package org.apache.camel.converter.crypto;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.camel.CamelContext;
import org.apache.camel.util.IOHelper;
import org.apache.camel.util.ResourceHelper;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-298.zip:modules/system/layers/fuse/org/apache/camel/component/crypto/main/camel-crypto-2.17.0.redhat-630298.jar:org/apache/camel/converter/crypto/PGPDataFormatUtil.class */
public final class PGPDataFormatUtil {
    private static final Logger LOG = LoggerFactory.getLogger(PGPDataFormatUtil.class);

    private PGPDataFormatUtil() {
    }

    @Deprecated
    public static PGPPublicKey findPublicKey(CamelContext camelContext, String str, String str2, boolean z) throws IOException, PGPException, NoSuchProviderException {
        return findPublicKey(camelContext, str, null, str2, z);
    }

    @Deprecated
    public static PGPPublicKey findPublicKey(CamelContext camelContext, String str, byte[] bArr, String str2, boolean z) throws IOException, PGPException, NoSuchProviderException {
        InputStream determineKeyRingInputStream = determineKeyRingInputStream(camelContext, str, bArr, z);
        try {
            List<PGPPublicKey> findPublicKeys = findPublicKeys(determineKeyRingInputStream, (List<String>) Collections.singletonList(str2), z);
            if (findPublicKeys.isEmpty()) {
                return null;
            }
            PGPPublicKey pGPPublicKey = findPublicKeys.get(0);
            IOHelper.close(determineKeyRingInputStream);
            return pGPPublicKey;
        } finally {
            IOHelper.close(determineKeyRingInputStream);
        }
    }

    public static List<PGPPublicKey> findPublicKeys(CamelContext camelContext, String str, byte[] bArr, List<String> list, boolean z) throws IOException, PGPException, NoSuchProviderException {
        InputStream determineKeyRingInputStream = determineKeyRingInputStream(camelContext, str, bArr, z);
        try {
            List<PGPPublicKey> findPublicKeys = findPublicKeys(determineKeyRingInputStream, list, z);
            IOHelper.close(determineKeyRingInputStream);
            return findPublicKeys;
        } catch (Throwable th) {
            IOHelper.close(determineKeyRingInputStream);
            throw th;
        }
    }

    @Deprecated
    public static PGPPublicKey findPublicKeyWithKeyId(CamelContext camelContext, String str, byte[] bArr, long j, boolean z) throws IOException, PGPException, NoSuchProviderException {
        InputStream determineKeyRingInputStream = determineKeyRingInputStream(camelContext, str, bArr, z);
        try {
            PGPPublicKey findPublicKeyWithKeyId = findPublicKeyWithKeyId(determineKeyRingInputStream, j);
            IOHelper.close(determineKeyRingInputStream);
            return findPublicKeyWithKeyId;
        } catch (Throwable th) {
            IOHelper.close(determineKeyRingInputStream);
            throw th;
        }
    }

    public static PGPPublicKeyRingCollection getPublicKeyRingCollection(CamelContext camelContext, String str, byte[] bArr, boolean z) throws IOException, PGPException {
        InputStream determineKeyRingInputStream = determineKeyRingInputStream(camelContext, str, bArr, z);
        try {
            PGPPublicKeyRingCollection pGPPublicKeyRingCollection = new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(determineKeyRingInputStream), new BcKeyFingerprintCalculator());
            IOHelper.close(determineKeyRingInputStream);
            return pGPPublicKeyRingCollection;
        } catch (Throwable th) {
            IOHelper.close(determineKeyRingInputStream);
            throw th;
        }
    }

    public static PGPPrivateKey findPrivateKeyWithKeyId(CamelContext camelContext, String str, byte[] bArr, long j, String str2, PGPPassphraseAccessor pGPPassphraseAccessor, String str3) throws IOException, PGPException, NoSuchProviderException {
        InputStream determineKeyRingInputStream = determineKeyRingInputStream(camelContext, str, bArr, true);
        try {
            PGPPrivateKey findPrivateKeyWithKeyId = findPrivateKeyWithKeyId(determineKeyRingInputStream, j, str2, pGPPassphraseAccessor, str3);
            IOHelper.close(determineKeyRingInputStream);
            return findPrivateKeyWithKeyId;
        } catch (Throwable th) {
            IOHelper.close(determineKeyRingInputStream);
            throw th;
        }
    }

