package org.sufficientlysecure.keychain.pgp;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.SignatureException;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPOnePassSignature;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import org.openintents.openpgp.OpenPgpSignatureResult;
import org.sufficientlysecure.keychain.daos.KeyRepository;
import org.sufficientlysecure.keychain.operations.results.OperationResult;
import org.sufficientlysecure.keychain.pgp.DecryptVerifySecurityProblem;
import org.sufficientlysecure.keychain.pgp.SecurityProblem;
import timber.log.Timber;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class PgpSignatureChecker {
    private KeyRepository mKeyRepository;
    private PGPOnePassSignature onePassSignature;
    private final DecryptVerifySecurityProblem.DecryptVerifySecurityProblemBuilder securityProblemBuilder;
    private PGPSignature signature;
    private int signatureIndex;
    private final OpenPgpSignatureResultBuilder signatureResultBuilder;
    private CanonicalizedPublicKey signingKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PgpSignatureChecker(KeyRepository keyRepository, String str, DecryptVerifySecurityProblem.DecryptVerifySecurityProblemBuilder decryptVerifySecurityProblemBuilder) {
        this.mKeyRepository = keyRepository;
        OpenPgpSignatureResultBuilder openPgpSignatureResultBuilder = new OpenPgpSignatureResultBuilder(keyRepository);
        this.signatureResultBuilder = openPgpSignatureResultBuilder;
        openPgpSignatureResultBuilder.setSenderAddress(str);
        this.securityProblemBuilder = decryptVerifySecurityProblemBuilder;
    }

    private void checkKeySecurity(OperationResult.OperationLog operationLog, int i2) {
        SecurityProblem.KeySecurityProblem checkForSecurityProblems = PgpSecurityConstants.checkForSecurityProblems(this.signingKey);
        if (checkForSecurityProblems != null) {
            operationLog.add(OperationResult.LogType.MSG_DC_INSECURE_KEY, i2 + 1);
            this.securityProblemBuilder.addSigningKeyProblem(checkForSecurityProblems);
            this.signatureResultBuilder.setInsecure(true);
        }
    }

    private void findAvailableSignature(PGPOnePassSignatureList pGPOnePassSignatureList) {
        for (int i2 = 0; i2 < pGPOnePassSignatureList.size(); i2++) {
            try {
                long keyID = pGPOnePassSignatureList.get(i2).getKeyID();
                Long masterKeyIdBySubkeyId = this.mKeyRepository.getMasterKeyIdBySubkeyId(keyID);
                if (masterKeyIdBySubkeyId != null) {
                    CanonicalizedPublicKey publicKey = this.mKeyRepository.getCanonicalizedPublicKeyRing(masterKeyIdBySubkeyId.longValue()).getPublicKey(keyID);
                    if (publicKey.canSign()) {
                        this.signatureIndex = i2;
                        this.signingKey = publicKey;
                        this.onePassSignature = pGPOnePassSignatureList.get(i2);
                        return;
                    }
                }
            } catch (KeyRepository.NotFoundException unused) {
                Timber.d("key not found, trying next signature...", new Object[0]);
            }
        }
    }

    private void findAvailableSignature(PGPSignatureList pGPSignatureList) {
        for (int i2 = 0; i2 < pGPSignatureList.size(); i2++) {
            try {
                long keyID = pGPSignatureList.get(i2).getKeyID();
                Long masterKeyIdBySubkeyId = this.mKeyRepository.getMasterKeyIdBySubkeyId(keyID);
                if (masterKeyIdBySubkeyId != null) {
                    CanonicalizedPublicKey publicKey = this.mKeyRepository.getCanonicalizedPublicKeyRing(masterKeyIdBySubkeyId.longValue()).getPublicKey(keyID);
                    if (publicKey.canSign()) {
                        this.signatureIndex = i2;
                        this.signingKey = publicKey;
                        this.signature = pGPSignatureList.get(i2);
                        return;
                    }
                }
            } catch (KeyRepository.NotFoundException unused) {
                Timber.d("key not found, trying next signature...", new Object[0]);
            }
        }
    }

