package org.pgpainless.key.modification.secretkeyring;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.bouncycastle.bcpg.S2K;
import org.bouncycastle.bcpg.sig.KeyExpirationTime;
import org.bouncycastle.bcpg.sig.PrimaryUserID;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPKeyRing;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.AlgorithmSuite;
import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.Feature;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.algorithm.negotiation.HashAlgorithmNegotiator;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.generation.KeyRingBuilder;
import org.pgpainless.key.generation.KeySpec;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface;
import org.pgpainless.key.protection.CachingSecretKeyRingProtector;
import org.pgpainless.key.protection.KeyRingProtectionSettings;
import org.pgpainless.key.protection.PasswordBasedSecretKeyRingProtector;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.protection.UnprotectedKeysProtector;
import org.pgpainless.key.protection.fixes.S2KUsageFix;
import org.pgpainless.key.protection.passphrase_provider.SolitaryPassphraseProvider;
import org.pgpainless.key.util.KeyRingUtils;
import org.pgpainless.key.util.RevocationAttributes;
import org.pgpainless.signature.builder.DirectKeySelfSignatureBuilder;
import org.pgpainless.signature.builder.PrimaryKeyBindingSignatureBuilder;
import org.pgpainless.signature.builder.RevocationSignatureBuilder;
import org.pgpainless.signature.builder.SelfSignatureBuilder;
import org.pgpainless.signature.builder.SubkeyBindingSignatureBuilder;
import org.pgpainless.signature.subpackets.RevocationSignatureSubpackets;
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
import org.pgpainless.signature.subpackets.SignatureSubpackets;
import org.pgpainless.signature.subpackets.SignatureSubpacketsHelper;
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
import org.pgpainless.util.CollectionUtils;
import org.pgpainless.util.Passphrase;
import org.pgpainless.util.selection.userid.SelectUserId;

/* loaded from: input_file:org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.class */
public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
    private PGPSecretKeyRing secretKeyRing;
    private final Date referenceTime;

    /* loaded from: input_file:org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor$WithKeyRingEncryptionSettingsImpl.class */
    private final class WithKeyRingEncryptionSettingsImpl implements SecretKeyRingEditorInterface.WithKeyRingEncryptionSettings {
        private final Long keyId;
        private final SecretKeyRingProtector oldProtector;

        private WithKeyRingEncryptionSettingsImpl(Long l, SecretKeyRingProtector secretKeyRingProtector) {
            this.keyId = l;
            this.oldProtector = secretKeyRingProtector;
        }

        @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface.WithKeyRingEncryptionSettings
        public SecretKeyRingEditorInterface.WithPassphrase withSecureDefaultSettings() {
            return withCustomSettings(KeyRingProtectionSettings.secureDefaultSettings());
        }

        @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface.WithKeyRingEncryptionSettings
        public SecretKeyRingEditorInterface.WithPassphrase withCustomSettings(KeyRingProtectionSettings keyRingProtectionSettings) {
            return new WithPassphraseImpl(this.keyId, this.oldProtector, keyRingProtectionSettings);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor$WithPassphraseImpl.class */
    public final class WithPassphraseImpl implements SecretKeyRingEditorInterface.WithPassphrase {
        private final SecretKeyRingProtector oldProtector;
        private final KeyRingProtectionSettings newProtectionSettings;
        private final Long keyId;

        private WithPassphraseImpl(Long l, SecretKeyRingProtector secretKeyRingProtector, KeyRingProtectionSettings keyRingProtectionSettings) {
            this.keyId = l;
            this.oldProtector = secretKeyRingProtector;
            this.newProtectionSettings = keyRingProtectionSettings;
        }

        @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface.WithPassphrase
        public SecretKeyRingEditorInterface toNewPassphrase(Passphrase passphrase) throws PGPException {
            SecretKeyRingEditor.this.secretKeyRing = SecretKeyRingEditor.this.changePassphrase(this.keyId, SecretKeyRingEditor.this.secretKeyRing, this.oldProtector, new PasswordBasedSecretKeyRingProtector(this.newProtectionSettings, new SolitaryPassphraseProvider(passphrase)));
            return SecretKeyRingEditor.this;
        }

