package org.pgpainless.encryption_signing;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.TestTemplate;
import org.junit.jupiter.api.extension.ExtendWith;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.DocumentSignatureType;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.decryption_verification.MessageMetadata;
import org.pgpainless.decryption_verification.OpenPgpMessageInputStreamTest;
import org.pgpainless.exception.KeyException;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.key.TestKeys;
import org.pgpainless.key.generation.KeySpec;
import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.eddsa_legacy.EdDSALegacyCurve;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.protection.UnprotectedKeysProtector;
import org.pgpainless.key.util.KeyRingUtils;
import org.pgpainless.util.MultiMap;
import org.pgpainless.util.Passphrase;
import org.pgpainless.util.TestAllImplementations;

/* loaded from: input_file:org/pgpainless/encryption_signing/SigningTest.class */
public class SigningTest {
    @ExtendWith({TestAllImplementations.class})
    @TestTemplate
    public void testEncryptionAndSignatureVerification() throws IOException, PGPException {
        PGPPublicKeyRing julietPublicKeyRing = TestKeys.getJulietPublicKeyRing();
        PGPPublicKeyRing romeoPublicKeyRing = TestKeys.getRomeoPublicKeyRing();
        PGPSecretKeyRing cryptieSecretKeyRing = TestKeys.getCryptieSecretKeyRing();
        PGPSecretKey secretKey = cryptieSecretKeyRing.getSecretKey(((PGPPublicKey) new KeyRingInfo(cryptieSecretKeyRing).getSigningSubkeys().get(0)).getKeyID());
        PGPPublicKeyRingCollection pGPPublicKeyRingCollection = new PGPPublicKeyRingCollection(Arrays.asList(julietPublicKeyRing, romeoPublicKeyRing));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        EncryptionStream withOptions = PGPainless.encryptAndOrSign().onOutputStream(byteArrayOutputStream).withOptions(ProducerOptions.signAndEncrypt(EncryptionOptions.encryptDataAtRest().addRecipients(pGPPublicKeyRingCollection).addRecipient(KeyRingUtils.publicKeyRingFrom(cryptieSecretKeyRing)), new SigningOptions().addInlineSignature(SecretKeyRingProtector.unlockSingleKeyWith(TestKeys.CRYPTIE_PASSPHRASE, secretKey), cryptieSecretKeyRing, TestKeys.CRYPTIE_UID, DocumentSignatureType.CANONICAL_TEXT_DOCUMENT)).setAsciiArmor(true));
        Streams.pipeAll(new ByteArrayInputStream("This message is signed and encrypted to Romeo and Juliet.".getBytes(StandardCharsets.UTF_8)), withOptions);
        withOptions.close();
        DecryptionStream withOptions2 = PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).withOptions(new ConsumerOptions().addDecryptionKeys(new PGPSecretKeyRingCollection(Arrays.asList(TestKeys.getRomeoSecretKeyRing(), TestKeys.getJulietSecretKeyRing())), SecretKeyRingProtector.unprotectedKeys()).addVerificationCerts(new PGPPublicKeyRingCollection(Arrays.asList(KeyRingUtils.publicKeyRingFrom(cryptieSecretKeyRing), romeoPublicKeyRing))));
        Streams.pipeAll(withOptions2, new ByteArrayOutputStream());
        withOptions2.close();
        MessageMetadata metadata = withOptions2.getMetadata();
        Assertions.assertTrue(metadata.isEncrypted());
        Assertions.assertTrue(metadata.isVerifiedSigned());
        Assertions.assertTrue(metadata.isVerifiedSignedBy(KeyRingUtils.publicKeyRingFrom(cryptieSecretKeyRing)));
        Assertions.assertFalse(metadata.isVerifiedSignedBy(julietPublicKeyRing));
    }

    @ExtendWith({TestAllImplementations.class})
    @TestTemplate
    public void testSignWithInvalidUserIdFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        PGPSecretKeyRing modernKeyRing = PGPainless.generateKeyRing().modernKeyRing("alice", TestKeys.CRYPTIE_PASSWORD);
        SecretKeyRingProtector unlockAnyKeyWith = SecretKeyRingProtector.unlockAnyKeyWith(Passphrase.fromPassword(TestKeys.CRYPTIE_PASSWORD));
        SigningOptions signingOptions = new SigningOptions();
        Assertions.assertThrows(KeyException.UnboundUserIdException.class, () -> {
            signingOptions.addInlineSignature(unlockAnyKeyWith, modernKeyRing, "bob", DocumentSignatureType.CANONICAL_TEXT_DOCUMENT);
        });
    }

    @ExtendWith({TestAllImplementations.class})
    @TestTemplate
    public void testSignWithRevokedUserIdFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        PGPSecretKeyRing modernKeyRing = PGPainless.generateKeyRing().modernKeyRing("alice", TestKeys.CRYPTIE_PASSWORD);
        SecretKeyRingProtector unlockAnyKeyWith = SecretKeyRingProtector.unlockAnyKeyWith(Passphrase.fromPassword(TestKeys.CRYPTIE_PASSWORD));
        PGPSecretKeyRing done = PGPainless.modifyKeyRing(modernKeyRing).revokeUserId("alice", unlockAnyKeyWith).done();
        SigningOptions signingOptions = new SigningOptions();
        Assertions.assertThrows(KeyException.UnboundUserIdException.class, () -> {
            signingOptions.addInlineSignature(unlockAnyKeyWith, done, "alice", DocumentSignatureType.CANONICAL_TEXT_DOCUMENT);
        });
    }

