package org.pgpainless.encryption_signing;

import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyRing;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.DocumentSignatureType;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.algorithm.negotiation.HashAlgorithmNegotiator;
import org.pgpainless.exception.KeyException;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.OpenPgpFingerprint;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.protection.UnlockSecretKey;
import org.pgpainless.policy.Policy;
import org.pgpainless.signature.subpackets.BaseSignatureSubpackets;
import org.pgpainless.signature.subpackets.SignatureSubpackets;
import org.pgpainless.signature.subpackets.SignatureSubpacketsHelper;

/* loaded from: input_file:org/pgpainless/encryption_signing/SigningOptions.class */
public final class SigningOptions {
    private HashAlgorithm hashAlgorithmOverride;
    private final Map<SubkeyIdentifier, SigningMethod> signingMethods = new HashMap();
    private Date evaluationDate = new Date();

    /* loaded from: input_file:org/pgpainless/encryption_signing/SigningOptions$SigningMethod.class */
    public static final class SigningMethod {
        private final PGPSignatureGenerator signatureGenerator;
        private final boolean detached;
        private final HashAlgorithm hashAlgorithm;

        private SigningMethod(@Nonnull PGPSignatureGenerator pGPSignatureGenerator, boolean z, @Nonnull HashAlgorithm hashAlgorithm) {
            this.signatureGenerator = pGPSignatureGenerator;
            this.detached = z;
            this.hashAlgorithm = hashAlgorithm;
        }

        public static SigningMethod inlineSignature(@Nonnull PGPSignatureGenerator pGPSignatureGenerator, @Nonnull HashAlgorithm hashAlgorithm) {
            return new SigningMethod(pGPSignatureGenerator, false, hashAlgorithm);
        }

        public static SigningMethod detachedSignature(@Nonnull PGPSignatureGenerator pGPSignatureGenerator, @Nonnull HashAlgorithm hashAlgorithm) {
            return new SigningMethod(pGPSignatureGenerator, true, hashAlgorithm);
        }

        public boolean isDetached() {
            return this.detached;
        }

        public PGPSignatureGenerator getSignatureGenerator() {
            return this.signatureGenerator;
        }

        public HashAlgorithm getHashAlgorithm() {
            return this.hashAlgorithm;
        }
    }

    @Nonnull
    public static SigningOptions get() {
        return new SigningOptions();
    }

    public SigningOptions setEvaluationDate(@Nonnull Date date) {
        this.evaluationDate = date;
        return this;
    }

    @Nonnull
    public SigningOptions addSignature(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPSecretKeyRing pGPSecretKeyRing) throws PGPException {
        return addInlineSignature(secretKeyRingProtector, pGPSecretKeyRing, DocumentSignatureType.BINARY_DOCUMENT);
    }

    @Nonnull
    public SigningOptions addInlineSignatures(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull Iterable<PGPSecretKeyRing> iterable, @Nonnull DocumentSignatureType documentSignatureType) throws KeyException, PGPException {
        Iterator<PGPSecretKeyRing> it = iterable.iterator();
        while (it.hasNext()) {
            addInlineSignature(secretKeyRingProtector, it.next(), documentSignatureType);
        }
        return this;
    }

    @Nonnull
    public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPSecretKeyRing pGPSecretKeyRing, @Nonnull DocumentSignatureType documentSignatureType) throws KeyException, PGPException {
        return addInlineSignature(secretKeyRingProtector, pGPSecretKeyRing, null, documentSignatureType);
    }

    @Nonnull
    public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPSecretKeyRing pGPSecretKeyRing, @Nullable CharSequence charSequence, @Nonnull DocumentSignatureType documentSignatureType) throws KeyException, PGPException {
        return addInlineSignature(secretKeyRingProtector, pGPSecretKeyRing, charSequence, documentSignatureType, (BaseSignatureSubpackets.Callback) null);
    }