        @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface.WithPassphrase
        public SecretKeyRingEditorInterface toNoPassphrase() throws PGPException {
            SecretKeyRingEditor.this.secretKeyRing = SecretKeyRingEditor.this.changePassphrase(this.keyId, SecretKeyRingEditor.this.secretKeyRing, this.oldProtector, new UnprotectedKeysProtector());
            return SecretKeyRingEditor.this;
        }
    }

    public SecretKeyRingEditor(PGPSecretKeyRing pGPSecretKeyRing) {
        this(pGPSecretKeyRing, null);
    }

    public SecretKeyRingEditor(PGPSecretKeyRing pGPSecretKeyRing, Date date) {
        if (pGPSecretKeyRing == null) {
            throw new NullPointerException("SecretKeyRing MUST NOT be null.");
        }
        this.secretKeyRing = pGPSecretKeyRing;
        this.referenceTime = date;
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface addUserId(@Nonnull CharSequence charSequence, @Nonnull SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
        return addUserId(charSequence, null, secretKeyRingProtector);
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface addUserId(@Nonnull CharSequence charSequence, @Nullable SelfSignatureSubpackets.Callback callback, @Nonnull SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
        Set<HashAlgorithm> hashAlgorithms;
        Set<SymmetricKeyAlgorithm> symmetricKeyAlgorithms;
        Set<CompressionAlgorithm> compressionAlgorithms;
        String sanitizeUserId = sanitizeUserId(charSequence);
        PGPSecretKey secretKey = this.secretKeyRing.getSecretKey();
        KeyRingInfo inspectKeyRing = PGPainless.inspectKeyRing(this.secretKeyRing, this.referenceTime);
        if (inspectKeyRing.isHardRevoked(charSequence.toString())) {
            throw new IllegalArgumentException("User-ID " + ((Object) charSequence) + " is hard revoked and cannot be re-certified.");
        }
        List<KeyFlag> keyFlagsOf = inspectKeyRing.getKeyFlagsOf(inspectKeyRing.getKeyId());
        try {
            hashAlgorithms = inspectKeyRing.getPreferredHashAlgorithms();
            symmetricKeyAlgorithms = inspectKeyRing.getPreferredSymmetricKeyAlgorithms();
            compressionAlgorithms = inspectKeyRing.getPreferredCompressionAlgorithms();
        } catch (IllegalStateException e) {
            AlgorithmSuite defaultAlgorithmSuite = AlgorithmSuite.getDefaultAlgorithmSuite();
            hashAlgorithms = defaultAlgorithmSuite.getHashAlgorithms();
            symmetricKeyAlgorithms = defaultAlgorithmSuite.getSymmetricKeyAlgorithms();
            compressionAlgorithms = defaultAlgorithmSuite.getCompressionAlgorithms();
        }
        SelfSignatureBuilder selfSignatureBuilder = new SelfSignatureBuilder(secretKey, secretKeyRingProtector);
        if (this.referenceTime != null) {
            selfSignatureBuilder.getHashedSubpackets().setSignatureCreationTime(this.referenceTime);
        }
        selfSignatureBuilder.setSignatureType(SignatureType.POSITIVE_CERTIFICATION);
        selfSignatureBuilder.getHashedSubpackets().setKeyFlags(keyFlagsOf);
        selfSignatureBuilder.getHashedSubpackets().setPreferredHashAlgorithms(hashAlgorithms);
        selfSignatureBuilder.getHashedSubpackets().setPreferredSymmetricKeyAlgorithms(symmetricKeyAlgorithms);
        selfSignatureBuilder.getHashedSubpackets().setPreferredCompressionAlgorithms(compressionAlgorithms);
        selfSignatureBuilder.getHashedSubpackets().setFeatures(Feature.MODIFICATION_DETECTION);
        selfSignatureBuilder.applyCallback(callback);
        this.secretKeyRing = KeyRingUtils.injectCertification(this.secretKeyRing, sanitizeUserId, selfSignatureBuilder.build(secretKey.getPublicKey(), sanitizeUserId));
        return this;
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface addPrimaryUserId(@Nonnull CharSequence charSequence, @Nonnull SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
        final PGPPublicKey publicKey = this.secretKeyRing.getSecretKey().getPublicKey();
        KeyRingInfo inspectKeyRing = PGPainless.inspectKeyRing(this.secretKeyRing, this.referenceTime);
        String primaryUserId = inspectKeyRing.getPrimaryUserId();
        PGPSignature latestDirectKeySelfSignature = primaryUserId == null ? inspectKeyRing.getLatestDirectKeySelfSignature() : inspectKeyRing.getLatestUserIdCertification(primaryUserId);
