package org.pgpainless.encryption_signing;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.DocumentSignatureType;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.exception.KeyCannotSignException;
import org.pgpainless.exception.KeyValidationError;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.key.TestKeys;
import org.pgpainless.key.generation.KeySpec;
import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.util.KeyRingUtils;
import org.pgpainless.util.MultiMap;
import org.pgpainless.util.Passphrase;

/* loaded from: input_file:org/pgpainless/encryption_signing/SigningTest.class */
public class SigningTest {
    @MethodSource({"org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories"})
    @ParameterizedTest
    public void testEncryptionAndSignatureVerification(ImplementationFactory implementationFactory) throws IOException, PGPException {
        ImplementationFactory.setFactoryImplementation(implementationFactory);
        PGPPublicKeyRing julietPublicKeyRing = TestKeys.getJulietPublicKeyRing();
        PGPPublicKeyRing romeoPublicKeyRing = TestKeys.getRomeoPublicKeyRing();
        PGPSecretKeyRing cryptieSecretKeyRing = TestKeys.getCryptieSecretKeyRing();
        PGPSecretKey secretKey = cryptieSecretKeyRing.getSecretKey(((PGPPublicKey) new KeyRingInfo(cryptieSecretKeyRing).getSigningSubkeys().get(0)).getKeyID());
        PGPPublicKeyRingCollection pGPPublicKeyRingCollection = new PGPPublicKeyRingCollection(Arrays.asList(julietPublicKeyRing, romeoPublicKeyRing));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        EncryptionStream withOptions = PGPainless.encryptAndOrSign().onOutputStream(byteArrayOutputStream).withOptions(ProducerOptions.signAndEncrypt(EncryptionOptions.encryptDataAtRest().addRecipients(pGPPublicKeyRingCollection).addRecipient(KeyRingUtils.publicKeyRingFrom(cryptieSecretKeyRing)), new SigningOptions().addInlineSignature(SecretKeyRingProtector.unlockSingleKeyWith(TestKeys.CRYPTIE_PASSPHRASE, secretKey), cryptieSecretKeyRing, TestKeys.CRYPTIE_UID, DocumentSignatureType.CANONICAL_TEXT_DOCUMENT)).setAsciiArmor(true));
        Streams.pipeAll(new ByteArrayInputStream("This message is signed and encrypted to Romeo and Juliet.".getBytes(StandardCharsets.UTF_8)), withOptions);
        withOptions.close();
        DecryptionStream withOptions2 = PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).withOptions(new ConsumerOptions().addDecryptionKeys(new PGPSecretKeyRingCollection(Arrays.asList(TestKeys.getRomeoSecretKeyRing(), TestKeys.getJulietSecretKeyRing())), SecretKeyRingProtector.unprotectedKeys()).addVerificationCerts(new PGPPublicKeyRingCollection(Arrays.asList(KeyRingUtils.publicKeyRingFrom(cryptieSecretKeyRing), romeoPublicKeyRing))));
        Streams.pipeAll(withOptions2, new ByteArrayOutputStream());
        withOptions2.close();
        OpenPgpMetadata result = withOptions2.getResult();
        Assertions.assertTrue(result.isEncrypted());
        Assertions.assertTrue(result.isSigned());
        Assertions.assertTrue(result.isVerified());
        Assertions.assertTrue(result.containsVerifiedSignatureFrom(KeyRingUtils.publicKeyRingFrom(cryptieSecretKeyRing)));
        Assertions.assertFalse(result.containsVerifiedSignatureFrom(julietPublicKeyRing));
    }

    @Test
    public void testSignWithInvalidUserIdFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        PGPSecretKeyRing modernKeyRing = PGPainless.generateKeyRing().modernKeyRing("alice", TestKeys.CRYPTIE_PASSWORD);
        SecretKeyRingProtector unlockAllKeysWith = SecretKeyRingProtector.unlockAllKeysWith(Passphrase.fromPassword(TestKeys.CRYPTIE_PASSWORD), modernKeyRing);
        SigningOptions signingOptions = new SigningOptions();
        Assertions.assertThrows(KeyValidationError.class, () -> {
            signingOptions.addInlineSignature(unlockAllKeysWith, modernKeyRing, "bob", DocumentSignatureType.CANONICAL_TEXT_DOCUMENT);
        });
    }

    @Test
    public void testSignWithRevokedUserIdFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        PGPSecretKeyRing modernKeyRing = PGPainless.generateKeyRing().modernKeyRing("alice", TestKeys.CRYPTIE_PASSWORD);
        SecretKeyRingProtector unlockAllKeysWith = SecretKeyRingProtector.unlockAllKeysWith(Passphrase.fromPassword(TestKeys.CRYPTIE_PASSWORD), modernKeyRing);
        PGPSecretKeyRing done = PGPainless.modifyKeyRing(modernKeyRing).revokeUserId("alice", unlockAllKeysWith).done();
        SigningOptions signingOptions = new SigningOptions();
        Assertions.assertThrows(KeyValidationError.class, () -> {
            signingOptions.addInlineSignature(unlockAllKeysWith, done, "alice", DocumentSignatureType.CANONICAL_TEXT_DOCUMENT);
        });
    }

