package net.savignano.snotify.atlassian.common.security.key.secret;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import net.savignano.snotify.atlassian.common.enums.EKeyPurpose;
import net.savignano.snotify.atlassian.common.enums.EKeySource;
import net.savignano.snotify.atlassian.common.enums.EKeyValidity;
import net.savignano.snotify.atlassian.common.security.key.ASnotifyKey;
import net.savignano.snotify.atlassian.common.util.PgpUtil;
import net.savignano.snotify.atlassian.common.util.SecurityUtil;
import net.savignano.thirdparty.org.bouncycastle.asn1.x509.DisplayText;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPException;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPSecretKey;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPSecretKeyRing;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPSignature;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/atlassian/common/security/key/secret/SnotifyPgpSignKey.class */
public class SnotifyPgpSignKey extends ASnotifyKey<PGPSecretKey> implements ISnotifySecretKey<PGPSecretKey> {
    private static final Logger log = LoggerFactory.getLogger(SnotifyPgpSignKey.class);
    private PGPSecretKeyRing ring;
    private PGPSecretKey masterKey;
    private PGPSecretKey signingKey;
    private char[] password;

    private static PGPSecretKey findSigningKey(PGPSecretKeyRing pGPSecretKeyRing) {
        ArrayList<PGPSecretKey> arrayList = new ArrayList();
        Iterator<PGPSecretKey> it = pGPSecretKeyRing.iterator();
        while (it.hasNext()) {
            PGPSecretKey next = it.next();
            if (isValidSigningKey(next)) {
                arrayList.add(next);
            }
        }
        PGPSecretKey pGPSecretKey = null;
        for (PGPSecretKey pGPSecretKey2 : arrayList) {
            if (pGPSecretKey == null || pGPSecretKey.getPublicKey().getCreationTime().before(pGPSecretKey2.getPublicKey().getCreationTime())) {
                pGPSecretKey = pGPSecretKey2;
            }
        }
        if (log.isDebugEnabled()) {
            if (pGPSecretKey == null) {
                log.debug("No key found that can be used for singing. Master key ID: {}", PgpUtil.getPrettyId(pGPSecretKeyRing.getSecretKey()));
            } else {
                log.debug("Using key with ID {}. Creation time: {}", Long.toHexString(pGPSecretKey.getKeyID()).toUpperCase(), pGPSecretKey.getPublicKey().getCreationTime());
            }
        }
        return pGPSecretKey;
    }

    private static boolean isValidSigningKey(PGPSecretKey pGPSecretKey) {
        String prettyId = PgpUtil.getPrettyId(pGPSecretKey);
        if (!pGPSecretKey.isSigningKey()) {
            log.debug("Algorithm for key with ID {} can not be used for encryption.", prettyId);
            return false;
        }
        boolean z = false;
        boolean z2 = false;
        Iterator signatures = pGPSecretKey.getPublicKey().getSignatures();
        while (true) {
            if (!signatures.hasNext()) {
                break;
            }
            PGPSignatureSubpacketVector hashedSubPackets = ((PGPSignature) signatures.next()).getHashedSubPackets();
            if (hashedSubPackets != null) {
                int keyFlags = hashedSubPackets.getKeyFlags();
                z = z || keyFlags != 0;
                if ((keyFlags & 2) != 0) {
                    z2 = true;
                    break;
                }
            }
        }
        if (!z2 && z) {
            log.debug("Key with ID {} has not the necessary flags for a signing key.", prettyId);
            return false;
        }
        if (pGPSecretKey.getPublicKey().hasRevocation()) {
            log.warn("Key with ID {} has been revoked.", prettyId);
            return false;
        }
        long validSeconds = pGPSecretKey.getPublicKey().getValidSeconds();
        if (validSeconds == 0 || (validSeconds * 1000) + pGPSecretKey.getPublicKey().getCreationTime().getTime() >= System.currentTimeMillis()) {
            log.debug("Key with ID {} can be used for signing.", prettyId);
            return true;
        }
        log.warn("Key with ID {} is no loger valid. Expired: {}", prettyId, new Date((validSeconds * 1000) + pGPSecretKey.getPublicKey().getCreationTime().getTime()));
        return false;
    }

    public SnotifyPgpSignKey(PGPSecretKeyRingCollection pGPSecretKeyRingCollection, char[] cArr, String str) {
        super(EKeyPurpose.SIGNING);
        if (pGPSecretKeyRingCollection == null) {
            log.warn("Key ring collection was <null>.");
            setKeyValidity(EKeyValidity.INVALID);
            return;
        }
        if (str == null) {
            log.warn("Email address was <null>.");
            setKeyValidity(EKeyValidity.INVALID);
            return;
        }
        log.debug("Looking up key ring for email {}.", str);
        PGPSecretKeyRing pGPSecretKeyRing = null;
        PGPSecretKey pGPSecretKey = null;
        Iterator<PGPSecretKeyRing> it = pGPSecretKeyRingCollection.iterator();
        while (it.hasNext() && pGPSecretKeyRing == null) {
            PGPSecretKeyRing next = it.next();
            PGPSecretKey secretKey = next.getSecretKey();
            if (secretKey == null || !secretKey.isMasterKey()) {
                log.warn("Passed key ring collection contains a ring without a corresponding master key. Maybe key ring is corrupt.");
            } else if (PgpUtil.isKeyForEmail(secretKey, str)) {
                log.debug("Master key (ID: {}) is valid for email {}.", PgpUtil.getPrettyId(secretKey), str);
                pGPSecretKeyRing = next;
                pGPSecretKey = secretKey;
            } else if (log.isTraceEnabled()) {
                ArrayList arrayList = new ArrayList();
                Iterator<String> userIDs = secretKey.getUserIDs();
                while (userIDs.hasNext()) {
                    arrayList.add(userIDs.next());
                }
                String prettyId = PgpUtil.getPrettyId(secretKey);
                if (arrayList.isEmpty()) {
                    log.debug("Key with ID {} does not contain any user IDs.", prettyId);
                } else {
                    log.debug("Key with ID {} does not match email {}. It has the following user IDs: {}", new Object[]{prettyId, str, arrayList});
                }
            }
        }
        if (pGPSecretKeyRing == null) {
            log.warn("No matching key ring found for email address: {}", str);
            setKeyValidity(EKeyValidity.NOT_FOUND);
            return;
        }
        this.ring = pGPSecretKeyRing;
        this.masterKey = pGPSecretKey;
        this.signingKey = findSigningKey(pGPSecretKeyRing);
        if (this.signingKey != null) {
            checkPassword(this.signingKey, cArr);
        } else {
            log.warn("No valid signing key was found to sign emails. Corresponding master key ID: {}", PgpUtil.getPrettyId(this.masterKey));
            setKeyValidity(EKeyValidity.NOT_FOUND);
        }
    }