    private static PGPPrivateKey findPrivateKeyWithKeyId(InputStream inputStream, long j, String str, PGPPassphraseAccessor pGPPassphraseAccessor, String str2) throws IOException, PGPException {
        return findPrivateKeyWithkeyId(j, str, pGPPassphraseAccessor, str2, new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(inputStream), new BcKeyFingerprintCalculator()));
    }

    public static PGPPrivateKey findPrivateKeyWithkeyId(long j, String str, PGPPassphraseAccessor pGPPassphraseAccessor, String str2, PGPSecretKeyRingCollection pGPSecretKeyRingCollection) throws PGPException {
        PGPSecretKeyRing pGPSecretKeyRing;
        PGPSecretKey secretKey;
        PGPPrivateKey extractPrivateKey;
        Iterator<PGPSecretKeyRing> keyRings = pGPSecretKeyRingCollection.getKeyRings();
        while (keyRings.hasNext()) {
            PGPSecretKeyRing next = keyRings.next();
            if ((next instanceof PGPSecretKeyRing) && (secretKey = (pGPSecretKeyRing = next).getSecretKey(j)) != null) {
                if (str == null && pGPPassphraseAccessor != null) {
                    Iterator userIDs = pGPSecretKeyRing.getSecretKey().getUserIDs();
                    while (str == null && userIDs.hasNext()) {
                        str = pGPPassphraseAccessor.getPassphrase((String) userIDs.next());
                    }
                }
                if (str != null && (extractPrivateKey = secretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(str2).build(str.toCharArray()))) != null) {
                    return extractPrivateKey;
                }
            }
        }
        return null;
    }

    private static InputStream determineKeyRingInputStream(CamelContext camelContext, String str, byte[] bArr, boolean z) throws IOException {
        if (str == null || bArr == null) {
            return bArr != null ? new ByteArrayInputStream(bArr) : ResourceHelper.resolveMandatoryResourceAsInputStream(camelContext, str);
        }
        throw new IllegalStateException(String.format("Either specify %s file name or key ring byte array. You can not specify both.", z ? "encryption" : "signature"));
    }

    private static PGPPublicKey findPublicKeyWithKeyId(InputStream inputStream, long j) throws IOException, PGPException, NoSuchProviderException {
        return new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(inputStream), new BcKeyFingerprintCalculator()).getPublicKey(j);
    }

    private static List<PGPPublicKey> findPublicKeys(InputStream inputStream, List<String> list, boolean z) throws IOException, PGPException, NoSuchProviderException {
        return findPublicKeys(list, z, new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(inputStream), new BcKeyFingerprintCalculator()));
    }

    public static List<PGPPublicKey> findPublicKeys(List<String> list, boolean z, PGPPublicKeyRingCollection pGPPublicKeyRingCollection) {
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<PGPPublicKeyRing> keyRings = pGPPublicKeyRingCollection.getKeyRings();
        while (keyRings.hasNext()) {
            PGPPublicKeyRing next = keyRings.next();
            PGPPublicKey publicKey = next.getPublicKey();
            String[] findFirstKeyUserIdContainingOneOfTheParts = findFirstKeyUserIdContainingOneOfTheParts(list, publicKey);
            if (findFirstKeyUserIdContainingOneOfTheParts == null) {
                LOG.debug("No User ID found in primary key with key ID {} containing one of the parts {}", Long.valueOf(publicKey.getKeyID()), list);
            } else {
                LOG.debug("User ID {} found in primary key with key ID {} containing one of the parts {}", new Object[]{findFirstKeyUserIdContainingOneOfTheParts[0], Long.valueOf(publicKey.getKeyID()), list});
                Iterator<PGPPublicKey> publicKeys = next.getPublicKeys();
                while (publicKeys.hasNext()) {
                    PGPPublicKey next2 = publicKeys.next();
                    if (z) {
                        if (isEncryptionKey(next2)) {
                            LOG.debug("Public encryption key with key user ID {} and key ID {} added to the encryption keys", findFirstKeyUserIdContainingOneOfTheParts[0], Long.toString(next2.getKeyID()));
                            arrayList.add(next2);
                        }
                    } else if (!z && isSignatureKey(next2)) {
                        arrayList.add(next2);
                        LOG.debug("Public key with key user ID {} and key ID {} added to the signing keys", findFirstKeyUserIdContainingOneOfTheParts[0], Long.toString(next2.getKeyID()));
                    }
                }
            }
        }
        return arrayList;
    }

