package org.eclipse.jgit.gpg.bc.internal;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URISyntaxException;
import java.nio.file.DirectoryStream;
import java.nio.file.FileVisitOption;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.bouncycastle.gpg.SExprParser;
import org.bouncycastle.gpg.keybox.BlobType;
import org.bouncycastle.gpg.keybox.KeyBlob;
import org.bouncycastle.gpg.keybox.KeyBox;
import org.bouncycastle.gpg.keybox.KeyInformation;
import org.bouncycastle.gpg.keybox.PublicKeyRingBlob;
import org.bouncycastle.gpg.keybox.UserID;
import org.bouncycastle.gpg.keybox.jcajce.JcaKeyBox;
import org.bouncycastle.gpg.keybox.jcajce.JcaKeyBoxBuilder;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.PBEProtectionRemoverFactory;
import org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePBEProtectionRemoverFactory;
import org.bouncycastle.util.encoders.Hex;
import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.api.errors.CanceledException;
import org.eclipse.jgit.errors.UnsupportedCredentialItem;
import org.eclipse.jgit.util.FS;
import org.eclipse.jgit.util.StringUtils;
import org.eclipse.jgit.util.SystemReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgKeyLocator.class */
public class BouncyCastleGpgKeyLocator {
    private static final Logger log = LoggerFactory.getLogger(BouncyCastleGpgKeyLocator.class);
    private static final Path GPG_DIRECTORY = findGpgDirectory();
    private static final Path USER_KEYBOX_PATH = GPG_DIRECTORY.resolve("pubring.kbx");
    private static final Path USER_SECRET_KEY_DIR = GPG_DIRECTORY.resolve("private-keys-v1.d");
    private static final Path USER_PGP_PUBRING_FILE = GPG_DIRECTORY.resolve("pubring.gpg");
    private static final Path USER_PGP_LEGACY_SECRING_FILE = GPG_DIRECTORY.resolve("secring.gpg");
    private final String signingKey;
    private BouncyCastleGpgKeyPassphrasePrompt passphrasePrompt;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgKeyLocator$EncryptedPgpKeyException.class */
    public static class EncryptedPgpKeyException extends RuntimeException {
        private static final long serialVersionUID = 1;

        private EncryptedPgpKeyException() {
        }

        /* synthetic */ EncryptedPgpKeyException(EncryptedPgpKeyException encryptedPgpKeyException) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgKeyLocator$NoOpenPgpKeyException.class */
    public static class NoOpenPgpKeyException extends Exception {
        private static final long serialVersionUID = 1;

        private NoOpenPgpKeyException() {
        }

        /* synthetic */ NoOpenPgpKeyException(NoOpenPgpKeyException noOpenPgpKeyException) {
            this();
        }
    }

    private static Path findGpgDirectory() {
        String str;
        SystemReader systemReader = SystemReader.getInstance();
        if (systemReader.isWindows() && (str = systemReader.getenv("APPDATA")) != null && !str.isEmpty()) {
            try {
                Path resolve = Paths.get(str, new String[0]).resolve("gnupg");
                if (Files.isDirectory(resolve, new LinkOption[0])) {
                    return resolve;
                }
            } catch (SecurityException | InvalidPathException e) {
            }
        }
        File userHome = FS.DETECTED.userHome();
        if (userHome == null) {
            userHome = new File(".").getAbsoluteFile();
        }
        return userHome.toPath().resolve(".gnupg");
    }

    public BouncyCastleGpgKeyLocator(String str, @NonNull BouncyCastleGpgKeyPassphrasePrompt bouncyCastleGpgKeyPassphrasePrompt) {
        this.signingKey = str;
        this.passphrasePrompt = bouncyCastleGpgKeyPassphrasePrompt;
    }

