package org.pgpainless.key.generation;

import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPKeyRingGenerator;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor;
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.PGPDigestCalculator;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.generation.KeyRingBuilderInterface;
import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.ecc.EllipticCurve;
import org.pgpainless.key.generation.type.rsa.RsaLength;
import org.pgpainless.key.util.UserId;
import org.pgpainless.provider.ProviderFactory;
import org.pgpainless.util.Passphrase;
import org.pgpainless.util.SignatureSubpacketGeneratorUtil;

/* loaded from: input_file:org/pgpainless/key/generation/KeyRingBuilder.class */
public class KeyRingBuilder implements KeyRingBuilderInterface {
    private String userId;
    private Passphrase passphrase;
    private final Charset UTF8 = Charset.forName("UTF-8");
    private final List<KeySpec> keySpecs = new ArrayList();
    private final Set<String> additionalUserIds = new LinkedHashSet();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/pgpainless/key/generation/KeyRingBuilder$WithAdditionalUserIdOrPassphraseImpl.class */
    public class WithAdditionalUserIdOrPassphraseImpl implements KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase {

        /* loaded from: input_file:org/pgpainless/key/generation/KeyRingBuilder$WithAdditionalUserIdOrPassphraseImpl$BuildImpl.class */
        class BuildImpl implements KeyRingBuilderInterface.Build {
            private PGPSignatureGenerator signatureGenerator;
            private PGPDigestCalculator digestCalculator;
            private PBESecretKeyEncryptor secretKeyEncryptor;

            BuildImpl() {
            }

            @Override // org.pgpainless.key.generation.KeyRingBuilderInterface.Build
            public PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException {
                this.digestCalculator = buildDigestCalculator();
                this.secretKeyEncryptor = buildSecretKeyEncryptor();
                PBESecretKeyDecryptor buildSecretKeyDecryptor = buildSecretKeyDecryptor();
                if (KeyRingBuilder.this.passphrase != null) {
                    KeyRingBuilder.this.passphrase.clear();
                }
                KeySpec keySpec = (KeySpec) KeyRingBuilder.this.keySpecs.remove(0);
                PGPKeyPair generateKeyPair = KeyRingBuilder.generateKeyPair(keySpec);
                PGPContentSignerBuilder buildContentSigner = buildContentSigner(generateKeyPair);
                this.signatureGenerator = new PGPSignatureGenerator(buildContentSigner);
                PGPSignatureSubpacketGenerator subpacketGenerator = keySpec.getSubpacketGenerator();
                subpacketGenerator.setPrimaryUserID(false, true);
                PGPKeyRingGenerator buildRingGenerator = buildRingGenerator(generateKeyPair, buildContentSigner, subpacketGenerator.generate());
                addSubKeys(buildRingGenerator);
                PGPSecretKeyRing generateSecretKeyRing = buildRingGenerator.generateSecretKeyRing();
                Iterator secretKeys = generateSecretKeyRing.getSecretKeys();
                PGPPublicKey publicKey = ((PGPSecretKey) secretKeys.next()).getPublicKey();
                PGPPrivateKey extractPrivateKey = generateSecretKeyRing.getSecretKey().extractPrivateKey(buildSecretKeyDecryptor);
                for (String str : KeyRingBuilder.this.additionalUserIds) {
                    this.signatureGenerator.init(SignatureType.POSITIVE_CERTIFICATION.getCode(), extractPrivateKey);
                    publicKey = PGPPublicKey.addCertification(publicKey, str, this.signatureGenerator.generateCertification(str, publicKey));
                }
                PGPSecretKey pGPSecretKey = new PGPSecretKey(extractPrivateKey, publicKey, this.digestCalculator, true, this.secretKeyEncryptor);
                ArrayList arrayList = new ArrayList();
                arrayList.add(pGPSecretKey);
                while (secretKeys.hasNext()) {
                    arrayList.add((PGPSecretKey) secretKeys.next());
                }
                return new PGPSecretKeyRing(arrayList);
            }