    private static boolean isEncryptionKey(PGPPublicKey pGPPublicKey) {
        if (!pGPPublicKey.isEncryptionKey()) {
            return false;
        }
        Boolean hasOneOfExpectedKeyFlags = hasOneOfExpectedKeyFlags(pGPPublicKey, new int[]{4, 8});
        if (hasOneOfExpectedKeyFlags == null || hasOneOfExpectedKeyFlags.booleanValue()) {
            return true;
        }
        LOG.debug("Public key with key key ID {} found for specified user ID. But this key will not be used for the encryption, because its key flags are not encryption key flags.", Long.toString(pGPPublicKey.getKeyID()));
        return false;
    }

    private static String[] findFirstKeyUserIdContainingOneOfTheParts(List<String> list, PGPPublicKey pGPPublicKey) {
        String[] strArr = null;
        Iterator userIDs = pGPPublicKey.getUserIDs();
        while (userIDs.hasNext()) {
            String str = (String) userIDs.next();
            for (String str2 : list) {
                if (str.contains(str2)) {
                    strArr = new String[]{str, str2};
                }
            }
        }
        return strArr;
    }

    private static boolean isSignatureKey(PGPPublicKey pGPPublicKey) {
        int algorithm = pGPPublicKey.getAlgorithm();
        return algorithm == 1 || algorithm == 3 || algorithm == 17 || algorithm == 19 || algorithm == 20;
    }

    @Deprecated
    public static PGPPrivateKey findPrivateKey(CamelContext camelContext, String str, InputStream inputStream, String str2) throws IOException, PGPException, NoSuchProviderException {
        return findPrivateKey(camelContext, str, null, inputStream, str2, BouncyCastleProvider.PROVIDER_NAME);
    }

    @Deprecated
    public static PGPPrivateKey findPrivateKey(CamelContext camelContext, String str, byte[] bArr, InputStream inputStream, String str2, String str3) throws IOException, PGPException, NoSuchProviderException {
        return findPrivateKey(camelContext, str, bArr, inputStream, str2, null, str3);
    }

    @Deprecated
    public static PGPPrivateKey findPrivateKey(CamelContext camelContext, String str, byte[] bArr, InputStream inputStream, String str2, PGPPassphraseAccessor pGPPassphraseAccessor, String str3) throws IOException, PGPException, NoSuchProviderException {
        InputStream determineKeyRingInputStream = determineKeyRingInputStream(camelContext, str, bArr, true);
        try {
            PGPPrivateKey findPrivateKey = findPrivateKey(determineKeyRingInputStream, inputStream, str2, pGPPassphraseAccessor, str3);
            IOHelper.close(determineKeyRingInputStream);
            return findPrivateKey;
        } catch (Throwable th) {
            IOHelper.close(determineKeyRingInputStream);
            throw th;
        }
    }

    @Deprecated
    private static PGPPrivateKey findPrivateKey(InputStream inputStream, InputStream inputStream2, String str, PGPPassphraseAccessor pGPPassphraseAccessor, String str2) throws IOException, PGPException, NoSuchProviderException {
        PGPSecretKeyRingCollection pGPSecretKeyRingCollection = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(inputStream), new BcKeyFingerprintCalculator());
        PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(PGPUtil.getDecoderStream(inputStream2), new BcKeyFingerprintCalculator());
        Object nextObject = pGPObjectFactory.nextObject();
        if (nextObject == null) {
            throw new PGPException("Provided input is not encrypted.");
        }
        PGPEncryptedDataList pGPEncryptedDataList = nextObject instanceof PGPEncryptedDataList ? (PGPEncryptedDataList) nextObject : (PGPEncryptedDataList) pGPObjectFactory.nextObject();
        inputStream2.reset();
        Iterator encryptedDataObjects = pGPEncryptedDataList.getEncryptedDataObjects();
        PGPPrivateKey pGPPrivateKey = null;
        PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData = null;
        while (pGPPrivateKey == null && encryptedDataObjects.hasNext()) {
            pGPPublicKeyEncryptedData = (PGPPublicKeyEncryptedData) encryptedDataObjects.next();
            PGPSecretKey secretKey = pGPSecretKeyRingCollection.getSecretKey(pGPPublicKeyEncryptedData.getKeyID());
            if (secretKey != null) {
                if (str == null && pGPPassphraseAccessor != null) {
                    Iterator userIDs = secretKey.getUserIDs();
                    while (str == null && userIDs.hasNext()) {
                        str = pGPPassphraseAccessor.getPassphrase((String) userIDs.next());
                    }
                }
                pGPPrivateKey = secretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(str2).build(str.toCharArray()));
            }
        }
        if (pGPPrivateKey != null || pGPSecretKeyRingCollection.size() <= 0 || pGPPublicKeyEncryptedData == null) {
            return pGPPrivateKey;
        }
        throw new PGPException("Provided input is encrypted with unknown pair of keys.");
    }

