package org.pgpainless.signature.consumer;

import androidx.constraintlayout.solver.PriorityGoalRow;
import androidx.core.view.MenuHostHelper;
import androidx.room.AutoCloser;
import j$.util.concurrent.ConcurrentHashMap;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import kotlin.TuplesKt;
import org.bouncycastle.bcpg.sig.KeyFlags;
import org.bouncycastle.bcpg.sig.SignerUserID;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.util.Strings;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SignatureSubpacket;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.key.util.KeyRingUtils;
import org.pgpainless.policy.Policy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import rs.ltt.android.util.Touch;

/* loaded from: classes.dex */
public abstract class CertificateValidator {
    public static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CertificateValidator.class);

    public static void validateCertificate(PGPSignature pGPSignature, PGPPublicKeyRing pGPPublicKeyRing, Policy policy) {
        Logger logger;
        KeyFlags keyFlags;
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        long determineIssuerKeyId = AutoCloser.determineIssuerKeyId(pGPSignature);
        PGPPublicKey publicKey = pGPPublicKeyRing.getPublicKey(determineIssuerKeyId);
        if (publicKey == null) {
            throw new Exception("Provided key ring does not contain a subkey with id " + Long.toHexString(determineIssuerKeyId));
        }
        PGPPublicKey publicKey2 = pGPPublicKeyRing.getPublicKey();
        ArrayList arrayList = new ArrayList();
        SignatureType signatureType = SignatureType.BINARY_DOCUMENT;
        Iterator signaturesOfType = publicKey2.getSignaturesOfType(32);
        while (true) {
            boolean hasNext = signaturesOfType.hasNext();
            logger = LOGGER;
            if (!hasNext) {
                break;
            }
            PGPSignature pGPSignature2 = (PGPSignature) signaturesOfType.next();
            if (pGPSignature2.sigPck.keyID == publicKey2.keyID) {
                try {
                    Touch.verifyKeyRevocationSignature(pGPSignature2, publicKey2, policy, pGPSignature.getCreationTime());
                    arrayList.add(pGPSignature2);
                } catch (SignatureValidationException e) {
                    concurrentHashMap.put(pGPSignature2, e);
                    logger.debug("Rejecting key revocation signature: {}", e.getMessage(), e);
                }
            }
        }
        SignatureType signatureType2 = SignatureType.BINARY_DOCUMENT;
        Iterator signaturesOfType2 = publicKey2.getSignaturesOfType(31);
        while (signaturesOfType2.hasNext()) {
            PGPSignature pGPSignature3 = (PGPSignature) signaturesOfType2.next();
            if (pGPSignature3.sigPck.keyID == publicKey2.keyID) {
                try {
                    Date creationTime = pGPSignature.getCreationTime();
                    TuplesKt.signatureIsOfType(SignatureType.DIRECT_KEY).verify(pGPSignature3);
                    TuplesKt.signatureStructureIsAcceptable(publicKey2, policy).verify(pGPSignature3);
                    TuplesKt.signatureDoesNotPredateKeyCreation(publicKey2).verify(pGPSignature3);
                    TuplesKt.signatureIsEffective(creationTime).verify(pGPSignature3);
                    new SignatureValidator$15(publicKey2, publicKey2, 2).verify(pGPSignature3);
                    arrayList.add(pGPSignature3);
                } catch (SignatureValidationException e2) {
                    concurrentHashMap.put(pGPSignature3, e2);
                    logger.debug("Rejecting key signature: {}", e2.getMessage(), e2);
                }
            }
        }
        Collections.sort(arrayList, new PriorityGoalRow.AnonymousClass1());
        if (!arrayList.isEmpty()) {
            int i = ((PGPSignature) arrayList.get(0)).sigPck.signatureType;
            SignatureType signatureType3 = SignatureType.BINARY_DOCUMENT;
            if (i == 32) {
                throw new Exception("Primary key has been revoked.");
            }
        }
        ArrayList userIdsIgnoringInvalidUTF8 = KeyRingUtils.getUserIdsIgnoringInvalidUTF8(publicKey2);
        ConcurrentHashMap concurrentHashMap2 = new ConcurrentHashMap();
        Iterator it = userIdsIgnoringInvalidUTF8.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            ArrayList arrayList2 = new ArrayList();
            Iterator signaturesForID = publicKey2.getSignaturesForID(str);
            while (signaturesForID.hasNext()) {
                PGPSignature pGPSignature4 = (PGPSignature) signaturesForID.next();
                ArrayList arrayList3 = arrayList;
                PGPPublicKey pGPPublicKey = publicKey;
                if (pGPSignature4.sigPck.keyID == publicKey2.keyID) {
                    try {
                        Touch.verifySignatureOverUserId(str, pGPSignature4, publicKey2, policy, pGPSignature.getCreationTime());
                        arrayList2.add(pGPSignature4);
                    } catch (SignatureValidationException e3) {
                        concurrentHashMap.put(pGPSignature4, e3);
                        logger.debug("Rejecting user-id signature: {}", e3.getMessage(), e3);
                    }
                }
                publicKey = pGPPublicKey;
