package org.pgpainless.decryption_verification;

import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.bcpg.BCPGInputStream;
import org.bouncycastle.bcpg.InputStreamPacket;
import org.bouncycastle.bcpg.OnePassSignaturePacket;
import org.bouncycastle.bcpg.PublicKeyEncSessionPacket;
import org.bouncycastle.bcpg.SymmetricEncIntegrityPacket;
import org.bouncycastle.crypto.BufferedBlockCipher;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.io.CipherInputStream;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyValidationException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignature;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.bc.BcImplProvider;
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider$BcPGPContentVerifierBuilder$1;
import org.bouncycastle.openpgp.operator.bc.BcPGPKeyConverter;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;
import org.bouncycastle.openpgp.operator.bc.BcUtil;
import org.bouncycastle.openpgp.operator.bc.SHA1PGPDigestCalculator;
import org.bouncycastle.openpgp.operator.bc.SignerOutputStream;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.io.TeeInputStream;
import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.protection.SecretKeyRingProtector;

/* loaded from: classes2.dex */
public final class DecryptionStreamFactory {
    public final SecretKeyRingProtector decryptionKeyDecryptor;
    public final PGPSecretKeyRingCollection decryptionKeys;
    public final BcKeyFingerprintCalculator keyFingerprintCalculator;
    public final MissingPublicKeyCallback missingPublicKeyCallback;
    public final OpenPgpMetadata.Builder resultBuilder;
    public final HashMap verifiableOnePassSignatures;
    public final HashSet verificationKeys;
    public final BcPGPContentVerifierBuilderProvider verifierBuilderProvider;
    public static final Logger LOGGER = Logger.getLogger(DecryptionStreamFactory.class.getName());
    public static final Level LEVEL = Level.FINE;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r5v2, types: [java.util.List] */
    public DecryptionStreamFactory(PGPSecretKeyRingCollection pGPSecretKeyRingCollection, SecretKeyRingProtector secretKeyRingProtector, Set<PGPPublicKeyRing> set, MissingPublicKeyCallback missingPublicKeyCallback) {
        HashSet hashSet = new HashSet();
        this.verificationKeys = hashSet;
        this.resultBuilder = new OpenPgpMetadata.Builder();
        this.verifierBuilderProvider = new BcPGPContentVerifierBuilderProvider();
        this.keyFingerprintCalculator = new BcKeyFingerprintCalculator();
        this.verifiableOnePassSignatures = new HashMap();
        this.decryptionKeys = pGPSecretKeyRingCollection;
        this.decryptionKeyDecryptor = secretKeyRingProtector;
        hashSet.addAll(set == null ? Collections.emptyList() : set);
        this.missingPublicKeyCallback = missingPublicKeyCallback;
    }

    public final InputStream processPGPPackets(PGPObjectFactory pGPObjectFactory) throws IOException, PGPException {
        Object nextObject;
        Logger logger;
        Level level;
        InputStream inputStream;
        PGPSecretKey pGPSecretKey;
        HashMap hashMap;
        do {
            nextObject = pGPObjectFactory.nextObject();
            if (nextObject == null) {
                throw new PGPException("No Literal Data Packet found");
            }
            boolean z = nextObject instanceof PGPEncryptedDataList;
            logger = LOGGER;
            level = LEVEL;
            BcKeyFingerprintCalculator bcKeyFingerprintCalculator = this.keyFingerprintCalculator;
            OpenPgpMetadata.Builder builder = this.resultBuilder;
            if (z) {
                logger.log(level, "Encountered PGPEncryptedDataList");
                Iterator it = ((PGPEncryptedDataList) nextObject).methods.iterator();
                if (!it.hasNext()) {
                    throw new PGPException("Decryption failed - EncryptedDataList has no items");
                }
                PGPPrivateKey pGPPrivateKey = null;
                PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData = null;
                while (it.hasNext()) {
                    PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData2 = (PGPPublicKeyEncryptedData) it.next();
                    long j = pGPPublicKeyEncryptedData2.keyData.keyID;
                    builder.recipientFingerprints.add(Long.valueOf(j));
                    logger.log(level, "PGPEncryptedData is encrypted for key " + Long.toHexString(j));
                    Iterator it2 = this.decryptionKeys.secretRings.values().iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            pGPSecretKey = null;
                            break;
                        }
                        pGPSecretKey = ((PGPSecretKeyRing) it2.next()).getSecretKey(j);
                        if (pGPSecretKey != null) {
                            break;
                        }
                    }
                    if (pGPSecretKey != null) {
