package org.apache.maven.plugins.gpg;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.SocketException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
import org.bouncycastle.util.encoders.Hex;
import org.codehaus.plexus.util.io.CachingOutputStream;
import org.eclipse.aether.RepositorySystemSession;
import org.newsclub.net.unix.AFOutputStream;
import org.newsclub.net.unix.AFUNIXSocket;
import org.newsclub.net.unix.AFUNIXSocketAddress;

/* loaded from: input_file:org/apache/maven/plugins/gpg/BcSigner.class */
public class BcSigner extends AbstractGpgSigner {
    public static final String NAME = "bc";
    private final RepositorySystemSession session;
    private final String keyEnvName;
    private final String keyFingerprintEnvName;
    private final String agentSocketLocations;
    private final String keyFilePath;
    private final String keyFingerprint;
    private PGPSecretKey secretKey;
    private PGPPrivateKey privateKey;
    private PGPSignatureSubpacketVector hashSubPackets;

    /* loaded from: input_file:org/apache/maven/plugins/gpg/BcSigner$GpgAgentPasswordLoader.class */
    public final class GpgAgentPasswordLoader implements Loader {
        public GpgAgentPasswordLoader() {
        }

        @Override // org.apache.maven.plugins.gpg.BcSigner.Loader
        public char[] loadPassword(RepositorySystemSession repositorySystemSession, byte[] bArr) throws IOException {
            if (!BcSigner.this.useAgent) {
                return null;
            }
            Iterator it = ((List) Arrays.stream(BcSigner.this.agentSocketLocations.split(",")).filter(str -> {
                return (str == null || str.isEmpty()) ? false : true;
            }).collect(Collectors.toList())).iterator();
            while (it.hasNext()) {
                try {
                    Path path = Paths.get((String) it.next(), new String[0]);
                    if (!path.isAbsolute()) {
                        path = Paths.get(System.getProperty("user.home"), new String[0]).resolve(path).toAbsolutePath();
                    }
                    return load(bArr, path);
                } catch (SocketException e) {
                }
            }
            return null;
        }

        private char[] load(byte[] bArr, Path path) throws IOException {
            AFUNIXSocket newInstance = AFUNIXSocket.newInstance();
            try {
                newInstance.connect(AFUNIXSocketAddress.of(path));
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(newInstance.getInputStream()));
                try {
                    AFOutputStream outputStream = newInstance.getOutputStream();
                    try {
                        expectOK(bufferedReader);
                        String str = System.getenv("DISPLAY");
                        if (str != null) {
                            outputStream.write(("OPTION display=" + str + "\n").getBytes());
                            outputStream.flush();
                            expectOK(bufferedReader);
                        }
                        String str2 = System.getenv("TERM");
                        if (str2 != null) {
                            outputStream.write(("OPTION ttytype=" + str2 + "\n").getBytes());
                            outputStream.flush();
                            expectOK(bufferedReader);
                        }
                        String hexString = Hex.toHexString(bArr);
                        outputStream.write(("GET_PASSPHRASE " + (!BcSigner.this.isInteractive ? "--no-ask " : "") + hexString + " X GnuPG+Passphrase Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key+with+fingerprint:+" + hexString.toUpperCase(Locale.ROOT) + "+to+use+it+for+signing+Maven+Artifacts\n").getBytes());
                        outputStream.flush();
                        char[] mayExpectOK = mayExpectOK(bufferedReader);
                        if (outputStream != null) {
                            outputStream.close();
                        }
                        bufferedReader.close();
                        if (newInstance != null) {
                            newInstance.close();
                        }
                        return mayExpectOK;
                    } catch (Throwable th) {
                        if (outputStream != null) {
                            try {
                                outputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (newInstance != null) {
                    try {
                        newInstance.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        }

        private void expectOK(BufferedReader bufferedReader) throws IOException {
            String readLine = bufferedReader.readLine();
            if (!readLine.startsWith("OK")) {
                throw new IOException("Expected OK but got this instead: " + readLine);
            }
        }

        private char[] mayExpectOK(BufferedReader bufferedReader) throws IOException {
            String readLine = bufferedReader.readLine();
            if (readLine.startsWith("ERR")) {
                return null;
            }
            if (readLine.startsWith("OK")) {
                return new String(Hex.decode(readLine.substring(Math.min(readLine.length(), 3)).trim())).toCharArray();
            }
            throw new IOException("Expected OK/ERR but got this instead: " + readLine);
        }
    }

