package ru.r2cloud.apt;

import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.Security;
import java.util.Iterator;
import java.util.Locale;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.bouncycastle.util.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ru.r2cloud.apt.model.Release;
import ru.r2cloud.apt.model.SignConfiguration;

/* loaded from: input_file:ru/r2cloud/apt/GpgSignerBC.class */
public class GpgSignerBC implements GpgSigner {
    private static final Logger LOG = LoggerFactory.getLogger(GpgSignerBC.class);
    private final int algorithm;
    private final PGPSecretKey pgpSecKey;
    private final PGPPrivateKey pgpPrivKey;

    public GpgSignerBC(SignConfiguration signConfiguration) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        this.algorithm = convertHashAlgorithm(signConfiguration.getHashAlgorithm());
        this.pgpSecKey = readSecretKey(signConfiguration.getSecretKeyFilename(), signConfiguration.getKeyname().toLowerCase(Locale.UK));
        this.pgpPrivKey = this.pgpSecKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider("BC").build(signConfiguration.getPassphrase().toCharArray()));
    }

    @Override // ru.r2cloud.apt.GpgSigner
    public void signAndSave(String str, Release release, boolean z, Transport transport) throws IOException {
        if (z) {
            createClearsignAndSave(str, release, transport);
        } else {
            createDetachedSignatureAndSave(str, release, transport);
        }
    }

    @Override // ru.r2cloud.apt.GpgSigner
    public boolean validate(String str, Release release, boolean z, Transport transport) throws IOException, ResourceDoesNotExistException {
        final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        transport.load(str, new IOCallback() { // from class: ru.r2cloud.apt.GpgSignerBC.1
            @Override // ru.r2cloud.apt.IOCallback
            public void save(OutputStream outputStream) throws IOException {
            }

            @Override // ru.r2cloud.apt.IOCallback
            public void load(InputStream inputStream) throws IOException {
                IOUtils.copy(inputStream, byteArrayOutputStream);
            }
        });
        byteArrayOutputStream.close();
        return z ? verifyClearsign(byteArrayOutputStream.toByteArray(), release) : verifyDetached(byteArrayOutputStream.toByteArray(), release);
    }

    /* JADX WARN: Code restructure failed: missing block: B:18:0x012a, code lost:
    
        if (r12 != (-1)) goto L22;
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x012d, code lost:
    
        r12 = readInputLine(r0, r12, r0);
        r0.update((byte) 13);
        r0.update((byte) 10);
        processLine(r0, r0.toByteArray());
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x0153, code lost:
    
        if (r12 != (-1)) goto L34;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x0156, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:24:0x0160, code lost:
    
        return r0.verify();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean verifyClearsign(byte[] r7, ru.r2cloud.apt.model.Release r8) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 369
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.r2cloud.apt.GpgSignerBC.verifyClearsign(byte[], ru.r2cloud.apt.model.Release):boolean");
    }

    private static boolean verifyClearTextAndRelease(byte[] bArr, Release release) {
        String readLine;
        String readLine2;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            try {
                release.save(byteArrayOutputStream);
                try {
                    byteArrayOutputStream.close();
                } catch (IOException e) {
                    LOG.error("unable to close", e);
                }
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(bArr)));
                    try {
                        BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
                        do {
                            try {
                                readLine = bufferedReader.readLine();
                                if (readLine == null || (readLine2 = bufferedReader2.readLine()) == null) {
                                    bufferedReader2.close();
                                    bufferedReader.close();
                                    return true;
                                }
                            } catch (Throwable th) {
                                try {
                                    bufferedReader2.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                                throw th;
                            }
                        } while (readLine.equals(readLine2));
                        bufferedReader2.close();
                        bufferedReader.close();
                        return false;
                    } finally {
                    }
                } catch (Exception e2) {
                    LOG.error("unable to compare buffers", e2);
                    return false;
                }
            } catch (IOException e3) {
                LOG.error("unable to save into byte array", e3);
                try {
                    byteArrayOutputStream.close();
                } catch (IOException e4) {
                    LOG.error("unable to close", e4);
                }
                return false;
            }
        } catch (Throwable th3) {
            try {
                byteArrayOutputStream.close();
            } catch (IOException e5) {
                LOG.error("unable to close", e5);
            }
            throw th3;
        }
    }

