package org.bouncycastle.openpgp.api;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.bcpg.KeyIdentifier;
import org.bouncycastle.bcpg.PacketFormat;
import org.bouncycastle.bcpg.SignatureSubpacket;
import org.bouncycastle.bcpg.sig.NotationData;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPOnePassSignature;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureException;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.bouncycastle.openpgp.api.OpenPGPCertificate;
import org.bouncycastle.openpgp.api.exception.MalformedOpenPGPSignatureException;
import org.bouncycastle.openpgp.api.util.UTCUtil;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:WEB-INF/lib/bcpg-jdk18on-1.81.jar:org/bouncycastle/openpgp/api/OpenPGPSignature.class */
public abstract class OpenPGPSignature {
    protected final PGPSignature signature;
    protected final OpenPGPCertificate.OpenPGPComponentKey issuer;
    protected boolean isTested = false;
    protected boolean isCorrect = false;

    /* loaded from: input_file:WEB-INF/lib/bcpg-jdk18on-1.81.jar:org/bouncycastle/openpgp/api/OpenPGPSignature$OpenPGPDocumentSignature.class */
    public static class OpenPGPDocumentSignature extends OpenPGPSignature {
        protected final OpenPGPDocumentSignature attestedSignature;

        public OpenPGPDocumentSignature(PGPSignature pGPSignature, OpenPGPCertificate.OpenPGPComponentKey openPGPComponentKey) {
            super(pGPSignature, openPGPComponentKey);
            this.attestedSignature = null;
        }

        @Override // org.bouncycastle.openpgp.api.OpenPGPSignature
        protected String getTargetDisplay() {
            return "<document>";
        }

        public OpenPGPDocumentSignature(PGPSignature pGPSignature, OpenPGPCertificate.OpenPGPComponentKey openPGPComponentKey, OpenPGPDocumentSignature openPGPDocumentSignature) {
            super(pGPSignature, openPGPComponentKey);
            this.attestedSignature = openPGPDocumentSignature;
        }

        public int getSignatureLevel() {
            if (this.attestedSignature == null) {
                return 0;
            }
            return 1 + this.attestedSignature.getSignatureLevel();
        }

        public OpenPGPDocumentSignature getAttestedSignature() {
            return this.attestedSignature;
        }

        public boolean verify(PGPOnePassSignature pGPOnePassSignature) throws PGPException {
            this.isTested = true;
            this.isCorrect = pGPOnePassSignature.verify(this.signature);
            return this.isCorrect;
        }

        public boolean verify() throws PGPException {
            this.isTested = true;
            this.isCorrect = this.signature.verify();
            return this.isCorrect;
        }

        public boolean isValid() throws PGPSignatureException {
            return isValid(OpenPGPImplementation.getInstance().policy());
        }

        public boolean isValid(OpenPGPPolicy openPGPPolicy) throws PGPSignatureException {
            return isValidAt(getCreationTime(), openPGPPolicy);
        }

        public boolean isValidAt(Date date) throws PGPSignatureException {
            return isValidAt(date, OpenPGPImplementation.getInstance().policy());
        }

        public boolean isValidAt(Date date, OpenPGPPolicy openPGPPolicy) throws PGPSignatureException {
            if (!this.isTested) {
                throw new IllegalStateException("Signature has not yet been verified.");
            }
            if (!isTestedCorrect()) {
                return false;
            }
            sanitize(this.issuer, openPGPPolicy);
            return this.issuer.getCertificate().getPrimaryKey().isBoundAt(date) && this.issuer.isBoundAt(date) && this.issuer.isSigningKey(date);
        }

        public boolean createdInBounds(Date date, Date date2) {
            return (getCreationTime().before(date) || getCreationTime().after(date2)) ? false : true;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/bcpg-jdk18on-1.81.jar:org/bouncycastle/openpgp/api/OpenPGPSignature$OpenPGPSignatureSubpacket.class */
    public static final class OpenPGPSignatureSubpacket {
        private final SignatureSubpacket subpacket;
        private final OpenPGPSignature signature;
        private final boolean hashed;

        private OpenPGPSignatureSubpacket(SignatureSubpacket signatureSubpacket, OpenPGPSignature openPGPSignature, boolean z) {
            this.signature = openPGPSignature;
            this.subpacket = signatureSubpacket;
            this.hashed = z;
        }

        public static OpenPGPSignatureSubpacket hashed(SignatureSubpacket signatureSubpacket, OpenPGPSignature openPGPSignature) {
            return new OpenPGPSignatureSubpacket(signatureSubpacket, openPGPSignature, true);
        }