    /* loaded from: input_file:org/apache/maven/plugins/gpg/BcSigner$GpgConfLoader.class */
    public final class GpgConfLoader implements Loader {
        private static final long MAX_SIZE = 64001;

        public GpgConfLoader() {
        }

        @Override // org.apache.maven.plugins.gpg.BcSigner.Loader
        public byte[] loadKeyRingMaterial(RepositorySystemSession repositorySystemSession) throws IOException {
            Path path = Paths.get(BcSigner.this.keyFilePath, new String[0]);
            if (!path.isAbsolute()) {
                path = Paths.get(System.getProperty("user.home"), new String[0]).resolve(path).toAbsolutePath();
            }
            if (!Files.isRegularFile(path, new LinkOption[0])) {
                return null;
            }
            if (Files.size(path) < MAX_SIZE) {
                return Files.readAllBytes(path);
            }
            throw new IOException("Refusing to load file " + path + "; is larger than 64 kB");
        }

        @Override // org.apache.maven.plugins.gpg.BcSigner.Loader
        public byte[] loadKeyFingerprint(RepositorySystemSession repositorySystemSession) {
            if (BcSigner.this.keyFingerprint == null) {
                return null;
            }
            if (BcSigner.this.keyFingerprint.trim().length() == 40) {
                return Hex.decode(BcSigner.this.keyFingerprint);
            }
            throw new IllegalArgumentException("Key fingerprint configuration is wrong (hex encoded, 40 characters)");
        }
    }

    /* loaded from: input_file:org/apache/maven/plugins/gpg/BcSigner$GpgEnvLoader.class */
    public final class GpgEnvLoader implements Loader {
        public GpgEnvLoader() {
        }

        @Override // org.apache.maven.plugins.gpg.BcSigner.Loader
        public byte[] loadKeyRingMaterial(RepositorySystemSession repositorySystemSession) {
            String str = (String) repositorySystemSession.getConfigProperties().get("env." + BcSigner.this.keyEnvName);
            if (str != null) {
                return str.getBytes(StandardCharsets.UTF_8);
            }
            return null;
        }

        @Override // org.apache.maven.plugins.gpg.BcSigner.Loader
        public byte[] loadKeyFingerprint(RepositorySystemSession repositorySystemSession) {
            String str = (String) repositorySystemSession.getConfigProperties().get("env." + BcSigner.this.keyFingerprintEnvName);
            if (str == null) {
                return null;
            }
            if (str.trim().length() == 40) {
                return Hex.decode(str);
            }
            throw new IllegalArgumentException("Key fingerprint configuration is wrong (hex encoded, 40 characters)");
        }
    }

    /* loaded from: input_file:org/apache/maven/plugins/gpg/BcSigner$Loader.class */
    public interface Loader {
        default byte[] loadKeyRingMaterial(RepositorySystemSession repositorySystemSession) throws IOException {
            return null;
        }

        default byte[] loadKeyFingerprint(RepositorySystemSession repositorySystemSession) throws IOException {
            return null;
        }

        default char[] loadPassword(RepositorySystemSession repositorySystemSession, byte[] bArr) throws IOException {
            return null;
        }
    }

    public BcSigner(RepositorySystemSession repositorySystemSession, String str, String str2, String str3, String str4, String str5) {
        this.session = repositorySystemSession;
        this.keyEnvName = str;
        this.keyFingerprintEnvName = str2;
        this.agentSocketLocations = str3;
        this.keyFilePath = str4;
        this.keyFingerprint = str5;
    }

    @Override // org.apache.maven.plugins.gpg.AbstractGpgSigner
    public String signerName() {
        return NAME;
    }

