package name.neuhalfen.projects.crypto.bouncycastle.openpgp.encrypting;

import java.io.IOException;
import java.io.OutputStream;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Date;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import name.neuhalfen.projects.crypto.bouncycastle.openpgp.algorithms.PGPAlgorithmSuite;
import name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.PGPUtilities;
import name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.callbacks.KeySelectionStrategy;
import name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.keyrings.KeyringConfig;
import name.neuhalfen.projects.crypto.internal.Preconditions;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:adapterframework.war:WEB-INF/lib/bouncy-gpg-2.2.0.jar:name/neuhalfen/projects/crypto/bouncycastle/openpgp/encrypting/PGPEncryptingStream.class */
public final class PGPEncryptingStream extends OutputStream {
    private static final Logger LOGGER = LoggerFactory.getLogger(PGPEncryptingStream.class);
    private final KeyringConfig config;
    private final PGPAlgorithmSuite algorithmSuite;
    private boolean isDoSign;
    private OutputStream encryptionDataStream;
    private PGPSignatureGenerator signatureGenerator;

    @Nullable
    private ArmoredOutputStream armoredOutputStream;
    private OutputStream outerEncryptionStream;
    private BCPGOutputStream compressionStream;
    private PGPLiteralDataGenerator encryptionDataStreamGenerator;
    private PGPCompressedDataGenerator compressionStreamGenerator;
    private boolean isClosed = false;

    private PGPEncryptingStream(KeyringConfig keyringConfig, PGPAlgorithmSuite pGPAlgorithmSuite) {
        this.config = keyringConfig;
        this.algorithmSuite = pGPAlgorithmSuite;
    }

    public static OutputStream create(KeyringConfig keyringConfig, PGPAlgorithmSuite pGPAlgorithmSuite, @Nullable String str, OutputStream outputStream, KeySelectionStrategy keySelectionStrategy, boolean z, Set<PGPPublicKey> set) throws IOException, PGPException, NoSuchAlgorithmException, NoSuchProviderException {
        Objects.requireNonNull(keyringConfig, "callback must not be null");
        Objects.requireNonNull(outputStream, "cipherTextSink must not be null");
        Objects.requireNonNull(set, "pubEncKeys must not be null");
        Preconditions.checkArgument(!set.isEmpty(), "pubEncKeys must not be empty");
        for (PGPPublicKey pGPPublicKey : set) {
            if (!pGPPublicKey.isEncryptionKey()) {
                throw new PGPException(String.format("This public key (0x%x) is not suitable for encryption", Long.valueOf(pGPPublicKey.getKeyID())));
            }
        }
        PGPEncryptingStream pGPEncryptingStream = new PGPEncryptingStream(keyringConfig, pGPAlgorithmSuite);
        pGPEncryptingStream.setup(outputStream, str, set, keySelectionStrategy, z);
        return pGPEncryptingStream;
    }

