package sop.cli.picocli.commands;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import picocli.CommandLine;
import sop.DecryptionResult;
import sop.SessionKey;
import sop.Verification;
import sop.cli.picocli.DateParser;
import sop.cli.picocli.FileUtil;
import sop.cli.picocli.SopCLI;
import sop.exception.SOPGPException;
import sop.operation.Decrypt;
import sop.util.HexUtil;

@CommandLine.Command(name = "decrypt", description = {"Decrypt a message from standard input"}, exitCodeOnInvalidInput = SOPGPException.UnsupportedOption.EXIT_CODE)
/* loaded from: input_file:sop/cli/picocli/commands/DecryptCmd.class */
public class DecryptCmd implements Runnable {
    private static final String SESSION_KEY_OUT = "--session-key-out";
    private static final String VERIFY_OUT = "--verify-out";
    private static final String ERROR_UNSUPPORTED_OPTION = "Option '%s' is not supported.";
    private static final String ERROR_FILE_NOT_EXIST = "File '%s' does not exist.";
    private static final String ERROR_OUTPUT_OF_OPTION_EXISTS = "Target %s of option %s already exists.";

    @CommandLine.Option(names = {SESSION_KEY_OUT}, description = {"Can be used to learn the session key on successful decryption"}, paramLabel = "SESSIONKEY")
    File sessionKeyOut;

    @CommandLine.Option(names = {VERIFY_OUT}, description = {"Produces signature verification status to the designated file"}, paramLabel = "VERIFICATIONS")
    File verifyOut;

    @CommandLine.Option(names = {"--with-session-key"}, description = {"Enables decryption of the \"CIPHERTEXT\" using the session key directly against the \"SEIPD\" packet"}, paramLabel = "SESSIONKEY")
    List<String> withSessionKey = new ArrayList();

    @CommandLine.Option(names = {"--with-password"}, description = {"Enables decryption based on any \"SKESK\" packets in the \"CIPHERTEXT\""}, paramLabel = "PASSWORD")
    List<String> withPassword = new ArrayList();

    @CommandLine.Option(names = {"--verify-with"}, description = {"Certificates whose signatures would be acceptable for signatures over this message"}, paramLabel = "CERT")
    List<File> certs = new ArrayList();

    @CommandLine.Option(names = {"--not-before"}, description = {"ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\nReject signatures with a creation date not in range.\nDefaults to beginning of time (\"-\")."}, paramLabel = "DATE")
    String notBefore = "-";

    @CommandLine.Option(names = {"--not-after"}, description = {"ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\nReject signatures with a creation date not in range.\nDefaults to current system time (\"now\").\nAccepts special value \"-\" for end of time."}, paramLabel = "DATE")
    String notAfter = "now";

    @CommandLine.Parameters(index = "0..*", description = {"Secret keys to attempt decryption with"}, paramLabel = "KEY")
    List<File> keys = new ArrayList();

    @Override // java.lang.Runnable
    public void run() {
        throwIfOutputExists(this.verifyOut, VERIFY_OUT);
        throwIfOutputExists(this.sessionKeyOut, SESSION_KEY_OUT);
        Decrypt decrypt = SopCLI.getSop().decrypt();
        if (decrypt == null) {
            throw new SOPGPException.UnsupportedSubcommand("Command 'decrypt' not implemented.");
        }
        setNotAfter(this.notAfter, decrypt);
        setNotBefore(this.notBefore, decrypt);
        setWithPasswords(this.withPassword, decrypt);
        setWithSessionKeys(this.withSessionKey, decrypt);
        setVerifyWith(this.certs, decrypt);
        setDecryptWith(this.keys, decrypt);
        if (this.verifyOut != null && this.certs.isEmpty()) {
            throw new SOPGPException.IncompleteVerification(String.format("Option %s is requested, but no option %s was provided.", VERIFY_OUT, "--verify-with"));
        }
        try {
            DecryptionResult writeTo = decrypt.ciphertext(System.in).writeTo(System.out);
            writeSessionKeyOut(writeTo);
            writeVerifyOut(writeTo);
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (SOPGPException.BadData e2) {
            throw new SOPGPException.BadData("No valid OpenPGP message found on Standard Input.", e2);
        }
    }

    private void throwIfOutputExists(File file, String str) {
        if (file != null && file.exists()) {
            throw new SOPGPException.OutputExists(String.format(ERROR_OUTPUT_OF_OPTION_EXISTS, file.getAbsolutePath(), str));
        }
    }

