package com.unitedinternet.android.pgp.openpgp;

import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Comparator;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TimeZone;
import java.util.TreeSet;
import org.spongycastle.bcpg.sig.Exportable;
import org.spongycastle.bcpg.sig.KeyFlags;
import org.spongycastle.openpgp.PGPException;
import org.spongycastle.openpgp.PGPKeyRing;
import org.spongycastle.openpgp.PGPPublicKey;
import org.spongycastle.openpgp.PGPPublicKeyRing;
import org.spongycastle.openpgp.PGPSecretKey;
import org.spongycastle.openpgp.PGPSecretKeyRing;
import org.spongycastle.openpgp.PGPSignature;
import org.spongycastle.openpgp.PGPSignatureList;
import org.spongycastle.openpgp.PGPUserAttributeSubpacketVector;
import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import timber.log.Timber;

/* loaded from: classes2.dex */
public abstract class PGPKeyRingWrapper {
    private static final List<Integer> ALGORITHMS_FOR_SIGNING = Arrays.asList(1, 3, 17, 20, 19);
    private final PGPKeyRing rawKeyRing;

    /* JADX INFO: Access modifiers changed from: protected */
    public PGPKeyRingWrapper(PGPKeyRing pGPKeyRing) {
        this.rawKeyRing = pGPKeyRing;
    }

    private Set<byte[]> collectExistingCertificates(PGPKeyRing pGPKeyRing) throws IOException {
        Set<byte[]> createCertificatesSet = createCertificatesSet();
        Iterator publicKeys = pGPKeyRing.getPublicKeys();
        while (publicKeys.hasNext()) {
            Iterator signatures = ((PGPPublicKey) publicKeys.next()).getSignatures();
            while (signatures.hasNext()) {
                createCertificatesSet.add(((PGPSignature) signatures.next()).getEncoded());
            }
        }
        return createCertificatesSet;
    }

    private Set<byte[]> createCertificatesSet() {
        return new TreeSet(new Comparator<byte[]>() { // from class: com.unitedinternet.android.pgp.openpgp.PGPKeyRingWrapper.1
            @Override // java.util.Comparator
            public int compare(byte[] bArr, byte[] bArr2) {
                if (bArr.length != bArr2.length) {
                    return bArr.length - bArr2.length;
                }
                for (int i = 0; i < bArr.length; i++) {
                    if (bArr[i] != bArr2[i]) {
                        return (bArr[i] & 255) - (bArr2[i] & 255);
                    }
                }
                return 0;
            }
        });
    }

    private Iterator<PGPSignature> getKeySignatures(PGPPublicKey pGPPublicKey) throws IOException {
        ArrayList arrayList = new ArrayList();
        Set<byte[]> createCertificatesSet = createCertificatesSet();
        Iterator rawUserIDs = pGPPublicKey.getRawUserIDs();
        while (rawUserIDs.hasNext()) {
            Iterator signaturesForID = pGPPublicKey.getSignaturesForID((byte[]) rawUserIDs.next());
            while (signaturesForID.hasNext()) {
                createCertificatesSet.add(((PGPSignature) signaturesForID.next()).getEncoded());
            }
        }
        Iterator signatures = pGPPublicKey.getSignatures();
        while (signatures.hasNext()) {
            PGPSignature pGPSignature = (PGPSignature) signatures.next();
            if (!createCertificatesSet.contains(pGPSignature.getEncoded())) {
                arrayList.add(pGPSignature);
            }
        }
        return arrayList.iterator();
    }