    /* JADX WARN: Type inference failed for: r0v69, types: [java.time.LocalDateTime] */
    @Override // org.apache.maven.plugins.gpg.AbstractGpgSigner
    public void prepare() throws MojoFailureException {
        try {
            List list = (List) Stream.of((Object[]) new Loader[]{new GpgEnvLoader(), new GpgConfLoader(), new GpgAgentPasswordLoader()}).collect(Collectors.toList());
            byte[] bArr = null;
            Iterator it = list.iterator();
            while (it.hasNext()) {
                bArr = ((Loader) it.next()).loadKeyRingMaterial(this.session);
                if (bArr != null) {
                    break;
                }
            }
            if (bArr == null) {
                throw new MojoFailureException("Key ring material not found");
            }
            byte[] bArr2 = null;
            Iterator it2 = list.iterator();
            while (it2.hasNext()) {
                bArr2 = ((Loader) it2.next()).loadKeyFingerprint(this.session);
                if (bArr2 != null) {
                    break;
                }
            }
            PGPSecretKey pGPSecretKey = null;
            Iterator it3 = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(new ByteArrayInputStream(bArr)), new BcKeyFingerprintCalculator()).iterator();
            while (it3.hasNext()) {
                Iterator it4 = ((PGPSecretKeyRing) it3.next()).iterator();
                while (it4.hasNext()) {
                    PGPSecretKey pGPSecretKey2 = (PGPSecretKey) it4.next();
                    if (!pGPSecretKey2.isPrivateKeyEmpty() && (bArr2 == null || Arrays.equals(bArr2, pGPSecretKey2.getFingerprint()))) {
                        pGPSecretKey = pGPSecretKey2;
                        break;
                    }
                }
            }
            if (pGPSecretKey == null) {
                throw new MojoFailureException("Secret key not found");
            }
            if (pGPSecretKey.isPrivateKeyEmpty()) {
                throw new MojoFailureException("Private key not found in Secret key");
            }
            long validSeconds = pGPSecretKey.getPublicKey().getValidSeconds();
            if (validSeconds > 0) {
                LocalDateTime plusSeconds = pGPSecretKey.getPublicKey().getCreationTime().toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime().plusSeconds(validSeconds);
                if (LocalDateTime.now().isAfter(plusSeconds)) {
                    throw new MojoFailureException("Secret key expired at: " + plusSeconds);
                }
            }
            char[] charArray = this.passphrase != null ? this.passphrase.toCharArray() : null;
            if ((pGPSecretKey.getKeyEncryptionAlgorithm() != 0) && charArray == null) {
                Iterator it5 = list.iterator();
                while (it5.hasNext()) {
                    charArray = ((Loader) it5.next()).loadPassword(this.session, pGPSecretKey.getFingerprint());
                    if (charArray != null) {
                        break;
                    }
                }
                if (charArray == null) {
                    throw new MojoFailureException("Secret key is encrypted but no passphrase provided");
                }
            }
            this.secretKey = pGPSecretKey;
            this.privateKey = pGPSecretKey.extractPrivateKey(new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(charArray));
            if (charArray != null) {
                Arrays.fill(charArray, ' ');
            }
            PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator = new PGPSignatureSubpacketGenerator();
            pGPSignatureSubpacketGenerator.setIssuerFingerprint(false, pGPSecretKey);
            this.hashSubPackets = pGPSignatureSubpacketGenerator.generate();
        } catch (PGPException | IOException e) {
            throw new MojoFailureException(e);
        }
    }

    @Override // org.apache.maven.plugins.gpg.AbstractGpgSigner
    public String getKeyInfo() {
        Iterator userIDs = this.secretKey.getPublicKey().getUserIDs();
        return userIDs.hasNext() ? (String) userIDs.next() : Hex.toHexString(this.secretKey.getPublicKey().getFingerprint());
    }

    @Override // org.apache.maven.plugins.gpg.AbstractGpgSigner
    protected void generateSignatureForFile(File file, File file2) throws MojoExecutionException {
        try {
            InputStream newInputStream = Files.newInputStream(file.toPath(), new OpenOption[0]);
            try {
                CachingOutputStream cachingOutputStream = new CachingOutputStream(file2.toPath());
                try {
                    PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(new BcPGPContentSignerBuilder(this.secretKey.getPublicKey().getAlgorithm(), 10));
                    pGPSignatureGenerator.init(0, this.privateKey);
                    pGPSignatureGenerator.setHashedSubpackets(this.hashSubPackets);
                    byte[] bArr = new byte[8192];
                    while (true) {
                        int read = newInputStream.read(bArr);
                        if (read < 0) {
                            break;
                        } else {
                            pGPSignatureGenerator.update(bArr, 0, read);
                        }
                    }
                    BCPGOutputStream bCPGOutputStream = new BCPGOutputStream(new ArmoredOutputStream(cachingOutputStream));
                    try {
                        pGPSignatureGenerator.generate().encode(bCPGOutputStream);
                        bCPGOutputStream.close();
                        cachingOutputStream.close();
                        if (newInputStream != null) {
                            newInputStream.close();
                        }
                    } catch (Throwable th) {
                        try {
                            bCPGOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    try {
                        cachingOutputStream.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                    throw th3;
                }
            } finally {
            }
        } catch (PGPException | IOException e) {
            throw new MojoExecutionException(e);
        }
    }
}
