package com.unitedinternet.android.pgp.openpgp;

import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Comparator;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TimeZone;
import java.util.TreeSet;
import kotlin.UByte;
import org.bouncycastle.bcpg.sig.Exportable;
import org.bouncycastle.bcpg.sig.KeyFlags;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyRing;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import timber.log.Timber;

/* loaded from: classes3.dex */
public abstract class PGPKeyRingWrapper {
    private static final List<Integer> ALGORITHMS_FOR_SIGNING = Arrays.asList(1, 3, 17, 20, 19);
    private final PGPKeyRing rawKeyRing;

    /* JADX INFO: Access modifiers changed from: protected */
    public PGPKeyRingWrapper(PGPKeyRing pGPKeyRing) {
        this.rawKeyRing = pGPKeyRing;
    }

    private Set<byte[]> collectExistingCertificates(PGPKeyRing pGPKeyRing) throws IOException {
        Set<byte[]> createCertificatesSet = createCertificatesSet();
        Iterator<PGPPublicKey> publicKeys = pGPKeyRing.getPublicKeys();
        while (publicKeys.hasNext()) {
            Iterator signatures = publicKeys.next().getSignatures();
            while (signatures.hasNext()) {
                createCertificatesSet.add(((PGPSignature) signatures.next()).getEncoded());
            }
        }
        return createCertificatesSet;
    }

    private Set<byte[]> createCertificatesSet() {
        return new TreeSet(new Comparator() { // from class: com.unitedinternet.android.pgp.openpgp.PGPKeyRingWrapper$$ExternalSyntheticLambda0
            @Override // java.util.Comparator
            public final int compare(Object obj, Object obj2) {
                int lambda$createCertificatesSet$0;
                lambda$createCertificatesSet$0 = PGPKeyRingWrapper.lambda$createCertificatesSet$0((byte[]) obj, (byte[]) obj2);
                return lambda$createCertificatesSet$0;
            }
        });
    }

    private Iterator<PGPSignature> getKeySignatures(PGPPublicKey pGPPublicKey) throws IOException {
        ArrayList arrayList = new ArrayList();
        Set<byte[]> createCertificatesSet = createCertificatesSet();
        Iterator<byte[]> rawUserIDs = pGPPublicKey.getRawUserIDs();
        while (rawUserIDs.hasNext()) {
            Iterator<PGPSignature> signaturesForID = pGPPublicKey.getSignaturesForID(rawUserIDs.next());
            while (signaturesForID.hasNext()) {
                createCertificatesSet.add(signaturesForID.next().getEncoded());
            }
        }
        Iterator signatures = pGPPublicKey.getSignatures();
        while (signatures.hasNext()) {
            PGPSignature pGPSignature = (PGPSignature) signatures.next();
            if (!createCertificatesSet.contains(pGPSignature.getEncoded())) {
                arrayList.add(pGPSignature);
            }
        }
        return arrayList.iterator();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ int lambda$createCertificatesSet$0(byte[] bArr, byte[] bArr2) {
        int i;
        int i2;
        if (bArr.length == bArr2.length) {
            for (int i3 = 0; i3 < bArr.length; i3++) {
                byte b = bArr[i3];
                byte b2 = bArr2[i3];
                if (b != b2) {
                    i = b & UByte.MAX_VALUE;
                    i2 = b2 & UByte.MAX_VALUE;
                }
            }
            return 0;
        }
        i = bArr.length;
        i2 = bArr2.length;
        return i - i2;
    }

    private PGPPublicKey mergeAttributeCerts(PGPPublicKey pGPPublicKey, PGPPublicKey pGPPublicKey2, Set<byte[]> set, long j) throws IOException {
        Iterator<PGPUserAttributeSubpacketVector> userAttributes = pGPPublicKey2.getUserAttributes();
        while (userAttributes.hasNext()) {
            PGPUserAttributeSubpacketVector next = userAttributes.next();
            Iterator signaturesForUserAttribute = pGPPublicKey2.getSignaturesForUserAttribute(next);
            if (signaturesForUserAttribute != null) {
                while (signaturesForUserAttribute.hasNext()) {
                    PGPSignature pGPSignature = (PGPSignature) signaturesForUserAttribute.next();
                    if (shouldApplyCertificate(pGPSignature, set, j)) {
                        pGPPublicKey = PGPPublicKey.addCertification(pGPPublicKey, next, pGPSignature);
                    }
                }
            }
        }
        return pGPPublicKey;
    }

    private PGPPublicKey mergeKeyCertificates(PGPPublicKey pGPPublicKey, PGPPublicKey pGPPublicKey2, Set<byte[]> set, long j) throws IOException {
        Iterator<PGPSignature> keySignatures = getKeySignatures(pGPPublicKey2);
        while (keySignatures.hasNext()) {
            PGPSignature next = keySignatures.next();
            if (shouldApplyCertificate(next, set, j)) {
                pGPPublicKey = PGPPublicKey.addCertification(pGPPublicKey, next);
            }
        }
        return pGPPublicKey;
    }

