package org.pgpainless.encryption_signing;

import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.DocumentSignatureType;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.exception.KeyValidationException;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.policy.Policy;

/* loaded from: input_file:org/pgpainless/encryption_signing/SigningOptions.class */
public final class SigningOptions {
    private final Map<SubkeyIdentifier, SigningMethod> signingMethods = new HashMap();
    private HashAlgorithm hashAlgorithmOverride;

    /* loaded from: input_file:org/pgpainless/encryption_signing/SigningOptions$SigningMethod.class */
    public static final class SigningMethod {
        private final PGPSignatureGenerator signatureGenerator;
        private final boolean detached;

        private SigningMethod(PGPSignatureGenerator pGPSignatureGenerator, boolean z) {
            this.signatureGenerator = pGPSignatureGenerator;
            this.detached = z;
        }

        public static SigningMethod inlineSignature(PGPSignatureGenerator pGPSignatureGenerator) {
            return new SigningMethod(pGPSignatureGenerator, false);
        }

        public static SigningMethod detachedSignature(PGPSignatureGenerator pGPSignatureGenerator) {
            return new SigningMethod(pGPSignatureGenerator, true);
        }

        public boolean isDetached() {
            return this.detached;
        }

        public PGPSignatureGenerator getSignatureGenerator() {
            return this.signatureGenerator;
        }
    }

    public SigningOptions addInlineSignatures(SecretKeyRingProtector secretKeyRingProtector, PGPSecretKeyRingCollection pGPSecretKeyRingCollection, DocumentSignatureType documentSignatureType) throws KeyValidationException, PGPException {
        Iterator<PGPSecretKeyRing> it = pGPSecretKeyRingCollection.iterator();
        while (it.hasNext()) {
            addInlineSignature(secretKeyRingProtector, it.next(), documentSignatureType);
        }
        return this;
    }

    public SigningOptions addInlineSignature(SecretKeyRingProtector secretKeyRingProtector, PGPSecretKeyRing pGPSecretKeyRing, DocumentSignatureType documentSignatureType) throws KeyValidationException, PGPException {
        return addInlineSignature(secretKeyRingProtector, pGPSecretKeyRing, null, documentSignatureType);
    }

    public SigningOptions addInlineSignature(SecretKeyRingProtector secretKeyRingProtector, PGPSecretKeyRing pGPSecretKeyRing, String str, DocumentSignatureType documentSignatureType) throws KeyValidationException, PGPException {
        KeyRingInfo keyRingInfo = new KeyRingInfo(pGPSecretKeyRing, new Date());
        if (str != null && !keyRingInfo.isUserIdValid(str)) {
            throw new KeyValidationException(str, keyRingInfo.getLatestUserIdCertification(str), keyRingInfo.getUserIdRevocation(str));
        }
        List<PGPPublicKey> signingSubkeys = keyRingInfo.getSigningSubkeys();
        if (signingSubkeys.isEmpty()) {
            throw new AssertionError("Key has no valid signing key.");
        }
        for (PGPPublicKey pGPPublicKey : signingSubkeys) {
            addSigningMethod(pGPSecretKeyRing, pGPSecretKeyRing.getSecretKey(pGPPublicKey.getKeyID()).extractPrivateKey(secretKeyRingProtector.getDecryptor(Long.valueOf(pGPPublicKey.getKeyID()))), negotiateHashAlgorithm(keyRingInfo.getPreferredHashAlgorithms(str, pGPPublicKey.getKeyID()), PGPainless.getPolicy()), documentSignatureType, false);
        }
        return this;
    }

    public SigningOptions addDetachedSignatures(SecretKeyRingProtector secretKeyRingProtector, PGPSecretKeyRingCollection pGPSecretKeyRingCollection, DocumentSignatureType documentSignatureType) throws PGPException {
        Iterator<PGPSecretKeyRing> it = pGPSecretKeyRingCollection.iterator();
        while (it.hasNext()) {
            addDetachedSignature(secretKeyRingProtector, it.next(), documentSignatureType);
        }
        return this;
    }