    private static int getLengthWithoutWhiteSpace(byte[] bArr) {
        int length = bArr.length - 1;
        while (length >= 0 && isWhiteSpace(bArr[length])) {
            length--;
        }
        return length + 1;
    }

    private static boolean isWhiteSpace(byte b2) {
        return b2 == 13 || b2 == 10 || b2 == 9 || b2 == 32;
    }

    private static void processLine(PGPSignature pGPSignature, byte[] bArr) throws SignatureException {
        int lengthWithoutWhiteSpace = getLengthWithoutWhiteSpace(bArr);
        if (lengthWithoutWhiteSpace > 0) {
            pGPSignature.update(bArr, 0, lengthWithoutWhiteSpace);
        }
    }

    private static int readInputLine(ByteArrayOutputStream byteArrayOutputStream, int i2, InputStream inputStream) throws IOException {
        byteArrayOutputStream.reset();
        int i3 = i2;
        do {
            byteArrayOutputStream.write(i3);
            if (i3 == 13 || i3 == 10) {
                i2 = readPastEOL(byteArrayOutputStream, i3, inputStream);
                break;
            }
            i3 = inputStream.read();
        } while (i3 >= 0);
        if (i3 < 0) {
            return -1;
        }
        return i2;
    }

    private static int readInputLine(ByteArrayOutputStream byteArrayOutputStream, InputStream inputStream) throws IOException {
        int read;
        byteArrayOutputStream.reset();
        do {
            read = inputStream.read();
            if (read < 0) {
                return -1;
            }
            byteArrayOutputStream.write(read);
            if (read == 13) {
                break;
            }
        } while (read != 10);
        return readPastEOL(byteArrayOutputStream, read, inputStream);
    }

    private static int readPastEOL(ByteArrayOutputStream byteArrayOutputStream, int i2, InputStream inputStream) throws IOException {
        int read = inputStream.read();
        if (i2 != 13 || read != 10) {
            return read;
        }
        byteArrayOutputStream.write(read);
        return inputStream.read();
    }

    public OpenPgpSignatureResult getSignatureResult() {
        return this.signatureResultBuilder.build();
    }

    public byte[] getSigningFingerprint() {
        return this.signingKey.getFingerprint();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean initializeOnePassSignature(Object obj, OperationResult.OperationLog operationLog, int i2) throws PGPException {
        if (!(obj instanceof PGPOnePassSignatureList)) {
            return false;
        }
        operationLog.add(OperationResult.LogType.MSG_DC_CLEAR_SIGNATURE, i2 + 1);
        PGPOnePassSignatureList pGPOnePassSignatureList = (PGPOnePassSignatureList) obj;
        findAvailableSignature(pGPOnePassSignatureList);
        CanonicalizedPublicKey canonicalizedPublicKey = this.signingKey;
        if (canonicalizedPublicKey != null) {
            this.signatureResultBuilder.initValid(canonicalizedPublicKey);
            this.onePassSignature.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), this.signingKey.getPublicKey());
            checkKeySecurity(operationLog, i2);
        } else if (!pGPOnePassSignatureList.isEmpty()) {
            this.signatureResultBuilder.setSignatureAvailable(true);
            this.signatureResultBuilder.setKnownKey(false);
            this.signatureResultBuilder.setKeyId(pGPOnePassSignatureList.get(0).getKeyID());
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean initializeSignature(Object obj, OperationResult.OperationLog operationLog, int i2) throws PGPException {
        if (!(obj instanceof PGPSignatureList)) {
            return false;
        }
        PGPSignatureList pGPSignatureList = (PGPSignatureList) obj;
        findAvailableSignature(pGPSignatureList);
        CanonicalizedPublicKey canonicalizedPublicKey = this.signingKey;
        if (canonicalizedPublicKey != null) {
            this.signatureResultBuilder.initValid(canonicalizedPublicKey);
            this.signature.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), this.signingKey.getPublicKey());
            checkKeySecurity(operationLog, i2);
        } else if (!pGPSignatureList.isEmpty()) {
            this.signatureResultBuilder.setSignatureAvailable(true);
            this.signatureResultBuilder.setKnownKey(false);
            this.signatureResultBuilder.setKeyId(pGPSignatureList.get(0).getKeyID());
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isInitialized() {
        return this.signingKey != null;
    }