    private PGPPublicKey mergeUserCertificates(PGPPublicKey pGPPublicKey, PGPPublicKey pGPPublicKey2, Set<byte[]> set, long j) throws IOException {
        Iterator<byte[]> rawUserIDs = pGPPublicKey2.getRawUserIDs();
        while (rawUserIDs.hasNext()) {
            byte[] next = rawUserIDs.next();
            Iterator<PGPSignature> signaturesForID = pGPPublicKey2.getSignaturesForID(next);
            if (signaturesForID != null) {
                while (signaturesForID.hasNext()) {
                    PGPSignature next2 = signaturesForID.next();
                    if (shouldApplyCertificate(next2, set, j)) {
                        pGPPublicKey = PGPPublicKey.addCertification(pGPPublicKey, next, next2);
                    }
                }
            }
        }
        return pGPPublicKey;
    }

    private static PGPKeyRing replacePublicKey(PGPKeyRing pGPKeyRing, PGPPublicKey pGPPublicKey) {
        if (pGPKeyRing instanceof PGPPublicKeyRing) {
            return PGPPublicKeyRing.insertPublicKey((PGPPublicKeyRing) pGPKeyRing, pGPPublicKey);
        }
        PGPSecretKeyRing pGPSecretKeyRing = (PGPSecretKeyRing) pGPKeyRing;
        PGPSecretKey secretKey = pGPSecretKeyRing.getSecretKey(pGPPublicKey.getKeyID());
        return secretKey == null ? pGPKeyRing : PGPSecretKeyRing.insertSecretKey(pGPSecretKeyRing, PGPSecretKey.replacePublicKey(secretKey, pGPPublicKey));
    }

    private boolean shouldApplyCertificate(PGPSignature pGPSignature, Set<byte[]> set, long j) throws IOException {
        if (pGPSignature.getKeyID() != j && isSecret()) {
            return false;
        }
        byte[] encoded = pGPSignature.getEncoded();
        if (set.contains(encoded)) {
            return false;
        }
        set.add(encoded);
        return true;
    }

    private boolean verifyCertificateForUser(String str, PGPPublicKey pGPPublicKey) {
        PGPSignature pGPSignature;
        PGPSignature pGPSignature2;
        Iterator<PGPSignature> signaturesForID = pGPPublicKey.getSignaturesForID(str);
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
        calendar.add(6, 1);
        Date time = calendar.getTime();
        long keyID = pGPPublicKey.getKeyID();
        if (signaturesForID != null) {
            PGPSignature pGPSignature3 = null;
            PGPSignature pGPSignature4 = null;
            while (signaturesForID.hasNext()) {
                PGPSignature next = signaturesForID.next();
                long keyID2 = next.getKeyID();
                int signatureType = next.getSignatureType();
                if ((signatureType == 16 || signatureType == 17 || signatureType == 18 || signatureType == 19 || signatureType == 48) && !next.getCreationTime().after(time) && ((next.getHashedSubPackets() == null || !next.getHashedSubPackets().hasSubpacket(4) || ((Exportable) next.getHashedSubPackets().getSubpacket(4)).isExportable()) && keyID2 == keyID)) {
                    try {
                        next.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), pGPPublicKey);
                        if (next.verifyCertification(str, pGPPublicKey)) {
                            if (signatureType != 48) {
                                switch (signatureType) {
                                    case 16:
                                    case 17:
                                    case 18:
                                    case 19:
                                        if (pGPSignature3 == null || pGPSignature3.getCreationTime().before(next.getCreationTime())) {
                                            pGPSignature3 = next;
                                        }
                                        if (pGPSignature4 != null && pGPSignature4.getCreationTime().before(pGPSignature3.getCreationTime())) {
                                            pGPSignature4 = null;
                                            break;
                                        }
                                        break;
                                }
                            } else if ((pGPSignature3 == null || !pGPSignature3.getCreationTime().after(next.getCreationTime())) && (pGPSignature4 == null || pGPSignature4.getCreationTime().before(next.getCreationTime()))) {
                                pGPSignature4 = next;
                            }
                        }
                    } catch (PGPException e) {
                        Timber.w(e, "unable to verify user signature", new Object[0]);
                    }
                }
            }
            pGPSignature = pGPSignature3;
            pGPSignature2 = pGPSignature4;
        } else {
            pGPSignature = null;
            pGPSignature2 = null;
        }
        return pGPSignature != null && pGPSignature2 == null;
    }

