package org.eclipse.equinox.internal.p2.artifact.processors.pgp;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.bouncycastle.bcpg.ArmoredInputStream;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.bc.BcPGPObjectFactory;
import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider;
import org.eclipse.core.runtime.NullProgressMonitor;
import org.eclipse.core.runtime.Status;
import org.eclipse.equinox.internal.p2.artifact.repository.Activator;
import org.eclipse.equinox.internal.p2.core.helpers.LogHelper;
import org.eclipse.equinox.internal.provisional.p2.artifact.repository.processing.ProcessingStep;
import org.eclipse.equinox.p2.core.IProvisioningAgent;
import org.eclipse.equinox.p2.repository.artifact.IArtifactDescriptor;
import org.eclipse.equinox.p2.repository.artifact.IArtifactRepository;
import org.eclipse.equinox.p2.repository.artifact.IProcessingStepDescriptor;
import org.eclipse.osgi.util.NLS;

/* loaded from: input_file:org/eclipse/equinox/internal/p2/artifact/processors/pgp/PGPSignatureVerifier.class */
public final class PGPSignatureVerifier extends ProcessingStep {
    public static final String ID = "org.eclipse.equinox.p2.processing.PGPSignatureCheck";
    private static Map<Long, PGPPublicKey> knownKeys = new HashMap();
    public static final String PGP_SIGNER_KEYS_PROPERTY_NAME = "pgp.publicKeys";
    public static final String PGP_SIGNATURES_PROPERTY_NAME = "pgp.signatures";
    private Collection<PGPSignature> signaturesToVerify;

    public PGPSignatureVerifier() {
        link(nullOutputStream(), new NullProgressMonitor());
    }

    private static Collection<PGPSignature> getSignatures(IArtifactDescriptor iArtifactDescriptor) throws IOException, PGPException {
        String unnormalizedPGPProperty = unnormalizedPGPProperty(iArtifactDescriptor.getProperty(PGP_SIGNATURES_PROPERTY_NAME));
        if (unnormalizedPGPProperty == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        Throwable th = null;
        try {
            ArmoredInputStream armoredInputStream = new ArmoredInputStream(new ByteArrayInputStream(unnormalizedPGPProperty.getBytes()));
            try {
                Object nextObject = new BcPGPObjectFactory(armoredInputStream).nextObject();
                PGPSignatureList pGPSignatureList = new PGPSignatureList(new PGPSignature[0]);
                if (nextObject instanceof PGPCompressedData) {
                    pGPSignatureList = (PGPSignatureList) new BcPGPObjectFactory(((PGPCompressedData) nextObject).getDataStream()).nextObject();
                } else if (nextObject instanceof PGPSignatureList) {
                    pGPSignatureList = (PGPSignatureList) nextObject;
                }
                Iterator it = pGPSignatureList.iterator();
                arrayList.getClass();
                it.forEachRemaining((v1) -> {
                    r1.add(v1);
                });
                if (armoredInputStream != null) {
                    armoredInputStream.close();
                }
                return arrayList;
            } catch (Throwable th2) {
                if (armoredInputStream != null) {
                    armoredInputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Override // org.eclipse.equinox.internal.provisional.p2.artifact.repository.processing.ProcessingStep
    public void initialize(IProvisioningAgent iProvisioningAgent, IProcessingStepDescriptor iProcessingStepDescriptor, IArtifactDescriptor iArtifactDescriptor) {
        super.initialize(iProvisioningAgent, iProcessingStepDescriptor, iArtifactDescriptor);
        if (unnormalizedPGPProperty(iArtifactDescriptor.getProperty(PGP_SIGNATURES_PROPERTY_NAME)) == null) {
            setStatus(Status.OK_STATUS);
            return;
        }
        try {
            this.signaturesToVerify = getSignatures(iArtifactDescriptor);
            if (this.signaturesToVerify.isEmpty()) {
                setStatus(Status.OK_STATUS);
                return;
            }
            IArtifactRepository repository = iArtifactDescriptor.getRepository();
            Map<Long, PGPPublicKey> map = knownKeys;
            String[] strArr = new String[2];
            strArr[0] = iArtifactDescriptor.getProperty(PGP_SIGNER_KEYS_PROPERTY_NAME);
            strArr[1] = repository != null ? repository.getProperty(PGP_SIGNER_KEYS_PROPERTY_NAME) : null;
            map.putAll(readPublicKeys(strArr));
            for (PGPSignature pGPSignature : this.signaturesToVerify) {
                PGPPublicKey pGPPublicKey = knownKeys.get(Long.valueOf(pGPSignature.getKeyID()));
                if (pGPPublicKey == null) {
                    setStatus(new Status(4, Activator.ID, NLS.bind(Messages.Error_publicKeyNotFound, Long.valueOf(pGPSignature.getKeyID()))));
                    return;
                }
                try {
                    pGPSignature.init(new BcPGPContentVerifierBuilderProvider(), pGPPublicKey);
                } catch (PGPException e) {
                    setStatus(new Status(4, Activator.ID, e.getMessage(), e));
                    return;
                }
            }
        } catch (Exception e2) {
            setStatus(new Status(4, Activator.ID, Messages.Error_CouldNotLoadSignature, e2));
        }
    }

