package sop.cli.picocli.commands;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import picocli.CommandLine;
import sop.DecryptionResult;
import sop.SessionKey;
import sop.Verification;
import sop.cli.picocli.DateParser;
import sop.cli.picocli.Print;
import sop.cli.picocli.SopCLI;
import sop.exception.SOPGPException;
import sop.operation.Decrypt;
import sop.util.HexUtil;

@CommandLine.Command(name = "decrypt", description = {"Decrypt a message from standard input"}, exitCodeOnInvalidInput = SOPGPException.UnsupportedOption.EXIT_CODE)
/* loaded from: input_file:sop/cli/picocli/commands/DecryptCmd.class */
public class DecryptCmd implements Runnable {

    @CommandLine.Option(names = {"--session-key-out"}, description = {"Can be used to learn the session key on successful decryption"}, paramLabel = "SESSIONKEY")
    File sessionKeyOut;

    @CommandLine.Option(names = {"--verify-out"}, description = {"Produces signature verification status to the designated file"}, paramLabel = "VERIFICATIONS")
    File verifyOut;

    @CommandLine.Option(names = {"--with-session-key"}, description = {"Enables decryption of the \"CIPHERTEXT\" using the session key directly against the \"SEIPD\" packet"}, paramLabel = "SESSIONKEY")
    List<String> withSessionKey = new ArrayList();

    @CommandLine.Option(names = {"--with-password"}, description = {"Enables decryption based on any \"SKESK\" packets in the \"CIPHERTEXT\""}, paramLabel = "PASSWORD")
    List<String> withPassword = new ArrayList();

    @CommandLine.Option(names = {"--verify-with"}, description = {"Certificates whose signatures would be acceptable for signatures over this message"}, paramLabel = "CERT")
    List<File> certs = new ArrayList();

    @CommandLine.Option(names = {"--not-before"}, description = {"ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\nReject signatures with a creation date not in range.\nDefaults to beginning of time (\"-\")."}, paramLabel = "DATE")
    String notBefore = "-";

    @CommandLine.Option(names = {"--not-after"}, description = {"ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\nReject signatures with a creation date not in range.\nDefaults to current system time (\"now\").\nAccepts special value \"-\" for end of time."}, paramLabel = "DATE")
    String notAfter = "now";

    @CommandLine.Parameters(index = "0..*", description = {"Secret keys to attempt decryption with"}, paramLabel = "KEY")
    List<File> keys = new ArrayList();

    @Override // java.lang.Runnable
    public void run() {
        FileOutputStream fileOutputStream;
        unlinkExistingVerifyOut(this.verifyOut);
        Decrypt decrypt = SopCLI.getSop().decrypt();
        setNotAfter(this.notAfter, decrypt);
        setNotBefore(this.notBefore, decrypt);
        setWithPasswords(this.withPassword, decrypt);
        setWithSessionKeys(this.withSessionKey, decrypt);
        setVerifyWith(this.certs, decrypt);
        setDecryptWith(this.keys, decrypt);
        if (this.verifyOut != null && this.certs.isEmpty()) {
            Print.errln("--verify-out is requested, but no --verify-with was provided.");
            System.exit(23);
        }
        try {
            DecryptionResult writeTo = decrypt.ciphertext(System.in).writeTo(System.out);
            if (this.sessionKeyOut != null) {
                if (this.sessionKeyOut.exists()) {
                    Print.errln("File " + this.sessionKeyOut.getAbsolutePath() + " already exists.");
                    Print.trace(new SOPGPException.OutputExists());
                    System.exit(1);
                }
                fileOutputStream = new FileOutputStream(this.sessionKeyOut);
                try {
                    if (writeTo.getSessionKey().isPresent()) {
                        SessionKey sessionKey = writeTo.getSessionKey().get();
                        fileOutputStream.write(sessionKey.getAlgorithm());
                        fileOutputStream.write(sessionKey.getKey());
                    } else {
                        Print.errln("Session key not extracted. Possibly the feature is not supported.");
                        System.exit(37);
                    }
                    fileOutputStream.close();
                } finally {
                }
            }
            if (this.verifyOut != null) {
                if (!this.verifyOut.createNewFile()) {
                    throw new IOException("Cannot create file " + this.verifyOut.getAbsolutePath());
                }
                fileOutputStream = new FileOutputStream(this.verifyOut);
                try {
                    PrintWriter printWriter = new PrintWriter(fileOutputStream);
                    Iterator<Verification> it = writeTo.getVerifications().iterator();
                    while (it.hasNext()) {
                        printWriter.println(it.next().toString());
                    }
                    printWriter.flush();
                    fileOutputStream.close();
                } finally {
                }
            }
        } catch (IOException e) {
            Print.errln("IO Error.");
            Print.trace(e);
            System.exit(1);
        } catch (SOPGPException.BadData e2) {
            Print.errln("No valid OpenPGP message found on Standard Input.");
            Print.trace(e2);
            System.exit(e2.getExitCode());
        } catch (SOPGPException.CannotDecrypt e3) {
            Print.errln("Cannot decrypt.");
            Print.trace(e3);
            System.exit(e3.getExitCode());
        } catch (SOPGPException.MissingArg e4) {
            Print.errln("Missing arguments.");
            Print.trace(e4);
            System.exit(e4.getExitCode());
        } catch (SOPGPException.NoSignature e5) {
            Print.errln("No verifiable signature found.");
            Print.trace(e5);
            System.exit(e5.getExitCode());
        }
    }