                arrayList = arrayList3;
            }
            Collections.sort(arrayList2, new PriorityGoalRow.AnonymousClass1());
            concurrentHashMap2.put(str, arrayList2);
        }
        ArrayList arrayList4 = arrayList;
        PGPPublicKey pGPPublicKey2 = publicKey;
        boolean z = !concurrentHashMap2.keySet().isEmpty();
        boolean z2 = false;
        for (String str2 : concurrentHashMap2.keySet()) {
            if (!((List) concurrentHashMap2.get(str2)).isEmpty()) {
                int i2 = ((PGPSignature) ((List) concurrentHashMap2.get(str2)).get(0)).sigPck.signatureType;
                SignatureType signatureType4 = SignatureType.BINARY_DOCUMENT;
                if (i2 == 48) {
                    logger.debug("User-ID '{}' is revoked.", str2);
                } else {
                    z2 = true;
                }
            }
        }
        if (z && !z2) {
            throw new SignatureValidationException("No valid user-id found.", concurrentHashMap);
        }
        SignerUserID signerUserID = (SignerUserID) Touch.getSignatureSubpacket(pGPSignature.getHashedSubPackets(), SignatureSubpacket.signerUserId);
        if (signerUserID != null && policy.signerUserIdValidationLevel == 1) {
            byte[] bArr = signerUserID.data;
            List list = (List) concurrentHashMap2.get(Strings.fromUTF8ByteArray(bArr));
            if (list == null || list.isEmpty()) {
                throw new Exception("Signature was allegedly made by user-id '" + Strings.fromUTF8ByteArray(bArr) + "' but we have no valid signatures for that on the certificate.");
            }
            int i3 = ((PGPSignature) list.get(0)).sigPck.signatureType;
            SignatureType signatureType5 = SignatureType.BINARY_DOCUMENT;
            if (i3 == 48) {
                throw new Exception("Signature was made with user-id '" + Strings.fromUTF8ByteArray(bArr) + "' which is revoked.");
            }
        }
        KeyFlag keyFlag = KeyFlag.SIGN_DATA;
        if (pGPPublicKey2 == publicKey2) {
            if (arrayList4.isEmpty() || (keyFlags = Touch.getKeyFlags((PGPSignature) arrayList4.get(0))) == null) {
                return;
            }
            keyFlags.getFlags();
            return;
        }
        ArrayList arrayList5 = new ArrayList();
        SignatureType signatureType6 = SignatureType.BINARY_DOCUMENT;
        Iterator signaturesOfType3 = pGPPublicKey2.getSignaturesOfType(40);
        while (signaturesOfType3.hasNext()) {
            PGPSignature pGPSignature5 = (PGPSignature) signaturesOfType3.next();
            Iterator it2 = signaturesOfType3;
            if (pGPSignature5.sigPck.keyID == publicKey2.keyID) {
                try {
                    Touch.verifySubkeyBindingRevocation(pGPSignature5, publicKey2, pGPPublicKey2, policy, pGPSignature.getCreationTime());
                    arrayList5.add(pGPSignature5);
                } catch (SignatureValidationException e4) {
                    concurrentHashMap.put(pGPSignature5, e4);
                    logger.debug("Rejecting subkey revocation signature: {}", e4.getMessage(), e4);
                }
            }
            signaturesOfType3 = it2;
        }
        SignatureType signatureType7 = SignatureType.BINARY_DOCUMENT;
        Iterator signaturesOfType4 = pGPPublicKey2.getSignaturesOfType(24);
        while (signaturesOfType4.hasNext()) {
            PGPSignature pGPSignature6 = (PGPSignature) signaturesOfType4.next();
            try {
                Touch.verifySubkeyBindingSignature(pGPSignature6, publicKey2, pGPPublicKey2, policy, pGPSignature.getCreationTime());
                arrayList5.add(pGPSignature6);
            } catch (SignatureValidationException e5) {
                concurrentHashMap.put(pGPSignature6, e5);
                logger.debug("Rejecting subkey binding signature: {}", e5.getMessage(), e5);
            }
        }
        Collections.sort(arrayList5, new PriorityGoalRow.AnonymousClass1());
        if (arrayList5.isEmpty()) {
            throw new SignatureValidationException("Subkey is not bound.", concurrentHashMap);
        }
        PGPSignature pGPSignature7 = (PGPSignature) arrayList5.get(0);
        int i4 = pGPSignature7.sigPck.signatureType;
        SignatureType signatureType8 = SignatureType.BINARY_DOCUMENT;
        if (i4 == 40) {
            throw new Exception("Subkey is revoked.");
        }
        KeyFlags keyFlags2 = Touch.getKeyFlags(pGPSignature7);
        if (keyFlags2 != null) {
            if (!KeyFlag.hasKeyFlag(keyFlags2.getFlags(), keyFlag)) {
                throw new Exception("Signature was made by key which is not capable of signing (no SIGN flag on binding sig).");
            }
        } else {
            if (arrayList4.isEmpty()) {
                throw new Exception("Signature was made by key which is not capable of signing (no keyflags on binding sig, no direct-key sig).");
            }
            KeyFlags keyFlags3 = Touch.getKeyFlags((PGPSignature) arrayList4.get(0));
            if (keyFlags3 == null || !KeyFlag.hasKeyFlag(keyFlags3.getFlags(), keyFlag)) {
                throw new Exception("Signature was made by key which is not capable of signing (no keyflags on binding sig, no SIGN flag on direct-key sig).");
            }
        }
    }

