package org.intellicastle.openpgp.api;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.intellicastle.bcpg.BCPGOutputStream;
import org.intellicastle.bcpg.KeyIdentifier;
import org.intellicastle.bcpg.PacketFormat;
import org.intellicastle.bcpg.S2K;
import org.intellicastle.openpgp.PGPException;
import org.intellicastle.openpgp.PGPKeyPair;
import org.intellicastle.openpgp.PGPKeyValidationException;
import org.intellicastle.openpgp.PGPPrivateKey;
import org.intellicastle.openpgp.PGPSecretKey;
import org.intellicastle.openpgp.PGPSecretKeyRing;
import org.intellicastle.openpgp.api.OpenPGPCertificate;
import org.intellicastle.openpgp.api.exception.KeyPassphraseException;
import org.intellicastle.openpgp.operator.PBESecretKeyDecryptor;
import org.intellicastle.openpgp.operator.PBESecretKeyDecryptorBuilderProvider;
import org.intellicastle.openpgp.operator.PBESecretKeyEncryptor;
import org.intellicastle.openpgp.operator.PBESecretKeyEncryptorFactory;

/* loaded from: input_file:org/intellicastle/openpgp/api/OpenPGPKey.class */
public class OpenPGPKey extends OpenPGPCertificate {
    private final Map<KeyIdentifier, OpenPGPSecretKey> secretKeys;

    /* loaded from: input_file:org/intellicastle/openpgp/api/OpenPGPKey$OpenPGPPrivateKey.class */
    public static class OpenPGPPrivateKey {
        private final OpenPGPSecretKey secretKey;
        private final PGPKeyPair unlockedKey;

        public OpenPGPPrivateKey(OpenPGPSecretKey openPGPSecretKey, PGPKeyPair pGPKeyPair) {
            this.secretKey = openPGPSecretKey;
            this.unlockedKey = pGPKeyPair;
        }

        public OpenPGPCertificate.OpenPGPComponentKey getPublicKey() {
            return this.secretKey.getPublicKey();
        }

        public OpenPGPSecretKey getSecretKey() {
            return this.secretKey;
        }

        public PGPKeyPair getKeyPair() {
            return this.unlockedKey;
        }

        private OpenPGPImplementation getImplementation() {
            return getSecretKey().getOpenPGPKey().implementation;
        }

        public OpenPGPSecretKey changePassphrase(char[] cArr) throws PGPException {
            return changePassphrase(cArr, getImplementation(), !this.secretKey.isLocked() || this.secretKey.getPGPSecretKey().getS2KUsage() == 253);
        }

        public OpenPGPSecretKey changePassphrase(char[] cArr, OpenPGPImplementation openPGPImplementation, boolean z) throws PGPException {
            return changePassphrase(cArr, openPGPImplementation.pbeSecretKeyEncryptorFactory(z));
        }

        public OpenPGPSecretKey changePassphrase(char[] cArr, PBESecretKeyEncryptorFactory pBESecretKeyEncryptorFactory) throws PGPException {
            return changePassphrase((cArr == null || cArr.length == 0) ? null : pBESecretKeyEncryptorFactory.build(cArr, getKeyPair().getPublicKey().getPublicKeyPacket()));
        }

        public OpenPGPSecretKey changePassphrase(PBESecretKeyEncryptor pBESecretKeyEncryptor) throws PGPException {
            OpenPGPSecretKey openPGPSecretKey = new OpenPGPSecretKey(getSecretKey().getPublicKey(), new PGPSecretKey(getKeyPair().getPrivateKey(), getKeyPair().getPublicKey(), getImplementation().pgpDigestCalculatorProvider().get(2), getSecretKey().isPrimaryKey(), pBESecretKeyEncryptor), getImplementation().pbeSecretKeyDecryptorBuilderProvider());
            openPGPSecretKey.sanitizeProtectionMode();
            return openPGPSecretKey;
        }

        public OpenPGPSecretKey removePassphrase() throws PGPException {
            return changePassphrase((PBESecretKeyEncryptor) null);
        }
    }