    private PGPSecretKey attemptParseSecretKey(Path path, PGPDigestCalculatorProvider pGPDigestCalculatorProvider, PBEProtectionRemoverFactory pBEProtectionRemoverFactory, PGPPublicKey pGPPublicKey) {
        Throwable th = null;
        try {
            try {
                InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
                try {
                    PGPSecretKey parseSecretKey = new SExprParser(pGPDigestCalculatorProvider).parseSecretKey(new BufferedInputStream(newInputStream), pBEProtectionRemoverFactory, pGPPublicKey);
                    if (newInputStream != null) {
                        newInputStream.close();
                    }
                    return parseSecretKey;
                } catch (Throwable th2) {
                    if (newInputStream != null) {
                        newInputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException | PGPException | ClassCastException e) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Ignoring unreadable file '{}': {}", new Object[]{path, e.getMessage(), e});
            return null;
        }
    }

    static boolean containsSigningKey(String str, String str2) {
        if (StringUtils.isEmptyOrNull(str) || StringUtils.isEmptyOrNull(str2)) {
            return false;
        }
        String str3 = str2;
        if (str3.startsWith("0x") && str3.trim().length() > 2) {
            return false;
        }
        char charAt = str3.charAt(0);
        switch (charAt) {
            case '*':
            case '<':
            case '=':
            case '@':
                str3 = str3.substring(1);
                if (str3.isEmpty()) {
                    return false;
                }
                break;
        }
        switch (charAt) {
            case '<':
                int indexOf = str.indexOf(60);
                int indexOf2 = str.indexOf(62, indexOf + 1);
                int indexOf3 = str3.indexOf(62);
                return indexOf >= 0 && indexOf2 > indexOf + 1 && indexOf3 > 0 && str.substring(indexOf + 1, indexOf2).equals(str3.substring(0, indexOf3));
            case '=':
                return str.equals(str3);
            case '>':
            case '?':
            default:
                if (str3.trim().isEmpty()) {
                    return false;
                }
                return str.toLowerCase(Locale.ROOT).contains(str3.toLowerCase(Locale.ROOT));
            case '@':
                int indexOf4 = str.indexOf(60);
                int indexOf5 = str.indexOf(62, indexOf4 + 1);
                return indexOf4 >= 0 && indexOf5 > indexOf4 + 1 && str.substring(indexOf4 + 1, indexOf5).contains(str3);
        }
    }

    private String toFingerprint(String str) {
        return str.startsWith("0x") ? str.substring(2) : str;
    }

    private PGPPublicKey findPublicKeyByKeyId(KeyBlob keyBlob) throws IOException {
        String lowerCase = toFingerprint(this.signingKey).toLowerCase(Locale.ROOT);
        if (lowerCase.isEmpty()) {
            return null;
        }
        for (KeyInformation keyInformation : keyBlob.getKeyInformation()) {
            if (Hex.toHexString(keyInformation.getFingerprint()).toLowerCase(Locale.ROOT).endsWith(lowerCase)) {
                return getPublicKey(keyBlob, keyInformation.getFingerprint());
            }
        }
        return null;
    }

    private PGPPublicKey findPublicKeyByUserId(KeyBlob keyBlob) throws IOException {
        Iterator it = keyBlob.getUserIds().iterator();
        while (it.hasNext()) {
            if (containsSigningKey(((UserID) it.next()).getUserIDAsString(), this.signingKey)) {
                return getSigningPublicKey(keyBlob);
            }
        }
        return null;
    }

    private PGPPublicKey findPublicKeyInKeyBox(Path path) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, NoOpenPgpKeyException {
        boolean z = false;
        for (KeyBlob keyBlob : readKeyBoxFile(path).getKeyBlobs()) {
            if (keyBlob.getType() == BlobType.OPEN_PGP_BLOB) {
                z = true;
                PGPPublicKey findPublicKeyByKeyId = findPublicKeyByKeyId(keyBlob);
                if (findPublicKeyByKeyId != null) {
                    return findPublicKeyByKeyId;
                }
                PGPPublicKey findPublicKeyByUserId = findPublicKeyByUserId(keyBlob);
                if (findPublicKeyByUserId != null) {
                    return findPublicKeyByUserId;
                }
            }
        }
        if (z) {
            return null;
        }
        throw new NoOpenPgpKeyException(null);
    }