    @Test
    public void signWithHashAlgorithmOverride() throws PGPException, IOException {
        PGPSecretKeyRing emilSecretKeyRing = TestKeys.getEmilSecretKeyRing();
        SecretKeyRingProtector unprotectedKeys = SecretKeyRingProtector.unprotectedKeys();
        SigningOptions signingOptions = new SigningOptions();
        Assertions.assertNull(signingOptions.getHashAlgorithmOverride());
        signingOptions.overrideHashAlgorithm(HashAlgorithm.SHA224);
        Assertions.assertEquals(HashAlgorithm.SHA224, signingOptions.getHashAlgorithmOverride());
        signingOptions.addDetachedSignature(unprotectedKeys, emilSecretKeyRing, DocumentSignatureType.BINARY_DOCUMENT);
        EncryptionStream withOptions = PGPainless.encryptAndOrSign().onOutputStream(new ByteArrayOutputStream()).withOptions(ProducerOptions.sign(signingOptions));
        Streams.pipeAll(new ByteArrayInputStream("Hello, World!\n".getBytes(StandardCharsets.UTF_8)), withOptions);
        withOptions.close();
        MultiMap detachedSignatures = withOptions.getResult().getDetachedSignatures();
        Assertions.assertEquals(1, detachedSignatures.size());
        SubkeyIdentifier subkeyIdentifier = (SubkeyIdentifier) detachedSignatures.keySet().iterator().next();
        Assertions.assertEquals(1, detachedSignatures.get(subkeyIdentifier).size());
        Assertions.assertEquals(HashAlgorithm.SHA224.getAlgorithmId(), ((PGPSignature) detachedSignatures.get(subkeyIdentifier).iterator().next()).getHashAlgorithm());
    }

    @Test
    public void negotiateHashAlgorithmChoseFallbackIfEmptyPreferences() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
        EncryptionStream withOptions = PGPainless.encryptAndOrSign().onOutputStream(new ByteArrayOutputStream()).withOptions(ProducerOptions.sign(new SigningOptions().addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), PGPainless.buildKeyRing().setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, new KeyFlag[]{KeyFlag.SIGN_DATA}).overridePreferredHashAlgorithms(new HashAlgorithm[0])).addUserId("Alice").build(), DocumentSignatureType.BINARY_DOCUMENT)));
        Streams.pipeAll(new ByteArrayInputStream("Hello, World!\n".getBytes(StandardCharsets.UTF_8)), withOptions);
        withOptions.close();
        MultiMap detachedSignatures = withOptions.getResult().getDetachedSignatures();
        Assertions.assertEquals(PGPainless.getPolicy().getSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId(), ((PGPSignature) detachedSignatures.get((SubkeyIdentifier) detachedSignatures.keySet().iterator().next()).iterator().next()).getHashAlgorithm());
    }

    @Test
    public void negotiateHashAlgorithmChoseFallbackIfUnacceptablePreferences() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
        EncryptionStream withOptions = PGPainless.encryptAndOrSign().onOutputStream(new ByteArrayOutputStream()).withOptions(ProducerOptions.sign(new SigningOptions().addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), PGPainless.buildKeyRing().setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, new KeyFlag[]{KeyFlag.SIGN_DATA}).overridePreferredHashAlgorithms(new HashAlgorithm[]{HashAlgorithm.MD5})).addUserId("Alice").build(), DocumentSignatureType.BINARY_DOCUMENT)));
        Streams.pipeAll(new ByteArrayInputStream("Hello, World!\n".getBytes(StandardCharsets.UTF_8)), withOptions);
        withOptions.close();
        MultiMap detachedSignatures = withOptions.getResult().getDetachedSignatures();
        Assertions.assertEquals(PGPainless.getPolicy().getSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId(), ((PGPSignature) detachedSignatures.get((SubkeyIdentifier) detachedSignatures.keySet().iterator().next()).iterator().next()).getHashAlgorithm());
    }

    @Test
    public void signingWithNonCapableKeyThrowsKeyCannotSignException() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
        PGPSecretKeyRing build = PGPainless.buildKeyRing().setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, new KeyFlag[0])).addUserId("Alice").build();
        SigningOptions signingOptions = new SigningOptions();
        Assertions.assertThrows(KeyCannotSignException.class, () -> {
            signingOptions.addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), build, DocumentSignatureType.BINARY_DOCUMENT);
        });
        Assertions.assertThrows(KeyCannotSignException.class, () -> {
            signingOptions.addInlineSignature(SecretKeyRingProtector.unprotectedKeys(), build, DocumentSignatureType.BINARY_DOCUMENT);
        });
    }

    @Test
    public void signWithInvalidUserIdThrowsKeyValidationError() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
        PGPSecretKeyRing build = PGPainless.buildKeyRing().setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, new KeyFlag[]{KeyFlag.SIGN_DATA})).addUserId("Alice").build();
        SigningOptions signingOptions = new SigningOptions();
        Assertions.assertThrows(KeyValidationError.class, () -> {
            signingOptions.addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), build, "Bob", DocumentSignatureType.BINARY_DOCUMENT);
        });
        Assertions.assertThrows(KeyValidationError.class, () -> {
            signingOptions.addInlineSignature(SecretKeyRingProtector.unprotectedKeys(), build, "Bob", DocumentSignatureType.BINARY_DOCUMENT);
        });
    }
}
