package org.pgpainless.sop.commands;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.TimeZone;
import org.bouncycastle.bcpg.SignatureSubpacketTags;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.util.io.Streams;
import org.pgpainless.PGPainless;
import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.sop.Print;
import picocli.CommandLine;

@CommandLine.Command(name = "verify", description = {"Verify a detached signature over the data from standard input"}, exitCodeOnInvalidInput = SignatureSubpacketTags.ATTESTED_CERTIFICATIONS)
/* loaded from: input_file:org/pgpainless/sop/commands/Verify.class */
public class Verify implements Runnable {
    private static final TimeZone tz = TimeZone.getTimeZone("UTC");
    private static final DateFormat df = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm'Z'");
    private static final Date beginningOfTime = new Date(0);
    private static final Date endOfTime = new Date(8640000000000000L);

    @CommandLine.Parameters(index = "0", description = {"Detached signature"}, paramLabel = "SIGNATURE")
    File signature;

    @CommandLine.Parameters(index = "1..*", arity = "1..*", description = {"Public key certificates"}, paramLabel = "CERT")
    File[] certificates;

    @CommandLine.Option(names = {"--not-before"}, description = {"ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\nReject signatures with a creation date not in range.\nDefaults to beginning of time (\"-\")."}, paramLabel = "DATE")
    String notBefore = "-";

    @CommandLine.Option(names = {"--not-after"}, description = {"ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\nReject signatures with a creation date not in range.\nDefaults to current system time (\"now\").\nAccepts special value \"-\" for end of time."}, paramLabel = "DATE")
    String notAfter = "now";

    /* loaded from: input_file:org/pgpainless/sop/commands/Verify$NullOutputStream.class */
    private static class NullOutputStream extends OutputStream {
        private NullOutputStream() {
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        Date parseNotBefore = parseNotBefore();
        Date parseNotAfter = parseNotAfter();
        ConsumerOptions consumerOptions = new ConsumerOptions();
        try {
            FileInputStream fileInputStream = new FileInputStream(this.signature);
            try {
                consumerOptions.addVerificationOfDetachedSignatures(fileInputStream);
                fileInputStream.close();
            } finally {
            }
        } catch (IOException | PGPException e) {
            Print.err_ln("Cannot read detached signature: " + e.getMessage());
            System.exit(1);
        }
        Map<PGPPublicKeyRing, File> readCertificatesFromFiles = readCertificatesFromFiles();
        if (readCertificatesFromFiles.isEmpty()) {
            Print.err_ln("No certificates supplied.");
            System.exit(19);
        }
        Iterator<PGPPublicKeyRing> it = readCertificatesFromFiles.keySet().iterator();
        while (it.hasNext()) {
            consumerOptions.addVerificationCert(it.next());
        }
        try {
            DecryptionStream withOptions = PGPainless.decryptAndOrVerify().onInputStream(System.in).withOptions(consumerOptions);
            Streams.pipeAll(withOptions, new NullOutputStream());
            withOptions.close();
            OpenPgpMetadata result = withOptions.getResult();
            HashMap hashMap = new HashMap();
            for (OpenPgpV4Fingerprint openPgpV4Fingerprint : result.getVerifiedSignatures().keySet()) {
                PGPSignature pGPSignature = result.getVerifiedSignatures().get(openPgpV4Fingerprint);
                Date creationTime = pGPSignature.getCreationTime();
                if (!creationTime.before(parseNotBefore) && !creationTime.after(parseNotAfter)) {
                    hashMap.put(openPgpV4Fingerprint, pGPSignature);
                }
            }
            if (hashMap.isEmpty()) {
                Print.err_ln("No valid signatures found.");
                System.exit(3);
            }
            printValidSignatures(hashMap, readCertificatesFromFiles);
        } catch (IOException | PGPException e2) {
            Print.err_ln("Signature validation failed.");
            Print.err_ln(e2.getMessage());
            System.exit(1);
        }
    }

    private void printValidSignatures(Map<OpenPgpV4Fingerprint, PGPSignature> map, Map<PGPPublicKeyRing, File> map2) {
        for (OpenPgpV4Fingerprint openPgpV4Fingerprint : map.keySet()) {
            PGPSignature pGPSignature = map.get(openPgpV4Fingerprint);
            for (PGPPublicKeyRing pGPPublicKeyRing : map2.keySet()) {
                File file = map2.get(pGPPublicKeyRing);
                if (pGPPublicKeyRing.getPublicKey(openPgpV4Fingerprint.getKeyId()) != null) {
                    Print.print_ln(df.format(pGPSignature.getCreationTime()) + " " + openPgpV4Fingerprint.toString() + " " + new OpenPgpV4Fingerprint(pGPPublicKeyRing).toString() + " signed by " + file.getName());
                }
            }
        }
    }

    private Map<PGPPublicKeyRing, File> readCertificatesFromFiles() {
        HashMap hashMap = new HashMap();
        for (File file : this.certificates) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    Iterator<PGPPublicKeyRing> it = PGPainless.readKeyRing().publicKeyRingCollection(fileInputStream).iterator();
                    while (it.hasNext()) {
                        hashMap.put(it.next(), file);
                    }
                    fileInputStream.close();
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                    break;
                }
            } catch (IOException | PGPException e) {
                Print.err_ln("Cannot read certificate from file " + file.getAbsolutePath() + ":");
                Print.err_ln(e.getMessage());
            }
        }
        return hashMap;
    }

    private Date parseNotAfter() {
        try {
            return this.notAfter.equals("now") ? new Date() : this.notAfter.equals("-") ? endOfTime : df.parse(this.notAfter);
        } catch (ParseException e) {
            Print.err_ln("Invalid date string supplied as value of --not-after.");
            System.exit(1);
            return null;
        }
    }

    private Date parseNotBefore() {
        try {
            return this.notBefore.equals("now") ? new Date() : this.notBefore.equals("-") ? beginningOfTime : df.parse(this.notBefore);
        } catch (ParseException e) {
            Print.err_ln("Invalid date string supplied as value of --not-before.");
            System.exit(1);
            return null;
        }
    }

    static {
        df.setTimeZone(tz);
    }
}