        public static OpenPGPSignatureSubpacket unhashed(SignatureSubpacket signatureSubpacket, OpenPGPSignature openPGPSignature) {
            return new OpenPGPSignatureSubpacket(signatureSubpacket, openPGPSignature, false);
        }

        public OpenPGPSignature getSignature() {
            return this.signature;
        }

        public SignatureSubpacket getSubpacket() {
            return this.subpacket;
        }

        public boolean isHashed() {
            return this.hashed;
        }
    }

    public OpenPGPSignature(PGPSignature pGPSignature, OpenPGPCertificate.OpenPGPComponentKey openPGPComponentKey) {
        this.signature = pGPSignature;
        this.issuer = openPGPComponentKey;
    }

    public PGPSignature getSignature() {
        return this.signature;
    }

    public OpenPGPCertificate.OpenPGPComponentKey getIssuer() {
        return this.issuer;
    }

    public OpenPGPCertificate getIssuerCertificate() {
        if (this.issuer != null) {
            return this.issuer.getCertificate();
        }
        return null;
    }

    public List<KeyIdentifier> getKeyIdentifiers() {
        return this.signature.getKeyIdentifiers();
    }

    public KeyIdentifier getKeyIdentifier() {
        return getMostExpressiveIdentifier(getKeyIdentifiers());
    }

    public static KeyIdentifier getMostExpressiveIdentifier(List<KeyIdentifier> list) {
        if (list.isEmpty()) {
            return null;
        }
        if (list.size() == 1) {
            return list.get(0);
        }
        for (KeyIdentifier keyIdentifier : list) {
            if (!keyIdentifier.isWildcard() && keyIdentifier.getFingerprint() != null) {
                return keyIdentifier;
            }
        }
        for (KeyIdentifier keyIdentifier2 : list) {
            if (!keyIdentifier2.isWildcard()) {
                return keyIdentifier2;
            }
        }
        return list.get(0);
    }

    public boolean isTestedCorrect() {
        return this.isTested && this.isCorrect;
    }

    public Date getCreationTime() {
        return this.signature.getCreationTime();
    }

    public Date getExpirationTime() {
        PGPSignatureSubpacketVector hashedSubPackets = this.signature.getHashedSubPackets();
        if (hashedSubPackets == null) {
            return null;
        }
        long signatureExpirationTime = hashedSubPackets.getSignatureExpirationTime();
        if (signatureExpirationTime < 0) {
            throw new RuntimeException("Negative expiration time");
        }
        if (signatureExpirationTime == 0) {
            return null;
        }
        return new Date(getCreationTime().getTime() + (1000 * signatureExpirationTime));
    }

    public boolean isEffectiveAt(Date date) {
        if (isHardRevocation()) {
            return true;
        }
        Date creationTime = getCreationTime();
        Date expirationTime = getExpirationTime();
        return !date.before(creationTime) && (expirationTime == null || date.before(expirationTime));
    }

    public boolean isHardRevocation() {
        return this.signature.isHardRevocation();
    }

