package org.jfrog.security.crypto.signing.gpg;

import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.NoSuchProviderException;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider;
import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
import org.iostreams.streams.in.StringInputStream;
import org.jfrog.security.util.BCProviderFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jfrog/security/crypto/signing/gpg/GpgSigner.class */
public class GpgSigner {
    private static final Logger log = LoggerFactory.getLogger(GpgSigner.class);

    public static String signFile(String str, String str2, InputStream inputStream) throws Exception {
        try {
            try {
                PGPSignatureGenerator pgpSignatureGenerator = getPgpSignatureGenerator(str, str2, inputStream);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                writeSignatureToStream(pgpSignatureGenerator, byteArrayOutputStream);
                byteArrayOutputStream.close();
                String str3 = new String(byteArrayOutputStream.toByteArray(), "UTF-8");
                IOUtils.closeQuietly(inputStream);
                return str3;
            } catch (Exception e) {
                throw new PGPException("Fail to sign file, please verify that there is match between the private key and the passphrase.", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    public static void signContentAndWriteToOutputStream(OutputStream outputStream, String str, String str2, InputStream inputStream) throws Exception {
        try {
            try {
                writeSignatureToStream(getPgpSignatureGenerator(str, str2, inputStream), outputStream);
                IOUtils.closeQuietly(inputStream);
            } catch (Exception e) {
                throw new PGPException("Fail to sign file, please verify that there is match between the private key and the passphrase.", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    private static void writeSignatureToStream(PGPSignatureGenerator pGPSignatureGenerator, OutputStream outputStream) throws PGPException, IOException {
        ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(outputStream);
        armoredOutputStream.endClearText();
        PGPSignature generate = pGPSignatureGenerator.generate();
        BCPGOutputStream bCPGOutputStream = new BCPGOutputStream(armoredOutputStream);
        generate.encode(bCPGOutputStream);
        armoredOutputStream.close();
        bCPGOutputStream.close();
    }

    private static PGPSignatureGenerator getPgpSignatureGenerator(String str, String str2, InputStream inputStream) throws IOException, PGPException, NoSuchProviderException {
        PGPSecretKey findSecretGPGKey = PGPKeyParser.findSecretGPGKey(str.getBytes());
        PGPPrivateKey extractPrivateKey = findSecretGPGKey.extractPrivateKey(new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(str2.toCharArray()));
        PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(new BcPGPContentSignerBuilder(findSecretGPGKey.getPublicKey().getAlgorithm(), 8));
        pGPSignatureGenerator.init(0, extractPrivateKey);
        byte[] bArr = new byte[4096];
        while (true) {
            int read = inputStream.read(bArr);
            if (read < 0) {
                return pGPSignatureGenerator;
            }
            pGPSignatureGenerator.update(bArr, 0, read);
        }
    }

    public static boolean verifyFile(String str, String str2, InputStream inputStream) throws Exception {
        try {
            try {
                StringInputStream stringInputStream = new StringInputStream(str);
                InputStream decoderStream = PGPUtil.getDecoderStream(new StringInputStream(str2));
                BcKeyFingerprintCalculator bcKeyFingerprintCalculator = new BcKeyFingerprintCalculator();
                Object nextObject = new PGPObjectFactory(decoderStream, bcKeyFingerprintCalculator).nextObject();
                PGPSignatureList pGPSignatureList = nextObject instanceof PGPCompressedData ? (PGPSignatureList) new PGPObjectFactory(((PGPCompressedData) nextObject).getDataStream(), bcKeyFingerprintCalculator).nextObject() : (PGPSignatureList) nextObject;
                PGPPublicKeyRingCollection pGPPublicKeyRingCollection = new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(stringInputStream), bcKeyFingerprintCalculator);
                BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
                PGPSignature pGPSignature = pGPSignatureList.get(0);
                pGPSignature.init(new BcPGPContentVerifierBuilderProvider(), pGPPublicKeyRingCollection.getPublicKey(pGPSignature.getKeyID()));
                byte[] bArr = new byte[4096];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read < 0) {
                        bufferedInputStream.close();
                        stringInputStream.close();
                        decoderStream.close();
                        boolean verify = pGPSignature.verify();
                        IOUtils.closeQuietly(inputStream);
                        return verify;
                    }
                    pGPSignature.update(bArr, 0, read);
                }
            } catch (Exception e) {
                throw new PGPException("Fail to verify file, please verify that there is match between the public key, signature and the file.", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    public static boolean verifyPrivateKey(String str) throws Exception {
        try {
            PGPKeyParser.findSecretGPGKey(str.getBytes());
            return true;
        } catch (Exception e) {
            log.info("Fail to verify private pgp: {}", str, e);
            return true;
        }
    }

    public static boolean verifyPublicKey(String str) throws Exception {
        try {
            StringInputStream stringInputStream = new StringInputStream(str);
            return new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(stringInputStream), new BcKeyFingerprintCalculator()).getKeyRings().hasNext();
        } catch (Exception e) {
            log.info("Fail to verify public pgp: {}", str, e);
            return true;
        }
    }

    static {
        BCProviderFactory.getProvider();
    }
}