    private boolean verifyDetached(byte[] bArr, Release release) throws IOException {
        try {
            Object nextObject = new JcaPGPObjectFactory(PGPUtil.getDecoderStream(new ByteArrayInputStream(bArr))).nextObject();
            PGPSignatureList pGPSignatureList = nextObject instanceof PGPCompressedData ? (PGPSignatureList) new JcaPGPObjectFactory(((PGPCompressedData) nextObject).getDataStream()).nextObject() : (PGPSignatureList) nextObject;
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            release.save(byteArrayOutputStream);
            byteArrayOutputStream.close();
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
            PGPSignature pGPSignature = pGPSignatureList.get(0);
            pGPSignature.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), this.pgpSecKey.getPublicKey());
            while (true) {
                int read = bufferedInputStream.read();
                if (read < 0) {
                    bufferedInputStream.close();
                    return pGPSignature.verify();
                }
                pGPSignature.update((byte) read);
            }
        } catch (PGPException e) {
            LOG.error("unable to verify", e);
            return false;
        }
    }

    private void createClearsignAndSave(String str, Release release, Transport transport) throws IOException {
        final PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(new JcaPGPContentSignerBuilder(this.pgpSecKey.getPublicKey().getAlgorithm(), this.algorithm).setProvider("BC"));
        PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator = new PGPSignatureSubpacketGenerator();
        try {
            pGPSignatureGenerator.init(1, this.pgpPrivKey);
            Iterator userIDs = this.pgpSecKey.getPublicKey().getUserIDs();
            if (userIDs.hasNext()) {
                pGPSignatureSubpacketGenerator.addSignerUserID(false, (String) userIDs.next());
                pGPSignatureGenerator.setHashedSubpackets(pGPSignatureSubpacketGenerator.generate());
            }
            final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            release.save(byteArrayOutputStream);
            byteArrayOutputStream.close();
            transport.save(str, new IOCallback() { // from class: ru.r2cloud.apt.GpgSignerBC.2
                /* JADX WARN: Code restructure failed: missing block: B:11:0x0088, code lost:
                
                    r6.generate().encode(r0);
                 */
                /* JADX WARN: Code restructure failed: missing block: B:12:0x0096, code lost:
                
                    r0.close();
                 */
                /* JADX WARN: Code restructure failed: missing block: B:14:0x00c3, code lost:
                
                    return;
                 */
                /* JADX WARN: Code restructure failed: missing block: B:17:0x009c, code lost:
                
                    r12 = move-exception;
                 */
                /* JADX WARN: Code restructure failed: missing block: B:21:0x00b1, code lost:
                
                    throw r12;
                 */
                /* JADX WARN: Code restructure failed: missing block: B:25:0x00b5, code lost:
                
                    r11 = move-exception;
                 */
                /* JADX WARN: Code restructure failed: missing block: B:27:0x00c2, code lost:
                
                    throw new java.io.IOException("unable to generate signature", r11);
                 */
                /* JADX WARN: Code restructure failed: missing block: B:2:0x0044, code lost:
                
                    if (r10 != (-1)) goto L4;
                 */
                /* JADX WARN: Code restructure failed: missing block: B:3:0x0047, code lost:
                
                    r10 = ru.r2cloud.apt.GpgSignerBC.readInputLine(r0, r10, r0);
                    r6.update((byte) 13);
                    r6.update((byte) 10);
                    ru.r2cloud.apt.GpgSignerBC.processLine(r0, r6, r0.toByteArray());
                 */
                /* JADX WARN: Code restructure failed: missing block: B:4:0x0073, code lost:
                