    @Nonnull
    public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPSecretKeyRing pGPSecretKeyRing, @Nullable CharSequence charSequence, @Nonnull DocumentSignatureType documentSignatureType, @Nullable BaseSignatureSubpackets.Callback callback) throws KeyException, PGPException {
        KeyRingInfo inspectKeyRing = PGPainless.inspectKeyRing(pGPSecretKeyRing, this.evaluationDate);
        if (charSequence != null && !inspectKeyRing.isUserIdValid(charSequence)) {
            throw new KeyException.UnboundUserIdException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing), charSequence.toString(), inspectKeyRing.getLatestUserIdCertification(charSequence), inspectKeyRing.getUserIdRevocation(charSequence));
        }
        List<PGPPublicKey> signingSubkeys = inspectKeyRing.getSigningSubkeys();
        if (signingSubkeys.isEmpty()) {
            throw new KeyException.UnacceptableSigningKeyException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing));
        }
        for (PGPPublicKey pGPPublicKey : signingSubkeys) {
            PGPSecretKey secretKey = pGPSecretKeyRing.getSecretKey(pGPPublicKey.getKeyID());
            if (secretKey == null) {
                throw new KeyException.MissingSecretKeyException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing), pGPPublicKey.getKeyID());
            }
            addSigningMethod(pGPSecretKeyRing, UnlockSecretKey.unlockSecretKey(secretKey, secretKeyRingProtector), callback, negotiateHashAlgorithm(charSequence != null ? inspectKeyRing.getPreferredHashAlgorithms(charSequence) : inspectKeyRing.getPreferredHashAlgorithms(pGPPublicKey.getKeyID()), PGPainless.getPolicy()), documentSignatureType, false);
        }
        return this;
    }

    @Nonnull
    public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPSecretKeyRing pGPSecretKeyRing, long j) throws PGPException {
        return addInlineSignature(secretKeyRingProtector, pGPSecretKeyRing, j, DocumentSignatureType.BINARY_DOCUMENT, (BaseSignatureSubpackets.Callback) null);
    }

    @Nonnull
    public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPSecretKeyRing pGPSecretKeyRing, long j, @Nonnull DocumentSignatureType documentSignatureType, @Nullable BaseSignatureSubpackets.Callback callback) throws PGPException {
        KeyRingInfo inspectKeyRing = PGPainless.inspectKeyRing(pGPSecretKeyRing, this.evaluationDate);
        List<PGPPublicKey> signingSubkeys = inspectKeyRing.getSigningSubkeys();
        if (signingSubkeys.isEmpty()) {
            throw new KeyException.UnacceptableSigningKeyException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing));
        }
        for (PGPPublicKey pGPPublicKey : signingSubkeys) {
            if (pGPPublicKey.getKeyID() == j) {
                PGPSecretKey secretKey = pGPSecretKeyRing.getSecretKey(pGPPublicKey.getKeyID());
                if (secretKey == null) {
                    throw new KeyException.MissingSecretKeyException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing), pGPPublicKey.getKeyID());
                }
                addSigningMethod(pGPSecretKeyRing, UnlockSecretKey.unlockSecretKey(secretKey, secretKeyRingProtector), callback, negotiateHashAlgorithm(inspectKeyRing.getPreferredHashAlgorithms(pGPPublicKey.getKeyID()), PGPainless.getPolicy()), documentSignatureType, false);
                return this;
            }
        }
        throw new KeyException.MissingSecretKeyException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing), j);
    }

    @Nonnull
    public SigningOptions addDetachedSignatures(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull Iterable<PGPSecretKeyRing> iterable, @Nonnull DocumentSignatureType documentSignatureType) throws PGPException {
        Iterator<PGPSecretKeyRing> it = iterable.iterator();
        while (it.hasNext()) {
            addDetachedSignature(secretKeyRingProtector, it.next(), documentSignatureType);
        }
        return this;
    }

    @Nonnull
    public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPSecretKeyRing pGPSecretKeyRing) throws PGPException {
        return addDetachedSignature(secretKeyRingProtector, pGPSecretKeyRing, DocumentSignatureType.BINARY_DOCUMENT);
    }

