package org.pgpainless.sop.commands;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Iterator;
import org.bouncycastle.bcpg.SignatureSubpacketTags;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.util.io.Streams;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.DocumentSignatureType;
import org.pgpainless.encryption_signing.EncryptionOptions;
import org.pgpainless.encryption_signing.EncryptionStream;
import org.pgpainless.encryption_signing.ProducerOptions;
import org.pgpainless.encryption_signing.SigningOptions;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.sop.Print;
import org.pgpainless.sop.SopKeyUtil;
import org.pgpainless.util.Passphrase;
import picocli.CommandLine;

@CommandLine.Command(name = "encrypt", description = {"Encrypt a message from standard input"}, exitCodeOnInvalidInput = SignatureSubpacketTags.ATTESTED_CERTIFICATIONS)
/* loaded from: input_file:org/pgpainless/sop/commands/Encrypt.class */
public class Encrypt implements Runnable {

    @CommandLine.Option(names = {"--as"}, description = {"Type of the input data. Defaults to 'binary'"}, paramLabel = "{binary|text|mime}")
    Type type;

    @CommandLine.Option(names = {"--no-armor"}, description = {"ASCII armor the output"}, negatable = true)
    boolean armor = true;

    @CommandLine.Option(names = {"--with-password"}, description = {"Encrypt the message with a password"}, paramLabel = "PASSWORD")
    String[] withPassword = new String[0];

    @CommandLine.Option(names = {"--sign-with"}, description = {"Sign the output with a private key"}, paramLabel = "KEY")
    File[] signWith = new File[0];

    @CommandLine.Parameters(description = {"Certificates the message gets encrypted to"}, index = "0..*", paramLabel = "CERTS")
    File[] certs = new File[0];

    /* loaded from: input_file:org/pgpainless/sop/commands/Encrypt$Type.class */
    public enum Type {
        binary,
        text,
        mime
    }

    @Override // java.lang.Runnable
    public void run() {
        FileInputStream fileInputStream;
        if (this.certs.length == 0 && this.withPassword.length == 0) {
            Print.err_ln("Please either provide --with-password or at least one CERT");
            System.exit(19);
        }
        EncryptionOptions encryptionOptions = new EncryptionOptions();
        SigningOptions signingOptions = new SigningOptions();
        try {
            Iterator<PGPPublicKeyRing> it = SopKeyUtil.loadCertificatesFromFile(this.certs).iterator();
            while (it.hasNext()) {
                encryptionOptions.addRecipient(it.next());
            }
            for (String str : this.withPassword) {
                encryptionOptions.addPassphrase(Passphrase.fromPassword(str));
            }
            SecretKeyRingProtector unprotectedKeys = SecretKeyRingProtector.unprotectedKeys();
            for (int i = 0; i < this.signWith.length; i++) {
                try {
                    fileInputStream = new FileInputStream(this.signWith[i]);
                } catch (IOException | PGPException e) {
                    Print.err_ln("Cannot read secret key from file " + this.signWith[i].getName());
                    Print.err_ln(e.getMessage());
                    System.exit(1);
                }
                try {
                    signingOptions.addInlineSignature(unprotectedKeys, PGPainless.readKeyRing().secretKeyRing(fileInputStream), parseType(this.type));
                    fileInputStream.close();
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                    break;
                }
            }
            try {
                EncryptionStream withOptions = PGPainless.encryptAndOrSign().onOutputStream(System.out).withOptions(ProducerOptions.signAndEncrypt(encryptionOptions, signingOptions).setAsciiArmor(this.armor));
                Streams.pipeAll(System.in, withOptions);
                withOptions.close();
            } catch (IOException | PGPException e2) {
                Print.err_ln("An error happened.");
                Print.err_ln(e2.getMessage());
                System.exit(1);
            }
        } catch (IOException e3) {
            Print.err_ln(e3.getMessage());
            System.exit(1);
        }
    }

    private static DocumentSignatureType parseType(Type type) {
        return type == Type.binary ? DocumentSignatureType.BINARY_DOCUMENT : DocumentSignatureType.CANONICAL_TEXT_DOCUMENT;
    }
}