    public static PGPKeyRingWrapper wrap(PGPKeyRing pGPKeyRing) {
        if (pGPKeyRing instanceof PGPSecretKeyRing) {
            return new PGPSecretKeyRingWrapper((PGPSecretKeyRing) pGPKeyRing);
        }
        if (pGPKeyRing instanceof PGPPublicKeyRing) {
            return new PGPPublicKeyRingWrapper((PGPPublicKeyRing) pGPKeyRing);
        }
        throw new UnsupportedOperationException("Couldn't wrap key of type " + pGPKeyRing.getClass().getName());
    }

    public void encode(OutputStream outputStream) throws IOException {
        this.rawKeyRing.encode(outputStream);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PGPPublicKeyWrapper fillUserIdsAndGetMasterKey(PGPKeyRing pGPKeyRing, List<String> list) {
        Iterator<PGPPublicKey> publicKeys = pGPKeyRing.getPublicKeys();
        while (publicKeys.hasNext()) {
            PGPPublicKey next = publicKeys.next();
            if (next.isMasterKey()) {
                list.clear();
                Iterator<String> userIDs = next.getUserIDs();
                while (userIDs.hasNext()) {
                    String next2 = userIDs.next();
                    if (verifyCertificateForUser(next2, next)) {
                        list.add(next2);
                    }
                }
                return PGPPublicKeyWrapper.wrapPGPMasterKey(next);
            }
        }
        throw new IllegalStateException("No master key found in key ring. This should never happened");
    }

    public PGPKeyWrapper getKeyWrapperById(long j) {
        for (PGPKeyWrapper pGPKeyWrapper : getKeys()) {
            if (pGPKeyWrapper.getKeyId() == j) {
                return pGPKeyWrapper;
            }
        }
        return null;
    }

    public abstract List<PGPKeyWrapper> getKeys();

    public PGPKeyWrapper getMasterKey() {
        for (PGPKeyWrapper pGPKeyWrapper : getKeys()) {
            if (pGPKeyWrapper.isMasterKey()) {
                return pGPKeyWrapper;
            }
        }
        throw new IllegalStateException("No master key found in key ring. This should never happened");
    }

    public String getType() {
        Iterator<PGPKeyWrapper> it = getKeys().iterator();
        while (it.hasNext()) {
            if (PGPMetaKeyWrapper.KEY_TYPE_PRIVATE.equals(it.next().getType())) {
                return PGPMetaKeyWrapper.KEY_TYPE_PRIVATE;
            }
        }
        return PGPMetaKeyWrapper.KEY_TYPE_PUBLIC;
    }

    public abstract List<String> getUserIds();

    boolean hasMasterKey() {
        Iterator<PGPKeyWrapper> it = getKeys().iterator();
        while (it.hasNext()) {
            if (it.next().isMasterKey()) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isKeyValid(PGPPublicKey pGPPublicKey, PGPKeyWrapper pGPKeyWrapper) {
        boolean z;
        int i = 4;
        if (pGPPublicKey.getVersion() < 4) {
            return false;
        }
        boolean z2 = true;
        if (pGPPublicKey.isMasterKey()) {
            return true;
        }
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
        calendar.add(6, 1);
        Date time = calendar.getTime();
        Iterator signatures = pGPPublicKey.getSignatures();
        Date creationTime = pGPPublicKey.getCreationTime();
        PGPSignature pGPSignature = null;
        PGPSignature pGPSignature2 = null;
        while (signatures.hasNext()) {
            PGPSignature pGPSignature3 = (PGPSignature) signatures.next();
            int signatureType = pGPSignature3.getSignatureType();
            if (pGPSignature3.getKeyID() == pGPKeyWrapper.getKeyId() && ((signatureType == 24 || signatureType == 40) && !pGPSignature3.getCreationTime().after(time) && !pGPSignature3.getCreationTime().before(creationTime) && (pGPSignature3.getHashedSubPackets() == null || !pGPSignature3.getHashedSubPackets().hasSubpacket(i) || ((Exportable) pGPSignature3.getHashedSubPackets().getSubpacket(i)).isExportable()))) {
                if (signatureType == 24) {
                    try {
                        pGPSignature3.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), pGPKeyWrapper.getPublicKey());
                        if (pGPSignature3.verifyCertification(pGPKeyWrapper.getPublicKey(), pGPPublicKey)) {
                            if ((ALGORITHMS_FOR_SIGNING.contains(Integer.valueOf(pGPPublicKey.getAlgorithm())) && (pGPSignature3.getHashedSubPackets() == null || !pGPSignature3.getHashedSubPackets().hasSubpacket(27) || (((KeyFlags) pGPSignature3.getHashedSubPackets().getSubpacket(27)).getFlags() & 2) == 2)) ? z2 : false) {
                                if (pGPSignature3.getUnhashedSubPackets() != null) {
                                    try {
                                        PGPSignatureList embeddedSignatures = pGPSignature3.getUnhashedSubPackets().getEmbeddedSignatures();
                                        z = false;
                                        for (int i2 = 0; i2 < embeddedSignatures.size(); i2++) {
                                            PGPSignature pGPSignature4 = embeddedSignatures.get(i2);
                                            if (pGPSignature4.getSignatureType() == 25) {
                                                pGPSignature4.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), pGPPublicKey);
                                                if (!pGPSignature4.verifyCertification(pGPKeyWrapper.getPublicKey(), pGPPublicKey)) {
                                                    break;
                                                }
                                                z = true;
                                            }
                                        }
                                    } catch (Exception e) {
                                        Timber.w(e, "unable to check embedded signature", new Object[0]);
                                    }
                                } else {
                                    z = false;
                                }
                                if (!z) {
                                }
                            }
                            if (pGPSignature == null || !pGPSignature3.getCreationTime().before(pGPSignature.getCreationTime())) {
                                if (pGPSignature2 != null && pGPSignature3.getCreationTime().after(pGPSignature2.getCreationTime())) {
                                    pGPSignature2 = null;
                                }
                                pGPSignature = pGPSignature3;
                            }
                        }
                    } catch (PGPException e2) {
                        Timber.w(e2, "error during subkey binding: bad certificate", new Object[0]);
                    }
                } else {
                    try {
                        pGPSignature3.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), pGPKeyWrapper.getPublicKey());
                        if (pGPSignature3.verifyCertification(pGPKeyWrapper.getPublicKey(), pGPPublicKey) && (pGPSignature == null || !pGPSignature.getCreationTime().after(pGPSignature3.getCreationTime()))) {
                            pGPSignature2 = pGPSignature3;
                        }
                    } catch (PGPException e3) {
                        Timber.w(e3, "unable to initialize signature", new Object[0]);
                    }
                }
            }
            i = 4;
            z2 = true;
        }
        return pGPSignature != null;
    }