    private void setDecryptWith(List<File> list, Decrypt decrypt) {
        for (File file : list) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    decrypt.withKey(fileInputStream);
                    fileInputStream.close();
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                    break;
                }
            } catch (FileNotFoundException e) {
                Print.errln("File " + file.getAbsolutePath() + " does not exist.");
                Print.trace(e);
                System.exit(1);
            } catch (IOException e2) {
                Print.errln("IO Error.");
                Print.trace(e2);
                System.exit(1);
            } catch (SOPGPException.BadData e3) {
                Print.errln("File " + file.getAbsolutePath() + " does not contain a private key.");
                Print.trace(e3);
                System.exit(e3.getExitCode());
            } catch (SOPGPException.KeyIsProtected e4) {
                Print.errln("Key in file " + file.getAbsolutePath() + " is password protected.");
                Print.trace(e4);
                System.exit(1);
            } catch (SOPGPException.UnsupportedAsymmetricAlgo e5) {
                Print.errln("Key uses unsupported asymmetric algorithm.");
                Print.trace(e5);
                System.exit(e5.getExitCode());
            }
        }
    }

    private void setVerifyWith(List<File> list, Decrypt decrypt) {
        for (File file : list) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    decrypt.verifyWithCert(fileInputStream);
                    fileInputStream.close();
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                    break;
                }
            } catch (FileNotFoundException e) {
                Print.errln("File " + file.getAbsolutePath() + " does not exist.");
                Print.trace(e);
                System.exit(1);
            } catch (IOException e2) {
                Print.errln("IO Error.");
                Print.trace(e2);
                System.exit(1);
            } catch (SOPGPException.BadData e3) {
                Print.errln("File " + file.getAbsolutePath() + " does not contain a valid certificate.");
                Print.trace(e3);
                System.exit(e3.getExitCode());
            }
        }
    }

    private void unlinkExistingVerifyOut(File file) {
        if (file == null || !file.exists() || file.delete()) {
            return;
        }
        Print.errln("Cannot delete existing verification file" + file.getAbsolutePath());
        System.exit(1);
    }

    private void setWithSessionKeys(List<String> list, Decrypt decrypt) {
        Pattern compile = Pattern.compile("^\\d+:[0-9A-F]+$");
        for (String str : list) {
            if (!compile.matcher(str).matches()) {
                Print.errln("Invalid session key format.");
                Print.errln("Session keys are expected in the format 'ALGONUM:HEXKEY'");
                System.exit(1);
            }
            String[] split = str.split(":");
            try {
                decrypt.withSessionKey(new SessionKey((byte) Integer.parseInt(split[0]), HexUtil.hexToBytes(split[1])));
            } catch (SOPGPException.UnsupportedOption e) {
                Print.errln("Unsupported option '--with-session-key'.");
                Print.trace(e);
                System.exit(e.getExitCode());
                return;
            }
        }
    }

    private void setWithPasswords(List<String> list, Decrypt decrypt) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            try {
                decrypt.withPassword(it.next());
            } catch (SOPGPException.PasswordNotHumanReadable e) {
                Print.errln("Password not human readable.");
                Print.trace(e);
                System.exit(e.getExitCode());
            } catch (SOPGPException.UnsupportedOption e2) {
                Print.errln("Unsupported option '--with-password'.");
                Print.trace(e2);
                System.exit(e2.getExitCode());
            }
        }
    }

    private void setNotAfter(String str, Decrypt decrypt) {
        try {
            decrypt.verifyNotAfter(DateParser.parseNotAfter(str));
        } catch (SOPGPException.UnsupportedOption e) {
            Print.errln("Option '--not-after' not supported.");
            Print.trace(e);
            System.exit(e.getExitCode());
        }
    }

    private void setNotBefore(String str, Decrypt decrypt) {
        try {
            decrypt.verifyNotBefore(DateParser.parseNotBefore(str));
        } catch (SOPGPException.UnsupportedOption e) {
            Print.errln("Option '--not-before' not supported.");
            Print.trace(e);
            System.exit(e.getExitCode());
        }
    }
}