    private PGPPublicKey mergeAttributeCerts(PGPPublicKey pGPPublicKey, PGPPublicKey pGPPublicKey2, Set<byte[]> set, long j) throws IOException {
        Iterator userAttributes = pGPPublicKey2.getUserAttributes();
        while (userAttributes.hasNext()) {
            PGPUserAttributeSubpacketVector pGPUserAttributeSubpacketVector = (PGPUserAttributeSubpacketVector) userAttributes.next();
            Iterator signaturesForUserAttribute = pGPPublicKey2.getSignaturesForUserAttribute(pGPUserAttributeSubpacketVector);
            if (signaturesForUserAttribute != null) {
                while (signaturesForUserAttribute.hasNext()) {
                    PGPSignature pGPSignature = (PGPSignature) signaturesForUserAttribute.next();
                    if (shouldApplyCertificate(pGPSignature, set, j)) {
                        pGPPublicKey = PGPPublicKey.addCertification(pGPPublicKey, pGPUserAttributeSubpacketVector, pGPSignature);
                    }
                }
            }
        }
        return pGPPublicKey;
    }

    private PGPPublicKey mergeKeyCertificates(PGPPublicKey pGPPublicKey, PGPPublicKey pGPPublicKey2, Set<byte[]> set, long j) throws IOException {
        Iterator<PGPSignature> keySignatures = getKeySignatures(pGPPublicKey2);
        while (keySignatures.hasNext()) {
            PGPSignature next = keySignatures.next();
            if (shouldApplyCertificate(next, set, j)) {
                pGPPublicKey = PGPPublicKey.addCertification(pGPPublicKey, next);
            }
        }
        return pGPPublicKey;
    }

    private PGPPublicKey mergeUserCertificates(PGPPublicKey pGPPublicKey, PGPPublicKey pGPPublicKey2, Set<byte[]> set, long j) throws IOException {
        Iterator rawUserIDs = pGPPublicKey2.getRawUserIDs();
        while (rawUserIDs.hasNext()) {
            byte[] bArr = (byte[]) rawUserIDs.next();
            Iterator signaturesForID = pGPPublicKey2.getSignaturesForID(bArr);
            if (signaturesForID != null) {
                while (signaturesForID.hasNext()) {
                    PGPSignature pGPSignature = (PGPSignature) signaturesForID.next();
                    if (shouldApplyCertificate(pGPSignature, set, j)) {
                        pGPPublicKey = PGPPublicKey.addCertification(pGPPublicKey, bArr, pGPSignature);
                    }
                }
            }
        }
        return pGPPublicKey;
    }

    private static PGPKeyRing replacePublicKey(PGPKeyRing pGPKeyRing, PGPPublicKey pGPPublicKey) {
        if (pGPKeyRing instanceof PGPPublicKeyRing) {
            return PGPPublicKeyRing.insertPublicKey((PGPPublicKeyRing) pGPKeyRing, pGPPublicKey);
        }
        PGPSecretKeyRing pGPSecretKeyRing = (PGPSecretKeyRing) pGPKeyRing;
        PGPSecretKey secretKey = pGPSecretKeyRing.getSecretKey(pGPPublicKey.getKeyID());
        return secretKey == null ? pGPKeyRing : PGPSecretKeyRing.insertSecretKey(pGPSecretKeyRing, PGPSecretKey.replacePublicKey(secretKey, pGPPublicKey));
    }

    private boolean shouldApplyCertificate(PGPSignature pGPSignature, Set<byte[]> set, long j) throws IOException {
        if (pGPSignature.getKeyID() != j && isSecret()) {
            return false;
        }
        byte[] encoded = pGPSignature.getEncoded();
        if (set.contains(encoded)) {
            return false;
        }
        set.add(encoded);
        return true;
    }