    @Nonnull
    public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPSecretKeyRing pGPSecretKeyRing, @Nonnull DocumentSignatureType documentSignatureType) throws PGPException {
        return addDetachedSignature(secretKeyRingProtector, pGPSecretKeyRing, null, documentSignatureType);
    }

    @Nonnull
    public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPSecretKeyRing pGPSecretKeyRing, @Nullable CharSequence charSequence, @Nonnull DocumentSignatureType documentSignatureType) throws PGPException {
        return addDetachedSignature(secretKeyRingProtector, pGPSecretKeyRing, charSequence, documentSignatureType, (BaseSignatureSubpackets.Callback) null);
    }

    @Nonnull
    public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPSecretKeyRing pGPSecretKeyRing, @Nullable CharSequence charSequence, @Nonnull DocumentSignatureType documentSignatureType, @Nullable BaseSignatureSubpackets.Callback callback) throws PGPException {
        KeyRingInfo inspectKeyRing = PGPainless.inspectKeyRing(pGPSecretKeyRing, this.evaluationDate);
        if (charSequence != null && !inspectKeyRing.isUserIdValid(charSequence)) {
            throw new KeyException.UnboundUserIdException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing), charSequence.toString(), inspectKeyRing.getLatestUserIdCertification(charSequence), inspectKeyRing.getUserIdRevocation(charSequence));
        }
        List<PGPPublicKey> signingSubkeys = inspectKeyRing.getSigningSubkeys();
        if (signingSubkeys.isEmpty()) {
            throw new KeyException.UnacceptableSigningKeyException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing));
        }
        for (PGPPublicKey pGPPublicKey : signingSubkeys) {
            PGPSecretKey secretKey = pGPSecretKeyRing.getSecretKey(pGPPublicKey.getKeyID());
            if (secretKey == null) {
                throw new KeyException.MissingSecretKeyException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing), pGPPublicKey.getKeyID());
            }
            addSigningMethod(pGPSecretKeyRing, UnlockSecretKey.unlockSecretKey(secretKey, secretKeyRingProtector), callback, negotiateHashAlgorithm(charSequence != null ? inspectKeyRing.getPreferredHashAlgorithms(charSequence) : inspectKeyRing.getPreferredHashAlgorithms(pGPPublicKey.getKeyID()), PGPainless.getPolicy()), documentSignatureType, true);
        }
        return this;
    }

    @Nonnull
    public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPSecretKeyRing pGPSecretKeyRing, long j) throws PGPException {
        return addDetachedSignature(secretKeyRingProtector, pGPSecretKeyRing, j, DocumentSignatureType.BINARY_DOCUMENT, (BaseSignatureSubpackets.Callback) null);
    }

    @Nonnull
    public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyRingProtector, @Nonnull PGPSecretKeyRing pGPSecretKeyRing, long j, @Nonnull DocumentSignatureType documentSignatureType, @Nullable BaseSignatureSubpackets.Callback callback) throws PGPException {
        KeyRingInfo inspectKeyRing = PGPainless.inspectKeyRing(pGPSecretKeyRing, this.evaluationDate);
        List<PGPPublicKey> signingSubkeys = inspectKeyRing.getSigningSubkeys();
        if (signingSubkeys.isEmpty()) {
            throw new KeyException.UnacceptableSigningKeyException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing));
        }
        for (PGPPublicKey pGPPublicKey : signingSubkeys) {
            if (pGPPublicKey.getKeyID() == j) {
                PGPSecretKey secretKey = pGPSecretKeyRing.getSecretKey(pGPPublicKey.getKeyID());
                if (secretKey == null) {
                    throw new KeyException.MissingSecretKeyException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing), pGPPublicKey.getKeyID());
                }
                addSigningMethod(pGPSecretKeyRing, UnlockSecretKey.unlockSecretKey(secretKey, secretKeyRingProtector), callback, negotiateHashAlgorithm(inspectKeyRing.getPreferredHashAlgorithms(pGPPublicKey.getKeyID()), PGPainless.getPolicy()), documentSignatureType, true);
                return this;
            }
        }
        throw new KeyException.MissingSecretKeyException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing), j);
    }

