package org.sufficientlysecure.keychain.pgp;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SignatureException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Set;
import org.spongycastle.bcpg.ArmoredInputStream;
import org.spongycastle.openpgp.PGPCompressedData;
import org.spongycastle.openpgp.PGPEncryptedDataList;
import org.spongycastle.openpgp.PGPException;
import org.spongycastle.openpgp.PGPLiteralData;
import org.spongycastle.openpgp.PGPObjectFactory;
import org.spongycastle.openpgp.PGPOnePassSignature;
import org.spongycastle.openpgp.PGPOnePassSignatureList;
import org.spongycastle.openpgp.PGPPBEEncryptedData;
import org.spongycastle.openpgp.PGPPrivateKey;
import org.spongycastle.openpgp.PGPPublicKey;
import org.spongycastle.openpgp.PGPPublicKeyEncryptedData;
import org.spongycastle.openpgp.PGPPublicKeyRing;
import org.spongycastle.openpgp.PGPSecretKey;
import org.spongycastle.openpgp.PGPSecretKeyRing;
import org.spongycastle.openpgp.PGPSignature;
import org.spongycastle.openpgp.PGPSignatureList;
import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
import org.spongycastle.openpgp.PGPUtil;
import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import org.spongycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
import org.spongycastle.openpgp.operator.jcajce.JcePBEDataDecryptorFactoryBuilder;
import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.spongycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.util.InputData;
import org.sufficientlysecure.keychain.util.Log;

/* loaded from: classes.dex */
public class PgpDecryptVerify {
    private boolean mAllowSymmetricDecryption;
    private Set<Long> mAllowedKeyIds;
    private InputData mData;
    private OutputStream mOutStream;
    private String mPassphrase;
    private PassphraseCache mPassphraseCache;
    private Progressable mProgressable;
    private ProviderHelper mProviderHelper;

    /* loaded from: classes.dex */
    public static class Builder {
        private InputData mData;
        private OutputStream mOutStream;
        private PassphraseCache mPassphraseCache;
        private ProviderHelper mProviderHelper;
        private Progressable mProgressable = null;
        private boolean mAllowSymmetricDecryption = true;
        private String mPassphrase = null;
        private Set<Long> mAllowedKeyIds = null;

        public Builder(ProviderHelper providerHelper, PassphraseCache passphraseCache, InputData inputData, OutputStream outputStream) {
            this.mProviderHelper = providerHelper;
            this.mPassphraseCache = passphraseCache;
            this.mData = inputData;
            this.mOutStream = outputStream;
        }

        public PgpDecryptVerify build() {
            return new PgpDecryptVerify(this);
        }

        public Builder setAllowSymmetricDecryption(boolean z) {
            this.mAllowSymmetricDecryption = z;
            return this;
        }

        public Builder setAllowedKeyIds(Set<Long> set) {
            this.mAllowedKeyIds = set;
            return this;
        }

        public Builder setPassphrase(String str) {
            this.mPassphrase = str;
            return this;
        }

        public Builder setProgressable(Progressable progressable) {
            this.mProgressable = progressable;
            return this;
        }
    }

    /* loaded from: classes.dex */
    public static class IntegrityCheckFailedException extends Exception {
    }

    /* loaded from: classes.dex */
    public static class InvalidDataException extends Exception {
    }

    /* loaded from: classes.dex */
    public static class KeyExtractionException extends Exception {
    }

    /* loaded from: classes.dex */
    public static class NoSecretKeyException extends Exception {
    }

    /* loaded from: classes.dex */
    public interface PassphraseCache {
        String getCachedPassphrase(long j);
    }