    @Deprecated
    public static PGPSecretKey findSecretKey(CamelContext camelContext, String str, String str2) throws IOException, PGPException, NoSuchProviderException {
        return findSecretKey(camelContext, str, null, str2, BouncyCastleProvider.PROVIDER_NAME);
    }

    @Deprecated
    public static PGPSecretKey findSecretKey(CamelContext camelContext, String str, byte[] bArr, String str2, String str3, String str4) throws IOException, PGPException, NoSuchProviderException {
        InputStream determineKeyRingInputStream = determineKeyRingInputStream(camelContext, str, bArr, false);
        try {
            List<PGPSecretKeyAndPrivateKeyAndUserId> findSecretKeysWithPrivateKeyAndUserId = findSecretKeysWithPrivateKeyAndUserId(determineKeyRingInputStream, (Map<String, String>) Collections.singletonMap(str3, str2), str4);
            if (findSecretKeysWithPrivateKeyAndUserId.isEmpty()) {
                return null;
            }
            PGPSecretKey secretKey = findSecretKeysWithPrivateKeyAndUserId.get(0).getSecretKey();
            IOHelper.close(determineKeyRingInputStream);
            return secretKey;
        } finally {
            IOHelper.close(determineKeyRingInputStream);
        }
    }

    public static List<PGPSecretKeyAndPrivateKeyAndUserId> findSecretKeysWithPrivateKeyAndUserId(CamelContext camelContext, String str, byte[] bArr, Map<String, String> map, String str2) throws IOException, PGPException, NoSuchProviderException {
        InputStream determineKeyRingInputStream = determineKeyRingInputStream(camelContext, str, bArr, false);
        try {
            List<PGPSecretKeyAndPrivateKeyAndUserId> findSecretKeysWithPrivateKeyAndUserId = findSecretKeysWithPrivateKeyAndUserId(determineKeyRingInputStream, map, str2);
            IOHelper.close(determineKeyRingInputStream);
            return findSecretKeysWithPrivateKeyAndUserId;
        } catch (Throwable th) {
            IOHelper.close(determineKeyRingInputStream);
            throw th;
        }
    }

    @Deprecated
    public static PGPSecretKey findSecretKey(CamelContext camelContext, String str, byte[] bArr, String str2, String str3) throws IOException, PGPException, NoSuchProviderException {
        return findSecretKey(camelContext, str, bArr, str2, null, str3);
    }

    private static List<PGPSecretKeyAndPrivateKeyAndUserId> findSecretKeysWithPrivateKeyAndUserId(InputStream inputStream, Map<String, String> map, String str) throws IOException, PGPException, NoSuchProviderException {
        return findSecretKeysWithPrivateKeyAndUserId(map, str, new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(inputStream), new BcKeyFingerprintCalculator()));
    }