    public abstract boolean isSecret();

    public boolean isValid() {
        return (getKeys().isEmpty() || !hasMasterKey() || getUserIds().isEmpty()) ? false : true;
    }

    public PGPKeyRingWrapper mergeWith(PGPKeyRingWrapper pGPKeyRingWrapper) {
        if (pGPKeyRingWrapper != null && getMasterKey().getKeyId() == pGPKeyRingWrapper.getMasterKey().getKeyId() && getMasterKey().getFingerprintEncoded().equals(pGPKeyRingWrapper.getMasterKey().getFingerprintEncoded())) {
            try {
                PGPKeyRing pGPKeyRing = isSecret() ? this.rawKeyRing : pGPKeyRingWrapper.rawKeyRing;
                PGPKeyRing pGPKeyRing2 = this.rawKeyRing;
                if (pGPKeyRing == pGPKeyRing2) {
                    pGPKeyRing2 = pGPKeyRingWrapper.rawKeyRing;
                }
                long keyId = getMasterKey().getKeyId();
                Set<byte[]> collectExistingCertificates = collectExistingCertificates(pGPKeyRing);
                Iterator<PGPPublicKey> publicKeys = pGPKeyRing2.getPublicKeys();
                while (publicKeys.hasNext()) {
                    PGPPublicKey next = publicKeys.next();
                    PGPPublicKey publicKey = pGPKeyRing.getPublicKey(next.getKeyID());
                    if (publicKey == null) {
                        pGPKeyRing = (isSecret() && pGPKeyRingWrapper.isSecret()) ? PGPSecretKeyRing.insertSecretKey((PGPSecretKeyRing) pGPKeyRing, ((PGPSecretKeyRing) pGPKeyRing2).getSecretKey(next.getKeyID())) : replacePublicKey(pGPKeyRing, next);
                    } else {
                        PGPPublicKey mergeKeyCertificates = mergeKeyCertificates(publicKey, next, collectExistingCertificates, keyId);
                        if (next.isMasterKey()) {
                            PGPPublicKey mergeAttributeCerts = mergeAttributeCerts(mergeUserCertificates(mergeKeyCertificates, next, collectExistingCertificates, keyId), next, collectExistingCertificates, keyId);
                            if (mergeAttributeCerts != publicKey) {
                                pGPKeyRing = replacePublicKey(pGPKeyRing, mergeAttributeCerts);
                            }
                        } else if (mergeKeyCertificates != publicKey) {
                            pGPKeyRing = replacePublicKey(pGPKeyRing, mergeKeyCertificates);
                        }
                    }
                }
                return wrap(pGPKeyRing);
            } catch (IOException e) {
                Timber.w(e, "couldn't merge keys, return original one", new Object[0]);
            }
        }
        return this;
    }
}