    /* loaded from: classes.dex */
    public static class WrongPassphraseException extends Exception {
    }

    private PgpDecryptVerify(Builder builder) {
        this.mProviderHelper = builder.mProviderHelper;
        this.mPassphraseCache = builder.mPassphraseCache;
        this.mData = builder.mData;
        this.mOutStream = builder.mOutStream;
        this.mProgressable = builder.mProgressable;
        this.mAllowSymmetricDecryption = builder.mAllowSymmetricDecryption;
        this.mPassphrase = builder.mPassphrase;
        this.mAllowedKeyIds = builder.mAllowedKeyIds;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private PgpDecryptVerifyResult decryptVerify(InputStream inputStream) throws IOException, PGPException, SignatureException, WrongPassphraseException, KeyExtractionException, NoSecretKeyException, InvalidDataException, IntegrityCheckFailedException {
        InputStream dataStream;
        PGPPBEEncryptedData pGPPBEEncryptedData;
        int i;
        boolean z;
        PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData;
        long masterKeyId;
        PgpDecryptVerifyResult pgpDecryptVerifyResult = new PgpDecryptVerifyResult();
        PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(inputStream);
        Object nextObject = pGPObjectFactory.nextObject();
        updateProgress(R.string.progress_reading_data, 0, 100);
        PGPEncryptedDataList pGPEncryptedDataList = nextObject instanceof PGPEncryptedDataList ? (PGPEncryptedDataList) nextObject : (PGPEncryptedDataList) pGPObjectFactory.nextObject();
        if (pGPEncryptedDataList == null) {
            throw new InvalidDataException();
        }
        int i2 = 0 + 5;
        PGPPBEEncryptedData pGPPBEEncryptedData2 = null;
        PGPPBEEncryptedData pGPPBEEncryptedData3 = null;
        PGPSecretKey pGPSecretKey = null;
        Iterator encryptedDataObjects = pGPEncryptedDataList.getEncryptedDataObjects();
        boolean z2 = false;
        boolean z3 = false;
        while (true) {
            if (!encryptedDataObjects.hasNext()) {
                break;
            }
            Object next = encryptedDataObjects.next();
            if (next instanceof PGPPublicKeyEncryptedData) {
                updateProgress(R.string.progress_finding_key, i2, 100);
                pGPPublicKeyEncryptedData = (PGPPublicKeyEncryptedData) next;
                try {
                    masterKeyId = this.mProviderHelper.getMasterKeyId(KeychainContract.KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(Long.toString(pGPPublicKeyEncryptedData.getKeyID())));
                    PGPSecretKeyRing pGPSecretKeyRing = this.mProviderHelper.getPGPSecretKeyRing(masterKeyId);
                    if (pGPSecretKeyRing != null && (pGPSecretKey = pGPSecretKeyRing.getSecretKey(pGPPublicKeyEncryptedData.getKeyID())) != null) {
                        if (this.mAllowedKeyIds == null) {
                            break;
                        }
                        Log.d(Constants.TAG, "encData.getKeyID():" + pGPPublicKeyEncryptedData.getKeyID());
                        Log.d(Constants.TAG, "allowedKeyIds: " + this.mAllowedKeyIds);
                        Log.d(Constants.TAG, "masterKeyId: " + masterKeyId);
                        if (this.mAllowedKeyIds.contains(Long.valueOf(masterKeyId))) {
                            break;
                        }
                    }
                } catch (ProviderHelper.NotFoundException e) {
                }
            } else if (this.mAllowSymmetricDecryption && (next instanceof PGPPBEEncryptedData)) {
                z3 = true;
                pGPPBEEncryptedData3 = (PGPPBEEncryptedData) next;
                if (this.mPassphrase == null) {
                    pgpDecryptVerifyResult.setStatus(3);
                }
            }
        }
        z2 = true;
        pGPPBEEncryptedData2 = pGPPublicKeyEncryptedData;
        if (this.mPassphrase == null) {