        final Date keyExpirationTimeAsDate = latestDirectKeySelfSignature == null ? null : SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(latestDirectKeySelfSignature, publicKey);
        addUserId(charSequence, new SelfSignatureSubpackets.Callback() { // from class: org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor.1
            @Override // org.pgpainless.signature.subpackets.SignatureSubpacketCallback
            public void modifyHashedSubpackets(SelfSignatureSubpackets selfSignatureSubpackets) {
                selfSignatureSubpackets.setPrimaryUserId();
                if (keyExpirationTimeAsDate != null) {
                    selfSignatureSubpackets.setKeyExpirationTime(publicKey, keyExpirationTimeAsDate);
                } else {
                    selfSignatureSubpackets.setKeyExpirationTime(null);
                }
            }
        }, secretKeyRingProtector);
        KeyRingInfo inspectKeyRing2 = PGPainless.inspectKeyRing(this.secretKeyRing, this.referenceTime);
        for (String str : inspectKeyRing2.getValidAndExpiredUserIds()) {
            if (!charSequence.toString().equals(str) && inspectKeyRing2.getLatestUserIdCertification(str).getHashedSubPackets().isPrimaryUserID()) {
                addUserId(str, new SelfSignatureSubpackets.Callback() { // from class: org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor.2
                    @Override // org.pgpainless.signature.subpackets.SignatureSubpacketCallback
                    public void modifyHashedSubpackets(SelfSignatureSubpackets selfSignatureSubpackets) {
                        selfSignatureSubpackets.setPrimaryUserId((PrimaryUserID) null);
                        selfSignatureSubpackets.setKeyExpirationTime(null);
                    }
                }, secretKeyRingProtector);
            }
        }
        return this;
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface removeUserId(SelectUserId selectUserId, SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
        return revokeUserIds(selectUserId, secretKeyRingProtector, RevocationAttributes.createCertificateRevocation().withReason(RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID).withoutDescription());
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface removeUserId(CharSequence charSequence, SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
        return removeUserId(SelectUserId.exactMatch(charSequence.toString()), secretKeyRingProtector);
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface replaceUserId(@Nonnull CharSequence charSequence, @Nonnull CharSequence charSequence2, @Nonnull SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
        final String trim = charSequence.toString().trim();
        String trim2 = charSequence2.toString().trim();
        if (trim.isEmpty()) {
            throw new IllegalArgumentException("Old user-id cannot be empty.");
        }
        if (trim2.isEmpty()) {
            throw new IllegalArgumentException("New user-id cannot be empty.");
        }
        final KeyRingInfo inspectKeyRing = PGPainless.inspectKeyRing(this.secretKeyRing, this.referenceTime);
        if (!inspectKeyRing.isUserIdValid(trim)) {
            throw new NoSuchElementException("Key does not carry user-id '" + trim + "', or it is not valid.");
        }
        final PGPSignature latestUserIdCertification = inspectKeyRing.getLatestUserIdCertification(trim);
        if (latestUserIdCertification == null) {
            throw new AssertionError("Certification for old user-id MUST NOT be null.");
        }
        addUserId(charSequence2, new SelfSignatureSubpackets.Callback() { // from class: org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor.3
            @Override // org.pgpainless.signature.subpackets.SignatureSubpacketCallback
            public void modifyHashedSubpackets(SelfSignatureSubpackets selfSignatureSubpackets) {
                SignatureSubpacketsHelper.applyFrom(latestUserIdCertification.getHashedSubPackets(), (SignatureSubpackets) selfSignatureSubpackets);
                if (!trim.equals(inspectKeyRing.getPrimaryUserId()) || latestUserIdCertification.getHashedSubPackets().isPrimaryUserID()) {
                    return;
                }
                selfSignatureSubpackets.setPrimaryUserId();
            }

