package com.cloudera.keytrustee.crypto;

import com.cloudera.keytrustee.KeyTrusteeException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.bouncycastle.openpgp.PGPUtil;

/* loaded from: input_file:com/cloudera/keytrustee/crypto/KeyManager.class */
public final class KeyManager {
    private KeyManager() {
    }

    public static PGPPublicKeyRingCollection readPublicKeyRingCollection(String str) throws IOException, PGPException {
        return readPublicKeyRingCollection(new ByteArrayInputStream(str.getBytes()));
    }

    public static PGPPublicKeyRingCollection readPublicKeyRingCollection(InputStream inputStream) throws IOException, PGPException {
        return new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(inputStream), Crypto.FP_CALC);
    }

    public static String toAsciiArmoredString(PGPPublicKeyRing pGPPublicKeyRing) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(byteArrayOutputStream);
        pGPPublicKeyRing.encode(armoredOutputStream);
        armoredOutputStream.flush();
        byteArrayOutputStream.flush();
        armoredOutputStream.close();
        byteArrayOutputStream.close();
        return new String(byteArrayOutputStream.toByteArray());
    }

    public static PGPPublicKey getFirstSigningKey(PGPPublicKeyRing pGPPublicKeyRing) {
        Iterator publicKeys = pGPPublicKeyRing.getPublicKeys();
        while (publicKeys.hasNext()) {
            PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKeys.next();
            if (isValid(pGPPublicKey) && isSigningKey(pGPPublicKey)) {
                return pGPPublicKey;
            }
        }
        return null;
    }

    public static boolean isSigningKey(PGPPublicKey pGPPublicKey) {
        if (!isValid(pGPPublicKey)) {
            return false;
        }
        if (pGPPublicKey.getVersion() <= 3 || pGPPublicKey.getAlgorithm() == 3) {
            return true;
        }
        Iterator signatures = pGPPublicKey.getSignatures();
        while (signatures.hasNext()) {
            PGPSignature pGPSignature = (PGPSignature) signatures.next();
            if (!pGPPublicKey.isMasterKey() || pGPSignature.getKeyID() == pGPPublicKey.getKeyID()) {
                PGPSignatureSubpacketVector hashedSubPackets = pGPSignature.getHashedSubPackets();
                if (hashedSubPackets != null && (hashedSubPackets.getKeyFlags() & 2) != 0) {
                    return true;
                }
                PGPSignatureSubpacketVector unhashedSubPackets = pGPSignature.getUnhashedSubPackets();
                if (unhashedSubPackets != null && (unhashedSubPackets.getKeyFlags() & 2) != 0) {
                    return true;
                }
            }
        }
        return false;
    }

    public static PGPSecretKey getSigningKey(PGPSecretKeyRing pGPSecretKeyRing) {
        if (pGPSecretKeyRing == null) {
            return null;
        }
        Iterator secretKeys = pGPSecretKeyRing.getSecretKeys();
        while (secretKeys.hasNext()) {
            PGPSecretKey pGPSecretKey = (PGPSecretKey) secretKeys.next();
            if (isValid(pGPSecretKey) && pGPSecretKey.isSigningKey()) {
                return pGPSecretKey;
            }
        }
        return null;
    }

    public static String getMainUserId(PGPSecretKey pGPSecretKey) {
        Iterator userIDs = pGPSecretKey.getUserIDs();
        if (userIDs.hasNext()) {
            return (String) userIDs.next();
        }
        return null;
    }

    public static PGPSecretKey getMasterKey(PGPSecretKeyRing pGPSecretKeyRing) {
        if (pGPSecretKeyRing == null) {
            return null;
        }
        Iterator secretKeys = pGPSecretKeyRing.getSecretKeys();
        while (secretKeys.hasNext()) {
            PGPSecretKey pGPSecretKey = (PGPSecretKey) secretKeys.next();
            if (isValid(pGPSecretKey) && pGPSecretKey.isMasterKey()) {
                return pGPSecretKey;
            }
        }
        return null;
    }