                    if (r10 != (-1)) goto L27;
                 */
                /* JADX WARN: Code restructure failed: missing block: B:7:0x0076, code lost:
                
                    r0.close();
                    r0.endClearText();
                 */
                /* JADX WARN: Code restructure failed: missing block: B:9:0x007e, code lost:
                
                    r0 = new org.bouncycastle.bcpg.BCPGOutputStream(r0);
                 */
                @Override // ru.r2cloud.apt.IOCallback
                /*
                    Code decompiled incorrectly, please refer to instructions dump.
                    To view partially-correct add '--show-bad-code' argument
                */
                public void save(java.io.OutputStream r6) throws java.io.IOException {
                    /*
                        r5 = this;
                        java.io.ByteArrayInputStream r0 = new java.io.ByteArrayInputStream
                        r1 = r0
                        r2 = r5
                        java.io.ByteArrayOutputStream r2 = r5
                        byte[] r2 = r2.toByteArray()
                        r1.<init>(r2)
                        r7 = r0
                        org.bouncycastle.bcpg.ArmoredOutputStream r0 = new org.bouncycastle.bcpg.ArmoredOutputStream
                        r1 = r0
                        r2 = r6
                        r1.<init>(r2)
                        r8 = r0
                        r0 = r8
                        r1 = r5
                        ru.r2cloud.apt.GpgSignerBC r1 = ru.r2cloud.apt.GpgSignerBC.this
                        int r1 = ru.r2cloud.apt.GpgSignerBC.access$000(r1)
                        r0.beginClearText(r1)
                        java.io.ByteArrayOutputStream r0 = new java.io.ByteArrayOutputStream
                        r1 = r0
                        r1.<init>()
                        r9 = r0
                        r0 = r9
                        r1 = r7
                        int r0 = ru.r2cloud.apt.GpgSignerBC.access$100(r0, r1)
                        r10 = r0
                        r0 = r8
                        r1 = r5
                        org.bouncycastle.openpgp.PGPSignatureGenerator r1 = r6
                        r2 = r9
                        byte[] r2 = r2.toByteArray()
                        ru.r2cloud.apt.GpgSignerBC.access$200(r0, r1, r2)
                        r0 = r10
                        r1 = -1
                        if (r0 == r1) goto L76
                    L47:
                        r0 = r9
                        r1 = r10
                        r2 = r7
                        int r0 = ru.r2cloud.apt.GpgSignerBC.access$300(r0, r1, r2)
                        r10 = r0
                        r0 = r5
                        org.bouncycastle.openpgp.PGPSignatureGenerator r0 = r6
                        r1 = 13
                        r0.update(r1)
                        r0 = r5
                        org.bouncycastle.openpgp.PGPSignatureGenerator r0 = r6
                        r1 = 10
                        r0.update(r1)
                        r0 = r8
                        r1 = r5
                        org.bouncycastle.openpgp.PGPSignatureGenerator r1 = r6
                        r2 = r9
                        byte[] r2 = r2.toByteArray()
                        ru.r2cloud.apt.GpgSignerBC.access$200(r0, r1, r2)
                        r0 = r10
                        r1 = -1
                        if (r0 != r1) goto L47
                    L76:
                        r0 = r7
                        r0.close()
                        r0 = r8
                        r0.endClearText()
                        org.bouncycastle.bcpg.BCPGOutputStream r0 = new org.bouncycastle.bcpg.BCPGOutputStream     // Catch: org.bouncycastle.openpgp.PGPException -> Lb5
                        r1 = r0
                        r2 = r8
                        r1.<init>(r2)     // Catch: org.bouncycastle.openpgp.PGPException -> Lb5
                        r11 = r0
                        r0 = r5
                        org.bouncycastle.openpgp.PGPSignatureGenerator r0 = r6     // Catch: java.lang.Throwable -> L9c org.bouncycastle.openpgp.PGPException -> Lb5
                        org.bouncycastle.openpgp.PGPSignature r0 = r0.generate()     // Catch: java.lang.Throwable -> L9c org.bouncycastle.openpgp.PGPException -> Lb5
                        r1 = r11
                        r0.encode(r1)     // Catch: java.lang.Throwable -> L9c org.bouncycastle.openpgp.PGPException -> Lb5
                        r0 = r11
                        r0.close()     // Catch: org.bouncycastle.openpgp.PGPException -> Lb5
                        goto Lb2
                    L9c:
                        r12 = move-exception
                        r0 = r11
                        r0.close()     // Catch: java.lang.Throwable -> La6 org.bouncycastle.openpgp.PGPException -> Lb5
                        goto Laf
                    La6:
                        r13 = move-exception
                        r0 = r12
                        r1 = r13
                        r0.addSuppressed(r1)     // Catch: org.bouncycastle.openpgp.PGPException -> Lb5
                    Laf:
                        r0 = r12
                        throw r0     // Catch: org.bouncycastle.openpgp.PGPException -> Lb5
                    Lb2:
                        goto Lc3
                    Lb5:
                        r11 = move-exception
                        java.io.IOException r0 = new java.io.IOException
                        r1 = r0
                        java.lang.String r2 = "unable to generate signature"
                        r3 = r11
                        r1.<init>(r2, r3)
                        throw r0
                    Lc3:
                        return
                    */
                    throw new UnsupportedOperationException("Method not decompiled: ru.r2cloud.apt.GpgSignerBC.AnonymousClass2.save(java.io.OutputStream):void");
                }

