package org.pgpainless.decryption_verification;

import java.io.FilterInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.pgpainless.PGPainless;
import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.policy.Policy;
import org.pgpainless.signature.SignatureUtils;
import org.pgpainless.signature.consumer.CertificateValidator;
import org.pgpainless.signature.consumer.DetachedSignatureCheck;
import org.pgpainless.signature.consumer.OnePassSignatureCheck;
import org.pgpainless.signature.consumer.SignatureValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pgpainless/decryption_verification/SignatureInputStream.class */
public abstract class SignatureInputStream extends FilterInputStream {

    /* loaded from: input_file:org/pgpainless/decryption_verification/SignatureInputStream$VerifySignatures.class */
    public static class VerifySignatures extends SignatureInputStream {
        private static final Logger LOGGER = LoggerFactory.getLogger(VerifySignatures.class);
        private final PGPObjectFactory objectFactory;
        private final List<OnePassSignatureCheck> opSignatures;
        private final Map<Long, OnePassSignatureCheck> opSignaturesWithMissingCert;
        private final List<DetachedSignatureCheck> detachedSignatures;
        private final ConsumerOptions options;
        private final OpenPgpMetadata.Builder resultBuilder;

        public VerifySignatures(InputStream inputStream, @Nullable PGPObjectFactory pGPObjectFactory, List<OnePassSignatureCheck> list, Map<Long, OnePassSignatureCheck> map, List<DetachedSignatureCheck> list2, ConsumerOptions consumerOptions, OpenPgpMetadata.Builder builder) {
            super(inputStream);
            this.objectFactory = pGPObjectFactory;
            this.opSignatures = list;
            this.opSignaturesWithMissingCert = map;
            this.detachedSignatures = list2;
            this.options = consumerOptions;
            this.resultBuilder = builder;
        }

        @Override // java.io.FilterInputStream, java.io.InputStream
        public int read() throws IOException {
            int read = super.read();
            if (read == -1) {
                finalizeSignatures();
            } else {
                byte b = (byte) read;
                updateOnePassSignatures(b);
                updateDetachedSignatures(b);
            }
            return read;
        }

        @Override // java.io.FilterInputStream, java.io.InputStream
        public int read(@Nonnull byte[] bArr, int i, int i2) throws IOException {
            int read = super.read(bArr, i, i2);
            if (read == -1) {
                finalizeSignatures();
            } else {
                updateOnePassSignatures(bArr, i, read);
                updateDetachedSignatures(bArr, i, read);
            }
            return read;
        }

        private void finalizeSignatures() {
            parseAndCombineSignatures();
            verifyOnePassSignatures();
            verifyDetachedSignatures();
        }

        public void parseAndCombineSignatures() {
            if (this.objectFactory == null) {
                return;
            }
            try {
                List<PGPSignature> list = SignatureUtils.toList(parseSignatures(this.objectFactory));
                for (int i = 0; i < this.opSignatures.size(); i++) {
                    this.opSignatures.get(i).setSignature(list.get((this.opSignatures.size() - i) - 1));
                }
                for (PGPSignature pGPSignature : list) {
                    if (this.opSignaturesWithMissingCert.containsKey(Long.valueOf(pGPSignature.getKeyID()))) {
                        this.opSignaturesWithMissingCert.remove(Long.valueOf(pGPSignature.getKeyID())).setSignature(pGPSignature);
                        this.resultBuilder.addInvalidInbandSignature(new SignatureVerification(pGPSignature, null), new SignatureValidationException("Missing verification certificate " + Long.toHexString(pGPSignature.getKeyID())));
                    }
                }
            } catch (IOException e) {
            }
        }

