package org.pgpainless.decryption_verification;

import org.bouncycastle.bcpg.sig.NotationData;
import org.bouncycastle.openpgp.PGPDataValidationException;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.pgpainless.algorithm.SignatureSubpacket;
import org.pgpainless.util.NotationRegistry;

/* loaded from: input_file:org/pgpainless/decryption_verification/SignatureValidationUtil.class */
public class SignatureValidationUtil {
    public static void validate(PGPSignature pGPSignature) throws PGPException {
        validateHashedAreaHasSignatureCreationTime(pGPSignature);
        validateSignatureCreationTimeIsNotInUnhashedArea(pGPSignature);
        validateSignatureDoesNotContainCriticalUnknownSubpackets(pGPSignature);
        validateSignatureDoesNotContainCriticalUnknownNotations(pGPSignature);
    }

    public static void validateHashedAreaHasSignatureCreationTime(PGPSignature pGPSignature) throws PGPDataValidationException {
        if (pGPSignature.getHashedSubPackets().getSignatureCreationTime() == null) {
            throw new PGPDataValidationException("Hashed area of the signature MUST carry signature creation time subpacket.");
        }
    }

    public static void validateSignatureCreationTimeIsNotInUnhashedArea(PGPSignature pGPSignature) throws PGPDataValidationException {
        if (pGPSignature.getUnhashedSubPackets().getSignatureCreationTime() != null) {
            throw new PGPDataValidationException("Signature creation time MUST be in hashed area of the signature.");
        }
    }

    public static void validateSignatureDoesNotContainCriticalUnknownSubpackets(PGPSignature pGPSignature) throws PGPDataValidationException {
        try {
            throwIfContainsCriticalUnknownSubpacket(pGPSignature.getHashedSubPackets());
            try {
                throwIfContainsCriticalUnknownSubpacket(pGPSignature.getHashedSubPackets());
            } catch (PGPDataValidationException e) {
                throw new PGPDataValidationException("Signature has unknown critical subpacket in unhashed area.\n" + e.getMessage());
            }
        } catch (PGPDataValidationException e2) {
            throw new PGPDataValidationException("Signature has unknown critical subpacket in hashed area.\n" + e2.getMessage());
        }
    }

    private static void throwIfContainsCriticalUnknownSubpacket(PGPSignatureSubpacketVector pGPSignatureSubpacketVector) throws PGPDataValidationException {
        for (int i : pGPSignatureSubpacketVector.getCriticalTags()) {
            try {
                SignatureSubpacket.fromCode(i);
            } catch (IllegalArgumentException e) {
                throw new PGPDataValidationException("Unknown critical signature subpacket: " + Long.toHexString(i));
            }
        }
    }

    public static void validateSignatureDoesNotContainCriticalUnknownNotations(PGPSignature pGPSignature) throws PGPDataValidationException {
        try {
            throwIfSubpacketsContainCriticalUnknownNotation(pGPSignature.getHashedSubPackets());
            try {
                throwIfSubpacketsContainCriticalUnknownNotation(pGPSignature.getUnhashedSubPackets());
            } catch (PGPDataValidationException e) {
                throw new PGPDataValidationException("Signature contains unknown critical notation in unhashed area:\n" + e.getMessage());
            }
        } catch (PGPDataValidationException e2) {
            throw new PGPDataValidationException("Signature contains unknown critical notation in hashed area:\n" + e2.getMessage());
        }
    }

    private static void throwIfSubpacketsContainCriticalUnknownNotation(PGPSignatureSubpacketVector pGPSignatureSubpacketVector) throws PGPDataValidationException {
        for (NotationData notationData : pGPSignatureSubpacketVector.getNotationDataOccurrences()) {
            if (notationData.isCritical() && !NotationRegistry.getInstance().isKnownNotation(notationData.getNotationName())) {
                throw new PGPDataValidationException("Critical unknown notation encountered: " + notationData.getNotationName());
            }
        }
    }
}