    @ExtendWith({TestAllImplementations.class})
    @TestTemplate
    public void signWithHashAlgorithmOverride() throws PGPException, IOException {
        PGPSecretKeyRing emilSecretKeyRing = TestKeys.getEmilSecretKeyRing();
        UnprotectedKeysProtector unprotectedKeys = SecretKeyRingProtector.unprotectedKeys();
        SigningOptions signingOptions = new SigningOptions();
        Assertions.assertNull(signingOptions.getHashAlgorithmOverride());
        signingOptions.overrideHashAlgorithm(HashAlgorithm.SHA224);
        Assertions.assertEquals(HashAlgorithm.SHA224, signingOptions.getHashAlgorithmOverride());
        signingOptions.addDetachedSignature(unprotectedKeys, emilSecretKeyRing, DocumentSignatureType.BINARY_DOCUMENT);
        EncryptionStream withOptions = PGPainless.encryptAndOrSign().onOutputStream(new ByteArrayOutputStream()).withOptions(ProducerOptions.sign(signingOptions));
        Streams.pipeAll(new ByteArrayInputStream(OpenPgpMessageInputStreamTest.PLAINTEXT.getBytes(StandardCharsets.UTF_8)), withOptions);
        withOptions.close();
        MultiMap detachedSignatures = withOptions.getResult().getDetachedSignatures();
        Assertions.assertEquals(1, detachedSignatures.size());
        SubkeyIdentifier subkeyIdentifier = (SubkeyIdentifier) detachedSignatures.keySet().iterator().next();
        Assertions.assertEquals(1, detachedSignatures.get(subkeyIdentifier).size());
        Assertions.assertEquals(HashAlgorithm.SHA224.getAlgorithmId(), ((PGPSignature) detachedSignatures.get(subkeyIdentifier).iterator().next()).getHashAlgorithm());
    }

    @ExtendWith({TestAllImplementations.class})
    @TestTemplate
    public void negotiateHashAlgorithmChoseFallbackIfEmptyPreferences() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
        EncryptionStream withOptions = PGPainless.encryptAndOrSign().onOutputStream(new ByteArrayOutputStream()).withOptions(ProducerOptions.sign(new SigningOptions().addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), PGPainless.buildKeyRing().setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), new KeyFlag[]{KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA}).overridePreferredHashAlgorithms(new HashAlgorithm[0])).addUserId("Alice").build(), DocumentSignatureType.BINARY_DOCUMENT)));
        Streams.pipeAll(new ByteArrayInputStream(OpenPgpMessageInputStreamTest.PLAINTEXT.getBytes(StandardCharsets.UTF_8)), withOptions);
        withOptions.close();
        MultiMap detachedSignatures = withOptions.getResult().getDetachedSignatures();
        Assertions.assertEquals(PGPainless.getPolicy().getDataSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId(), ((PGPSignature) detachedSignatures.get((SubkeyIdentifier) detachedSignatures.keySet().iterator().next()).iterator().next()).getHashAlgorithm());
    }

    @ExtendWith({TestAllImplementations.class})
    @TestTemplate
    public void negotiateHashAlgorithmChoseFallbackIfUnacceptablePreferences() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
        EncryptionStream withOptions = PGPainless.encryptAndOrSign().onOutputStream(new ByteArrayOutputStream()).withOptions(ProducerOptions.sign(new SigningOptions().addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), PGPainless.buildKeyRing().setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), new KeyFlag[]{KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA}).overridePreferredHashAlgorithms(new HashAlgorithm[]{HashAlgorithm.MD5})).addUserId("Alice").build(), DocumentSignatureType.BINARY_DOCUMENT)));
        Streams.pipeAll(new ByteArrayInputStream(OpenPgpMessageInputStreamTest.PLAINTEXT.getBytes(StandardCharsets.UTF_8)), withOptions);
        withOptions.close();
        MultiMap detachedSignatures = withOptions.getResult().getDetachedSignatures();
        Assertions.assertEquals(PGPainless.getPolicy().getDataSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId(), ((PGPSignature) detachedSignatures.get((SubkeyIdentifier) detachedSignatures.keySet().iterator().next()).iterator().next()).getHashAlgorithm());
    }

    @ExtendWith({TestAllImplementations.class})
    @TestTemplate
    public void signingWithNonCapableKeyThrowsKeyCannotSignException() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        PGPSecretKeyRing build = PGPainless.buildKeyRing().setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), new KeyFlag[]{KeyFlag.CERTIFY_OTHER})).addUserId("Alice").build();
        SigningOptions signingOptions = new SigningOptions();
        Assertions.assertThrows(KeyException.UnacceptableSigningKeyException.class, () -> {
            signingOptions.addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), build, DocumentSignatureType.BINARY_DOCUMENT);
        });
        Assertions.assertThrows(KeyException.UnacceptableSigningKeyException.class, () -> {
            signingOptions.addInlineSignature(SecretKeyRingProtector.unprotectedKeys(), build, DocumentSignatureType.BINARY_DOCUMENT);
        });
    }

    @ExtendWith({TestAllImplementations.class})
    @TestTemplate
    public void signWithInvalidUserIdThrowsKeyValidationError() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        PGPSecretKeyRing build = PGPainless.buildKeyRing().setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), new KeyFlag[]{KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA})).addUserId("Alice").build();
        SigningOptions signingOptions = new SigningOptions();
        Assertions.assertThrows(KeyException.UnboundUserIdException.class, () -> {
            signingOptions.addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), build, "Bob", DocumentSignatureType.BINARY_DOCUMENT);
        });
        Assertions.assertThrows(KeyException.UnboundUserIdException.class, () -> {
            signingOptions.addInlineSignature(SecretKeyRingProtector.unprotectedKeys(), build, "Bob", DocumentSignatureType.BINARY_DOCUMENT);
        });
    }
}