    public void updateSignatureData(byte[] bArr, int i2, int i3) {
        PGPSignature pGPSignature = this.signature;
        if (pGPSignature != null) {
            pGPSignature.update(bArr, i2, i3);
            return;
        }
        PGPOnePassSignature pGPOnePassSignature = this.onePassSignature;
        if (pGPOnePassSignature != null) {
            pGPOnePassSignature.update(bArr, i2, i3);
        }
    }

    public void updateSignatureWithCleartext(byte[] bArr) throws IOException, SignatureException {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(bArr));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int readInputLine = readInputLine(byteArrayOutputStream, bufferedInputStream);
        processLine(this.signature, byteArrayOutputStream.toByteArray());
        while (readInputLine != -1) {
            readInputLine = readInputLine(byteArrayOutputStream, readInputLine, bufferedInputStream);
            this.signature.update((byte) 13);
            this.signature.update((byte) 10);
            processLine(this.signature, byteArrayOutputStream.toByteArray());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifySignature(OperationResult.OperationLog operationLog, int i2) throws PGPException {
        operationLog.add(OperationResult.LogType.MSG_DC_CLEAR_SIGNATURE_CHECK, i2);
        boolean verify = this.signature.verify();
        if (verify) {
            operationLog.add(OperationResult.LogType.MSG_DC_CLEAR_SIGNATURE_OK, i2 + 1);
        } else {
            operationLog.add(OperationResult.LogType.MSG_DC_CLEAR_SIGNATURE_BAD, i2 + 1);
        }
        SecurityProblem.InsecureSigningAlgorithm checkSignatureAlgorithmForSecurityProblems = PgpSecurityConstants.checkSignatureAlgorithmForSecurityProblems(this.signature.getHashAlgorithm());
        if (checkSignatureAlgorithmForSecurityProblems != null) {
            operationLog.add(OperationResult.LogType.MSG_DC_INSECURE_HASH_ALGO, i2 + 1);
            this.securityProblemBuilder.addSignatureSecurityProblem(checkSignatureAlgorithmForSecurityProblems);
            this.signatureResultBuilder.setInsecure(true);
        }
        this.signatureResultBuilder.setSignatureTimestamp(this.signature.getCreationTime());
        this.signatureResultBuilder.setValidSignature(verify);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean verifySignatureOnePass(Object obj, OperationResult.OperationLog operationLog, int i2) throws PGPException {
        if (!(obj instanceof PGPSignatureList)) {
            operationLog.add(OperationResult.LogType.MSG_DC_ERROR_NO_SIGNATURE, i2);
            return false;
        }
        PGPSignatureList pGPSignatureList = (PGPSignatureList) obj;
        if (pGPSignatureList.size() <= this.signatureIndex) {
            operationLog.add(OperationResult.LogType.MSG_DC_ERROR_NO_SIGNATURE, i2);
            return false;
        }
        PGPSignature pGPSignature = pGPSignatureList.get((pGPSignatureList.size() - 1) - this.signatureIndex);
        boolean verify = this.onePassSignature.verify(pGPSignature);
        if (verify) {
            operationLog.add(OperationResult.LogType.MSG_DC_CLEAR_SIGNATURE_OK, i2 + 1);
        } else {
            operationLog.add(OperationResult.LogType.MSG_DC_CLEAR_SIGNATURE_BAD, i2 + 1);
        }
        SecurityProblem.InsecureSigningAlgorithm checkSignatureAlgorithmForSecurityProblems = PgpSecurityConstants.checkSignatureAlgorithmForSecurityProblems(this.onePassSignature.getHashAlgorithm());
        if (checkSignatureAlgorithmForSecurityProblems != null) {
            operationLog.add(OperationResult.LogType.MSG_DC_INSECURE_HASH_ALGO, i2 + 1);
            this.securityProblemBuilder.addSignatureSecurityProblem(checkSignatureAlgorithmForSecurityProblems);
            this.signatureResultBuilder.setInsecure(true);
        }
        this.signatureResultBuilder.setSignatureTimestamp(pGPSignature.getCreationTime());
        this.signatureResultBuilder.setValidSignature(verify);
        return true;
    }
}