    private boolean verifyCertificateForUser(String str, PGPPublicKey pGPPublicKey) {
        PGPSignature pGPSignature;
        PGPSignature pGPSignature2;
        Iterator signaturesForID = pGPPublicKey.getSignaturesForID(str);
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
        calendar.add(6, 1);
        Date time = calendar.getTime();
        long keyID = pGPPublicKey.getKeyID();
        if (signaturesForID != null) {
            PGPSignature pGPSignature3 = null;
            pGPSignature = null;
            while (signaturesForID.hasNext()) {
                PGPSignature pGPSignature4 = (PGPSignature) signaturesForID.next();
                long keyID2 = pGPSignature4.getKeyID();
                int signatureType = pGPSignature4.getSignatureType();
                if ((signatureType == 16 || signatureType == 17 || signatureType == 18 || signatureType == 19 || signatureType == 48) && !pGPSignature4.getCreationTime().after(time) && ((pGPSignature4.getHashedSubPackets() == null || !pGPSignature4.getHashedSubPackets().hasSubpacket(4) || ((Exportable) pGPSignature4.getHashedSubPackets().getSubpacket(4)).isExportable()) && keyID2 == keyID)) {
                    try {
                        pGPSignature4.init(new JcaPGPContentVerifierBuilderProvider().setProvider("SC"), pGPPublicKey);
                    } catch (PGPException e) {
                        Timber.w(e, "unable to verify signature", new Object[0]);
                    }
                    if (pGPSignature4.verifyCertification(str, pGPPublicKey)) {
                        if (signatureType != 48) {
                            switch (signatureType) {
                                case 16:
                                case 17:
                                case 18:
                                case 19:
                                    if (pGPSignature3 == null || pGPSignature3.getCreationTime().before(pGPSignature4.getCreationTime())) {
                                        pGPSignature3 = pGPSignature4;
                                    }
                                    if (pGPSignature != null && pGPSignature.getCreationTime().before(pGPSignature3.getCreationTime())) {
                                        pGPSignature = null;
                                    }
                                    break;
                            }
                        } else if (pGPSignature3 == null || !pGPSignature3.getCreationTime().after(pGPSignature4.getCreationTime())) {
                            if (pGPSignature == null || pGPSignature.getCreationTime().before(pGPSignature4.getCreationTime())) {
                                pGPSignature = pGPSignature4;
                            }
                        }
                    }
                }
            }
            pGPSignature2 = pGPSignature3;
        } else {
            pGPSignature = null;
            pGPSignature2 = null;
        }
        return pGPSignature2 != null && pGPSignature == null;
    }

    public static PGPKeyRingWrapper wrap(PGPKeyRing pGPKeyRing) {
        if (pGPKeyRing instanceof PGPSecretKeyRing) {
            return new PGPSecretKeyRingWrapper((PGPSecretKeyRing) pGPKeyRing);
        }
        if (pGPKeyRing instanceof PGPPublicKeyRing) {
            return new PGPPublicKeyRingWrapper((PGPPublicKeyRing) pGPKeyRing);
        }
        throw new UnsupportedOperationException("Couldn't wrap key of type " + pGPKeyRing.getClass().getName());
    }

    public void encode(OutputStream outputStream) throws IOException {
        this.rawKeyRing.encode(outputStream);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public PGPPublicKeyWrapper fillUserIdsAndGetMasterKey(PGPKeyRing pGPKeyRing, List<String> list) {
        Iterator publicKeys = pGPKeyRing.getPublicKeys();
        while (publicKeys.hasNext()) {
            PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKeys.next();
            if (pGPPublicKey.isMasterKey()) {
                list.clear();
                Iterator userIDs = pGPPublicKey.getUserIDs();
                while (userIDs.hasNext()) {
                    String str = (String) userIDs.next();
                    if (verifyCertificateForUser(str, pGPPublicKey)) {
                        list.add(str);
                    }
                }
                return PGPPublicKeyWrapper.wrapPGPMasterKey(pGPPublicKey);
            }
        }
        throw new IllegalStateException("No master key found in key ring. This should never happened");
    }

    public PGPKeyWrapper getKeyWrapperById(long j) {
        for (PGPKeyWrapper pGPKeyWrapper : getKeys()) {
            if (pGPKeyWrapper.getKeyId() == j) {
                return pGPKeyWrapper;
            }
        }
        return null;
    }

    public abstract List<PGPKeyWrapper> getKeys();

