        private final ThirdPartyCertificationSignatureBuilder sigBuilder;

        CertificationOnUserIdWithSubpackets(@Nonnull PGPPublicKeyRing pGPPublicKeyRing, @Nonnull String str, @Nonnull ThirdPartyCertificationSignatureBuilder thirdPartyCertificationSignatureBuilder) {
            this.certificate = pGPPublicKeyRing;
            this.userId = str;
            this.sigBuilder = thirdPartyCertificationSignatureBuilder;
        }

        public CertificationResult buildWithSubpackets(@Nonnull CertificationSubpackets.Callback callback) throws PGPException {
            this.sigBuilder.applyCallback(callback);
            return build();
        }

        public CertificationResult build() throws PGPException {
            PGPSignature build = this.sigBuilder.build(this.certificate, this.userId);
            return new CertificationResult(KeyRingUtils.injectCertification(this.certificate, this.userId, build), build);
        }
    }

    /* loaded from: input_file:org/pgpainless/key/certification/CertifyCertificate$CertificationResult.class */
    public static class CertificationResult {
        private final PGPPublicKeyRing certificate;
        private final PGPSignature certification;

        CertificationResult(@Nonnull PGPPublicKeyRing pGPPublicKeyRing, @Nonnull PGPSignature pGPSignature) {
            this.certificate = pGPPublicKeyRing;
            this.certification = pGPSignature;
        }

        @Nonnull
        public PGPSignature getCertification() {
            return this.certification;
        }

        @Nonnull
        public PGPPublicKeyRing getCertifiedCertificate() {
            return this.certificate;
        }
    }

    /* loaded from: input_file:org/pgpainless/key/certification/CertifyCertificate$DelegationOnCertificate.class */
    public static class DelegationOnCertificate {
        private final PGPPublicKeyRing certificate;
        private final Trustworthiness trustworthiness;

        DelegationOnCertificate(@Nonnull PGPPublicKeyRing pGPPublicKeyRing, @Nullable Trustworthiness trustworthiness) {
            this.certificate = pGPPublicKeyRing;
            this.trustworthiness = trustworthiness;
        }

        public DelegationOnCertificateWithSubpackets withKey(@Nonnull PGPSecretKeyRing pGPSecretKeyRing, @Nonnull SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
            ThirdPartyDirectKeySignatureBuilder thirdPartyDirectKeySignatureBuilder = new ThirdPartyDirectKeySignatureBuilder(CertifyCertificate.getCertifyingSecretKey(pGPSecretKeyRing), secretKeyRingProtector);
            if (this.trustworthiness != null) {
                thirdPartyDirectKeySignatureBuilder.getHashedSubpackets().setTrust(true, this.trustworthiness.getDepth(), this.trustworthiness.getAmount());
            }
            return new DelegationOnCertificateWithSubpackets(this.certificate, thirdPartyDirectKeySignatureBuilder);
        }
    }

    /* loaded from: input_file:org/pgpainless/key/certification/CertifyCertificate$DelegationOnCertificateWithSubpackets.class */
    public static class DelegationOnCertificateWithSubpackets {
        private final PGPPublicKeyRing certificate;
        private final ThirdPartyDirectKeySignatureBuilder sigBuilder;

        DelegationOnCertificateWithSubpackets(@Nonnull PGPPublicKeyRing pGPPublicKeyRing, @Nonnull ThirdPartyDirectKeySignatureBuilder thirdPartyDirectKeySignatureBuilder) {
            this.certificate = pGPPublicKeyRing;
            this.sigBuilder = thirdPartyDirectKeySignatureBuilder;
        }

        public CertificationResult buildWithSubpackets(@Nonnull CertificationSubpackets.Callback callback) throws PGPException {
            this.sigBuilder.applyCallback(callback);
            return build();
        }

        public CertificationResult build() throws PGPException {
            PGPPublicKey publicKey = this.certificate.getPublicKey();
            PGPSignature build = this.sigBuilder.build(publicKey);
            return new CertificationResult(KeyRingUtils.injectCertification(this.certificate, publicKey, build), build);
        }
    }

    public CertificationOnUserId userIdOnCertificate(@Nonnull String str, @Nonnull PGPPublicKeyRing pGPPublicKeyRing) {
        return userIdOnCertificate(str, pGPPublicKeyRing, CertificationType.GENERIC);
    }

    public CertificationOnUserId userIdOnCertificate(@Nonnull String str, @Nonnull PGPPublicKeyRing pGPPublicKeyRing, @Nonnull CertificationType certificationType) {
        return new CertificationOnUserId(str, pGPPublicKeyRing, certificationType);
    }

    public DelegationOnCertificate certificate(@Nonnull PGPPublicKeyRing pGPPublicKeyRing) {
        return certificate(pGPPublicKeyRing, null);
    }

    public DelegationOnCertificate certificate(@Nonnull PGPPublicKeyRing pGPPublicKeyRing, @Nullable Trustworthiness trustworthiness) {
        return new DelegationOnCertificate(pGPPublicKeyRing, trustworthiness);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static PGPSecretKey getCertifyingSecretKey(PGPSecretKeyRing pGPSecretKeyRing) {
        Date now = DateUtil.now();
        KeyRingInfo inspectKeyRing = PGPainless.inspectKeyRing(pGPSecretKeyRing, now);
        OpenPgpFingerprint fingerprint = inspectKeyRing.getFingerprint();
        PGPPublicKey publicKey = inspectKeyRing.getPublicKey(fingerprint);
        if (!inspectKeyRing.isKeyValidlyBound(publicKey.getKeyID())) {
            throw new KeyException.RevokedKeyException(fingerprint);
        }
        Date expirationDateForUse = inspectKeyRing.getExpirationDateForUse(KeyFlag.CERTIFY_OTHER);
        if (expirationDateForUse != null && expirationDateForUse.before(now)) {
            throw new KeyException.ExpiredKeyException(fingerprint, expirationDateForUse);
        }
        PGPSecretKey secretKey = pGPSecretKeyRing.getSecretKey(publicKey.getKeyID());
        if (secretKey == null) {
            throw new KeyException.MissingSecretKeyException(fingerprint, publicKey.getKeyID());
        }
        return secretKey;
    }
}