                        logger.log(level, "Found respective secret key " + Long.toHexString(j));
                        this.decryptionKeyDecryptor.getClass();
                        pGPPrivateKey = pGPSecretKey.extractPrivateKey();
                        new OpenPgpV4Fingerprint(pGPSecretKey.f230pub);
                        builder.getClass();
                        pGPPublicKeyEncryptedData = pGPPublicKeyEncryptedData2;
                    }
                }
                if (pGPPrivateKey == null) {
                    throw new PGPException("Decryption failed - No suitable decryption key found");
                }
                BcPublicKeyDataDecryptorFactory bcPublicKeyDataDecryptorFactory = new BcPublicKeyDataDecryptorFactory(pGPPrivateKey);
                PublicKeyEncSessionPacket publicKeyEncSessionPacket = pGPPublicKeyEncryptedData.keyData;
                logger.log(level, "Message is encrypted using " + ((SymmetricKeyAlgorithm) SymmetricKeyAlgorithm.MAP.get(Integer.valueOf(bcPublicKeyDataDecryptorFactory.recoverSessionData(publicKeyEncSessionPacket.algorithm, publicKeyEncSessionPacket.data)[0]))));
                builder.getClass();
                InputStreamPacket inputStreamPacket = pGPPublicKeyEncryptedData.encData;
                boolean z2 = inputStreamPacket instanceof SymmetricEncIntegrityPacket;
                builder.getClass();
                PublicKeyEncSessionPacket publicKeyEncSessionPacket2 = pGPPublicKeyEncryptedData.keyData;
                byte[] recoverSessionData = bcPublicKeyDataDecryptorFactory.recoverSessionData(publicKeyEncSessionPacket2.algorithm, publicKeyEncSessionPacket2.data);
                int i = 0;
                for (int i2 = 1; i2 != recoverSessionData.length - 2; i2++) {
                    i += recoverSessionData[i2] & 255;
                }
                if (!(recoverSessionData[recoverSessionData.length + (-2)] == ((byte) (i >> 8)) && recoverSessionData[recoverSessionData.length - 1] == ((byte) i))) {
                    throw new PGPKeyValidationException();
                }
                if (recoverSessionData[0] != 0) {
                    try {
                        boolean z3 = inputStreamPacket instanceof SymmetricEncIntegrityPacket;
                        int length = recoverSessionData.length - 3;
                        byte[] bArr = new byte[length];
                        System.arraycopy(recoverSessionData, 1, bArr, 0, length);
                        BufferedBlockCipher createStreamCipher = BcUtil.createStreamCipher(false, BcImplProvider.createBlockCipher(recoverSessionData[0] & 255), z3, bArr);
                        pGPPublicKeyEncryptedData.encStream = new BCPGInputStream(new CipherInputStream(inputStreamPacket.in, createStreamCipher));
                        if (z3) {
                            pGPPublicKeyEncryptedData.truncStream = new PGPEncryptedData.TruncatedStream(pGPPublicKeyEncryptedData.encStream);
                            pGPPublicKeyEncryptedData.integrityCalculator = new SHA1PGPDigestCalculator();
                            pGPPublicKeyEncryptedData.encStream = new TeeInputStream(pGPPublicKeyEncryptedData.truncStream, pGPPublicKeyEncryptedData.integrityCalculator.getOutputStream());
                        }
                        int blockSize = createStreamCipher.getBlockSize();
                        byte[] bArr2 = new byte[blockSize];
                        for (int i3 = 0; i3 != blockSize; i3++) {
                            int read = pGPPublicKeyEncryptedData.encStream.read();
                            if (read < 0) {
                                throw new EOFException("unexpected end of stream.");
                            }
                            bArr2[i3] = (byte) read;
                        }
                        int read2 = pGPPublicKeyEncryptedData.encStream.read();
                        int read3 = pGPPublicKeyEncryptedData.encStream.read();
                        if (read2 < 0 || read3 < 0) {
                            throw new EOFException("unexpected end of stream.");
                        }
                        inputStream = pGPPublicKeyEncryptedData.encStream;
                    } catch (PGPException e) {
                        throw e;
                    } catch (Exception e2) {
                        throw new PGPException("Exception starting decryption", e2);
                    }
                } else {
                    inputStream = inputStreamPacket.in;
                }
                return processPGPPackets(new PGPObjectFactory(PGPUtil.getDecoderStream(inputStream), bcKeyFingerprintCalculator));
            }
            if (nextObject instanceof PGPCompressedData) {
                PGPCompressedData pGPCompressedData = (PGPCompressedData) nextObject;
                logger.log(level, "Encountered PGPCompressedData: " + ((CompressionAlgorithm) CompressionAlgorithm.MAP.get(Integer.valueOf(pGPCompressedData.data.algorithm))));
                builder.getClass();