    public SnotifyPgpSignKey(PGPSecretKeyRing pGPSecretKeyRing, char[] cArr) {
        this(pGPSecretKeyRing, cArr, (String) null);
    }

    public SnotifyPgpSignKey(PGPSecretKeyRing pGPSecretKeyRing, char[] cArr, String str) {
        super(EKeyPurpose.SIGNING);
        if (pGPSecretKeyRing == null) {
            log.warn("Key ring was <null>.");
            setKeyValidity(EKeyValidity.INVALID);
            return;
        }
        this.ring = pGPSecretKeyRing;
        this.masterKey = pGPSecretKeyRing.getSecretKey();
        this.signingKey = findSigningKey(pGPSecretKeyRing);
        if (this.masterKey == null || !this.masterKey.isMasterKey()) {
            log.warn("Passed key ring has no master key. Maybe key ring is corrupt.");
            setKeyValidity(EKeyValidity.INVALID);
        } else if (this.signingKey == null) {
            log.warn("No valid signing key was found to sign emails. Corresponding master key ID: {}", PgpUtil.getPrettyId(this.masterKey));
            setKeyValidity(EKeyValidity.INVALID);
        } else if (str == null || PgpUtil.isKeyForEmail(this.masterKey, str)) {
            checkPassword(this.signingKey, cArr);
        } else {
            log.warn("Key ring is no match for email address: {}", str);
            setKeyValidity(EKeyValidity.INVALID);
        }
    }

    private void checkPassword(PGPSecretKey pGPSecretKey, char[] cArr) {
        try {
            PgpUtil.extractPrivateKey(pGPSecretKey, cArr);
            if (cArr != null) {
                this.password = Arrays.copyOf(cArr, cArr.length);
            } else {
                log.warn("Password was <null>. If secret key does indeed have no password, this is a security problem, as anyone can use it.");
            }
        } catch (PGPException e) {
            if (PgpUtil.ERROR_MESSAGE_FOR_WRONG_PASSWORD.equals(e.getMessage())) {
                log.error("Supplied password was wrong to extract private key from key with ID: " + PgpUtil.getPrettyId(this.signingKey), e);
                setKeyValidity(EKeyValidity.INVALID);
            } else if (cArr == null && (e.getCause() instanceof NullPointerException)) {
                log.error("No password given to extract private key from key with ID: " + PgpUtil.getPrettyId(this.signingKey));
                setKeyValidity(EKeyValidity.INVALID);
            } else {
                log.error("Error while extracting private key with ID: " + PgpUtil.getPrettyId(this.signingKey), e);
                setKeyValidity(EKeyValidity.ERROR);
            }
        }
    }

    public SnotifyPgpSignKey(EKeyValidity eKeyValidity) {
        this(eKeyValidity, EKeySource.UNKNOWN);
    }

    public SnotifyPgpSignKey(EKeyValidity eKeyValidity, EKeySource eKeySource) {
        super(EKeyPurpose.SIGNING);
        setKeyValidity(eKeyValidity);
        setKeySource(eKeySource);
    }

    public PGPSecretKeyRing getKeyRing() {
        return this.ring;
    }

    public PGPSecretKey getMasterKey() {
        return this.masterKey;
    }

    @Override // net.savignano.snotify.atlassian.common.security.key.ISnotifyKey
    public PGPSecretKey getKey() {
        return this.signingKey;
    }

    public char[] getPassword() {
        return this.password;
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() {
        setKeyValidity(EKeyValidity.INVALID);
        this.masterKey = null;
        this.signingKey = null;
        SecurityUtil.clearPassword(this.password);
        this.password = null;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.masterKey == null && this.signingKey == null && this.password == null && getKeyValidity() == EKeyValidity.INVALID;
    }

    @Override // net.savignano.snotify.atlassian.common.security.key.ASnotifyKey
    public String toString() {
        StringBuilder sb = new StringBuilder(DisplayText.DISPLAY_TEXT_MAXIMUM_SIZE);
        sb.append("PGP Sign Key. ");
        sb.append("Key Validity: ");
        sb.append(getKeyValidity());
        sb.append("; Key Purpose: ");
        sb.append(getKeyPurpose());
        sb.append("; Key Source: ");
        sb.append(getKeySource());
        sb.append("; Signing Key ID: ");
        sb.append(PgpUtil.getPrettyId(getKey()));
        sb.append("; Master Key ID: ");
        sb.append(PgpUtil.getPrettyId(getMasterKey()));
        sb.append("; Password: ");
        sb.append(getPassword() == null ? "<null>" : "*****");
        return sb.toString();
    }
}