        private PGPSignatureList parseSignatures(PGPObjectFactory pGPObjectFactory) throws IOException {
            PGPSignatureList pGPSignatureList = null;
            Object nextObject = pGPObjectFactory.nextObject();
            while (nextObject != null && pGPSignatureList == null) {
                if (nextObject instanceof PGPSignatureList) {
                    pGPSignatureList = (PGPSignatureList) nextObject;
                } else {
                    nextObject = pGPObjectFactory.nextObject();
                }
            }
            if (pGPSignatureList == null || pGPSignatureList.isEmpty()) {
                throw new IOException("Verification failed - No Signatures found");
            }
            return pGPSignatureList;
        }

        private synchronized void verifyOnePassSignatures() {
            Policy policy = PGPainless.getPolicy();
            for (OnePassSignatureCheck onePassSignatureCheck : this.opSignatures) {
                if (onePassSignatureCheck.getSignature() == null) {
                    LOGGER.warn("Found OnePassSignature without respective signature packet -> skip");
                } else {
                    try {
                        SignatureValidator.signatureWasCreatedInBounds(this.options.getVerifyNotBefore(), this.options.getVerifyNotAfter()).verify(onePassSignatureCheck.getSignature());
                        CertificateValidator.validateCertificateAndVerifyOnePassSignature(onePassSignatureCheck, policy);
                        this.resultBuilder.addVerifiedInbandSignature(new SignatureVerification(onePassSignatureCheck.getSignature(), onePassSignatureCheck.getSigningKey()));
                    } catch (SignatureValidationException e) {
                        LOGGER.warn("One-pass-signature verification failed for signature made by key {}: {}", new Object[]{onePassSignatureCheck.getSigningKey(), e.getMessage(), e});
                        this.resultBuilder.addInvalidInbandSignature(new SignatureVerification(onePassSignatureCheck.getSignature(), onePassSignatureCheck.getSigningKey()), e);
                    }
                }
            }
        }

        private void verifyDetachedSignatures() {
            Policy policy = PGPainless.getPolicy();
            for (DetachedSignatureCheck detachedSignatureCheck : this.detachedSignatures) {
                try {
                    SignatureValidator.signatureWasCreatedInBounds(this.options.getVerifyNotBefore(), this.options.getVerifyNotAfter()).verify(detachedSignatureCheck.getSignature());
                    CertificateValidator.validateCertificateAndVerifyInitializedSignature(detachedSignatureCheck.getSignature(), detachedSignatureCheck.getSigningKeyRing(), policy);
                    this.resultBuilder.addVerifiedDetachedSignature(new SignatureVerification(detachedSignatureCheck.getSignature(), detachedSignatureCheck.getSigningKeyIdentifier()));
                } catch (SignatureValidationException e) {
                    LOGGER.warn("One-pass-signature verification failed for signature made by key {}: {}", new Object[]{detachedSignatureCheck.getSigningKeyIdentifier(), e.getMessage(), e});
                    this.resultBuilder.addInvalidDetachedSignature(new SignatureVerification(detachedSignatureCheck.getSignature(), detachedSignatureCheck.getSigningKeyIdentifier()), e);
                }
            }
        }

        private void updateOnePassSignatures(byte b) {
            Iterator<OnePassSignatureCheck> it = this.opSignatures.iterator();
            while (it.hasNext()) {
                it.next().getOnePassSignature().update(b);
            }
        }

        private void updateOnePassSignatures(byte[] bArr, int i, int i2) {
            Iterator<OnePassSignatureCheck> it = this.opSignatures.iterator();
            while (it.hasNext()) {
                it.next().getOnePassSignature().update(bArr, i, i2);
            }
        }

        private void updateDetachedSignatures(byte b) {
            Iterator<DetachedSignatureCheck> it = this.detachedSignatures.iterator();
            while (it.hasNext()) {
                it.next().getSignature().update(b);
            }
        }

        private void updateDetachedSignatures(byte[] bArr, int i, int i2) {
            Iterator<DetachedSignatureCheck> it = this.detachedSignatures.iterator();
            while (it.hasNext()) {
                it.next().getSignature().update(bArr, i, i2);
            }
        }
    }

    protected SignatureInputStream(InputStream inputStream) {
        super(inputStream);
    }
}