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public PGPKeyWrapper getMasterKey() {
        for (PGPKeyWrapper pGPKeyWrapper : getKeys()) {
            if (pGPKeyWrapper.isMasterKey()) {
                return pGPKeyWrapper;
            }
        }
        throw new IllegalStateException("No master key found in key ring. This should never happened");
    }

    public String getType() {
        Iterator<PGPKeyWrapper> it = getKeys().iterator();
        while (it.hasNext()) {
            if (PGPMetaKeyWrapper.KEY_TYPE_PRIVATE.equals(it.next().getType())) {
                return PGPMetaKeyWrapper.KEY_TYPE_PRIVATE;
            }
        }
        return PGPMetaKeyWrapper.KEY_TYPE_PUBLIC;
    }

    public abstract List<String> getUserIds();

    boolean hasMasterKey() {
        Iterator<PGPKeyWrapper> it = getKeys().iterator();
        while (it.hasNext()) {
            if (it.next().isMasterKey()) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isKeyValid(PGPPublicKey pGPPublicKey, PGPKeyWrapper pGPKeyWrapper) {
        boolean z;
        int i = 4;
        if (pGPPublicKey.getVersion() < 4) {
            return false;
        }
        if (pGPPublicKey.isMasterKey()) {
            return true;
        }
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
        calendar.add(6, 1);
        Date time = calendar.getTime();
        Iterator signatures = pGPPublicKey.getSignatures();
        Date creationTime = pGPPublicKey.getCreationTime();
        PGPSignature pGPSignature = null;
        PGPSignature pGPSignature2 = null;
        while (signatures.hasNext()) {
            PGPSignature pGPSignature3 = (PGPSignature) signatures.next();
            int signatureType = pGPSignature3.getSignatureType();
            if (pGPSignature3.getKeyID() == pGPKeyWrapper.getKeyId() && ((signatureType == 24 || signatureType == 40) && !pGPSignature3.getCreationTime().after(time) && !pGPSignature3.getCreationTime().before(creationTime) && (pGPSignature3.getHashedSubPackets() == null || !pGPSignature3.getHashedSubPackets().hasSubpacket(i) || ((Exportable) pGPSignature3.getHashedSubPackets().getSubpacket(i)).isExportable()))) {
                if (signatureType == 24) {
                    try {
                        pGPSignature3.init(new JcaPGPContentVerifierBuilderProvider().setProvider("SC"), pGPKeyWrapper.getPublicKey());
                        if (pGPSignature3.verifyCertification(pGPKeyWrapper.getPublicKey(), pGPPublicKey)) {
                            if (ALGORITHMS_FOR_SIGNING.contains(Integer.valueOf(pGPPublicKey.getAlgorithm())) ? (pGPSignature3.getHashedSubPackets() == null || !pGPSignature3.getHashedSubPackets().hasSubpacket(27)) ? true : (((KeyFlags) pGPSignature3.getHashedSubPackets().getSubpacket(27)).getFlags() & 2) == 2 : false) {
                                if (pGPSignature3.getUnhashedSubPackets() != null) {
                                    try {
                                        PGPSignatureList embeddedSignatures = pGPSignature3.getUnhashedSubPackets().getEmbeddedSignatures();
                                        z = false;
                                        for (int i2 = 0; i2 < embeddedSignatures.size(); i2++) {
                                            PGPSignature pGPSignature4 = embeddedSignatures.get(i2);
                                            if (pGPSignature4.getSignatureType() == 25) {
                                                pGPSignature4.init(new JcaPGPContentVerifierBuilderProvider().setProvider("SC"), pGPPublicKey);
                                                if (!pGPSignature4.verifyCertification(pGPKeyWrapper.getPublicKey(), pGPPublicKey)) {
                                                    break;
                                                }
                                                z = true;
                                            }
                                        }
                                    } catch (Exception e) {
                                        Timber.w(e, "unable to check embedded signature", new Object[0]);
                                    }
                                } else {
                                    z = false;
                                }
                                if (!z) {
                                }
                            }
                            if (pGPSignature == null || !pGPSignature3.getCreationTime().before(pGPSignature.getCreationTime())) {
                                if (pGPSignature2 != null && pGPSignature3.getCreationTime().after(pGPSignature2.getCreationTime())) {
                                    pGPSignature2 = null;
                                }
                                pGPSignature = pGPSignature3;
                            }
                        }
                    } catch (PGPException e2) {
                        Timber.w(e2, "unable to verify signature", new Object[0]);
                    }
                } else {
                    try {
                        pGPSignature3.init(new JcaPGPContentVerifierBuilderProvider().setProvider("SC"), pGPKeyWrapper.getPublicKey());
                        if (pGPSignature3.verifyCertification(pGPKeyWrapper.getPublicKey(), pGPPublicKey) && (pGPSignature == null || !pGPSignature.getCreationTime().after(pGPSignature3.getCreationTime()))) {
                            pGPSignature2 = pGPSignature3;
                        }
                    } catch (PGPException e3) {
                        Timber.w(e3, "unable to verify signature", new Object[0]);
                    }
                }
                i = 4;
            }
            i = 4;
        }
        return pGPSignature != null;
    }

