package org.pgpainless.key.generation;

import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.bouncycastle.bcpg.sig.KeyFlags;
import org.bouncycastle.bcpg.sig.PrimaryUserID;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPKeyRingGenerator;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor;
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.PGPDigestCalculator;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.protection.UnlockSecretKey;
import org.pgpainless.provider.ProviderFactory;
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
import org.pgpainless.signature.subpackets.SignatureSubpackets;
import org.pgpainless.signature.subpackets.SignatureSubpacketsHelper;
import org.pgpainless.util.Passphrase;

/* loaded from: input_file:org/pgpainless/key/generation/KeyRingBuilder.class */
public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
    private KeySpec primaryKeySpec;
    private final Charset UTF8 = Charset.forName("UTF-8");
    private final List<KeySpec> subkeySpecs = new ArrayList();
    private final Map<String, SelfSignatureSubpackets.Callback> userIds = new LinkedHashMap();
    private Passphrase passphrase = Passphrase.emptyPassphrase();
    private Date expirationDate = null;

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.pgpainless.key.generation.KeyRingBuilderInterface
    public KeyRingBuilder setPrimaryKey(@Nonnull KeySpec keySpec) {
        verifyMasterKeyCanCertify(keySpec);
        this.primaryKeySpec = keySpec;
        return this;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.pgpainless.key.generation.KeyRingBuilderInterface
    public KeyRingBuilder addSubkey(@Nonnull KeySpec keySpec) {
        this.subkeySpecs.add(keySpec);
        return this;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.pgpainless.key.generation.KeyRingBuilderInterface
    public KeyRingBuilder addUserId(@Nonnull String str) {
        this.userIds.put(str.trim(), null);
        return this;
    }

    public KeyRingBuilder addUserId(@Nonnull String str, @Nullable SelfSignatureSubpackets.Callback callback) {
        this.userIds.put(str.trim(), callback);
        return this;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.pgpainless.key.generation.KeyRingBuilderInterface
    public KeyRingBuilder addUserId(@Nonnull byte[] bArr) {
        return addUserId(new String(bArr, this.UTF8));
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.pgpainless.key.generation.KeyRingBuilderInterface
    public KeyRingBuilder setExpirationDate(@Nonnull Date date) {
        if (new Date().after(date)) {
            throw new IllegalArgumentException("Expiration date must be in the future.");
        }
        this.expirationDate = date;
        return this;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.pgpainless.key.generation.KeyRingBuilderInterface
    public KeyRingBuilder setPassphrase(@Nonnull Passphrase passphrase) {
        this.passphrase = passphrase;
        return this;
    }

    private void verifyMasterKeyCanCertify(KeySpec keySpec) {
        if (!hasCertifyOthersFlag(keySpec)) {
            throw new IllegalArgumentException("Certification Key MUST have KeyFlag CERTIFY_OTHER");
        }
        if (!keyIsCertificationCapable(keySpec)) {
            throw new IllegalArgumentException("Key algorithm " + keySpec.getKeyType().getName() + " is not capable of creating certifications.");
        }
    }

    private boolean hasCertifyOthersFlag(KeySpec keySpec) {
        KeyFlags keyFlagsSubpacket = keySpec.getSubpacketGenerator().getKeyFlagsSubpacket();
        return keyFlagsSubpacket != null && KeyFlag.hasKeyFlag(keyFlagsSubpacket.getFlags(), KeyFlag.CERTIFY_OTHER);
    }

    private boolean keyIsCertificationCapable(KeySpec keySpec) {
        return keySpec.getKeyType().canCertify();
    }

