package name.neuhalfen.projects.crypto.bouncycastle.openpgp.decrypting;

import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchProviderException;
import java.util.Iterator;
import java.util.Objects;
import javax.annotation.Nonnull;
import name.neuhalfen.projects.crypto.bouncycastle.openpgp.decrypting.SignatureValidatingInputStream;
import name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.PGPUtilities;
import name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.keyrings.KeyringConfig;
import name.neuhalfen.projects.crypto.bouncycastle.openpgp.validation.SignatureValidationStrategy;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignature;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.PGPContentVerifierBuilderProvider;
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:name/neuhalfen/projects/crypto/bouncycastle/openpgp/decrypting/DecryptionStreamFactory.class */
public final class DecryptionStreamFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger(DecryptionStreamFactory.class);
    private PGPPublicKeyEncryptedData pbe;

    @Nonnull
    private final PGPContentVerifierBuilderProvider pgpContentVerifierBuilderProvider = new BcPGPContentVerifierBuilderProvider();

    @Nonnull
    private final KeyringConfig config;

    @Nonnull
    private final SignatureValidationStrategy signatureValidationStrategy;

    private DecryptionStreamFactory(KeyringConfig keyringConfig, SignatureValidationStrategy signatureValidationStrategy) {
        this.signatureValidationStrategy = signatureValidationStrategy;
        this.config = keyringConfig;
    }

    public static DecryptionStreamFactory create(KeyringConfig keyringConfig, SignatureValidationStrategy signatureValidationStrategy) {
        Objects.requireNonNull(keyringConfig, "config must not be null");
        Objects.requireNonNull(signatureValidationStrategy, "signatureValidationStrategy must not be null");
        return new DecryptionStreamFactory(keyringConfig, signatureValidationStrategy);
    }

    public InputStream wrapWithDecryptAndVerify(InputStream inputStream) throws IOException, NoSuchProviderException {
        Objects.requireNonNull(inputStream, "inputStream must not be null");
        LOGGER.trace("Trying to decrypt and verify PGP Encryption.");
        try {
            return nextDecryptedStream(new PGPObjectFactory(PGPUtil.getDecoderStream(inputStream), this.config.getKeyFingerPrintCalculator()), new SignatureValidatingInputStream.DecryptionState());
        } catch (PGPException e) {
            throw new IOException("Failure decrypting", e);
        }
    }

    private InputStream nextDecryptedStream(PGPObjectFactory pGPObjectFactory, SignatureValidatingInputStream.DecryptionState decryptionState) throws PGPException, IOException {
        PGPPrivateKey pGPPrivateKey;
        while (true) {
            Object nextObject = pGPObjectFactory.nextObject();
            if (nextObject == null) {
                throw new PGPException("No data found");
            }
            if (nextObject instanceof PGPEncryptedDataList) {
                LOGGER.trace("Found instance of PGPEncryptedDataList");
                Iterator encryptedDataObjects = ((PGPEncryptedDataList) nextObject).getEncryptedDataObjects();
                if (!encryptedDataObjects.hasNext()) {
                    throw new PGPException("Decryption failed - No encrypted data found!");
                }
                PGPPrivateKey pGPPrivateKey2 = null;
                while (true) {
                    pGPPrivateKey = pGPPrivateKey2;
                    if (pGPPrivateKey != null || !encryptedDataObjects.hasNext()) {
                        break;
                    }
                    this.pbe = (PGPPublicKeyEncryptedData) encryptedDataObjects.next();
                    pGPPrivateKey2 = PGPUtilities.findSecretKey(this.config.getSecretKeyRings(), this.pbe.getKeyID(), this.config.decryptionSecretKeyPassphraseForSecretKeyId(this.pbe.getKeyID()));
                }
                if (pGPPrivateKey == null) {
                    throw new PGPException("Decryption failed - No secret key was found in the key ring matching the public key used to encrypt the file, aborting");
                }
                return nextDecryptedStream(new PGPObjectFactory(this.pbe.getDataStream(new BcPublicKeyDataDecryptorFactory(pGPPrivateKey)), new BcKeyFingerprintCalculator()), decryptionState);
            }
            if (nextObject instanceof PGPCompressedData) {
                LOGGER.trace("Found instance of PGPCompressedData");
                return nextDecryptedStream(new PGPObjectFactory(((PGPCompressedData) nextObject).getDataStream(), this.config.getKeyFingerPrintCalculator()), decryptionState);
            }
            if (nextObject instanceof PGPOnePassSignatureList) {
                LOGGER.trace("Found instance of PGPOnePassSignatureList");
                if (this.signatureValidationStrategy.isRequireSignatureCheck()) {
                    decryptionState.setSignatureFactory(pGPObjectFactory);
                    Iterator it = ((PGPOnePassSignatureList) nextObject).iterator();
                    while (it.hasNext()) {
                        PGPOnePassSignature pGPOnePassSignature = (PGPOnePassSignature) it.next();
                        PGPPublicKey publicKey = this.config.getPublicKeyRings().getPublicKey(pGPOnePassSignature.getKeyID());
                        if (publicKey != null) {
                            if (LOGGER.isTraceEnabled()) {
                                LOGGER.trace("Signature found, and the matching public key '0x{}' was also found in the keyring.", Long.toHexString(pGPOnePassSignature.getKeyID()));
                            }
                            pGPOnePassSignature.init(this.pgpContentVerifierBuilderProvider, publicKey);
                            decryptionState.addSignature(pGPOnePassSignature);
                        } else {
                            LOGGER.info("Found signature but public key '0x{}' was not found in the keyring.", Long.toHexString(pGPOnePassSignature.getKeyID()));
                        }
                    }
                    if (!decryptionState.hasVerifiableSignatures()) {
                        throw new PGPException("Signature checking is required but none of the public keys used to sign the data were found in the keyring'!");
                    }
                } else {
                    LOGGER.trace("Signature check disabled - ignoring contained signature");
                }
            } else {
                if (nextObject instanceof PGPLiteralData) {
                    LOGGER.trace("Found instance of PGPLiteralData");
                    InputStream inputStream = ((PGPLiteralData) nextObject).getInputStream();
                    if (!this.signatureValidationStrategy.isRequireSignatureCheck()) {
                        return new MDCValidatingInputStream(inputStream, this.pbe);
                    }
                    if (decryptionState.hasVerifiableSignatures()) {
                        return new MDCValidatingInputStream(new SignatureValidatingInputStream(inputStream, decryptionState, this.signatureValidationStrategy), this.pbe);
                    }
                    throw new PGPException("Signature checking is required but message was not signed!");
                }
                if (LOGGER.isTraceEnabled()) {
                    LOGGER.trace("Skipping pgp Object of Type {}", nextObject.getClass().getSimpleName());
                }
            }
        }
    }
}