            this.mPassphrase = this.mPassphraseCache.getCachedPassphrase(masterKeyId);
            if (this.mPassphrase == null) {
                pgpDecryptVerifyResult.setKeyIdPassphraseNeeded(masterKeyId);
                pgpDecryptVerifyResult.setStatus(2);
                return pgpDecryptVerifyResult;
            }
        }
        if (z3) {
            updateProgress(R.string.progress_preparing_streams, i2, 100);
            dataStream = pGPPBEEncryptedData3.getDataStream(new JcePBEDataDecryptorFactoryBuilder(new JcaPGPDigestCalculatorProviderBuilder().setProvider("SC").build()).setProvider("SC").build(this.mPassphrase.toCharArray()));
            pGPPBEEncryptedData = pGPPBEEncryptedData3;
            i = i2 + 5;
        } else {
            if (!z2) {
                throw new NoSecretKeyException();
            }
            int i3 = i2 + 5;
            updateProgress(R.string.progress_extracting_key, i3, 100);
            try {
                PGPPrivateKey extractPrivateKey = pGPSecretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider("SC").build(this.mPassphrase.toCharArray()));
                if (extractPrivateKey == null) {
                    throw new KeyExtractionException();
                }
                int i4 = i3 + 5;
                updateProgress(R.string.progress_preparing_streams, i4, 100);
                dataStream = pGPPBEEncryptedData2.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("SC").build(extractPrivateKey));
                pGPPBEEncryptedData = pGPPBEEncryptedData2;
                i = i4 + 5;
            } catch (PGPException e2) {
                throw new WrongPassphraseException();
            }
        }
        PGPObjectFactory pGPObjectFactory2 = new PGPObjectFactory(dataStream);
        Object nextObject2 = pGPObjectFactory2.nextObject();
        PGPOnePassSignature pGPOnePassSignature = null;
        OpenPgpSignatureResultBuilder openPgpSignatureResultBuilder = new OpenPgpSignatureResultBuilder();
        PGPPublicKey pGPPublicKey = null;
        int i5 = -1;
        if (nextObject2 instanceof PGPCompressedData) {
            updateProgress(R.string.progress_decompressing_data, i, 100);
            PGPObjectFactory pGPObjectFactory3 = new PGPObjectFactory(((PGPCompressedData) nextObject2).getDataStream());
            nextObject2 = pGPObjectFactory3.nextObject();
            pGPObjectFactory2 = pGPObjectFactory3;
            i += 10;
        }
        if (nextObject2 instanceof PGPOnePassSignatureList) {
            updateProgress(R.string.progress_processing_signature, i, 100);
            PGPOnePassSignatureList pGPOnePassSignatureList = (PGPOnePassSignatureList) nextObject2;
            Long l = null;
            String str = null;
            for (int i6 = 0; i6 < pGPOnePassSignatureList.size(); i6++) {
                try {
                    HashMap<String, Object> genericData = this.mProviderHelper.getGenericData(KeychainContract.KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(Long.toString(pGPOnePassSignatureList.get(i6).getKeyID())), new String[]{"master_key_id", "user_id"}, new int[]{2, 4});
                    l = (Long) genericData.get("master_key_id");
                    str = (String) genericData.get("user_id");
                    i5 = i6;
                } catch (ProviderHelper.NotFoundException e3) {
                    Log.d(Constants.TAG, "key not found!");
                }
            }
            if (l != null) {
                pGPOnePassSignature = pGPOnePassSignatureList.get(i5);
                PGPPublicKeyRing pGPPublicKeyRing = null;
                try {
                    pGPPublicKeyRing = this.mProviderHelper.getPGPPublicKeyRing(l.longValue());
                } catch (ProviderHelper.NotFoundException e4) {
                }
                pGPPublicKey = pGPPublicKeyRing.getPublicKey(pGPOnePassSignature.getKeyID());
                openPgpSignatureResultBuilder.signatureAvailable(true);