    private void addSigningMethod(@Nonnull PGPSecretKeyRing pGPSecretKeyRing, @Nonnull PGPPrivateKey pGPPrivateKey, @Nullable BaseSignatureSubpackets.Callback callback, @Nonnull HashAlgorithm hashAlgorithm, @Nonnull DocumentSignatureType documentSignatureType, boolean z) throws PGPException {
        SubkeyIdentifier subkeyIdentifier = new SubkeyIdentifier((PGPKeyRing) pGPSecretKeyRing, pGPPrivateKey.getKeyID());
        PGPSecretKey secretKey = pGPSecretKeyRing.getSecretKey(pGPPrivateKey.getKeyID());
        PublicKeyAlgorithm requireFromId = PublicKeyAlgorithm.requireFromId(secretKey.getPublicKey().getAlgorithm());
        int bitStrength = secretKey.getPublicKey().getBitStrength();
        if (!PGPainless.getPolicy().getPublicKeyAlgorithmPolicy().isAcceptable(requireFromId, bitStrength)) {
            throw new KeyException.UnacceptableSigningKeyException(new KeyException.PublicKeyAlgorithmPolicyException(OpenPgpFingerprint.of((PGPKeyRing) pGPSecretKeyRing), secretKey.getKeyID(), requireFromId, bitStrength));
        }
        PGPSignatureGenerator createSignatureGenerator = createSignatureGenerator(pGPPrivateKey, hashAlgorithm, documentSignatureType);
        SignatureSubpackets createHashedSubpackets = SignatureSubpackets.createHashedSubpackets(secretKey.getPublicKey());
        SignatureSubpackets createEmptySubpackets = SignatureSubpackets.createEmptySubpackets();
        if (callback != null) {
            callback.modifyHashedSubpackets(createHashedSubpackets);
            callback.modifyUnhashedSubpackets(createEmptySubpackets);
        }
        createSignatureGenerator.setHashedSubpackets(SignatureSubpacketsHelper.toVector(createHashedSubpackets));
        createSignatureGenerator.setUnhashedSubpackets(SignatureSubpacketsHelper.toVector(createEmptySubpackets));
        this.signingMethods.put(subkeyIdentifier, z ? SigningMethod.detachedSignature(createSignatureGenerator, hashAlgorithm) : SigningMethod.inlineSignature(createSignatureGenerator, hashAlgorithm));
    }

    @Nonnull
    private HashAlgorithm negotiateHashAlgorithm(@Nonnull Set<HashAlgorithm> set, @Nonnull Policy policy) {
        return this.hashAlgorithmOverride != null ? this.hashAlgorithmOverride : HashAlgorithmNegotiator.negotiateSignatureHashAlgorithm(policy).negotiateHashAlgorithm(set);
    }

    @Nonnull
    private PGPSignatureGenerator createSignatureGenerator(@Nonnull PGPPrivateKey pGPPrivateKey, @Nonnull HashAlgorithm hashAlgorithm, @Nonnull DocumentSignatureType documentSignatureType) throws PGPException {
        PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(ImplementationFactory.getInstance().getPGPContentSignerBuilder(pGPPrivateKey.getPublicKeyPacket().getAlgorithm(), hashAlgorithm.getAlgorithmId()));
        pGPSignatureGenerator.init(documentSignatureType.getSignatureType().getCode(), pGPPrivateKey);
        return pGPSignatureGenerator;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public Map<SubkeyIdentifier, SigningMethod> getSigningMethods() {
        return Collections.unmodifiableMap(this.signingMethods);
    }

    @Nonnull
    public SigningOptions overrideHashAlgorithm(@Nonnull HashAlgorithm hashAlgorithm) {
        this.hashAlgorithmOverride = hashAlgorithm;
        return this;
    }

    @Nullable
    public HashAlgorithm getHashAlgorithmOverride() {
        return this.hashAlgorithmOverride;
    }
}