            private PGPKeyRingGenerator buildRingGenerator(PGPKeyPair pGPKeyPair, PGPContentSignerBuilder pGPContentSignerBuilder, PGPSignatureSubpacketVector pGPSignatureSubpacketVector) throws PGPException {
                return new PGPKeyRingGenerator(SignatureType.POSITIVE_CERTIFICATION.getCode(), pGPKeyPair, KeyRingBuilder.this.userId, this.digestCalculator, pGPSignatureSubpacketVector, (PGPSignatureSubpacketVector) null, pGPContentSignerBuilder, this.secretKeyEncryptor);
            }

            private void addSubKeys(PGPKeyRingGenerator pGPKeyRingGenerator) throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException {
                for (KeySpec keySpec : KeyRingBuilder.this.keySpecs) {
                    PGPKeyPair generateKeyPair = KeyRingBuilder.generateKeyPair(keySpec);
                    if (keySpec.isInheritedSubPackets()) {
                        pGPKeyRingGenerator.addSubKey(generateKeyPair);
                    } else {
                        pGPKeyRingGenerator.addSubKey(generateKeyPair, keySpec.getSubpackets(), (PGPSignatureSubpacketVector) null);
                    }
                }
            }

            private PGPContentSignerBuilder buildContentSigner(PGPKeyPair pGPKeyPair) {
                return ImplementationFactory.getInstance().getPGPContentSignerBuilder(pGPKeyPair.getPublicKey().getAlgorithm(), PGPainless.getPolicy().getDefaultSignatureHashAlgorithm().getAlgorithmId());
            }

            private PBESecretKeyEncryptor buildSecretKeyEncryptor() {
                return (KeyRingBuilder.this.passphrase == null || KeyRingBuilder.this.passphrase.isEmpty()) ? null : ImplementationFactory.getInstance().getPBESecretKeyEncryptor(PGPainless.getPolicy().getDefaultSymmetricKeyAlgorithm(), this.digestCalculator, KeyRingBuilder.this.passphrase);
            }

            private PBESecretKeyDecryptor buildSecretKeyDecryptor() throws PGPException {
                return (KeyRingBuilder.this.passphrase == null || KeyRingBuilder.this.passphrase.isEmpty()) ? null : ImplementationFactory.getInstance().getPBESecretKeyDecryptor(KeyRingBuilder.this.passphrase);
            }

            private PGPDigestCalculator buildDigestCalculator() throws PGPException {
                return ImplementationFactory.getInstance().getPGPDigestCalculator(HashAlgorithm.SHA1);
            }
        }

        WithAdditionalUserIdOrPassphraseImpl() {
        }

        @Override // org.pgpainless.key.generation.KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase
        public KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull String str) {
            String trim = str.trim();
            if (KeyRingBuilder.this.userId.equals(trim)) {
                throw new IllegalArgumentException("Additional user-id MUST NOT be equal to primary user-id.");
            }
            KeyRingBuilder.this.additionalUserIds.add(trim);
            return this;
        }

        @Override // org.pgpainless.key.generation.KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase
        public KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull byte[] bArr) {
            return withAdditionalUserId(new String(bArr, KeyRingBuilder.this.UTF8));
        }

        @Override // org.pgpainless.key.generation.KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase
        public KeyRingBuilderInterface.Build withPassphrase(@Nonnull Passphrase passphrase) {
            KeyRingBuilder.this.passphrase = passphrase;
            return new BuildImpl();
        }

        @Override // org.pgpainless.key.generation.KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase
        public KeyRingBuilderInterface.Build withoutPassphrase() {
            KeyRingBuilder.this.passphrase = null;
            return new BuildImpl();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/pgpainless/key/generation/KeyRingBuilder$WithPrimaryUserIdImpl.class */
    public class WithPrimaryUserIdImpl implements KeyRingBuilderInterface.WithPrimaryUserId {
        WithPrimaryUserIdImpl() {
        }

        @Override // org.pgpainless.key.generation.KeyRingBuilderInterface.WithPrimaryUserId
        public KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull String str) {
            KeyRingBuilder.this.userId = str.trim();
            return new WithAdditionalUserIdOrPassphraseImpl();
        }