    @NonNull
    public BouncyCastleGpgKey findSecretKey() throws IOException, NoSuchAlgorithmException, NoSuchProviderException, PGPException, CanceledException, UnsupportedCredentialItem, URISyntaxException {
        BouncyCastleGpgKey findSecretKeyForKeyBoxPublicKey;
        PGPPublicKey pGPPublicKey = null;
        if (hasKeyFiles(USER_SECRET_KEY_DIR)) {
            if (Files.exists(USER_KEYBOX_PATH, new LinkOption[0])) {
                try {
                    PGPPublicKey findPublicKeyInKeyBox = findPublicKeyInKeyBox(USER_KEYBOX_PATH);
                    if (findPublicKeyInKeyBox == null) {
                        throw new PGPException(MessageFormat.format(BCText.get().gpgNoPublicKeyFound, this.signingKey));
                    }
                    BouncyCastleGpgKey findSecretKeyForKeyBoxPublicKey2 = findSecretKeyForKeyBoxPublicKey(findPublicKeyInKeyBox, USER_KEYBOX_PATH);
                    if (findSecretKeyForKeyBoxPublicKey2 != null) {
                        return findSecretKeyForKeyBoxPublicKey2;
                    }
                    throw new PGPException(MessageFormat.format(BCText.get().gpgNoSecretKeyForPublicKey, Long.toHexString(findPublicKeyInKeyBox.getKeyID())));
                } catch (NoOpenPgpKeyException e) {
                    if (log.isDebugEnabled()) {
                        log.debug("{} does not contain any OpenPGP keys", USER_KEYBOX_PATH);
                    }
                }
            }
            if (Files.exists(USER_PGP_PUBRING_FILE, new LinkOption[0])) {
                pGPPublicKey = findPublicKeyInPubring(USER_PGP_PUBRING_FILE);
                if (pGPPublicKey != null && (findSecretKeyForKeyBoxPublicKey = findSecretKeyForKeyBoxPublicKey(pGPPublicKey, USER_PGP_PUBRING_FILE)) != null) {
                    return findSecretKeyForKeyBoxPublicKey;
                }
            }
            if (pGPPublicKey == null) {
                throw new PGPException(MessageFormat.format(BCText.get().gpgNoPublicKeyFound, this.signingKey));
            }
        }
        boolean z = false;
        if (Files.exists(USER_PGP_LEGACY_SECRING_FILE, new LinkOption[0])) {
            z = true;
            BouncyCastleGpgKey loadKeyFromSecring = loadKeyFromSecring(USER_PGP_LEGACY_SECRING_FILE);
            if (loadKeyFromSecring != null) {
                return loadKeyFromSecring;
            }
        }
        if (pGPPublicKey != null) {
            throw new PGPException(MessageFormat.format(BCText.get().gpgNoSecretKeyForPublicKey, Long.toHexString(pGPPublicKey.getKeyID())));
        }
        if (z) {
            throw new PGPException(MessageFormat.format(BCText.get().gpgNoKeyInLegacySecring, this.signingKey));
        }
        throw new PGPException(BCText.get().gpgNoKeyring);
    }

    private boolean hasKeyFiles(Path path) {
        Throwable th = null;
        try {
            try {
                DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(path, "*.key");
                try {
                    boolean hasNext = newDirectoryStream.iterator().hasNext();
                    if (newDirectoryStream != null) {
                        newDirectoryStream.close();
                    }
                    return hasNext;
                } catch (Throwable th2) {
                    if (newDirectoryStream != null) {
                        newDirectoryStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException e) {
            return false;
        }
    }

    private BouncyCastleGpgKey loadKeyFromSecring(Path path) throws IOException, PGPException {
        PGPSecretKey findSecretKeyInLegacySecring = findSecretKeyInLegacySecring(this.signingKey, path);
        if (findSecretKeyInLegacySecring == null) {
            return null;
        }
        if (findSecretKeyInLegacySecring.isSigningKey()) {
            return new BouncyCastleGpgKey(findSecretKeyInLegacySecring, path);
        }
        throw new PGPException(MessageFormat.format(BCText.get().gpgNotASigningKey, this.signingKey));
    }