    private void setup(OutputStream outputStream, @Nullable String str, Set<PGPPublicKey> set, KeySelectionStrategy keySelectionStrategy, boolean z) throws IOException, PGPException {
        OutputStream outputStream2;
        this.isDoSign = str != null;
        if (z) {
            this.armoredOutputStream = new ArmoredOutputStream(outputStream);
            outputStream2 = this.armoredOutputStream;
        } else {
            outputStream2 = outputStream;
        }
        BcPGPDataEncryptorBuilder bcPGPDataEncryptorBuilder = new BcPGPDataEncryptorBuilder(this.algorithmSuite.getSymmetricEncryptionAlgorithmCode().getAlgorithmId());
        bcPGPDataEncryptorBuilder.setWithIntegrityPacket(true);
        PGPEncryptedDataGenerator pGPEncryptedDataGenerator = new PGPEncryptedDataGenerator(bcPGPDataEncryptorBuilder);
        Iterator<PGPPublicKey> it = set.iterator();
        while (it.hasNext()) {
            pGPEncryptedDataGenerator.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(it.next()));
        }
        this.outerEncryptionStream = pGPEncryptedDataGenerator.open(outputStream2, new byte[4096]);
        if (this.isDoSign) {
            PGPPublicKey selectPublicKey = keySelectionStrategy.selectPublicKey(KeySelectionStrategy.PURPOSE.FOR_SIGNING, str, this.config);
            if (selectPublicKey == null) {
                throw new PGPException("No suitable public key found for signing with uid: '" + str + "'");
            }
            LOGGER.trace("Signing for uid '{}' with key 0x{}.", str, Long.toHexString(selectPublicKey.getKeyID()));
            PGPSecretKey secretKey = this.config.getSecretKeyRings().getSecretKey(selectPublicKey.getKeyID());
            if (secretKey == null) {
                throw new PGPException("No suitable private key found for signing with uid: '" + str + "' (although found pubkey: " + selectPublicKey.getKeyID() + ")");
            }
            PGPPrivateKey extractPrivateKey = PGPUtilities.extractPrivateKey(secretKey, this.config.decryptionSecretKeyPassphraseForSecretKeyId(secretKey.getKeyID()));
            this.signatureGenerator = new PGPSignatureGenerator(new BcPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), this.algorithmSuite.getHashAlgorithmCode().getAlgorithmId()));
            this.signatureGenerator.init(0, extractPrivateKey);
            Iterator<String> userIDs = secretKey.getPublicKey().getUserIDs();
            if (userIDs.hasNext()) {
                PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator = new PGPSignatureSubpacketGenerator();
                pGPSignatureSubpacketGenerator.setSignerUserID(false, userIDs.next());
                this.signatureGenerator.setHashedSubpackets(pGPSignatureSubpacketGenerator.generate());
            }
        }
        this.compressionStreamGenerator = new PGPCompressedDataGenerator(this.algorithmSuite.getCompressionEncryptionAlgorithmCode().getAlgorithmId());
        this.compressionStream = new BCPGOutputStream(this.compressionStreamGenerator.open(this.outerEncryptionStream));
        if (this.isDoSign) {
            this.signatureGenerator.generateOnePassVersion(false).encode(this.compressionStream);
        }
        this.encryptionDataStreamGenerator = new PGPLiteralDataGenerator();
        this.encryptionDataStream = this.encryptionDataStreamGenerator.open((OutputStream) this.compressionStream, 'b', "", new Date(), new byte[65536]);
    }

    @Override // java.io.OutputStream
    public void write(int i) throws IOException {
        this.encryptionDataStream.write(i);
        if (this.isDoSign) {
            this.signatureGenerator.update((byte) (i & 255));
        }
    }

    @Override // java.io.OutputStream
    public void write(@Nonnull byte[] bArr) throws IOException {
        write(bArr, 0, bArr.length);
    }

    @Override // java.io.OutputStream
    public void write(@Nonnull byte[] bArr, int i, int i2) throws IOException {
        this.encryptionDataStream.write(bArr, 0, i2);
        if (this.isDoSign) {
            this.signatureGenerator.update(bArr, 0, i2);
        }
    }

    @Override // java.io.OutputStream, java.io.Flushable
    public void flush() throws IOException {
        this.encryptionDataStream.flush();
    }

    @Override // java.io.OutputStream, java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.isClosed) {
            return;
        }
        this.encryptionDataStream.flush();
        this.encryptionDataStream.close();
        this.encryptionDataStreamGenerator.close();
        if (this.isDoSign) {
            try {
                this.signatureGenerator.generate().encode(this.compressionStream);
            } catch (PGPException e) {
                throw new IOException(e);
            }
        }
        this.compressionStreamGenerator.close();
        this.outerEncryptionStream.flush();
        this.outerEncryptionStream.close();
        if (this.armoredOutputStream != null) {
            this.armoredOutputStream.flush();
            this.armoredOutputStream.close();
        }
        this.isClosed = true;
    }
}