    public static boolean isExpired(PGPPublicKey pGPPublicKey) {
        Date creationDate = getCreationDate(pGPPublicKey);
        Date expiryDate = getExpiryDate(pGPPublicKey);
        Date date = new Date();
        if (date.compareTo(creationDate) >= 0) {
            return expiryDate != null && date.compareTo(expiryDate) > 0;
        }
        return true;
    }

    public static boolean isValid(PGPSecretKey pGPSecretKey) {
        return isValid(pGPSecretKey.getPublicKey());
    }

    public static boolean isValid(PGPPublicKey pGPPublicKey) {
        return (isExpired(pGPPublicKey) || pGPPublicKey.isRevoked()) ? false : true;
    }

    public static Date getCreationDate(PGPPublicKey pGPPublicKey) {
        return pGPPublicKey.getCreationTime();
    }

    public static Date getExpiryDate(PGPPublicKey pGPPublicKey) {
        Date creationDate = getCreationDate(pGPPublicKey);
        if (pGPPublicKey.getValidDays() == 0) {
            return null;
        }
        Calendar gregorianCalendar = GregorianCalendar.getInstance();
        gregorianCalendar.setTime(creationDate);
        gregorianCalendar.add(5, pGPPublicKey.getValidDays());
        return gregorianCalendar.getTime();
    }

    public static Date getCreationDate(PGPSecretKey pGPSecretKey) {
        return getCreationDate(pGPSecretKey.getPublicKey());
    }

    public static PGPPublicKey getKey(PGPPublicKeyRingCollection pGPPublicKeyRingCollection, Fingerprint fingerprint) {
        Iterator keyRings = pGPPublicKeyRingCollection.getKeyRings();
        while (keyRings.hasNext()) {
            Iterator publicKeys = ((PGPPublicKeyRing) keyRings.next()).getPublicKeys();
            while (publicKeys.hasNext()) {
                PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKeys.next();
                if (isValid(pGPPublicKey) && Fingerprint.of(pGPPublicKey).equals(fingerprint)) {
                    return pGPPublicKey;
                }
            }
        }
        return null;
    }

    public static PGPPublicKeyRing mergeRings(PGPPublicKeyRing pGPPublicKeyRing, PGPPublicKeyRing pGPPublicKeyRing2) throws KeyTrusteeException {
        if (!Fingerprint.of(pGPPublicKeyRing.getPublicKey()).equals(Fingerprint.of(pGPPublicKeyRing2.getPublicKey()))) {
            throw new KeyTrusteeException("Cannot merge keyrings, primary key fingerprints do not match");
        }
        Iterator publicKeys = pGPPublicKeyRing2.getPublicKeys();
        while (publicKeys.hasNext()) {
            PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKeys.next();
            PGPPublicKey publicKey = pGPPublicKeyRing.getPublicKey(pGPPublicKey.getKeyID());
            if (publicKey == null) {
                pGPPublicKeyRing = PGPPublicKeyRing.insertPublicKey(pGPPublicKeyRing, pGPPublicKey);
            } else {
                Map<String, PGPSignature> mapSigs = mapSigs(pGPPublicKey);
                Map<String, PGPSignature> mapSigs2 = mapSigs(publicKey);
                for (Map.Entry<String, PGPSignature> entry : mapSigs.entrySet()) {
                    if (!mapSigs2.containsKey(entry.getKey())) {
                        publicKey = PGPPublicKey.addCertification(publicKey, entry.getValue());
                    }
                }
            }
            pGPPublicKeyRing = PGPPublicKeyRing.insertPublicKey(pGPPublicKeyRing, publicKey);
        }
        return pGPPublicKeyRing;
    }

    private static Map<String, PGPSignature> mapSigs(PGPPublicKey pGPPublicKey) throws KeyTrusteeException {
        try {
            HashMap hashMap = new HashMap();
            Iterator signatures = pGPPublicKey.getSignatures();
            while (signatures.hasNext()) {
                PGPSignature pGPSignature = (PGPSignature) signatures.next();
                hashMap.put(new String(pGPSignature.getEncoded()), pGPSignature);
            }
            return hashMap;
        } catch (IOException e) {
            throw new KeyTrusteeException(e);
        }
    }
}
