package net.shibboleth.mvn.enforcer.impl;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.Security;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.NotThreadSafe;
import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import org.slf4j.Logger;

@NotThreadSafe
/* loaded from: input_file:net/shibboleth/mvn/enforcer/impl/GPGKeyRing.class */
public final class GPGKeyRing {

    @Nonnull
    private final Logger log = EnforcerLogger.getLogger(GPGKeyRing.class);

    @Nonnull
    private final PGPPublicKeyRingCollection keyRings;

    /* loaded from: input_file:net/shibboleth/mvn/enforcer/impl/GPGKeyRing$Signature.class */
    public static final class Signature {

        @Nonnull
        private PGPSignature signature;

        @Nonnull
        private String keyId;

        /* JADX INFO: Access modifiers changed from: protected */
        public Signature(@Nonnull InputStream inputStream) throws IOException {
            InputStream decoderStream = PGPUtil.getDecoderStream(inputStream);
            try {
                Object nextObject = new JcaPGPObjectFactory(decoderStream).nextObject();
                if (!(nextObject instanceof PGPSignatureList)) {
                    throw new IOException("Provided file was not a signature");
                }
                this.signature = ((PGPSignatureList) nextObject).get(0);
                if (decoderStream != null) {
                    decoderStream.close();
                }
                this.keyId = String.format("0x%016X", Long.valueOf(this.signature.getKeyID()));
            } catch (Throwable th) {
                if (decoderStream != null) {
                    try {
                        decoderStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }

        protected PGPSignature getSignature() {
            return this.signature;
        }

        public String toString() {
            return this.keyId;
        }
    }

    public GPGKeyRing(File file) throws Exception {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        this.log.debug("Loading keyring for {}", file);
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
        try {
            this.keyRings = new PGPPublicKeyRingCollection(bufferedInputStream, new JcaKeyFingerprintCalculator());
            bufferedInputStream.close();
        } catch (Throwable th) {
            try {
                bufferedInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public GPGKeyRing(ClassLoader classLoader, String str) throws Exception {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        String str2 = "net/shibboleth/mvn/enforcer/data/keyRings/" + str;
        String str3 = str2 + ".gpg";
        InputStream resourceAsStream = classLoader.getResourceAsStream(str3);
        try {
            InputStream resourceAsStream2 = getClass().getResourceAsStream(str3);
            try {
                InputStream resourceAsStream3 = classLoader.getResourceAsStream(str2);
                try {
                    InputStream resourceAsStream4 = getClass().getResourceAsStream(str2);
                    try {
                        if (resourceAsStream != null) {
                            if (resourceAsStream2 != null) {
                                this.log.error("Found keyring for {} on standard path.", str);
                                throw new EnforcerRuleException("Found keyring on standard classpath");
                            }
                            this.log.debug("Loading keyring for {} from classloader.", str);
                            this.keyRings = new PGPPublicKeyRingCollection(resourceAsStream, new JcaKeyFingerprintCalculator());
                        } else {
                            if (resourceAsStream3 == null) {
                                this.log.warn("No keyring or asc file found for {}", str);
                                throw new FileNotFoundException("Could not locate keyring");
                            }
                            if (resourceAsStream4 != null) {
                                this.log.error("Found asc for {} on standard path.", str);
                                throw new EnforcerRuleException("Found keyring on standard classpath");
                            }
                            this.log.debug("Loading asci keys for {} from classloader.", str);
                            this.keyRings = loadRingFromAsc(resourceAsStream3);
                        }
                        if (resourceAsStream4 != null) {
                            resourceAsStream4.close();
                        }
                        if (resourceAsStream3 != null) {
                            resourceAsStream3.close();
                        }
                        if (resourceAsStream2 != null) {
                            resourceAsStream2.close();
                        }
                        if (resourceAsStream != null) {
                            resourceAsStream.close();
                        }
                    } catch (Throwable th) {
                        if (resourceAsStream4 != null) {
                            try {
                                resourceAsStream4.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (resourceAsStream3 != null) {
                        try {
                            resourceAsStream3.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } catch (Throwable th5) {
                if (resourceAsStream2 != null) {
                    try {
                        resourceAsStream2.close();
                    } catch (Throwable th6) {
                        th5.addSuppressed(th6);
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th8) {
                    th7.addSuppressed(th8);
                }
            }
            throw th7;
        }
    }

    @Nonnull
    private static PGPPublicKeyRingCollection loadRingFromAsc(@Nonnull InputStream inputStream) throws IOException {
        InputStream decoderStream = PGPUtil.getDecoderStream(inputStream);
        try {
            ArrayList arrayList = new ArrayList();
            PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(decoderStream, new JcaKeyFingerprintCalculator());
            while (true) {
                Object nextObject = pGPObjectFactory.nextObject();
                Object obj = nextObject;
                if (nextObject == null) {
                    PGPPublicKeyRingCollection pGPPublicKeyRingCollection = new PGPPublicKeyRingCollection(arrayList);
                    if (decoderStream != null) {
                        decoderStream.close();
                    }
                    return pGPPublicKeyRingCollection;
                }
                while (obj instanceof PGPPublicKeyRing) {
                    arrayList.add((PGPPublicKeyRing) obj);
                    obj = pGPObjectFactory.nextObject();
                    if (obj == null) {
                        break;
                    }
                }
                throw new IOException(obj.getClass().getName() + " found where PGPPublicKeyRing expected");
                pGPObjectFactory = new PGPObjectFactory(decoderStream, new JcaKeyFingerprintCalculator());
            }
        } catch (Throwable th) {
            if (decoderStream != null) {
                try {
                    decoderStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getKeyInfo(Signature signature) {
        PGPPublicKeyRing publicKeyRing = this.keyRings.getPublicKeyRing(signature.getSignature().getKeyID());
        if (publicKeyRing == null) {
            this.log.info("Provided key stream did not contain a key for {}", signature);
            return null;
        }
        StringBuilder append = new StringBuilder("KeyId: ").append(signature.toString());
        Iterator publicKeys = publicKeyRing.getPublicKeys();
        HashSet hashSet = new HashSet();
        while (publicKeys.hasNext()) {
            Iterator userIDs = ((PGPPublicKey) publicKeys.next()).getUserIDs();
            while (userIDs.hasNext()) {
                String str = (String) userIDs.next();
                if (hashSet.add(str)) {
                    append.append("\tUsername:\t").append(str);
                }
            }
        }
        return append.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Signature signatureOf(@Nonnull InputStream inputStream) throws IOException {
        return new Signature(inputStream);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean contains(Signature signature) {
        PGPSignature signature2 = signature.getSignature();
        this.log.debug("Looking for key with Id {}", signature);
        return this.keyRings.getPublicKey(signature2.getKeyID()) != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkSignature(InputStream inputStream, Signature signature) throws IOException {
        try {
            PGPSignature signature2 = signature.getSignature();
            signature2.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), this.keyRings.getPublicKey(signature2.getKeyID()));
            byte[] bArr = new byte[1024];
            int read = inputStream.read(bArr);
            while (read > 0) {
                signature2.update(bArr, 0, read);
                read = inputStream.read(bArr);
            }
            boolean verify = signature2.verify();
            if (verify) {
                this.log.debug("Signature Check Succeeded");
            } else {
                this.log.debug("Signature Check Failed");
            }
            return verify;
        } catch (PGPException e) {
            this.log.warn("Error thrown during signature check", e);
            return false;
        }
    }
}