    public abstract boolean isSecret();

    public boolean isValid() {
        return (getKeys().isEmpty() || !hasMasterKey() || getUserIds().isEmpty()) ? false : true;
    }

    public PGPKeyRingWrapper mergeWith(PGPKeyRingWrapper pGPKeyRingWrapper) {
        if (pGPKeyRingWrapper == null || getMasterKey().getKeyId() != pGPKeyRingWrapper.getMasterKey().getKeyId() || !getMasterKey().getFingerprintEncoded().equals(pGPKeyRingWrapper.getMasterKey().getFingerprintEncoded())) {
            return this;
        }
        try {
            PGPKeyRing pGPKeyRing = isSecret() ? this.rawKeyRing : pGPKeyRingWrapper.rawKeyRing;
            PGPKeyRing pGPKeyRing2 = pGPKeyRing == this.rawKeyRing ? pGPKeyRingWrapper.rawKeyRing : this.rawKeyRing;
            long keyId = getMasterKey().getKeyId();
            Set<byte[]> collectExistingCertificates = collectExistingCertificates(pGPKeyRing);
            Iterator publicKeys = pGPKeyRing2.getPublicKeys();
            while (publicKeys.hasNext()) {
                PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKeys.next();
                PGPPublicKey publicKey = pGPKeyRing.getPublicKey(pGPPublicKey.getKeyID());
                if (publicKey == null) {
                    pGPKeyRing = (isSecret() && pGPKeyRingWrapper.isSecret()) ? PGPSecretKeyRing.insertSecretKey((PGPSecretKeyRing) pGPKeyRing, ((PGPSecretKeyRing) pGPKeyRing2).getSecretKey(pGPPublicKey.getKeyID())) : replacePublicKey(pGPKeyRing, pGPPublicKey);
                } else {
                    PGPPublicKey mergeKeyCertificates = mergeKeyCertificates(publicKey, pGPPublicKey, collectExistingCertificates, keyId);
                    if (pGPPublicKey.isMasterKey()) {
                        PGPPublicKey mergeAttributeCerts = mergeAttributeCerts(mergeUserCertificates(mergeKeyCertificates, pGPPublicKey, collectExistingCertificates, keyId), pGPPublicKey, collectExistingCertificates, keyId);
                        if (mergeAttributeCerts != publicKey) {
                            pGPKeyRing = replacePublicKey(pGPKeyRing, mergeAttributeCerts);
                        }
                    } else if (mergeKeyCertificates != publicKey) {
                        pGPKeyRing = replacePublicKey(pGPKeyRing, mergeKeyCertificates);
                    }
                }
            }
            return wrap(pGPKeyRing);
        } catch (IOException e) {
            Timber.w(e, "couldn't merge keys, return original one", new Object[0]);
            return this;
        }
    }
}
