package org.jreleaser.sdk.git;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Security;
import java.util.Iterator;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.eclipse.jgit.api.errors.CanceledException;
import org.eclipse.jgit.api.errors.JGitInternalException;
import org.eclipse.jgit.api.errors.UnsupportedSigningFormatException;
import org.eclipse.jgit.lib.CommitBuilder;
import org.eclipse.jgit.lib.GpgConfig;
import org.eclipse.jgit.lib.GpgObjectSigner;
import org.eclipse.jgit.lib.GpgSignature;
import org.eclipse.jgit.lib.GpgSigner;
import org.eclipse.jgit.lib.ObjectBuilder;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.jreleaser.model.JReleaserContext;
import org.jreleaser.model.Signing;
import org.jreleaser.util.StringUtils;
import org.jreleaser.util.signing.Keyring;
import org.jreleaser.util.signing.SigningException;

/* loaded from: input_file:org/jreleaser/sdk/git/JReleaserGpgSigner.class */
public class JReleaserGpgSigner extends GpgSigner implements GpgObjectSigner {
    private final JReleaserContext context;
    private final boolean enabled;

    public JReleaserGpgSigner(JReleaserContext jReleaserContext, boolean z) {
        this.context = jReleaserContext;
        this.enabled = z;
    }

    public boolean canLocateSigningKey(String str, PersonIdent personIdent, CredentialsProvider credentialsProvider, GpgConfig gpgConfig) throws CanceledException, UnsupportedSigningFormatException {
        return this.enabled;
    }

    public boolean canLocateSigningKey(String str, PersonIdent personIdent, CredentialsProvider credentialsProvider) throws CanceledException {
        return this.enabled;
    }

    public void sign(CommitBuilder commitBuilder, String str, PersonIdent personIdent, CredentialsProvider credentialsProvider) throws CanceledException {
        if (this.enabled) {
            try {
                signObject(commitBuilder, str, personIdent, credentialsProvider, null);
            } catch (UnsupportedSigningFormatException e) {
            }
        }
    }

    public void signObject(ObjectBuilder objectBuilder, String str, PersonIdent personIdent, CredentialsProvider credentialsProvider, GpgConfig gpgConfig) throws CanceledException, UnsupportedSigningFormatException {
        if (this.enabled) {
            try {
                Keyring createKeyring = this.context.createKeyring();
                PGPSignatureGenerator initSignatureGenerator = initSignatureGenerator(this.context.getModel().getSigning(), createKeyring);
                adjustCommiterId(initSignatureGenerator, personIdent, createKeyring);
                signObject(initSignatureGenerator, objectBuilder);
            } catch (SigningException e) {
                throw new JGitInternalException(e.getMessage(), e);
            }
        }
    }

    private PGPSignatureGenerator initSignatureGenerator(Signing signing, Keyring keyring) throws SigningException {
        try {
            PGPSecretKey secretKey = keyring.getSecretKey();
            PGPPrivateKey extractPrivateKey = secretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider("BC").build(signing.getResolvedPassphrase().toCharArray()));
            PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(new JcaPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), 8).setProvider("BC"));
            pGPSignatureGenerator.init(0, extractPrivateKey);
            return pGPSignatureGenerator;
        } catch (PGPException e) {
            throw new SigningException("Unexpected error when initializing signature generator", e);
        }
    }

    private void adjustCommiterId(PGPSignatureGenerator pGPSignatureGenerator, PersonIdent personIdent, Keyring keyring) throws SigningException {
        PGPPublicKey readPublicKey = keyring.readPublicKey();
        PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator = new PGPSignatureSubpacketGenerator();
        pGPSignatureSubpacketGenerator.setIssuerFingerprint(false, readPublicKey);
        String emailAddress = personIdent.getEmailAddress();
        Iterator userIDs = readPublicKey.getUserIDs();
        if (userIDs.hasNext()) {
            String str = (String) userIDs.next();
            if (StringUtils.isNotBlank(str) && (StringUtils.isBlank(emailAddress) || !str.contains(emailAddress))) {
                emailAddress = extractSignerId(str);
            }
        }
        if (StringUtils.isNotBlank(emailAddress)) {
            pGPSignatureSubpacketGenerator.addSignerUserID(false, emailAddress);
        }
        pGPSignatureGenerator.setHashedSubpackets(pGPSignatureSubpacketGenerator.generate());
    }

    private String extractSignerId(String str) {
        int indexOf;
        int indexOf2 = str.indexOf(60);
        return (indexOf2 < 0 || (indexOf = str.indexOf(62, indexOf2 + 1)) <= indexOf2 + 1) ? str : str.substring(indexOf2 + 1, indexOf);
    }

    private void signObject(PGPSignatureGenerator pGPSignatureGenerator, ObjectBuilder objectBuilder) throws SigningException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            BCPGOutputStream bCPGOutputStream = new BCPGOutputStream(new ArmoredOutputStream(byteArrayOutputStream));
            try {
                pGPSignatureGenerator.update(objectBuilder.build());
                pGPSignatureGenerator.generate().encode(bCPGOutputStream);
                bCPGOutputStream.close();
                objectBuilder.setGpgSignature(new GpgSignature(byteArrayOutputStream.toByteArray()));
            } finally {
            }
        } catch (IOException | PGPException e) {
            throw new SigningException(e.getMessage(), e);
        }
    }

    static {
        Security.removeProvider("BC");
        Security.setProperty("crypto.policy", "unlimited");
        Security.addProvider(new BouncyCastleProvider());
    }
}