    /* loaded from: input_file:org/intellicastle/openpgp/api/OpenPGPKey$OpenPGPSecretKey.class */
    public static class OpenPGPSecretKey extends OpenPGPCertificate.OpenPGPComponentKey {
        private final PGPSecretKey rawSecKey;
        private final OpenPGPCertificate.OpenPGPComponentKey pubKey;
        private final PBESecretKeyDecryptorBuilderProvider decryptorBuilderProvider;

        public OpenPGPSecretKey(OpenPGPCertificate.OpenPGPComponentKey openPGPComponentKey, PGPSecretKey pGPSecretKey, PBESecretKeyDecryptorBuilderProvider pBESecretKeyDecryptorBuilderProvider) {
            super(openPGPComponentKey.getPGPPublicKey(), openPGPComponentKey.getCertificate());
            this.decryptorBuilderProvider = pBESecretKeyDecryptorBuilderProvider;
            this.rawSecKey = pGPSecretKey;
            this.pubKey = openPGPComponentKey;
        }

        @Override // org.intellicastle.openpgp.api.OpenPGPCertificate.OpenPGPCertificateComponent
        protected OpenPGPCertificate.OpenPGPCertificateComponent getPublicComponent() {
            return this.pubKey;
        }

        @Override // org.intellicastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey
        public boolean isPrimaryKey() {
            return getPublicKey().isPrimaryKey();
        }

        @Override // org.intellicastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey, org.intellicastle.openpgp.api.OpenPGPCertificate.OpenPGPCertificateComponent
        public OpenPGPCertificate.OpenPGPComponentSignature getLatestSelfSignature(Date date) {
            return getPublicKey().getLatestSelfSignature(date);
        }

        public OpenPGPKey getOpenPGPKey() {
            return (OpenPGPKey) getCertificate();
        }

        @Override // org.intellicastle.openpgp.api.OpenPGPCertificate.OpenPGPCertificateComponent
        public String toDetailString() {
            return "Private" + this.pubKey.toDetailString();
        }

        public PGPSecretKey getPGPSecretKey() {
            return this.rawSecKey;
        }

        public OpenPGPCertificate.OpenPGPComponentKey getPublicKey() {
            return this.pubKey;
        }

        public boolean isLocked() {
            return getPGPSecretKey().getS2KUsage() != 0;
        }

        public OpenPGPPrivateKey unlock() throws PGPException {
            return unlock((char[]) null);
        }

        public OpenPGPPrivateKey unlock(KeyPassphraseProvider keyPassphraseProvider) throws PGPException {
            return !isLocked() ? unlock((char[]) null) : unlock(keyPassphraseProvider.getKeyPassword(this));
        }

        public OpenPGPPrivateKey unlock(char[] cArr) throws PGPException {
            sanitizeProtectionMode();
            PBESecretKeyDecryptor pBESecretKeyDecryptor = null;
            if (cArr != null) {
                try {
                    pBESecretKeyDecryptor = this.decryptorBuilderProvider.provide().build(cArr);
                } catch (PGPException e) {
                    throw new KeyPassphraseException(this, e);
                }
            }
            PGPPrivateKey extractPrivateKey = getPGPSecretKey().extractPrivateKey(pBESecretKeyDecryptor);
            if (extractPrivateKey == null) {
                return null;
            }
            return new OpenPGPPrivateKey(this, new PGPKeyPair(getPGPSecretKey().getPublicKey(), extractPrivateKey));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void sanitizeProtectionMode() throws PGPException {
            if (isLocked()) {
                PGPSecretKey pGPSecretKey = getPGPSecretKey();
                S2K s2k = pGPSecretKey.getS2K();
                if (s2k == null) {
                    throw new PGPKeyValidationException("Legacy CFB using MD5 is not allowed.");
                }
                if (s2k.getType() == 4 && pGPSecretKey.getS2KUsage() != 253) {
                    throw new PGPKeyValidationException("Argon2 without AEAD is not allowed.");
                }
                if (getVersion() == 6) {
                    if (pGPSecretKey.getS2KUsage() == 255) {
                        throw new PGPKeyValidationException("Version 6 keys MUST NOT use malleable CFB.");
                    }
                    if (s2k.getType() == 0) {
                        throw new PGPKeyValidationException("Version 6 keys MUST NOT use SIMPLE S2K.");
                    }
                }
            }
        }