            @Override // org.pgpainless.signature.subpackets.SignatureSubpacketCallback
            public void modifyUnhashedSubpackets(SelfSignatureSubpackets selfSignatureSubpackets) {
                SignatureSubpacketsHelper.applyFrom(latestUserIdCertification.getUnhashedSubPackets(), (SignatureSubpackets) selfSignatureSubpackets);
            }
        }, secretKeyRingProtector);
        return revokeUserId(trim, secretKeyRingProtector);
    }

    private String sanitizeUserId(@Nonnull CharSequence charSequence) {
        return charSequence.toString().trim();
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface addSubKey(@Nonnull final KeySpec keySpec, @Nonnull Passphrase passphrase, @Nonnull SecretKeyRingProtector secretKeyRingProtector) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
        PGPKeyPair generateKeyPair = KeyRingBuilder.generateKeyPair(keySpec);
        PasswordBasedSecretKeyRingProtector forKeyId = PasswordBasedSecretKeyRingProtector.forKeyId(generateKeyPair.getKeyID(), passphrase);
        SelfSignatureSubpackets.Callback callback = new SelfSignatureSubpackets.Callback() { // from class: org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor.4
            @Override // org.pgpainless.signature.subpackets.SignatureSubpacketCallback
            public void modifyHashedSubpackets(SelfSignatureSubpackets selfSignatureSubpackets) {
                SignatureSubpacketsHelper.applyFrom(keySpec.getSubpackets(), (SignatureSubpackets) selfSignatureSubpackets);
            }
        };
        List<KeyFlag> fromBitmask = KeyFlag.fromBitmask(keySpec.getSubpackets().getKeyFlags());
        return addSubKey(generateKeyPair, callback, forKeyId, secretKeyRingProtector, fromBitmask.remove(0), (KeyFlag[]) fromBitmask.toArray(new KeyFlag[0]));
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface addSubKey(@Nonnull KeySpec keySpec, @Nullable Passphrase passphrase, @Nullable SelfSignatureSubpackets.Callback callback, @Nonnull SecretKeyRingProtector secretKeyRingProtector) throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
        PGPKeyPair generateKeyPair = KeyRingBuilder.generateKeyPair(keySpec);
        PasswordBasedSecretKeyRingProtector forKeyId = PasswordBasedSecretKeyRingProtector.forKeyId(generateKeyPair.getKeyID(), passphrase);
        List<KeyFlag> fromBitmask = KeyFlag.fromBitmask(keySpec.getSubpackets().getKeyFlags());
        return addSubKey(generateKeyPair, callback, forKeyId, secretKeyRingProtector, fromBitmask.remove(0), (KeyFlag[]) fromBitmask.toArray(new KeyFlag[0]));
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface addSubKey(@Nonnull PGPKeyPair pGPKeyPair, @Nullable SelfSignatureSubpackets.Callback callback, @Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull SecretKeyRingProtector secretKeyRingProtector2, @Nonnull KeyFlag keyFlag, KeyFlag... keyFlagArr) throws PGPException, IOException, NoSuchAlgorithmException {
        KeyFlag[] keyFlagArr2 = (KeyFlag[]) CollectionUtils.concat(keyFlag, keyFlagArr);
        PublicKeyAlgorithm requireFromId = PublicKeyAlgorithm.requireFromId(pGPKeyPair.getPublicKey().getAlgorithm());
        SignatureSubpacketsUtil.assureKeyCanCarryFlags(requireFromId, new KeyFlag[0]);
        PublicKeyAlgorithm requireFromId2 = PublicKeyAlgorithm.requireFromId(pGPKeyPair.getPublicKey().getAlgorithm());
        int bitStrength = pGPKeyPair.getPublicKey().getBitStrength();
        if (!PGPainless.getPolicy().getPublicKeyAlgorithmPolicy().isAcceptable(requireFromId2, bitStrength)) {
            throw new IllegalArgumentException("Public key algorithm policy violation: " + requireFromId2 + " with bit strength " + bitStrength + " is not acceptable.");
        }
        PGPSecretKey secretKey = this.secretKeyRing.getSecretKey();
        HashAlgorithm negotiateHashAlgorithm = HashAlgorithmNegotiator.negotiateSignatureHashAlgorithm(PGPainless.getPolicy()).negotiateHashAlgorithm(PGPainless.inspectKeyRing(this.secretKeyRing, this.referenceTime).getPreferredHashAlgorithms());