    @Override // org.pgpainless.key.generation.KeyRingBuilderInterface
    public PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException {
        SignatureSubpackets createHashedSubpackets;
        if (this.userIds.isEmpty()) {
            throw new IllegalStateException("At least one user-id is required.");
        }
        PGPDigestCalculator v4FingerprintCalculator = ImplementationFactory.getInstance().getV4FingerprintCalculator();
        PBESecretKeyEncryptor buildSecretKeyEncryptor = buildSecretKeyEncryptor(v4FingerprintCalculator);
        PBESecretKeyDecryptor buildSecretKeyDecryptor = buildSecretKeyDecryptor();
        this.passphrase.clear();
        PGPKeyPair generateKeyPair = generateKeyPair(this.primaryKeySpec);
        PGPContentSignerBuilder buildContentSigner = buildContentSigner(generateKeyPair);
        PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(buildContentSigner);
        SignatureSubpackets subpacketGenerator = this.primaryKeySpec.getSubpacketGenerator();
        subpacketGenerator.setIssuerFingerprintAndKeyId(generateKeyPair.getPublicKey());
        subpacketGenerator.setPrimaryUserId();
        if (this.expirationDate != null) {
            subpacketGenerator.setKeyExpirationTime(generateKeyPair.getPublicKey(), this.expirationDate);
        }
        PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator = new PGPSignatureSubpacketGenerator();
        SignatureSubpacketsHelper.applyTo(subpacketGenerator, pGPSignatureSubpacketGenerator);
        PGPKeyRingGenerator buildRingGenerator = buildRingGenerator(generateKeyPair, buildContentSigner, v4FingerprintCalculator, pGPSignatureSubpacketGenerator.generate(), buildSecretKeyEncryptor);
        addSubKeys(generateKeyPair, buildRingGenerator);
        PGPSecretKeyRing generateSecretKeyRing = buildRingGenerator.generateSecretKeyRing();
        Iterator secretKeys = generateSecretKeyRing.getSecretKeys();
        PGPPublicKey publicKey = ((PGPSecretKey) secretKeys.next()).getPublicKey();
        PGPPrivateKey unlockSecretKey = UnlockSecretKey.unlockSecretKey(generateSecretKeyRing.getSecretKey(), buildSecretKeyDecryptor);
        Iterator<Map.Entry<String, SelfSignatureSubpackets.Callback>> it = this.userIds.entrySet().iterator();
        it.next();
        while (it.hasNext()) {
            Map.Entry<String, SelfSignatureSubpackets.Callback> next = it.next();
            String key = next.getKey();
            SelfSignatureSubpackets.Callback value = next.getValue();
            if (value == null) {
                createHashedSubpackets = subpacketGenerator;
                createHashedSubpackets.setPrimaryUserId((PrimaryUserID) null);
            } else {
                createHashedSubpackets = SignatureSubpackets.createHashedSubpackets(publicKey);
                value.modifyHashedSubpackets(createHashedSubpackets);
            }
            pGPSignatureGenerator.init(SignatureType.POSITIVE_CERTIFICATION.getCode(), unlockSecretKey);
            pGPSignatureGenerator.setHashedSubpackets(SignatureSubpacketsHelper.toVector(createHashedSubpackets));
            publicKey = PGPPublicKey.addCertification(publicKey, key, pGPSignatureGenerator.generateCertification(key, publicKey));
        }
        PGPSecretKey pGPSecretKey = new PGPSecretKey(unlockSecretKey, publicKey, v4FingerprintCalculator, true, buildSecretKeyEncryptor);
        ArrayList arrayList = new ArrayList();
        arrayList.add(pGPSecretKey);
        while (secretKeys.hasNext()) {
            arrayList.add((PGPSecretKey) secretKeys.next());
        }
        return new PGPSecretKeyRing(arrayList);
    }

    private PGPKeyRingGenerator buildRingGenerator(PGPKeyPair pGPKeyPair, PGPContentSignerBuilder pGPContentSignerBuilder, PGPDigestCalculator pGPDigestCalculator, PGPSignatureSubpacketVector pGPSignatureSubpacketVector, PBESecretKeyEncryptor pBESecretKeyEncryptor) throws PGPException {
        return new PGPKeyRingGenerator(SignatureType.POSITIVE_CERTIFICATION.getCode(), pGPKeyPair, this.userIds.entrySet().iterator().next().getKey(), pGPDigestCalculator, pGPSignatureSubpacketVector, (PGPSignatureSubpacketVector) null, pGPContentSignerBuilder, pBESecretKeyEncryptor);
    }