                @Override // ru.r2cloud.apt.IOCallback
                public void load(InputStream inputStream) throws IOException {
                }
            });
        } catch (PGPException e) {
            throw new IOException("unable to initialize PGP signer", e);
        }
    }

    private void createDetachedSignatureAndSave(String str, Release release, Transport transport) throws IOException {
        final PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(new JcaPGPContentSignerBuilder(this.pgpSecKey.getPublicKey().getAlgorithm(), this.algorithm).setProvider("BC"));
        try {
            pGPSignatureGenerator.init(0, this.pgpPrivKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            release.save(byteArrayOutputStream);
            byteArrayOutputStream.close();
            pGPSignatureGenerator.update(byteArrayOutputStream.toByteArray());
            transport.save(str, new IOCallback() { // from class: ru.r2cloud.apt.GpgSignerBC.3
                @Override // ru.r2cloud.apt.IOCallback
                public void save(OutputStream outputStream) throws IOException {
                    try {
                        BCPGOutputStream bCPGOutputStream = new BCPGOutputStream(new ArmoredOutputStream(outputStream));
                        try {
                            pGPSignatureGenerator.generate().encode(bCPGOutputStream);
                            bCPGOutputStream.close();
                        } finally {
                        }
                    } catch (PGPException e) {
                        throw new IOException("unable to generate signature", e);
                    }
                }

                @Override // ru.r2cloud.apt.IOCallback
                public void load(InputStream inputStream) throws IOException {
                }
            });
        } catch (PGPException e) {
            throw new IOException("unable to initialize PGP signer", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void processLine(OutputStream outputStream, PGPSignatureGenerator pGPSignatureGenerator, byte[] bArr) throws IOException {
        int lengthWithoutWhiteSpace = getLengthWithoutWhiteSpace(bArr);
        if (lengthWithoutWhiteSpace > 0) {
            pGPSignatureGenerator.update(bArr, 0, lengthWithoutWhiteSpace);
        }
        outputStream.write(bArr, 0, bArr.length);
    }