                openPgpSignatureResultBuilder.knownKey(true);
                openPgpSignatureResultBuilder.userId(str);
                openPgpSignatureResultBuilder.keyId(l.longValue());
                pGPOnePassSignature.init(new JcaPGPContentVerifierBuilderProvider().setProvider("SC"), pGPPublicKey);
                try {
                    z = ((Long) this.mProviderHelper.getGenericData(KeychainContract.KeyRings.buildUnifiedKeyRingUri(Long.toString(l.longValue())), "verified", 2)).longValue() > 0;
                } catch (ProviderHelper.NotFoundException e5) {
                    z = false;
                }
                openPgpSignatureResultBuilder.signatureKeyCertified(z);
            } else if (!pGPOnePassSignatureList.isEmpty()) {
                openPgpSignatureResultBuilder.signatureAvailable(true);
                openPgpSignatureResultBuilder.knownKey(false);
                openPgpSignatureResultBuilder.keyId(pGPOnePassSignatureList.get(0).getKeyID());
            }
            nextObject2 = pGPObjectFactory2.nextObject();
            i += 10;
        }
        if (nextObject2 instanceof PGPSignatureList) {
            nextObject2 = pGPObjectFactory2.nextObject();
        }
        if (nextObject2 instanceof PGPLiteralData) {
            updateProgress(R.string.progress_decrypting, i, 100);
            byte[] bArr = new byte[65536];
            InputStream inputStream2 = ((PGPLiteralData) nextObject2).getInputStream();
            int i7 = i;
            int i8 = 100;
            if (pGPOnePassSignature != null) {
                i8 = 90;
            } else if (pGPPBEEncryptedData.isIntegrityProtected()) {
                i8 = 95;
            }
            long streamPosition = this.mData.getStreamPosition();
            while (true) {
                int read = inputStream2.read(bArr);
                if (read <= 0) {
                    break;
                }
                this.mOutStream.write(bArr, 0, read);
                if (pGPOnePassSignature != null) {
                    try {
                        pGPOnePassSignature.update(bArr, 0, read);
                    } catch (SignatureException e6) {
                        Log.d(Constants.TAG, "SIGNATURE_ERROR");
                        openPgpSignatureResultBuilder.validSignature(false);
                        pGPOnePassSignature = null;
                    }
                }
                updateProgress(this.mData.getSize() - streamPosition == 0 ? i8 : (int) (i7 + (((i8 - i7) * (this.mData.getStreamPosition() - streamPosition)) / (this.mData.getSize() - streamPosition))), 100);
            }
            if (pGPOnePassSignature != null) {
                updateProgress(R.string.progress_verifying_signature, 90, 100);
                PGPSignature pGPSignature = ((PGPSignatureList) pGPObjectFactory2.nextObject()).get(i5);
                openPgpSignatureResultBuilder.signatureOnly(false);
                boolean verify = pGPOnePassSignature.verify(pGPSignature);
                boolean verifyKeyBinding = verifyKeyBinding(pGPSignature, pGPPublicKey);
                openPgpSignatureResultBuilder.validSignature(verify);
                openPgpSignatureResultBuilder.validKeyBinding(verifyKeyBinding);
            }
        }
        if (pGPPBEEncryptedData.isIntegrityProtected()) {
            updateProgress(R.string.progress_verifying_integrity, 95, 100);
            if (!pGPPBEEncryptedData.verify()) {
                Log.d(Constants.TAG, "Integrity verification: failed!");
                throw new IntegrityCheckFailedException();
            }
            Log.d(Constants.TAG, "Integrity verification: success!");
        } else {
            Log.e(Constants.TAG, "Encrypted data was not integrity protected!");
        }
        updateProgress(R.string.progress_done, 100, 100);
        pgpDecryptVerifyResult.setSignatureResult(openPgpSignatureResultBuilder.build());
        return pgpDecryptVerifyResult;
    }