    public boolean isCertification() {
        return this.signature.isCertification();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sanitize(OpenPGPCertificate.OpenPGPComponentKey openPGPComponentKey, OpenPGPPolicy openPGPPolicy) throws PGPSignatureException {
        int signatureType;
        if (!openPGPPolicy.isAcceptablePublicKey(openPGPComponentKey.getPGPPublicKey())) {
            throw new PGPSignatureException("Unacceptable issuer key.");
        }
        if (!openPGPPolicy.hasAcceptableSignatureHashAlgorithm(this.signature)) {
            throw new PGPSignatureException("Unacceptable hash algorithm: " + this.signature.getHashAlgorithm());
        }
        if (this.signature.getVersion() < 4) {
            if (this.signature.getCreationTime().before(openPGPComponentKey.getCreationTime())) {
                throw new MalformedOpenPGPSignatureException(this, "Signature predates issuer key creation time.");
            }
            return;
        }
        PGPSignatureSubpacketVector hashedSubPackets = this.signature.getHashedSubPackets();
        if (hashedSubPackets == null) {
            throw new MalformedOpenPGPSignatureException(this, "Missing hashed signature subpacket area.");
        }
        PGPSignatureSubpacketVector unhashedSubPackets = this.signature.getUnhashedSubPackets();
        if (hashedSubPackets.getSignatureCreationTime() == null) {
            throw new MalformedOpenPGPSignatureException(this, "Signature does not have a hashed SignatureCreationTime subpacket.");
        }
        if (hashedSubPackets.getSignatureCreationTime().before(openPGPComponentKey.getCreationTime())) {
            throw new MalformedOpenPGPSignatureException(this, "Signature predates issuer key creation time.");
        }
        for (NotationData notationData : hashedSubPackets.getNotationDataOccurrences()) {
            if (notationData.isCritical()) {
                throw new MalformedOpenPGPSignatureException(this, "Critical unknown NotationData encountered: " + notationData.getNotationName());
            }
        }
        SignatureSubpacket[] array = hashedSubPackets.toArray();
        for (int i = 0; i != array.length; i++) {
            SignatureSubpacket signatureSubpacket = array[i];
            if (signatureSubpacket.isCritical() && signatureSubpacket.getClass().equals(SignatureSubpacket.class)) {
                throw new MalformedOpenPGPSignatureException(this, "Critical hashed unknown SignatureSubpacket encountered: " + signatureSubpacket.getType());
            }
        }
        switch (this.signature.getVersion()) {
            case 4:
            case 5:
                if (hashedSubPackets.getIssuerFingerprint() == null && unhashedSubPackets.getIssuerFingerprint() == null && hashedSubPackets.getSubpacket(16) == null && unhashedSubPackets.getSubpacket(16) == null && (signatureType = this.signature.getSignatureType()) != 24 && signatureType != 25) {
                    throw new MalformedOpenPGPSignatureException(this, "Missing IssuerKeyID and IssuerFingerprint subpacket.");
                }
                return;
            case 6:
                if (hashedSubPackets.getSubpacket(16) != null) {
                    throw new MalformedOpenPGPSignatureException(this, "v6 signature MUST NOT contain IssuerKeyID subpacket.");
                }
                if (hashedSubPackets.getIssuerFingerprint() == null && unhashedSubPackets.getIssuerFingerprint() == null) {
                    throw new MalformedOpenPGPSignatureException(this, "v6 signature MUST contain IssuerFingerprint subpacket.");
                }
                return;
            default:
                return;
        }
    }

    public boolean isRevocation() {
        return PGPSignature.isRevocation(this.signature.getSignatureType());
    }

    public String toString() {
        return getType() + (this.signature.isHardRevocation() ? "(hard)" : "") + " " + Hex.toHexString(this.signature.getDigestPrefix()) + " " + getIssuerDisplay() + " -> " + getTargetDisplay() + " (" + (UTCUtil.format(getCreationTime()) + (getExpirationTime() == null ? "" : ">" + UTCUtil.format(getExpirationTime()))) + ") " + (this.isTested ? this.isCorrect ? "✓" : "✗" : "❓");
    }

    protected String getIssuerDisplay() {
        if (this.issuer != null) {
            return this.issuer.toString();
        }
        KeyIdentifier keyIdentifier = getKeyIdentifier();
        return keyIdentifier == null ? "External[unknown]" : keyIdentifier.isWildcard() ? "Anonymous" : "External[" + Long.toHexString(keyIdentifier.getKeyId()).toUpperCase(Locale.getDefault()) + "]";
    }

    protected abstract String getTargetDisplay();

    /* JADX INFO: Access modifiers changed from: protected */
    public String getType() {
        switch (this.signature.getSignatureType()) {
            case 0:
                return "BINARY_DOCUMENT";
            case 1:
                return "CANONICAL_TEXT_DOCUMENT";
            case 2:
                return "STANDALONE";
            case 16:
                return "DEFAULT_CERTIFICATION";
            case 17:
                return "NO_CERTIFICATION";
            case 18:
                return "CASUAL_CERTIFICATION";
            case 19:
                return "POSITIVE_CERTIFICATION";
            case 24:
                return "SUBKEY_BINDING";
            case 25:
                return "PRIMARYKEY_BINDING";
            case 31:
                return "DIRECT_KEY";
            case 32:
                return "KEY_REVOCATION";
            case 40:
                return "SUBKEY_REVOCATION";
            case 48:
                return "CERTIFICATION_REVOCATION";
            case 64:
                return "TIMESTAMP";
            case 80:
                return "THIRD_PARTY_CONFIRMATION";
            default:
                return "UNKNOWN (" + this.signature.getSignatureType() + ")";
        }
    }

    public String toAsciiArmoredString() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ArmoredOutputStream.Builder clearHeaders = ArmoredOutputStream.builder().clearHeaders();
        if (getKeyIdentifier() != null) {
            clearHeaders.addSplitMultilineComment(getKeyIdentifier().toPrettyPrint());
        }
        ArmoredOutputStream build = clearHeaders.build(byteArrayOutputStream);
        BCPGOutputStream bCPGOutputStream = new BCPGOutputStream(build, PacketFormat.CURRENT);
        getSignature().encode(bCPGOutputStream);
        bCPGOutputStream.close();
        build.close();
        return byteArrayOutputStream.toString();
    }
}