        PGPSecretKey pGPSecretKey = new PGPSecretKey(pGPKeyPair.getPrivateKey(), pGPKeyPair.getPublicKey(), ImplementationFactory.getInstance().getV4FingerprintCalculator(), false, secretKeyRingProtector.getEncryptor(Long.valueOf(pGPKeyPair.getKeyID())));
        SubkeyBindingSignatureBuilder subkeyBindingSignatureBuilder = new SubkeyBindingSignatureBuilder(secretKey, secretKeyRingProtector2, negotiateHashAlgorithm);
        if (this.referenceTime != null) {
            subkeyBindingSignatureBuilder.getHashedSubpackets().setSignatureCreationTime(this.referenceTime);
        }
        subkeyBindingSignatureBuilder.getHashedSubpackets().setKeyFlags(keyFlagArr2);
        if (requireFromId.isSigningCapable()) {
            PrimaryKeyBindingSignatureBuilder primaryKeyBindingSignatureBuilder = new PrimaryKeyBindingSignatureBuilder(pGPSecretKey, secretKeyRingProtector, negotiateHashAlgorithm);
            if (this.referenceTime != null) {
                primaryKeyBindingSignatureBuilder.getHashedSubpackets().setSignatureCreationTime(this.referenceTime);
            }
            subkeyBindingSignatureBuilder.getHashedSubpackets().addEmbeddedSignature(primaryKeyBindingSignatureBuilder.build(secretKey.getPublicKey()));
        }
        subkeyBindingSignatureBuilder.applyCallback(callback);
        this.secretKeyRing = KeyRingUtils.keysPlusSecretKey(this.secretKeyRing, KeyRingUtils.secretKeyPlusSignature(pGPSecretKey, subkeyBindingSignatureBuilder.build(pGPSecretKey.getPublicKey())));
        return this;
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface revoke(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nullable RevocationAttributes revocationAttributes) throws PGPException {
        return revoke(secretKeyRingProtector, callbackFromRevocationAttributes(revocationAttributes));
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface revoke(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nullable RevocationSignatureSubpackets.Callback callback) throws PGPException {
        return revokeSubKey(this.secretKeyRing.getSecretKey().getKeyID(), secretKeyRingProtector, callback);
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface revokeSubKey(long j, SecretKeyRingProtector secretKeyRingProtector, RevocationAttributes revocationAttributes) throws PGPException {
        return revokeSubKey(j, secretKeyRingProtector, callbackFromRevocationAttributes(revocationAttributes));
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface revokeSubKey(long j, @Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nullable RevocationSignatureSubpackets.Callback callback) throws PGPException {
        PGPPublicKey requirePublicKeyFrom = KeyRingUtils.requirePublicKeyFrom(this.secretKeyRing, j);
        this.secretKeyRing = KeyRingUtils.injectCertification(this.secretKeyRing, requirePublicKeyFrom, generateRevocation(secretKeyRingProtector, requirePublicKeyFrom, callback));
        return this;
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public PGPSignature createRevocationCertificate(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nullable RevocationAttributes revocationAttributes) throws PGPException {
        return generateRevocation(secretKeyRingProtector, this.secretKeyRing.getPublicKey(), callbackFromRevocationAttributes(revocationAttributes));
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public PGPSignature createRevocationCertificate(long j, @Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nullable RevocationAttributes revocationAttributes) throws PGPException {
        return generateRevocation(secretKeyRingProtector, KeyRingUtils.requirePublicKeyFrom(this.secretKeyRing, j), callbackFromRevocationAttributes(revocationAttributes));
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public PGPSignature createRevocationCertificate(long j, @Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nullable RevocationSignatureSubpackets.Callback callback) throws PGPException {
        return generateRevocation(secretKeyRingProtector, KeyRingUtils.requirePublicKeyFrom(this.secretKeyRing, j), callback);
    }