    private static int getLengthWithoutSeparator(byte[] bArr) {
        int length = bArr.length - 1;
        while (length >= 0 && isLineEnding(bArr[length])) {
            length--;
        }
        return length + 1;
    }

    private static int getLengthWithoutWhiteSpace(byte[] bArr) {
        int length = bArr.length - 1;
        while (length >= 0 && isWhiteSpace(bArr[length])) {
            length--;
        }
        return length + 1;
    }

    private static byte[] getLineSeparator() {
        String property = System.getProperty("line.separator");
        byte[] bArr = new byte[property.length()];
        for (int i = 0; i != bArr.length; i++) {
            bArr[i] = (byte) property.charAt(i);
        }
        return bArr;
    }

    private static boolean isLineEnding(byte b) {
        return b == 13 || b == 10;
    }

    private static boolean isWhiteSpace(byte b) {
        return b == 13 || b == 10 || b == 9 || b == 32;
    }

    private static void processLine(PGPSignature pGPSignature, byte[] bArr) throws SignatureException {
        int lengthWithoutWhiteSpace = getLengthWithoutWhiteSpace(bArr);
        if (lengthWithoutWhiteSpace > 0) {
            pGPSignature.update(bArr, 0, lengthWithoutWhiteSpace);
        }
    }

    private static int readInputLine(ByteArrayOutputStream byteArrayOutputStream, int i, InputStream inputStream) throws IOException {
        byteArrayOutputStream.reset();
        int i2 = i;
        do {
            byteArrayOutputStream.write(i2);
            if (i2 == 13 || i2 == 10) {
                i = readPassedEOL(byteArrayOutputStream, i2, inputStream);
                break;
            }
            i2 = inputStream.read();
        } while (i2 >= 0);
        if (i2 < 0) {
            return -1;
        }
        return i;
    }

    private static int readInputLine(ByteArrayOutputStream byteArrayOutputStream, InputStream inputStream) throws IOException {
        int read;
        byteArrayOutputStream.reset();
        do {
            read = inputStream.read();
            if (read < 0) {
                return -1;
            }
            byteArrayOutputStream.write(read);
            if (read == 13) {
                break;
            }
        } while (read != 10);
        return readPassedEOL(byteArrayOutputStream, read, inputStream);
    }

    private static int readPassedEOL(ByteArrayOutputStream byteArrayOutputStream, int i, InputStream inputStream) throws IOException {
        int read = inputStream.read();
        if (i != 13 || read != 10) {
            return read;
        }
        byteArrayOutputStream.write(read);
        return inputStream.read();
    }

    /* JADX WARN: Code restructure failed: missing block: B:40:0x01f6, code lost:
    
        if (r14 != (-1)) goto L33;
     */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x01f8, code lost:
    
        r14 = readInputLine(r12, r14, r21);
        r23.update((byte) 13);
        r23.update((byte) 10);
        processLine(r23, r12.toByteArray());
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x021f, code lost:
    
        if (r14 != (-1)) goto L58;
     */
    /* JADX WARN: Code restructure failed: missing block: B:45:0x0221, code lost:
    
        r29 = r23.verify();
        r28 = verifyKeyBinding(r23, r25);
        r26.validSignature(r29);
        r26.validKeyBinding(r28);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyResult verifyCleartextSignature(org.spongycastle.bcpg.ArmoredInputStream r35) throws java.io.IOException, org.spongycastle.openpgp.PGPException, java.security.SignatureException, org.sufficientlysecure.keychain.pgp.PgpDecryptVerify.InvalidDataException {
        /*
            Method dump skipped, instructions count: 668
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.sufficientlysecure.keychain.pgp.PgpDecryptVerify.verifyCleartextSignature(org.spongycastle.bcpg.ArmoredInputStream):org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyResult");
    }