    private void writeVerifyOut(DecryptionResult decryptionResult) throws IOException {
        if (this.verifyOut != null) {
            FileUtil.createNewFileOrThrow(this.verifyOut);
            FileOutputStream fileOutputStream = new FileOutputStream(this.verifyOut);
            try {
                PrintWriter printWriter = new PrintWriter(fileOutputStream);
                Iterator<Verification> it = decryptionResult.getVerifications().iterator();
                while (it.hasNext()) {
                    printWriter.println(it.next().toString());
                }
                printWriter.flush();
                fileOutputStream.close();
            } catch (Throwable th) {
                try {
                    fileOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    private void writeSessionKeyOut(DecryptionResult decryptionResult) throws IOException {
        if (this.sessionKeyOut != null) {
            FileUtil.createNewFileOrThrow(this.sessionKeyOut);
            FileOutputStream fileOutputStream = new FileOutputStream(this.sessionKeyOut);
            try {
                if (!decryptionResult.getSessionKey().isPresent()) {
                    throw new SOPGPException.UnsupportedOption("Session key not extracted. Possibly the feature --session-key-out is not supported.");
                }
                SessionKey sessionKey = decryptionResult.getSessionKey().get();
                fileOutputStream.write(sessionKey.getAlgorithm());
                fileOutputStream.write(sessionKey.getKey());
                fileOutputStream.close();
            } catch (Throwable th) {
                try {
                    fileOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    private void setDecryptWith(List<File> list, Decrypt decrypt) {
        for (File file : list) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    decrypt.withKey(fileInputStream);
                    fileInputStream.close();
                } finally {
                }
            } catch (FileNotFoundException e) {
                throw new SOPGPException.MissingInput(String.format(ERROR_FILE_NOT_EXIST, file.getAbsolutePath()), e);
            } catch (IOException e2) {
                throw new RuntimeException(e2);
            } catch (SOPGPException.BadData e3) {
                throw new SOPGPException.BadData("File " + file.getAbsolutePath() + " does not contain a private key.", e3);
            } catch (SOPGPException.KeyIsProtected e4) {
                throw new SOPGPException.KeyIsProtected("Key in file " + file.getAbsolutePath() + " is password protected.", e4);
            }
        }
    }

    private void setVerifyWith(List<File> list, Decrypt decrypt) {
        for (File file : list) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    decrypt.verifyWithCert(fileInputStream);
                    fileInputStream.close();
                } finally {
                }
            } catch (FileNotFoundException e) {
                throw new SOPGPException.MissingInput(String.format(ERROR_FILE_NOT_EXIST, file.getAbsolutePath()), e);
            } catch (IOException e2) {
                throw new RuntimeException(e2);
            } catch (SOPGPException.BadData e3) {
                throw new SOPGPException.BadData("File " + file.getAbsolutePath() + " does not contain a valid certificate.", e3);
            }
        }
    }

    private void setWithSessionKeys(List<String> list, Decrypt decrypt) {
        Pattern compile = Pattern.compile("^\\d+:[0-9A-F]+$");
        for (String str : list) {
            if (!compile.matcher(str).matches()) {
                throw new IllegalArgumentException("Session keys are expected in the format 'ALGONUM:HEXKEY'.");
            }
            String[] split = str.split(":");
            try {
                decrypt.withSessionKey(new SessionKey((byte) Integer.parseInt(split[0]), HexUtil.hexToBytes(split[1])));
            } catch (SOPGPException.UnsupportedOption e) {
                throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, "--with-session-key"), e);
            }
        }
    }

    private void setWithPasswords(List<String> list, Decrypt decrypt) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            try {
                decrypt.withPassword(it.next());
            } catch (SOPGPException.UnsupportedOption e) {
                throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, "--with-password"), e);
            }
        }
    }

    private void setNotAfter(String str, Decrypt decrypt) {
        try {
            decrypt.verifyNotAfter(DateParser.parseNotAfter(str));
        } catch (SOPGPException.UnsupportedOption e) {
            throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, "--not-after"), e);
        }
    }

    private void setNotBefore(String str, Decrypt decrypt) {
        try {
            decrypt.verifyNotBefore(DateParser.parseNotBefore(str));
        } catch (SOPGPException.UnsupportedOption e) {
            throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, "--not-before"), e);
        }
    }
}