    private BouncyCastleGpgKey findSecretKeyForKeyBoxPublicKey(PGPPublicKey pGPPublicKey, Path path) throws PGPException, CanceledException, UnsupportedCredentialItem, URISyntaxException {
        PGPSecretKey attemptParseSecretKey;
        PGPDigestCalculatorProvider build = new JcaPGPDigestCalculatorProviderBuilder().build();
        Throwable th = null;
        try {
            try {
                Stream<Path> walk = Files.walk(USER_SECRET_KEY_DIR, new FileVisitOption[0]);
                try {
                    List list = (List) walk.filter(path2 -> {
                        return Files.isRegularFile(path2, new LinkOption[0]);
                    }).collect(Collectors.toCollection(ArrayList::new));
                    if (list.isEmpty()) {
                    }
                    PBEProtectionRemoverFactory pBEProtectionRemoverFactory = str -> {
                        throw new EncryptedPgpKeyException(null);
                    };
                    for (int i = 0; i < 2; i++) {
                        Iterator it = list.iterator();
                        while (it.hasNext()) {
                            try {
                                attemptParseSecretKey = attemptParseSecretKey((Path) it.next(), build, pBEProtectionRemoverFactory, pGPPublicKey);
                                it.remove();
                            } catch (EncryptedPgpKeyException e) {
                            }
                            if (attemptParseSecretKey != null) {
                                if (!attemptParseSecretKey.isSigningKey()) {
                                    throw new PGPException(MessageFormat.format(BCText.get().gpgNotASigningKey, this.signingKey));
                                }
                                BouncyCastleGpgKey bouncyCastleGpgKey = new BouncyCastleGpgKey(attemptParseSecretKey, path);
                                if (walk != null) {
                                    walk.close();
                                }
                                return bouncyCastleGpgKey;
                            }
                        }
                        if (i > 0 || list.isEmpty()) {
                            break;
                        }
                        pBEProtectionRemoverFactory = new JcePBEProtectionRemoverFactory(this.passphrasePrompt.getPassphrase(pGPPublicKey.getFingerprint(), path));
                    }
                    this.passphrasePrompt.clear();
                    if (walk == null) {
                        return null;
                    }
                    walk.close();
                    return null;
                } finally {
                    if (walk != null) {
                        walk.close();
                    }
                }
            } catch (Throwable th2) {
                if (0 == 0) {
                    th = th2;
                } else if (null != th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException e2) {
            this.passphrasePrompt.clear();
            throw new PGPException(MessageFormat.format(BCText.get().gpgFailedToParseSecretKey, USER_SECRET_KEY_DIR.toAbsolutePath()), e2);
        } catch (RuntimeException e3) {
            this.passphrasePrompt.clear();
            throw e3;
        }
    }

