package org.fao.fi.security.common.utilities.pgp;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.NoSuchProviderException;
import java.util.Iterator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.fao.fi.security.common.encryption.pgp.exceptions.KeyringAccessException;
import org.fao.fi.security.common.encryption.pgp.exceptions.KeyringException;
import org.fao.fi.security.common.utilities.FileUtils;

/* loaded from: input_file:org/fao/fi/security/common/utilities/pgp/PGPDecryptor.class */
public class PGPDecryptor extends AbstractPGPProcessor {
    public byte[] decryptBytes(byte[] bArr, File file, String str) throws IOException, KeyringException, PGPException, NoSuchProviderException {
        return decryptBytes(bArr, new FileInputStream(file), str);
    }

    public byte[] decryptBytes(byte[] bArr, InputStream inputStream, String str) throws IOException, KeyringException, PGPException, NoSuchProviderException {
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr);
            byteArrayInputStream = byteArrayInputStream2;
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            doDecryptStream(byteArrayInputStream2, byteArrayOutputStream, inputStream, str.toCharArray());
            byteArrayOutputStream.flush();
            byteArrayOutputStream.close();
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayInputStream.close();
            return byteArray;
        } catch (Throwable th) {
            byteArrayInputStream.close();
            throw th;
        }
    }

    public void decryptStream(InputStream inputStream, OutputStream outputStream, File file, char[] cArr) throws IOException, KeyringException, PGPException, NoSuchProviderException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            decryptStream(inputStream, outputStream, fileInputStream, cArr);
        } finally {
            fileInputStream.close();
        }
    }

    public void decryptStream(InputStream inputStream, OutputStream outputStream, InputStream inputStream2, char[] cArr) throws IOException, KeyringException, PGPException, NoSuchProviderException {
        doDecryptStream(inputStream, outputStream, inputStream2, cArr);
    }

    private long doDecryptStream(InputStream inputStream, OutputStream outputStream, InputStream inputStream2, char[] cArr) throws IOException, KeyringException, PGPException, NoSuchProviderException {
        try {
            Object obj = null;
            try {
                obj = new PGPObjectFactory(getPlainStream(inputStream, inputStream2, cArr)).nextObject();
            } catch (IOException e) {
                if (e.getMessage().contains("unknown object")) {
                    throw new PGPException("Unable to decrypt stream: " + e.getClass().getSimpleName() + " [ " + e.getMessage() + " ]");
                }
            }
            if (obj instanceof PGPCompressedData) {
                obj = new PGPObjectFactory(((PGPCompressedData) obj).getDataStream()).nextObject();
            }
            if (obj instanceof PGPLiteralData) {
                return FileUtils.pipeStreams(((PGPLiteralData) obj).getInputStream(), outputStream);
            }
            if (obj instanceof PGPOnePassSignatureList) {
                throw new PGPException("Encrypted message contains a signed message - not literal data");
            }
            throw new PGPException("Message is not a simple encrypted file - type unknown");
        } catch (PGPException e2) {
            this._log.error("{}", (e2.getUnderlyingException() != null ? e2.getUnderlyingException() : e2).getMessage(), e2);
            throw e2;
        }
    }

    private InputStream getPlainStream(InputStream inputStream, InputStream inputStream2, char[] cArr) throws IOException, KeyringException, PGPException, NoSuchProviderException {
        PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(inputStream);
        try {
            Object nextObject = pGPObjectFactory.nextObject();
            if (nextObject == null) {
                throw new PGPException("Unable to decrypt stream: NULL object returned by object factory");
            }
            Iterator encryptedDataObjects = (nextObject instanceof PGPEncryptedDataList ? (PGPEncryptedDataList) nextObject : (PGPEncryptedDataList) pGPObjectFactory.nextObject()).getEncryptedDataObjects();
            PGPPrivateKey pGPPrivateKey = null;
            PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData = null;
            while (pGPPrivateKey == null && encryptedDataObjects.hasNext()) {
                pGPPublicKeyEncryptedData = (PGPPublicKeyEncryptedData) encryptedDataObjects.next();
                this._log.debug(" * Public key encrypted data key id: {}", Long.valueOf(pGPPublicKeyEncryptedData.getKeyID()));
                pGPPrivateKey = extractPrivateKey(inputStream2, pGPPublicKeyEncryptedData.getKeyID(), cArr);
            }
            if (pGPPrivateKey == null) {
                throw new KeyringAccessException("Unable to extract private key for message");
            }
            if (!pGPPublicKeyEncryptedData.isIntegrityProtected()) {
                this._log.debug("[!!] No message integrity check");
            } else if (pGPPublicKeyEncryptedData.verify()) {
                this._log.debug("[OK]  message integrity check passed");
            } else {
                this._log.error("[KO] Message failed integrity check");
            }
            BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
            return pGPPublicKeyEncryptedData.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider(bouncyCastleProvider).setContentProvider(bouncyCastleProvider).build(pGPPrivateKey));
        } catch (IOException e) {
            if (e.getMessage().contains("unknown object")) {
                throw new PGPException("Unable to decrypt stream: " + e.getClass().getSimpleName() + " [ " + e.getMessage() + " ]");
            }
            throw e;
        }
    }

    private PGPPrivateKey extractPrivateKey(InputStream inputStream, long j, char[] cArr) throws IOException, PGPException, NoSuchProviderException {
        PGPSecretKey secretKey = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(inputStream)).getSecretKey(j);
        if (secretKey == null) {
            return null;
        }
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        return secretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder(new JcaPGPDigestCalculatorProviderBuilder().setProvider(bouncyCastleProvider).build()).setProvider(bouncyCastleProvider).build(cArr));
    }
}
