package com.cloudera.keytrustee.crypto;

import com.cloudera.keytrustee.KeyTrusteeException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Iterator;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;

/* loaded from: input_file:com/cloudera/keytrustee/crypto/PGPKeyRingHolder.class */
public class PGPKeyRingHolder {
    private PGPSecretKeyRingCollection secrings;
    private PGPPublicKeyRingCollection pubrings;
    private PGPPublicKeyRing defaultKeyRing;

    public PGPKeyRingHolder(PGPSecretKeyRingCollection pGPSecretKeyRingCollection, PGPPublicKeyRingCollection pGPPublicKeyRingCollection, Fingerprint fingerprint) throws KeyTrusteeException, PGPException {
        this.secrings = pGPSecretKeyRingCollection;
        this.pubrings = pGPPublicKeyRingCollection;
        this.defaultKeyRing = null;
        initDefaultKeyRing(fingerprint);
    }

    private void initDefaultKeyRing(Fingerprint fingerprint) throws KeyTrusteeException {
        if (fingerprint != null) {
            Iterator keyRings = this.pubrings.getKeyRings();
            while (keyRings.hasNext()) {
                PGPPublicKeyRing pGPPublicKeyRing = (PGPPublicKeyRing) keyRings.next();
                if (pGPPublicKeyRing.getPublicKey(fingerprint.getKeyId()) != null) {
                    this.defaultKeyRing = pGPPublicKeyRing;
                }
            }
        } else {
            boolean z = true;
            if (this.secrings.size() == 1 && this.secrings.getKeyRings().hasNext()) {
                try {
                    this.defaultKeyRing = this.pubrings.getPublicKeyRing(Fingerprint.of(((PGPSecretKeyRing) this.secrings.getKeyRings().next()).getPublicKey()).getKeyId());
                    z = false;
                } catch (PGPException e) {
                }
            }
            if (z && this.pubrings.getKeyRings().hasNext()) {
                this.defaultKeyRing = (PGPPublicKeyRing) this.pubrings.getKeyRings().next();
            }
        }
        if (this.defaultKeyRing == null) {
            throw new KeyTrusteeException("Default key not found");
        }
        if (!KeyManager.isValid(this.defaultKeyRing.getPublicKey())) {
            throw new KeyTrusteeException("Invalid client key");
        }
    }

    public PGPKeyRingHolder(PGPSecretKeyRingCollection pGPSecretKeyRingCollection, PGPPublicKeyRingCollection pGPPublicKeyRingCollection) throws KeyTrusteeException, PGPException {
        this(pGPSecretKeyRingCollection, pGPPublicKeyRingCollection, (Fingerprint) null);
    }

    public PGPKeyRingHolder(InputStream inputStream, InputStream inputStream2, Fingerprint fingerprint) throws KeyTrusteeException {
        try {
            try {
                this.pubrings = new PGPPublicKeyRingCollection(inputStream2, Crypto.FP_CALC);
                this.secrings = new PGPSecretKeyRingCollection(inputStream, Crypto.FP_CALC);
                IOUtils.closeQuietly(inputStream2);
                IOUtils.closeQuietly(inputStream);
                initDefaultKeyRing(fingerprint);
            } catch (Exception e) {
                throw new KeyTrusteeException("Failed to read keyring file(s)", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream2);
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    public PGPPublicKeyRingCollection getPublicKeyRingCollection() {
        return this.pubrings;
    }

    public PGPSecretKeyRingCollection getSecretKeyRingCollection() {
        return this.secrings;
    }

    public PGPSecretKeyRing getSecretKeyRing() throws PGPException {
        return this.secrings.getSecretKeyRing(this.defaultKeyRing.getPublicKey().getKeyID());
    }

    public PGPPublicKeyRing getPublicKeyRing() {
        return this.defaultKeyRing;
    }

    public PGPSecretKeyRing getSecretKeyRing(Fingerprint fingerprint) throws KeyTrusteeException {
        try {
            return this.secrings.getSecretKeyRing(fingerprint.getKeyId());
        } catch (PGPException e) {
            return null;
        }
    }

    public PGPPublicKeyRing getPublicKeyRing(Fingerprint fingerprint) throws KeyTrusteeException {
        try {
            return this.pubrings.getPublicKeyRing(fingerprint.getKeyId());
        } catch (PGPException e) {
            return null;
        }
    }

    public PGPKeyPair getPrimaryKeyPair(char[] cArr) throws PGPException {
        return new PGPKeyPair(getPublicKeyRing().getPublicKey(), getSecretKeyRing().getSecretKey().extractPrivateKey(Crypto.decryptorBuilderFor(cArr)));
    }

    public void addKeyRing(PGPPublicKeyRing pGPPublicKeyRing) {
        this.pubrings = PGPPublicKeyRingCollection.addPublicKeyRing(this.pubrings, pGPPublicKeyRing);
    }

    public void addKeyRing(PGPSecretKeyRing pGPSecretKeyRing) {
        this.secrings = PGPSecretKeyRingCollection.addSecretKeyRing(this.secrings, pGPSecretKeyRing);
    }

    public void removeKeyRing(PGPPublicKeyRing pGPPublicKeyRing) {
        this.pubrings = PGPPublicKeyRingCollection.removePublicKeyRing(this.pubrings, pGPPublicKeyRing);
    }

    public void addKey(PGPPublicKey pGPPublicKey) {
        this.pubrings = PGPPublicKeyRingCollection.removePublicKeyRing(this.pubrings, this.defaultKeyRing);
        this.defaultKeyRing = PGPPublicKeyRing.insertPublicKey(this.defaultKeyRing, pGPPublicKey);
        PGPPublicKeyRingCollection.addPublicKeyRing(this.pubrings, this.defaultKeyRing);
    }

    public void writeKeyRings(OutputStream outputStream, OutputStream outputStream2) throws IOException {
        getPublicKeyRingCollection().encode(outputStream2);
        outputStream2.flush();
        getSecretKeyRingCollection().encode(outputStream);
        outputStream.flush();
    }

    public void mergeKeyRing(PGPPublicKeyRing pGPPublicKeyRing) throws KeyTrusteeException {
        PGPPublicKeyRing publicKeyRing = getPublicKeyRing(Fingerprint.of(pGPPublicKeyRing));
        if (publicKeyRing == null) {
            addKeyRing(pGPPublicKeyRing);
        } else {
            KeyManager.mergeRings(publicKeyRing, pGPPublicKeyRing);
        }
    }
}