    private static void processLine(PGPSignature pGPSignature, byte[] bArr) {
        int lengthWithoutWhiteSpace = getLengthWithoutWhiteSpace(bArr);
        if (lengthWithoutWhiteSpace > 0) {
            pGPSignature.update(bArr, 0, lengthWithoutWhiteSpace);
        }
    }

    private static boolean isLineEnding(byte b) {
        return b == 13 || b == 10;
    }

    private static int getLengthWithoutWhiteSpace(byte[] bArr) {
        int length = bArr.length - 1;
        while (length >= 0 && isWhiteSpace(bArr[length])) {
            length--;
        }
        return length + 1;
    }

    private static boolean isWhiteSpace(byte b) {
        return isLineEnding(b) || b == 9 || b == 32;
    }

    private static byte[] getLineSeparator() {
        String lineSeparator = Strings.lineSeparator();
        byte[] bArr = new byte[lineSeparator.length()];
        for (int i = 0; i != bArr.length; i++) {
            bArr[i] = (byte) lineSeparator.charAt(i);
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int readInputLine(ByteArrayOutputStream byteArrayOutputStream, InputStream inputStream) throws IOException {
        int read;
        byteArrayOutputStream.reset();
        int i = -1;
        do {
            read = inputStream.read();
            if (read < 0) {
                break;
            }
            byteArrayOutputStream.write(read);
            if (read == 13) {
                break;
            }
        } while (read != 10);
        i = readPassedEOL(byteArrayOutputStream, read, inputStream);
        return i;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int readInputLine(ByteArrayOutputStream byteArrayOutputStream, int i, InputStream inputStream) throws IOException {
        int read;
        byteArrayOutputStream.reset();
        int i2 = i;
        do {
            byteArrayOutputStream.write(i2);
            if (i2 == 13 || i2 == 10) {
                i = readPassedEOL(byteArrayOutputStream, i2, inputStream);
                break;
            }
            read = inputStream.read();
            i2 = read;
        } while (read >= 0);
        if (i2 < 0) {
            i = -1;
        }
        return i;
    }

    private static int readPassedEOL(ByteArrayOutputStream byteArrayOutputStream, int i, InputStream inputStream) throws IOException {
        int read = inputStream.read();
        if (i == 13 && read == 10) {
            byteArrayOutputStream.write(read);
            read = inputStream.read();
        }
        return read;
    }

    private static int getLengthWithoutSeparatorOrTrailingWhitespace(byte[] bArr) {
        int length = bArr.length - 1;
        while (length >= 0 && isWhiteSpace(bArr[length])) {
            length--;
        }
        return length + 1;
    }

    private static PGPSecretKey readSecretKey(String str, String str2) throws IOException, PGPException {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
        try {
            Iterator keyRings = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(bufferedInputStream), new JcaKeyFingerprintCalculator()).getKeyRings();
            while (keyRings.hasNext()) {
                Iterator secretKeys = ((PGPSecretKeyRing) keyRings.next()).getSecretKeys();
                while (secretKeys.hasNext()) {
                    PGPSecretKey pGPSecretKey = (PGPSecretKey) secretKeys.next();
                    if (pGPSecretKey.isSigningKey() && Long.toHexString(pGPSecretKey.getPublicKey().getKeyID()).endsWith(str2)) {
                        bufferedInputStream.close();
                        return pGPSecretKey;
                    }
                }
            }
            bufferedInputStream.close();
            throw new IllegalArgumentException("Can't find signing key in key ring: " + str2);
        } catch (Throwable th) {
            try {
                bufferedInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static int convertHashAlgorithm(String str) {
        if (str.equals("SHA256")) {
            return 8;
        }
        if (str.equals("SHA384")) {
            return 9;
        }
        if (str.equals("SHA512")) {
            return 10;
        }
        if (str.equals("MD5")) {
            return 1;
        }
        if (str.equals("RIPEMD160")) {
            return 3;
        }
        throw new IllegalArgumentException("unsupported algorithm: " + str);
    }
}