        @Override // org.pgpainless.key.generation.KeyRingBuilderInterface.WithPrimaryUserId
        public KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull byte[] bArr) {
            return withPrimaryUserId(new String(bArr, KeyRingBuilder.this.UTF8));
        }
    }

    public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull UserId userId, @Nonnull RsaLength rsaLength) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
        return simpleRsaKeyRing(userId.toString(), rsaLength);
    }

    public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String str, @Nonnull RsaLength rsaLength) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
        return simpleRsaKeyRing(str, rsaLength, (String) null);
    }

    public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull UserId userId, @Nonnull RsaLength rsaLength, String str) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
        return simpleRsaKeyRing(userId.toString(), rsaLength, str);
    }

    public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String str, @Nonnull RsaLength rsaLength, String str2) throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase withPrimaryUserId = withMasterKey(KeySpec.getBuilder(KeyType.RSA(rsaLength)).withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS).withDefaultAlgorithms()).withPrimaryUserId(str);
        return str2 == null ? withPrimaryUserId.withoutPassphrase().build() : withPrimaryUserId.withPassphrase(new Passphrase(str2.toCharArray())).build();
    }

    public PGPSecretKeyRing simpleEcKeyRing(@Nonnull UserId userId) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
        return simpleEcKeyRing(userId.toString());
    }

    public PGPSecretKeyRing simpleEcKeyRing(@Nonnull String str) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
        return simpleEcKeyRing(str, (String) null);
    }

    public PGPSecretKeyRing simpleEcKeyRing(@Nonnull UserId userId, String str) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
        return simpleEcKeyRing(userId.toString(), str);
    }

    public PGPSecretKeyRing simpleEcKeyRing(@Nonnull String str, String str2) throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase withPrimaryUserId = withSubKey(KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._P256)).withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS).withDefaultAlgorithms()).withMasterKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._P256)).withKeyFlags(KeyFlag.AUTHENTICATION, KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA).withDefaultAlgorithms()).withPrimaryUserId(str);
        return str2 == null ? withPrimaryUserId.withoutPassphrase().build() : withPrimaryUserId.withPassphrase(new Passphrase(str2.toCharArray())).build();
    }

    @Override // org.pgpainless.key.generation.KeyRingBuilderInterface
    public KeyRingBuilderInterface withSubKey(@Nonnull KeySpec keySpec) {
        this.keySpecs.add(keySpec);
        return this;
    }

    @Override // org.pgpainless.key.generation.KeyRingBuilderInterface
    public KeyRingBuilderInterface.WithPrimaryUserId withMasterKey(@Nonnull KeySpec keySpec) {
        verifyMasterKeyCanCertify(keySpec);
        this.keySpecs.add(0, keySpec);
        return new WithPrimaryUserIdImpl();
    }

    private void verifyMasterKeyCanCertify(KeySpec keySpec) {
        if (!hasCertifyOthersFlag(keySpec)) {
            throw new IllegalArgumentException("Certification Key MUST have KeyFlag CERTIFY_OTHER");
        }
        if (!keyIsCertificationCapable(keySpec)) {
            throw new IllegalArgumentException("Key algorithm " + keySpec.getKeyType().getName() + " is not capable of creating certifications.");
        }
    }

    private boolean hasCertifyOthersFlag(KeySpec keySpec) {
        return SignatureSubpacketGeneratorUtil.hasKeyFlag(KeyFlag.CERTIFY_OTHER, keySpec.getSubpacketGenerator());
    }

    private boolean keyIsCertificationCapable(KeySpec keySpec) {
        return keySpec.getKeyType().canCertify();
    }

    public static PGPKeyPair generateKeyPair(KeySpec keySpec) throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException {
        KeyType keyType = keySpec.getKeyType();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyType.getName(), ProviderFactory.getProvider());
        keyPairGenerator.initialize(keyType.getAlgorithmSpec());
        return ImplementationFactory.getInstance().getPGPKeyPair(keyType.getAlgorithm(), keyPairGenerator.generateKeyPair(), new Date());
    }
}