    private PGPSignature generateRevocation(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPPublicKey pGPPublicKey, @Nullable RevocationSignatureSubpackets.Callback callback) throws PGPException {
        RevocationSignatureBuilder revocationSignatureBuilder = new RevocationSignatureBuilder(pGPPublicKey.isMasterKey() ? SignatureType.KEY_REVOCATION : SignatureType.SUBKEY_REVOCATION, this.secretKeyRing.getSecretKey(), secretKeyRingProtector);
        revocationSignatureBuilder.applyCallback(callback);
        return revocationSignatureBuilder.build(pGPPublicKey);
    }

    private static RevocationSignatureSubpackets.Callback callbackFromRevocationAttributes(@Nullable final RevocationAttributes revocationAttributes) {
        return new RevocationSignatureSubpackets.Callback() { // from class: org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor.5
            @Override // org.pgpainless.signature.subpackets.SignatureSubpacketCallback
            public void modifyHashedSubpackets(RevocationSignatureSubpackets revocationSignatureSubpackets) {
                if (RevocationAttributes.this != null) {
                    revocationSignatureSubpackets.setRevocationReason(RevocationAttributes.this);
                }
            }
        };
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface revokeUserId(@Nonnull CharSequence charSequence, @Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nullable final RevocationAttributes revocationAttributes) throws PGPException {
        RevocationAttributes.Reason reason;
        if (revocationAttributes == null || (reason = revocationAttributes.getReason()) == RevocationAttributes.Reason.NO_REASON || reason == RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID) {
            return revokeUserId(charSequence, secretKeyRingProtector, new RevocationSignatureSubpackets.Callback() { // from class: org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor.6
                @Override // org.pgpainless.signature.subpackets.SignatureSubpacketCallback
                public void modifyHashedSubpackets(RevocationSignatureSubpackets revocationSignatureSubpackets) {
                    if (revocationAttributes != null) {
                        revocationSignatureSubpackets.setRevocationReason(false, revocationAttributes);
                    }
                }
            });
        }
        throw new IllegalArgumentException("Revocation reason must either be NO_REASON or USER_ID_NO_LONGER_VALID");
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface revokeUserId(@Nonnull CharSequence charSequence, @Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nullable RevocationSignatureSubpackets.Callback callback) throws PGPException {
        return revokeUserIds(SelectUserId.exactMatch(sanitizeUserId(charSequence)), secretKeyRingProtector, callback);
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface revokeUserIds(@Nonnull SelectUserId selectUserId, @Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nullable final RevocationAttributes revocationAttributes) throws PGPException {
        return revokeUserIds(selectUserId, secretKeyRingProtector, new RevocationSignatureSubpackets.Callback() { // from class: org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor.7
            @Override // org.pgpainless.signature.subpackets.SignatureSubpacketCallback
            public void modifyHashedSubpackets(RevocationSignatureSubpackets revocationSignatureSubpackets) {
                revocationSignatureSubpackets.setRevocationReason(revocationAttributes);
            }
        });
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface revokeUserIds(@Nonnull SelectUserId selectUserId, @Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nullable RevocationSignatureSubpackets.Callback callback) throws PGPException {
        List<String> selectUserIds = selectUserId.selectUserIds((PGPKeyRing) this.secretKeyRing);
        if (selectUserIds.isEmpty()) {
            throw new NoSuchElementException("No matching user-ids found on the key.");
        }
        Iterator<String> it = selectUserIds.iterator();
        while (it.hasNext()) {
            doRevokeUserId(it.next(), secretKeyRingProtector, callback);
        }
        return this;
    }

    private SecretKeyRingEditorInterface doRevokeUserId(@Nonnull String str, @Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nullable RevocationSignatureSubpackets.Callback callback) throws PGPException {
        RevocationSignatureBuilder revocationSignatureBuilder = new RevocationSignatureBuilder(SignatureType.CERTIFICATION_REVOCATION, this.secretKeyRing.getSecretKey(), secretKeyRingProtector);
        if (this.referenceTime != null) {
            revocationSignatureBuilder.getHashedSubpackets().setSignatureCreationTime(this.referenceTime);
        }
        revocationSignatureBuilder.applyCallback(callback);
        this.secretKeyRing = KeyRingUtils.injectCertification(this.secretKeyRing, str, revocationSignatureBuilder.build(str));
        return this;
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface setExpirationDate(@Nullable Date date, @Nonnull SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
        PGPSecretKey secretKey = this.secretKeyRing.getSecretKey();
        if (!secretKey.isMasterKey()) {
            throw new IllegalArgumentException("Key Ring does not appear to contain a primary secret key.");
        }
        PGPSignature previousDirectKeySignature = getPreviousDirectKeySignature();
        if (previousDirectKeySignature != null) {
            this.secretKeyRing = KeyRingUtils.injectCertification(this.secretKeyRing, secretKey.getPublicKey(), reissueDirectKeySignature(date, secretKeyRingProtector, previousDirectKeySignature));
        }
        String possiblyExpiredPrimaryUserId = PGPainless.inspectKeyRing(this.secretKeyRing, this.referenceTime).getPossiblyExpiredPrimaryUserId();
        if (possiblyExpiredPrimaryUserId != null) {
            this.secretKeyRing = KeyRingUtils.injectCertification(this.secretKeyRing, possiblyExpiredPrimaryUserId, reissuePrimaryUserIdSig(date, secretKeyRingProtector, possiblyExpiredPrimaryUserId, getPreviousUserIdSignatures(possiblyExpiredPrimaryUserId)));
        }
        KeyRingInfo inspectKeyRing = PGPainless.inspectKeyRing(this.secretKeyRing, this.referenceTime);
        for (String str : inspectKeyRing.getValidUserIds()) {
            if (!str.equals(possiblyExpiredPrimaryUserId)) {
                PGPSignature latestUserIdCertification = inspectKeyRing.getLatestUserIdCertification(str);
                if (latestUserIdCertification == null) {
                    throw new AssertionError("A valid user-id shall never have no user-id signature.");
                }
                if (latestUserIdCertification.getHashedSubPackets().isPrimaryUserID()) {
                    this.secretKeyRing = KeyRingUtils.injectCertification(this.secretKeyRing, possiblyExpiredPrimaryUserId, reissueNonPrimaryUserId(secretKeyRingProtector, str, latestUserIdCertification));
                }
            }
        }
        return this;
    }