    private PGPSecretKey findSecretKeyInLegacySecring(String str, Path path) throws IOException, PGPException {
        Throwable th = null;
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                PGPSecretKeyRingCollection pGPSecretKeyRingCollection = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(new BufferedInputStream(newInputStream)), new JcaKeyFingerprintCalculator());
                String lowerCase = toFingerprint(str).toLowerCase(Locale.ROOT);
                Iterator keyRings = pGPSecretKeyRingCollection.getKeyRings();
                while (keyRings.hasNext()) {
                    Iterator secretKeys = ((PGPSecretKeyRing) keyRings.next()).getSecretKeys();
                    while (secretKeys.hasNext()) {
                        PGPSecretKey pGPSecretKey = (PGPSecretKey) secretKeys.next();
                        if (Hex.toHexString(pGPSecretKey.getPublicKey().getFingerprint()).toLowerCase(Locale.ROOT).endsWith(lowerCase)) {
                            if (newInputStream != null) {
                                newInputStream.close();
                            }
                            return pGPSecretKey;
                        }
                        Iterator userIDs = pGPSecretKey.getUserIDs();
                        while (userIDs.hasNext()) {
                            if (containsSigningKey((String) userIDs.next(), this.signingKey)) {
                                return pGPSecretKey;
                            }
                        }
                    }
                }
                if (newInputStream == null) {
                    return null;
                }
                newInputStream.close();
                return null;
            } finally {
                if (newInputStream != null) {
                    newInputStream.close();
                }
            }
        } catch (Throwable th2) {
            if (0 == 0) {
                th = th2;
            } else if (null != th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private PGPPublicKey findPublicKeyInPubring(Path path) throws IOException, PGPException {
        Throwable th = null;
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                PGPPublicKeyRingCollection pGPPublicKeyRingCollection = new PGPPublicKeyRingCollection(new BufferedInputStream(newInputStream), new JcaKeyFingerprintCalculator());
                String lowerCase = toFingerprint(this.signingKey).toLowerCase(Locale.ROOT);
                Iterator keyRings = pGPPublicKeyRingCollection.getKeyRings();
                while (keyRings.hasNext()) {
                    Iterator publicKeys = ((PGPPublicKeyRing) keyRings.next()).getPublicKeys();
                    while (publicKeys.hasNext()) {
                        PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKeys.next();
                        if (Hex.toHexString(pGPPublicKey.getFingerprint()).toLowerCase(Locale.ROOT).endsWith(lowerCase)) {
                            if (newInputStream != null) {
                                newInputStream.close();
                            }
                            return pGPPublicKey;
                        }
                        Iterator userIDs = pGPPublicKey.getUserIDs();
                        while (userIDs.hasNext()) {
                            if (containsSigningKey((String) userIDs.next(), this.signingKey)) {
                                return pGPPublicKey;
                            }
                        }
                    }
                }
                if (newInputStream == null) {
                    return null;
                }
                newInputStream.close();
                return null;
            } finally {
                if (newInputStream != null) {
                    newInputStream.close();
                }
            }
        } catch (Throwable th2) {
            if (0 == 0) {
                th = th2;
            } else if (null != th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private PGPPublicKey getPublicKey(KeyBlob keyBlob, byte[] bArr) throws IOException {
        return ((PublicKeyRingBlob) keyBlob).getPGPPublicKeyRing().getPublicKey(bArr);
    }

    private PGPPublicKey getSigningPublicKey(KeyBlob keyBlob) throws IOException {
        PGPPublicKey pGPPublicKey = null;
        Iterator publicKeys = ((PublicKeyRingBlob) keyBlob).getPGPPublicKeyRing().getPublicKeys();
        while (publicKeys.hasNext()) {
            PGPPublicKey pGPPublicKey2 = (PGPPublicKey) publicKeys.next();
            if (isSigningKey(pGPPublicKey2)) {
                if (!pGPPublicKey2.isMasterKey()) {
                    return pGPPublicKey2;
                }
                pGPPublicKey = pGPPublicKey2;
            }
        }
        return pGPPublicKey;
    }

    private boolean isSigningKey(PGPPublicKey pGPPublicKey) {
        Iterator signatures = pGPPublicKey.getSignatures();
        while (signatures.hasNext()) {
            if ((((PGPSignature) signatures.next()).getHashedSubPackets().getKeyFlags() & 2) > 0) {
                return true;
            }
        }
        return false;
    }

    private KeyBox readKeyBoxFile(Path path) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, NoOpenPgpKeyException {
        if (path.toFile().length() == 0) {
            throw new NoOpenPgpKeyException(null);
        }
        Throwable th = null;
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(Files.newInputStream(path, new OpenOption[0]));
            try {
                JcaKeyBox build = new JcaKeyBoxBuilder().build(bufferedInputStream);
                if (bufferedInputStream != null) {
                    bufferedInputStream.close();
                }
                return build;
            } catch (Throwable th2) {
                if (bufferedInputStream != null) {
                    bufferedInputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }
}