    private boolean verifyKeyBinding(PGPPublicKey pGPPublicKey, PGPPublicKey pGPPublicKey2) {
        boolean z = false;
        boolean z2 = false;
        JcaPGPContentVerifierBuilderProvider provider = new JcaPGPContentVerifierBuilderProvider().setProvider("SC");
        Iterator signatures = pGPPublicKey2.getSignatures();
        while (signatures.hasNext()) {
            PGPSignature pGPSignature = (PGPSignature) signatures.next();
            if (pGPSignature.getKeyID() == pGPPublicKey.getKeyID() && pGPSignature.getSignatureType() == 24) {
                try {
                    pGPSignature.init(provider, pGPPublicKey);
                    boolean verifyCertification = pGPSignature.verifyCertification(pGPPublicKey, pGPPublicKey2);
                    if (verifyCertification) {
                        z = true;
                    }
                    if (verifyCertification) {
                        z2 = verifyPrimaryKeyBinding(pGPSignature.getUnhashedSubPackets(), pGPPublicKey, pGPPublicKey2);
                        if (z2 || (z2 = verifyPrimaryKeyBinding(pGPSignature.getHashedSubPackets(), pGPPublicKey, pGPPublicKey2))) {
                            break;
                        }
                    } else {
                        continue;
                    }
                } catch (SignatureException e) {
                } catch (PGPException e2) {
                }
            }
        }
        return z & z2;
    }

    private boolean verifyKeyBinding(PGPSignature pGPSignature, PGPPublicKey pGPPublicKey) {
        PGPPublicKey pGPPublicKey2 = null;
        try {
            pGPPublicKey2 = this.mProviderHelper.getPGPPublicKeyRingWithKeyId(pGPSignature.getKeyID()).getPublicKey();
        } catch (ProviderHelper.NotFoundException e) {
            Log.d(Constants.TAG, "key not found");
        }
        if (pGPSignature.getKeyID() != pGPPublicKey2.getKeyID()) {
            return verifyKeyBinding(pGPPublicKey2, pGPPublicKey);
        }
        return true;
    }

    private boolean verifyPrimaryKeyBinding(PGPSignatureSubpacketVector pGPSignatureSubpacketVector, PGPPublicKey pGPPublicKey, PGPPublicKey pGPPublicKey2) {
        boolean z = false;
        JcaPGPContentVerifierBuilderProvider provider = new JcaPGPContentVerifierBuilderProvider().setProvider("SC");
        if (pGPSignatureSubpacketVector.hasSubpacket(32)) {
            try {
                PGPSignatureList embeddedSignatures = pGPSignatureSubpacketVector.getEmbeddedSignatures();
                for (int i = 0; i < embeddedSignatures.size(); i++) {
                    PGPSignature pGPSignature = embeddedSignatures.get(i);
                    if (pGPSignature.getSignatureType() == 25) {
                        try {
                            pGPSignature.init(provider, pGPPublicKey2);
                            z = pGPSignature.verifyCertification(pGPPublicKey, pGPPublicKey2);
                            if (z) {
                                break;
                            }
                        } catch (SignatureException e) {
                        } catch (PGPException e2) {
                        }
                    }
                }
            } catch (IOException e3) {
                return false;
            } catch (PGPException e4) {
                return false;
            }
        }
        return z;
    }

    public PgpDecryptVerifyResult execute() throws IOException, PGPException, SignatureException, WrongPassphraseException, NoSecretKeyException, KeyExtractionException, InvalidDataException, IntegrityCheckFailedException {
        InputStream decoderStream = PGPUtil.getDecoderStream(this.mData.getInputStream());
        if (decoderStream instanceof ArmoredInputStream) {
            ArmoredInputStream armoredInputStream = (ArmoredInputStream) decoderStream;
            Log.d(Constants.TAG, "ASCII Armor Header Line: " + armoredInputStream.getArmorHeaderLine());
            if (armoredInputStream.isClearText()) {
                return verifyCleartextSignature(armoredInputStream);
            }
        }
        return decryptVerify(decoderStream);
    }

    public void updateProgress(int i, int i2) {
        if (this.mProgressable != null) {
            this.mProgressable.setProgress(i, i2);
        }
    }

    public void updateProgress(int i, int i2, int i3) {
        if (this.mProgressable != null) {
            this.mProgressable.setProgress(i, i2, i3);
        }
    }
}