    private PGPSignature reissueNonPrimaryUserId(SecretKeyRingProtector secretKeyRingProtector, String str, PGPSignature pGPSignature) throws PGPException {
        SelfSignatureBuilder selfSignatureBuilder = new SelfSignatureBuilder(this.secretKeyRing.getSecretKey(), secretKeyRingProtector, pGPSignature);
        if (this.referenceTime != null) {
            selfSignatureBuilder.getHashedSubpackets().setSignatureCreationTime(this.referenceTime);
        }
        selfSignatureBuilder.applyCallback(new SelfSignatureSubpackets.Callback() { // from class: org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor.8
            @Override // org.pgpainless.signature.subpackets.SignatureSubpacketCallback
            public void modifyHashedSubpackets(SelfSignatureSubpackets selfSignatureSubpackets) {
                selfSignatureSubpackets.setPrimaryUserId((PrimaryUserID) null);
            }
        });
        return selfSignatureBuilder.build(this.secretKeyRing.getPublicKey(), str);
    }

    private PGPSignature reissuePrimaryUserIdSig(@Nullable final Date date, @Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull String str, @Nonnull PGPSignature pGPSignature) throws PGPException {
        PGPSecretKey secretKey = this.secretKeyRing.getSecretKey();
        final PGPPublicKey publicKey = secretKey.getPublicKey();
        SelfSignatureBuilder selfSignatureBuilder = new SelfSignatureBuilder(secretKey, secretKeyRingProtector, pGPSignature);
        if (this.referenceTime != null) {
            selfSignatureBuilder.getHashedSubpackets().setSignatureCreationTime(this.referenceTime);
        }
        selfSignatureBuilder.applyCallback(new SelfSignatureSubpackets.Callback() { // from class: org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor.9
            @Override // org.pgpainless.signature.subpackets.SignatureSubpacketCallback
            public void modifyHashedSubpackets(SelfSignatureSubpackets selfSignatureSubpackets) {
                if (date != null) {
                    selfSignatureSubpackets.setKeyExpirationTime(true, publicKey.getCreationTime(), date);
                } else {
                    selfSignatureSubpackets.setKeyExpirationTime(new KeyExpirationTime(true, 0L));
                }
                selfSignatureSubpackets.setPrimaryUserId();
            }
        });
        return selfSignatureBuilder.build(publicKey, str);
    }

    private PGPSignature reissueDirectKeySignature(final Date date, SecretKeyRingProtector secretKeyRingProtector, PGPSignature pGPSignature) throws PGPException {
        PGPSecretKey secretKey = this.secretKeyRing.getSecretKey();
        PGPPublicKey publicKey = secretKey.getPublicKey();
        final Date creationTime = publicKey.getCreationTime();
        DirectKeySelfSignatureBuilder directKeySelfSignatureBuilder = new DirectKeySelfSignatureBuilder(secretKey, secretKeyRingProtector, pGPSignature);
        if (this.referenceTime != null) {
            directKeySelfSignatureBuilder.getHashedSubpackets().setSignatureCreationTime(this.referenceTime);
        }
        directKeySelfSignatureBuilder.applyCallback(new SelfSignatureSubpackets.Callback() { // from class: org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor.10
            @Override // org.pgpainless.signature.subpackets.SignatureSubpacketCallback
            public void modifyHashedSubpackets(SelfSignatureSubpackets selfSignatureSubpackets) {
                if (date != null) {
                    selfSignatureSubpackets.setKeyExpirationTime(creationTime, date);
                } else {
                    selfSignatureSubpackets.setKeyExpirationTime(null);
                }
            }
        });
        return directKeySelfSignatureBuilder.build(publicKey);
    }