    private void addSubKeys(PGPKeyPair pGPKeyPair, PGPKeyRingGenerator pGPKeyRingGenerator) throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException {
        for (KeySpec keySpec : this.subkeySpecs) {
            PGPKeyPair generateKeyPair = generateKeyPair(keySpec);
            if (keySpec.isInheritedSubPackets()) {
                pGPKeyRingGenerator.addSubKey(generateKeyPair);
            } else {
                try {
                    pGPKeyRingGenerator.addSubKey(generateKeyPair, addPrimaryKeyBindingSignatureIfNecessary(pGPKeyPair, generateKeyPair, keySpec.getSubpackets()), (PGPSignatureSubpacketVector) null);
                } catch (IOException e) {
                    throw new PGPException("Exception while adding primary key binding signature to signing subkey", e);
                }
            }
        }
    }

    private PGPSignatureSubpacketVector addPrimaryKeyBindingSignatureIfNecessary(PGPKeyPair pGPKeyPair, PGPKeyPair pGPKeyPair2, PGPSignatureSubpacketVector pGPSignatureSubpacketVector) throws PGPException, IOException {
        int keyFlags = pGPSignatureSubpacketVector.getKeyFlags();
        if (!KeyFlag.hasKeyFlag(keyFlags, KeyFlag.SIGN_DATA) && !KeyFlag.hasKeyFlag(keyFlags, KeyFlag.CERTIFY_OTHER)) {
            return pGPSignatureSubpacketVector;
        }
        PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(buildContentSigner(pGPKeyPair2));
        pGPSignatureGenerator.init(SignatureType.PRIMARYKEY_BINDING.getCode(), pGPKeyPair2.getPrivateKey());
        PGPSignature generateCertification = pGPSignatureGenerator.generateCertification(pGPKeyPair.getPublicKey(), pGPKeyPair2.getPublicKey());
        PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator = new PGPSignatureSubpacketGenerator(pGPSignatureSubpacketVector);
        pGPSignatureSubpacketGenerator.addEmbeddedSignature(false, generateCertification);
        return pGPSignatureSubpacketGenerator.generate();
    }

    private PGPContentSignerBuilder buildContentSigner(PGPKeyPair pGPKeyPair) {
        return ImplementationFactory.getInstance().getPGPContentSignerBuilder(pGPKeyPair.getPublicKey().getAlgorithm(), PGPainless.getPolicy().getSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId());
    }

    private PBESecretKeyEncryptor buildSecretKeyEncryptor(PGPDigestCalculator pGPDigestCalculator) {
        SymmetricKeyAlgorithm defaultSymmetricKeyAlgorithm = PGPainless.getPolicy().getSymmetricKeyEncryptionAlgorithmPolicy().getDefaultSymmetricKeyAlgorithm();
        if (!this.passphrase.isValid()) {
            throw new IllegalStateException("Passphrase was cleared.");
        }
        if (this.passphrase.isEmpty()) {
            return null;
        }
        return ImplementationFactory.getInstance().getPBESecretKeyEncryptor(defaultSymmetricKeyAlgorithm, pGPDigestCalculator, this.passphrase);
    }

    private PBESecretKeyDecryptor buildSecretKeyDecryptor() throws PGPException {
        if (!this.passphrase.isValid()) {
            throw new IllegalStateException("Passphrase was cleared.");
        }
        if (this.passphrase.isEmpty()) {
            return null;
        }
        return ImplementationFactory.getInstance().getPBESecretKeyDecryptor(this.passphrase);
    }

    public static PGPKeyPair generateKeyPair(KeySpec keySpec) throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException {
        KeyType keyType = keySpec.getKeyType();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyType.getName(), ProviderFactory.getProvider());
        keyPairGenerator.initialize(keyType.getAlgorithmSpec());
        return ImplementationFactory.getInstance().getPGPKeyPair(keyType.getAlgorithm(), keyPairGenerator.generateKeyPair(), new Date());
    }
}