    public static void validateCertificateAndVerifyInitializedSignature(PGPSignature pGPSignature, PGPPublicKeyRing pGPPublicKeyRing, Policy policy) {
        validateCertificate(pGPSignature, pGPPublicKeyRing, policy);
        PGPPublicKey publicKey = pGPPublicKeyRing.getPublicKey(AutoCloser.determineIssuerKeyId(pGPSignature));
        Date creationTime = pGPSignature.getCreationTime();
        TuplesKt.wasPossiblyMadeByKey(publicKey).verify(pGPSignature);
        TuplesKt.signatureStructureIsAcceptable(publicKey, policy).verify(pGPSignature);
        TuplesKt.signatureIsEffective(creationTime).verify(pGPSignature);
        try {
            try {
                pGPSignature.sigOut.write(pGPSignature.sigPck.getSignatureTrailer());
                pGPSignature.sigOut.close();
                MenuHostHelper menuHostHelper = pGPSignature.verifier;
                if (!((Signer) menuHostHelper.mMenuProviders).verifySignature(pGPSignature.getSignature())) {
                    throw new Exception("Signature is not correct.");
                }
            } catch (IOException e) {
                throw new PGPException(e.getMessage(), e);
            }
        } catch (PGPException e2) {
            throw new PGPException("Could not verify signature correctness.", e2);
        }
    }

    public static void validateCertificateAndVerifyOnePassSignature(OnePassSignatureCheck onePassSignatureCheck, Policy policy) {
        PGPSignature pGPSignature = onePassSignatureCheck.signature;
        PGPPublicKeyRing pGPPublicKeyRing = onePassSignatureCheck.verificationKeys;
        validateCertificate(pGPSignature, pGPPublicKeyRing, policy);
        PGPPublicKey publicKey = pGPPublicKeyRing.getPublicKey(pGPSignature.sigPck.keyID);
        try {
            TuplesKt.wasPossiblyMadeByKey(publicKey).verify(pGPSignature);
            TuplesKt.signatureStructureIsAcceptable(publicKey, policy).verify(pGPSignature);
            TuplesKt.signatureIsEffective(new Date()).verify(pGPSignature);
            try {
                if (onePassSignatureCheck.signature == null) {
                    throw new IllegalStateException("No comparison signature provided.");
                }
                if (onePassSignatureCheck.onePassSignature.verify(pGPSignature)) {
                    return;
                }
                throw new Exception("Bad signature of key " + Long.toHexString(publicKey.keyID));
            } catch (PGPException e) {
                throw new PGPException("Could not verify correctness of One-Pass-Signature: " + e.getMessage(), e);
            }
        } catch (SignatureValidationException e2) {
            throw new PGPException("Signature is not valid: " + e2.getMessage(), e2);
        }
    }
}
