package org.pgpainless.sop.commands;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.bcpg.SignatureSubpacketTags;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.util.io.Streams;
import org.pgpainless.PGPainless;
import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.sop.Print;
import org.pgpainless.sop.SopKeyUtil;
import picocli.CommandLine;

@CommandLine.Command(name = "decrypt", description = {"Decrypt a message from standard input"}, exitCodeOnInvalidInput = SignatureSubpacketTags.ATTESTED_CERTIFICATIONS)
/* loaded from: input_file:org/pgpainless/sop/commands/Decrypt.class */
public class Decrypt implements Runnable {
    private static final DateFormat df = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm'Z'");

    @CommandLine.Option(names = {"--session-key-out"}, description = {"Can be used to learn the session key on successful decryption"}, paramLabel = "SESSIONKEY")
    File sessionKeyOut;

    @CommandLine.Option(names = {"--with-session-key"}, description = {"Enables decryption of the \"CIPHERTEXT\" using the session key directly against the \"SEIPD\" packet"}, paramLabel = "SESSIONKEY")
    File[] withSessionKey;

    @CommandLine.Option(names = {"--with-password"}, description = {"Enables decryption based on any \"SKESK\" packets in the \"CIPHERTEXT\""}, paramLabel = "PASSWORD")
    String[] withPassword;

    @CommandLine.Option(names = {"--verify-out"}, description = {"Produces signature verification status to the designated file"}, paramLabel = "VERIFICATIONS")
    File verifyOut;

    @CommandLine.Option(names = {"--verify-with"}, description = {"Certificates whose signatures would be acceptable for signatures over this message"}, paramLabel = "CERT")
    File[] certs;

    @CommandLine.Option(names = {"--not-before"}, description = {"ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\nReject signatures with a creation date not in range.\nDefaults to beginning of time (\"-\")."}, paramLabel = "DATE")
    String notBefore = "-";

    @CommandLine.Option(names = {"--not-after"}, description = {"ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\nReject signatures with a creation date not in range.\nDefaults to current system time (\"now\").\nAccepts special value \"-\" for end of time."}, paramLabel = "DATE")
    String notAfter = "now";

    @CommandLine.Parameters(index = "0..*", description = {"Secret keys to attempt decryption with"}, paramLabel = "KEY")
    File[] keys;

    @Override // java.lang.Runnable
    public void run() {
        if ((this.verifyOut == null) ^ (this.certs == null)) {
            Print.err_ln("To enable signature verification, both --verify-out and at least one --verify-with argument must be supplied.");
            System.exit(23);
        }
        if (this.sessionKeyOut != null || this.withSessionKey != null) {
            Print.err_ln("session key in and out are not yet supported.");
            System.exit(1);
        }
        ConsumerOptions consumerOptions = new ConsumerOptions();
        List<PGPPublicKeyRing> list = null;
        try {
            Iterator<PGPSecretKeyRing> it = SopKeyUtil.loadKeysFromFiles(this.keys).iterator();
            while (it.hasNext()) {
                consumerOptions.addDecryptionKey(it.next());
            }
            if (this.certs != null) {
                list = SopKeyUtil.loadCertificatesFromFile(this.certs);
                Iterator<PGPPublicKeyRing> it2 = list.iterator();
                while (it2.hasNext()) {
                    consumerOptions.addVerificationCert(it2.next());
                }
            }
            try {
                DecryptionStream withOptions = PGPainless.decryptAndOrVerify().onInputStream(System.in).withOptions(consumerOptions);
                try {
                    Streams.pipeAll(withOptions, System.out);
                    System.out.flush();
                    withOptions.close();
                } catch (IOException e) {
                    Print.err_ln("Unable to decrypt: " + e.getMessage());
                    System.exit(29);
                }
                if (this.verifyOut == null) {
                    return;
                }
                OpenPgpMetadata result = withOptions.getResult();
                StringBuilder sb = new StringBuilder();
                if (list != null) {
                    for (OpenPgpV4Fingerprint openPgpV4Fingerprint : result.getVerifiedSignatures().keySet()) {
                        PGPPublicKeyRing pGPPublicKeyRing = null;
                        Iterator<PGPPublicKeyRing> it3 = list.iterator();
                        while (true) {
                            if (!it3.hasNext()) {
                                break;
                            }
                            PGPPublicKeyRing next = it3.next();
                            if (next.getPublicKey(openPgpV4Fingerprint.getKeyId()) != null) {
                                pGPPublicKeyRing = next;
                                break;
                            }
                        }
                        sb.append(df.format(result.getVerifiedSignatures().get(openPgpV4Fingerprint).getCreationTime())).append(' ').append((CharSequence) openPgpV4Fingerprint).append(' ').append(pGPPublicKeyRing != null ? new OpenPgpV4Fingerprint(pGPPublicKeyRing) : "null").append('\n');
                    }
                    try {
                        this.verifyOut.createNewFile();
                        PrintStream printStream = new PrintStream(new FileOutputStream(this.verifyOut));
                        printStream.println(sb);
                        printStream.close();
                    } catch (IOException e2) {
                        Print.err_ln("Error writing verifications file: " + e2);
                    }
                }
            } catch (IOException | PGPException e3) {
                Print.err_ln("Error constructing decryption stream: " + e3.getMessage());
                System.exit(1);
            }
        } catch (IOException | PGPException e4) {
            Print.err_ln(e4.getMessage());
            System.exit(1);
        }
    }
}