    private static String unnormalizedPGPProperty(String str) {
        if (str == null) {
            return null;
        }
        return (str.contains("\n") || str.contains("\r")) ? str : str.replace(' ', '\n').replace("-----BEGIN\nPGP\nSIGNATURE-----", "-----BEGIN PGP SIGNATURE-----").replace("-----END\nPGP\nSIGNATURE-----", "-----END PGP SIGNATURE-----").replace("-----BEGIN\nPGP\nPUBLIC\nKEY\nBLOCK-----", "-----BEGIN PGP PUBLIC KEY BLOCK-----").replace("-----END\nPGP\nPUBLIC\nKEY\nBLOCK-----", "-----END PGP PUBLIC KEY BLOCK-----");
    }

    private static Map<Long, PGPPublicKey> readPublicKeys(String str) {
        InputStream decoderStream;
        if (str == null) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        Throwable th = null;
        try {
            try {
                decoderStream = PGPUtil.getDecoderStream(new ByteArrayInputStream(unnormalizedPGPProperty(str).getBytes()));
            } catch (Throwable th2) {
                if (0 == 0) {
                    th = th2;
                } else if (null != th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | PGPException e) {
            LogHelper.log(new Status(4, Activator.ID, e.getMessage(), e));
        }
        try {
            new BcPGPPublicKeyRingCollection(decoderStream).getKeyRings().forEachRemaining(pGPPublicKeyRing -> {
                pGPPublicKeyRing.getPublicKeys().forEachRemaining(pGPPublicKey -> {
                    hashMap.put(Long.valueOf(pGPPublicKey.getKeyID()), pGPPublicKey);
                });
            });
            if (decoderStream != null) {
                decoderStream.close();
            }
            return hashMap;
        } catch (Throwable th3) {
            if (decoderStream != null) {
                decoderStream.close();
            }
            throw th3;
        }
    }

    private Map<Long, PGPPublicKey> readPublicKeys(String... strArr) {
        HashMap hashMap = new HashMap();
        for (String str : strArr) {
            if (str != null) {
                hashMap.putAll(readPublicKeys(str));
            }
        }
        return hashMap;
    }

    @Override // org.eclipse.equinox.internal.provisional.p2.artifact.repository.processing.ProcessingStep, java.io.OutputStream
    public void write(int i) {
        if (this.signaturesToVerify != null) {
            this.signaturesToVerify.iterator().forEachRemaining(pGPSignature -> {
                pGPSignature.update((byte) i);
            });
        }
    }

    @Override // java.io.OutputStream
    public void write(byte[] bArr) throws IOException {
        getDestination().write(bArr);
        if (this.signaturesToVerify != null) {
            this.signaturesToVerify.iterator().forEachRemaining(pGPSignature -> {
                pGPSignature.update(bArr);
            });
        }
    }

    @Override // java.io.OutputStream
    public void write(byte[] bArr, int i, int i2) throws IOException {
        getDestination().write(bArr, i, i2);
        if (this.signaturesToVerify != null) {
            this.signaturesToVerify.iterator().forEachRemaining(pGPSignature -> {
                pGPSignature.update(bArr, i, i2);
            });
        }
    }

    @Override // org.eclipse.equinox.internal.provisional.p2.artifact.repository.processing.ProcessingStep, java.io.OutputStream, java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        if (!getStatus().isOK() || this.signaturesToVerify == null || this.signaturesToVerify.isEmpty()) {
            return;
        }
        Iterator<PGPSignature> it = this.signaturesToVerify.iterator();
        while (it.hasNext()) {
            try {
                if (!it.next().verify()) {
                    setStatus(new Status(4, Activator.ID, Messages.Error_SignatureAndFileDontMatch));
                    return;
                }
            } catch (PGPException e) {
                setStatus(new Status(4, Activator.ID, e.getMessage(), e));
                return;
            }
        }
        setStatus(Status.OK_STATUS);
    }

    public static Collection<PGPPublicKey> getSigners(IArtifactDescriptor iArtifactDescriptor) {
        try {
            Stream mapToObj = getSignatures(iArtifactDescriptor).stream().mapToLong((v0) -> {
                return v0.getKeyID();
            }).mapToObj(Long::valueOf);
            Map<Long, PGPPublicKey> map = knownKeys;
            map.getClass();
            return (Collection) mapToObj.map((v1) -> {
                return r1.get(v1);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toSet());
        } catch (IOException | PGPException e) {
            LogHelper.log(new Status(4, Activator.ID, e.getMessage(), e));
            return Collections.emptyList();
        }
    }

    public static void discardKnownKeys() {
        knownKeys.clear();
    }
}