                return processPGPPackets(new PGPObjectFactory(PGPUtil.getDecoderStream(pGPCompressedData.getDataStream()), bcKeyFingerprintCalculator));
            }
            boolean z4 = nextObject instanceof PGPOnePassSignatureList;
            hashMap = this.verifiableOnePassSignatures;
            if (z4) {
                PGPOnePassSignatureList pGPOnePassSignatureList = (PGPOnePassSignatureList) nextObject;
                logger.log(level, "Encountered PGPOnePassSignatureList of size " + pGPOnePassSignatureList.sigs.length);
                Arrays.Iterator iterator = (Arrays.Iterator) pGPOnePassSignatureList.iterator();
                if (!iterator.hasNext()) {
                    throw new PGPException("Verification failed - No OnePassSignatures found");
                }
                while (iterator.hasNext()) {
                    PGPOnePassSignature pGPOnePassSignature = (PGPOnePassSignature) iterator.next();
                    long j2 = pGPOnePassSignature.sigPack.keyID;
                    logger.log(level, "Message contains OnePassSignature from " + Long.toHexString(j2));
                    Iterator it3 = this.verificationKeys.iterator();
                    PGPPublicKey pGPPublicKey = null;
                    while (true) {
                        if (!it3.hasNext()) {
                            break;
                        }
                        pGPPublicKey = ((PGPPublicKeyRing) it3.next()).getPublicKey(j2);
                        if (pGPPublicKey != null) {
                            logger.log(level, "Found public key " + Long.toHexString(j2) + " for signature verification");
                            break;
                        }
                    }
                    if (pGPPublicKey == null) {
                        Level level2 = Level.FINER;
                        logger.log(level2, "No public key found for signature of " + Long.toHexString(j2));
                        MissingPublicKeyCallback missingPublicKeyCallback = this.missingPublicKeyCallback;
                        if (missingPublicKeyCallback == null) {
                            logger.log(level2, "No MissingPublicKeyCallback registered. Skip signature of " + Long.toHexString(j2));
                        } else {
                            pGPPublicKey = missingPublicKeyCallback.onMissingPublicKeyEncountered(Long.valueOf(j2));
                            if (pGPPublicKey == null) {
                                logger.log(level2, "MissingPublicKeyCallback did not provider key. Skip signature of " + Long.toHexString(j2));
                            } else if (pGPPublicKey.keyID != j2) {
                                throw new IllegalArgumentException("KeyID of the provided public key differs from the signatures keyId. The signature was created from " + Long.toHexString(j2) + " while the provided key has ID " + Long.toHexString(pGPPublicKey.keyID));
                            }
                        }
                        pGPPublicKey = null;
                    }
                    if (pGPPublicKey == null) {
                        logger.log(level, "Missing verification key from " + Long.toHexString(j2));
                    } else {
                        OnePassSignaturePacket onePassSignaturePacket = pGPOnePassSignature.sigPack;
                        int i4 = onePassSignaturePacket.keyAlgorithm;
                        BcPGPContentVerifierBuilderProvider bcPGPContentVerifierBuilderProvider = this.verifierBuilderProvider;
                        bcPGPContentVerifierBuilderProvider.getClass();
                        Signer createSigner = BcImplProvider.createSigner(i4, onePassSignaturePacket.hashAlgorithm);
                        bcPGPContentVerifierBuilderProvider.keyConverter.getClass();
                        createSigner.init(false, BcPGPKeyConverter.getPublicKey(pGPPublicKey));
                        pGPOnePassSignature.verifier = new BcPGPContentVerifierBuilderProvider$BcPGPContentVerifierBuilder$1(createSigner);
                        pGPOnePassSignature.lastb = (byte) 0;
                        pGPOnePassSignature.sigOut = new SignerOutputStream(createSigner);
                        new OpenPgpV4Fingerprint(pGPPublicKey);
                        OnePassSignature onePassSignature = new OnePassSignature(pGPOnePassSignature);
                        builder.onePassSignatures.add(onePassSignature);
                        hashMap.put(new OpenPgpV4Fingerprint(pGPPublicKey), onePassSignature);
                    }
                }
                return processPGPPackets(pGPObjectFactory);
            }
        } while (!(nextObject instanceof PGPLiteralData));
        logger.log(level, "Found PGPLiteralData");
        BCPGInputStream bCPGInputStream = ((PGPLiteralData) nextObject).data.in;
        if (!hashMap.isEmpty()) {
            return new SignatureVerifyingInputStream(bCPGInputStream, pGPObjectFactory, hashMap);
        }
        logger.log(level, "No OnePassSignatures found -> We are done");
        return bCPGInputStream;
    }
}