    private PGPSignature getPreviousDirectKeySignature() {
        return PGPainless.inspectKeyRing(this.secretKeyRing, this.referenceTime).getLatestDirectKeySelfSignature();
    }

    private PGPSignature getPreviousUserIdSignatures(String str) {
        return PGPainless.inspectKeyRing(this.secretKeyRing, this.referenceTime).getLatestUserIdCertification(str);
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface.WithKeyRingEncryptionSettings changePassphraseFromOldPassphrase(@Nullable Passphrase passphrase, @Nonnull KeyRingProtectionSettings keyRingProtectionSettings) {
        return new WithKeyRingEncryptionSettingsImpl(null, new PasswordBasedSecretKeyRingProtector(keyRingProtectionSettings, new SolitaryPassphraseProvider(passphrase)));
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public SecretKeyRingEditorInterface.WithKeyRingEncryptionSettings changeSubKeyPassphraseFromOldPassphrase(@Nonnull Long l, @Nullable Passphrase passphrase, @Nonnull KeyRingProtectionSettings keyRingProtectionSettings) {
        return new WithKeyRingEncryptionSettingsImpl(l, new CachingSecretKeyRingProtector(Collections.singletonMap(l, passphrase), keyRingProtectionSettings, null));
    }

    @Override // org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface
    public PGPSecretKeyRing done() {
        return this.secretKeyRing;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PGPSecretKeyRing changePassphrase(Long l, PGPSecretKeyRing pGPSecretKeyRing, SecretKeyRingProtector secretKeyRingProtector, SecretKeyRingProtector secretKeyRingProtector2) throws PGPException {
        ArrayList arrayList = new ArrayList();
        if (l == null) {
            Iterator secretKeys = pGPSecretKeyRing.getSecretKeys();
            while (secretKeys.hasNext()) {
                arrayList.add(reencryptPrivateKey((PGPSecretKey) secretKeys.next(), secretKeyRingProtector, secretKeyRingProtector2));
            }
        } else {
            Iterator secretKeys2 = pGPSecretKeyRing.getSecretKeys();
            while (secretKeys2.hasNext()) {
                PGPSecretKey pGPSecretKey = (PGPSecretKey) secretKeys2.next();
                if (pGPSecretKey.getPublicKey().getKeyID() == l.longValue()) {
                    pGPSecretKey = reencryptPrivateKey(pGPSecretKey, secretKeyRingProtector, secretKeyRingProtector2);
                }
                arrayList.add(pGPSecretKey);
            }
        }
        return s2kUsageFixIfNecessary(new PGPSecretKeyRing(arrayList), secretKeyRingProtector2);
    }

    private PGPSecretKeyRing s2kUsageFixIfNecessary(PGPSecretKeyRing pGPSecretKeyRing, SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
        boolean z = false;
        Iterator it = pGPSecretKeyRing.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((PGPSecretKey) it.next()).getS2KUsage() == 255) {
                z = true;
                break;
            }
        }
        if (z) {
            pGPSecretKeyRing = S2KUsageFix.replaceUsageChecksumWithUsageSha1(pGPSecretKeyRing, secretKeyRingProtector, true);
        }
        return pGPSecretKeyRing;
    }

    private static PGPSecretKey reencryptPrivateKey(PGPSecretKey pGPSecretKey, SecretKeyRingProtector secretKeyRingProtector, SecretKeyRingProtector secretKeyRingProtector2) throws PGPException {
        S2K s2k = pGPSecretKey.getS2K();
        if (s2k == null || s2k.getType() != 101) {
            long keyID = pGPSecretKey.getKeyID();
            pGPSecretKey = PGPSecretKey.copyWithNewPassword(pGPSecretKey, secretKeyRingProtector.getDecryptor(Long.valueOf(keyID)), secretKeyRingProtector2.getEncryptor(Long.valueOf(keyID)));
        }
        return pGPSecretKey;
    }
}
