package org.simplify4u.plugins.sign.openpgp;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.Optional;
import java.util.stream.StreamSupport;
import javax.inject.Named;
import lombok.Generated;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:org/simplify4u/plugins/sign/openpgp/PGPSigner.class */
public class PGPSigner {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(PGPSigner.class);
    private PGPKeyInfo pgpKeyInfo;
    private PGPSecretKey secretKey;
    private PGPPrivateKey pgpPrivateKey;
    private PGPSignatureSubpacketVector hashSubPackets;
    private PGPSecretKeyRing secretKeyRing;

    PGPSigner() {
    }

    public void setKeyInfo(PGPKeyInfo pGPKeyInfo) {
        this.pgpKeyInfo = pGPKeyInfo;
        try {
            loadKey();
            prepareAdditionalSubPacket();
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("Loaded {}, uids: {}", PGPSecretKeyUtils.keyIdDescription(this.secretKey, this.secretKeyRing), PGPSecretKeyUtils.getUserIDs(this.secretKey, this.secretKeyRing));
            }
        } catch (IOException | PGPException e) {
            throw new PGPSignerException(e);
        }
    }

    private void prepareAdditionalSubPacket() {
        PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator = new PGPSignatureSubpacketGenerator();
        pGPSignatureSubpacketGenerator.setIssuerFingerprint(false, this.secretKey);
        this.hashSubPackets = pGPSignatureSubpacketGenerator.generate();
    }

    private void loadKey() throws IOException, PGPException {
        PGPSecretKeyRingCollection pGPSecretKeyRingCollection = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(this.pgpKeyInfo.getKey()), new JcaKeyFingerprintCalculator());
        Long id = this.pgpKeyInfo.getId();
        this.secretKey = (PGPSecretKey) (id != null ? Optional.ofNullable(pGPSecretKeyRingCollection.getSecretKey(id.longValue())) : StreamSupport.stream(pGPSecretKeyRingCollection.spliterator(), false).flatMap(pGPSecretKeyRing -> {
            return StreamSupport.stream(pGPSecretKeyRing.spliterator(), false);
        }).filter(pGPSecretKey -> {
            return !pGPSecretKey.isPrivateKeyEmpty();
        }).findFirst()).orElseThrow(() -> {
            return new PGPSignerException("Secret key not found");
        });
        this.secretKeyRing = pGPSecretKeyRingCollection.getSecretKeyRing(this.secretKey.getKeyID());
        if (this.secretKey.getKeyEncryptionAlgorithm() == 0 && this.pgpKeyInfo.getPass() != null) {
            LOGGER.warn("Plain secret key - password is not needed");
        }
        if (this.secretKey.getKeyEncryptionAlgorithm() != 0 && this.pgpKeyInfo.getPass() == null) {
            throw new PGPSignerException("Secret key is encrypted - keyPass is required");
        }
        if (this.secretKey.isPrivateKeyEmpty()) {
            throw new PGPSignerException("Private key not found for keyId: " + PGPSecretKeyUtils.getKeyId(this.secretKey));
        }
        this.pgpPrivateKey = this.secretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().build(this.pgpKeyInfo.getPass()));
    }

    public void sign(InputStream inputStream, Path path) {
        PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(new JcaPGPContentSignerBuilder(this.secretKey.getPublicKey().getAlgorithm(), 10));
        try {
            pGPSignatureGenerator.init(0, this.pgpPrivateKey);
            pGPSignatureGenerator.setHashedSubpackets(this.hashSubPackets);
            byte[] bArr = new byte[8192];
            while (true) {
                int read = inputStream.read(bArr);
                if (read < 0) {
                    break;
                } else {
                    pGPSignatureGenerator.update(bArr, 0, read);
                }
            }
            Files.createDirectories(path.getParent(), new FileAttribute[0]);
            OutputStream newOutputStream = Files.newOutputStream(path, new OpenOption[0]);
            try {
                BCPGOutputStream bCPGOutputStream = new BCPGOutputStream(new ArmoredOutputStream(newOutputStream));
                try {
                    pGPSignatureGenerator.generate().encode(bCPGOutputStream);
                    bCPGOutputStream.close();
                    if (newOutputStream != null) {
                        newOutputStream.close();
                    }
                } catch (Throwable th) {
                    try {
                        bCPGOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (PGPException | IOException e) {
            throw new PGPSignerException((Throwable) e);
        }
    }
}