        public boolean isPassphraseCorrect(char[] cArr) {
            if (cArr != null && !isLocked()) {
                return false;
            }
            try {
                return unlock(cArr).unlockedKey != null;
            } catch (PGPException e) {
                return false;
            }
        }
    }

    public OpenPGPKey(PGPSecretKeyRing pGPSecretKeyRing) {
        this(pGPSecretKeyRing, OpenPGPImplementation.getInstance());
    }

    public OpenPGPKey(PGPSecretKeyRing pGPSecretKeyRing, OpenPGPImplementation openPGPImplementation) {
        this(pGPSecretKeyRing, openPGPImplementation, openPGPImplementation.policy());
    }

    public OpenPGPKey(PGPSecretKeyRing pGPSecretKeyRing, OpenPGPImplementation openPGPImplementation, OpenPGPPolicy openPGPPolicy) {
        super(pGPSecretKeyRing, openPGPImplementation, openPGPPolicy);
        this.secretKeys = new HashMap();
        for (OpenPGPCertificate.OpenPGPComponentKey openPGPComponentKey : getKeys()) {
            KeyIdentifier keyIdentifier = openPGPComponentKey.getKeyIdentifier();
            PGPSecretKey secretKey = pGPSecretKeyRing.getSecretKey(keyIdentifier);
            if (secretKey != null) {
                this.secretKeys.put(keyIdentifier, new OpenPGPSecretKey(openPGPComponentKey, secretKey, openPGPImplementation.pbeSecretKeyDecryptorBuilderProvider()));
            }
        }
    }

    @Override // org.intellicastle.openpgp.api.OpenPGPCertificate
    public boolean isSecretKey() {
        return true;
    }

    public OpenPGPCertificate toCertificate() {
        return new OpenPGPCertificate(getPGPPublicKeyRing(), this.implementation, this.policy);
    }

    @Override // org.intellicastle.openpgp.api.OpenPGPCertificate
    public List<OpenPGPCertificate.OpenPGPCertificateComponent> getComponents() {
        OpenPGPSecretKey secretKey;
        List<OpenPGPCertificate.OpenPGPCertificateComponent> components = super.getComponents();
        for (int size = components.size() - 1; size >= 0; size--) {
            OpenPGPCertificate.OpenPGPCertificateComponent openPGPCertificateComponent = components.get(size);
            if ((openPGPCertificateComponent instanceof OpenPGPCertificate.OpenPGPComponentKey) && (secretKey = getSecretKey((OpenPGPCertificate.OpenPGPComponentKey) openPGPCertificateComponent)) != null) {
                components.remove(size);
                components.add(size, secretKey);
            }
        }
        return components;
    }

    public OpenPGPSecretKey getPrimarySecretKey() {
        return getSecretKey(getPrimaryKey());
    }

    public Map<KeyIdentifier, OpenPGPSecretKey> getSecretKeys() {
        return new HashMap(this.secretKeys);
    }

    public OpenPGPSecretKey getSecretKey(KeyIdentifier keyIdentifier) {
        return this.secretKeys.get(keyIdentifier);
    }

    public OpenPGPSecretKey getSecretKey(OpenPGPCertificate.OpenPGPComponentKey openPGPComponentKey) {
        return getSecretKey(openPGPComponentKey.getKeyIdentifier());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void replaceSecretKey(OpenPGPSecretKey openPGPSecretKey) {
        this.keyRing = PGPSecretKeyRing.insertSecretKey((PGPSecretKeyRing) this.keyRing, openPGPSecretKey.rawSecKey);
        this.secretKeys.put(openPGPSecretKey.getKeyIdentifier(), openPGPSecretKey);
    }

    @Override // org.intellicastle.openpgp.api.OpenPGPCertificate
    public PGPSecretKeyRing getPGPKeyRing() {
        return getPGPSecretKeyRing();
    }

    public PGPSecretKeyRing getPGPSecretKeyRing() {
        return (PGPSecretKeyRing) super.getPGPKeyRing();
    }

    @Override // org.intellicastle.openpgp.api.OpenPGPCertificate
    public byte[] getEncoded(PacketFormat packetFormat) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        BCPGOutputStream bCPGOutputStream = new BCPGOutputStream(byteArrayOutputStream, packetFormat);
        getPGPSecretKeyRing().encode(bCPGOutputStream);
        bCPGOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }
}