    public SigningOptions addDetachedSignature(SecretKeyRingProtector secretKeyRingProtector, PGPSecretKeyRing pGPSecretKeyRing, DocumentSignatureType documentSignatureType) throws PGPException {
        return addDetachedSignature(secretKeyRingProtector, pGPSecretKeyRing, null, documentSignatureType);
    }

    public SigningOptions addDetachedSignature(SecretKeyRingProtector secretKeyRingProtector, PGPSecretKeyRing pGPSecretKeyRing, String str, DocumentSignatureType documentSignatureType) throws PGPException {
        KeyRingInfo keyRingInfo = new KeyRingInfo(pGPSecretKeyRing, new Date());
        if (str != null && !keyRingInfo.isUserIdValid(str)) {
            throw new KeyValidationException(str, keyRingInfo.getLatestUserIdCertification(str), keyRingInfo.getUserIdRevocation(str));
        }
        List<PGPPublicKey> signingSubkeys = keyRingInfo.getSigningSubkeys();
        if (signingSubkeys.isEmpty()) {
            throw new AssertionError("Key has no valid signing key.");
        }
        for (PGPPublicKey pGPPublicKey : signingSubkeys) {
            addSigningMethod(pGPSecretKeyRing, pGPSecretKeyRing.getSecretKey(pGPPublicKey.getKeyID()).extractPrivateKey(secretKeyRingProtector.getDecryptor(Long.valueOf(pGPPublicKey.getKeyID()))), negotiateHashAlgorithm(keyRingInfo.getPreferredHashAlgorithms(str, pGPPublicKey.getKeyID()), PGPainless.getPolicy()), documentSignatureType, true);
        }
        return this;
    }

    private void addSigningMethod(PGPSecretKeyRing pGPSecretKeyRing, PGPPrivateKey pGPPrivateKey, HashAlgorithm hashAlgorithm, DocumentSignatureType documentSignatureType, boolean z) throws PGPException {
        SubkeyIdentifier subkeyIdentifier = new SubkeyIdentifier(pGPSecretKeyRing, pGPPrivateKey.getKeyID());
        PGPSignatureGenerator createSignatureGenerator = createSignatureGenerator(pGPPrivateKey, hashAlgorithm, documentSignatureType);
        this.signingMethods.put(subkeyIdentifier, z ? SigningMethod.detachedSignature(createSignatureGenerator) : SigningMethod.inlineSignature(createSignatureGenerator));
    }

    private HashAlgorithm negotiateHashAlgorithm(Set<HashAlgorithm> set, Policy policy) {
        if (this.hashAlgorithmOverride != null) {
            return this.hashAlgorithmOverride;
        }
        HashAlgorithm defaultHashAlgorithm = policy.getSignatureHashAlgorithmPolicy().defaultHashAlgorithm();
        if (set.isEmpty()) {
            return defaultHashAlgorithm;
        }
        for (HashAlgorithm hashAlgorithm : set) {
            if (policy.getSignatureHashAlgorithmPolicy().isAcceptable(hashAlgorithm)) {
                return hashAlgorithm;
            }
        }
        return defaultHashAlgorithm;
    }

    private PGPSignatureGenerator createSignatureGenerator(PGPPrivateKey pGPPrivateKey, HashAlgorithm hashAlgorithm, DocumentSignatureType documentSignatureType) throws PGPException {
        PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(ImplementationFactory.getInstance().getPGPContentSignerBuilder(pGPPrivateKey.getPublicKeyPacket().getAlgorithm(), hashAlgorithm.getAlgorithmId()));
        pGPSignatureGenerator.init(documentSignatureType.getSignatureType().getCode(), pGPPrivateKey);
        return pGPSignatureGenerator;
    }

    public Map<SubkeyIdentifier, SigningMethod> getSigningMethods() {
        return Collections.unmodifiableMap(this.signingMethods);
    }

    public SigningOptions overrideHashAlgorithm(HashAlgorithm hashAlgorithm) {
        this.hashAlgorithmOverride = hashAlgorithm;
        return this;
    }

    public HashAlgorithm getHashAlgorithmOverride() {
        return this.hashAlgorithmOverride;
    }
}