    public static List<PGPSecretKeyAndPrivateKeyAndUserId> findSecretKeysWithPrivateKeyAndUserId(Map<String, String> map, String str, PGPSecretKeyRingCollection pGPSecretKeyRingCollection) throws PGPException {
        PGPPrivateKey extractPrivateKey;
        ArrayList arrayList = new ArrayList(map.size());
        Iterator<PGPSecretKeyRing> keyRings = pGPSecretKeyRingCollection.getKeyRings();
        while (keyRings.hasNext()) {
            PGPSecretKeyRing next = keyRings.next();
            if (next instanceof PGPSecretKeyRing) {
                PGPSecretKeyRing pGPSecretKeyRing = next;
                PGPSecretKey secretKey = pGPSecretKeyRing.getSecretKey();
                ArrayList arrayList2 = new ArrayList(map.keySet());
                String[] findFirstKeyUserIdContainingOneOfTheParts = findFirstKeyUserIdContainingOneOfTheParts(arrayList2, secretKey.getPublicKey());
                if (findFirstKeyUserIdContainingOneOfTheParts == null) {
                    LOG.debug("No User ID found in primary key with key ID {} containing one of the parts {}", Long.valueOf(secretKey.getKeyID()), arrayList2);
                } else {
                    LOG.debug("User ID {} found in primary key with key ID {} containing one of the parts {}", new Object[]{findFirstKeyUserIdContainingOneOfTheParts[0], Long.valueOf(secretKey.getKeyID()), arrayList2});
                    Iterator<PGPSecretKey> secretKeys = pGPSecretKeyRing.getSecretKeys();
                    while (secretKeys.hasNext()) {
                        PGPSecretKey next2 = secretKeys.next();
                        if (isSigningKey(next2) && (extractPrivateKey = next2.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(str).build(map.get(findFirstKeyUserIdContainingOneOfTheParts[1]).toCharArray()))) != null) {
                            arrayList.add(new PGPSecretKeyAndPrivateKeyAndUserId(next2, extractPrivateKey, findFirstKeyUserIdContainingOneOfTheParts[0]));
                            LOG.debug("Private key with user ID {} and key ID {} added to the signing keys", findFirstKeyUserIdContainingOneOfTheParts[0], Long.toString(extractPrivateKey.getKeyID()));
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    private static boolean isSigningKey(PGPSecretKey pGPSecretKey) {
        if (!pGPSecretKey.isSigningKey()) {
            return false;
        }
        Boolean hasOneOfExpectedKeyFlags = hasOneOfExpectedKeyFlags(pGPSecretKey.getPublicKey(), new int[]{2});
        if (hasOneOfExpectedKeyFlags == null || hasOneOfExpectedKeyFlags.booleanValue()) {
            return true;
        }
        LOG.debug("Secret key with key ID {} found for specified user ID part. But this key will not be used for signing because of its key flags.", Long.toString(pGPSecretKey.getKeyID()));
        return false;
    }

    private static Boolean hasOneOfExpectedKeyFlags(PGPPublicKey pGPPublicKey, int[] iArr) {
        boolean z = false;
        Iterator signatures = pGPPublicKey.getSignatures();
        while (signatures.hasNext()) {
            PGPSignatureSubpacketVector hashedSubPackets = ((PGPSignature) signatures.next()).getHashedSubPackets();
            if (hashedSubPackets != null) {
                int keyFlags = hashedSubPackets.getKeyFlags();
                if (keyFlags > 0 && !z) {
                    z = true;
                }
                for (int i : iArr) {
                    if ((keyFlags & i) == i) {
                        return Boolean.TRUE;
                    }
                }
            }
        }
        if (z) {
            return Boolean.FALSE;
        }
        return null;
    }

    public static PGPPublicKey getPublicKeyWithKeyIdAndUserID(long j, List<String> list, PGPPublicKeyRingCollection pGPPublicKeyRingCollection) throws PGPException {
        PGPPublicKeyRing publicKeyRing = pGPPublicKeyRingCollection.getPublicKeyRing(j);
        if (publicKeyRing == null) {
            LOG.debug("No public key found for key ID {}.", Long.toString(j));
            return null;
        }
        if (isAllowedKey(list, publicKeyRing.getPublicKey().getUserIDs())) {
            return publicKeyRing.getPublicKey(j);
        }
        return null;
    }

    private static boolean isAllowedKey(List<String> list, Iterator<String> it) {
        if (list == null || list.isEmpty()) {
            return true;
        }
        String str = null;
        while (it.hasNext()) {
            str = it.next();
            for (String str2 : list) {
                if (str != null && str.contains(str2)) {
                    LOG.debug("Public key with  user ID {} fulfills the User ID restriction.", str, list);
                    return true;
                }
            }
        }
        LOG.warn("Public key with User ID {} does not fulfill the User ID restriction.", str, list);
        return false;
    }
}
