package org.eclipse.aether.generator.gnupg;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.function.Predicate;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
import org.bouncycastle.util.encoders.Hex;
import org.eclipse.aether.RepositorySystemSession;
import org.eclipse.aether.artifact.Artifact;
import org.eclipse.aether.deployment.DeployRequest;
import org.eclipse.aether.installation.InstallRequest;
import org.eclipse.aether.spi.artifact.ArtifactPredicate;
import org.eclipse.aether.spi.artifact.ArtifactPredicateFactory;
import org.eclipse.aether.spi.artifact.generator.ArtifactGenerator;
import org.eclipse.aether.spi.artifact.generator.ArtifactGeneratorFactory;
import org.eclipse.aether.util.ConfigUtils;

@Singleton
@Named(GnupgSignatureArtifactGeneratorFactory.NAME)
/* loaded from: input_file:org/eclipse/aether/generator/gnupg/GnupgSignatureArtifactGeneratorFactory.class */
public final class GnupgSignatureArtifactGeneratorFactory implements ArtifactGeneratorFactory {
    public static final String NAME = "gnupg";
    private final ArtifactPredicateFactory artifactPredicateFactory;
    private final Map<String, Loader> loaders;

    /* loaded from: input_file:org/eclipse/aether/generator/gnupg/GnupgSignatureArtifactGeneratorFactory$Loader.class */
    public interface Loader {
        default byte[] loadKeyRingMaterial(RepositorySystemSession repositorySystemSession) throws IOException {
            return null;
        }

        default byte[] loadKeyFingerprint(RepositorySystemSession repositorySystemSession) throws IOException {
            return null;
        }

        default char[] loadPassword(RepositorySystemSession repositorySystemSession, byte[] bArr) throws IOException {
            return null;
        }
    }

    @Inject
    public GnupgSignatureArtifactGeneratorFactory(ArtifactPredicateFactory artifactPredicateFactory, Map<String, Loader> map) {
        this.artifactPredicateFactory = artifactPredicateFactory;
        this.loaders = map;
    }

    @Override // org.eclipse.aether.spi.artifact.generator.ArtifactGeneratorFactory
    public ArtifactGenerator newInstance(RepositorySystemSession repositorySystemSession, InstallRequest installRequest) {
        return null;
    }

    @Override // org.eclipse.aether.spi.artifact.generator.ArtifactGeneratorFactory
    public ArtifactGenerator newInstance(RepositorySystemSession repositorySystemSession, DeployRequest deployRequest) {
        if (!ConfigUtils.getBoolean(repositorySystemSession, false, GnupgConfigurationKeys.CONFIG_PROP_ENABLED)) {
            return null;
        }
        try {
            Collection<Artifact> artifacts = deployRequest.getArtifacts();
            ArtifactPredicate newInstance = this.artifactPredicateFactory.newInstance(repositorySystemSession);
            Objects.requireNonNull(newInstance);
            return doCreateArtifactGenerator(repositorySystemSession, artifacts, newInstance::hasChecksums);
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    @Override // org.eclipse.aether.spi.artifact.generator.ArtifactGeneratorFactory
    public float getPriority() {
        return 100.0f;
    }

    /* JADX WARN: Type inference failed for: r0v65, types: [java.time.LocalDateTime] */
    private GnupgSignatureArtifactGenerator doCreateArtifactGenerator(RepositorySystemSession repositorySystemSession, Collection<Artifact> collection, Predicate<Artifact> predicate) throws IOException {
        byte[] bArr = null;
        Iterator<Loader> it = this.loaders.values().iterator();
        while (it.hasNext()) {
            bArr = it.next().loadKeyRingMaterial(repositorySystemSession);
            if (bArr != null) {
                break;
            }
        }
        if (bArr == null) {
            throw new IllegalArgumentException("Key ring material not found");
        }
        byte[] bArr2 = null;
        Iterator<Loader> it2 = this.loaders.values().iterator();
        while (it2.hasNext()) {
            bArr2 = it2.next().loadKeyFingerprint(repositorySystemSession);
            if (bArr2 == null) {
            }
        }
        try {
            PGPSecretKey pGPSecretKey = null;
            Iterator<PGPSecretKeyRing> it3 = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(new ByteArrayInputStream(bArr)), new BcKeyFingerprintCalculator()).iterator();
            while (it3.hasNext()) {
                Iterator<PGPSecretKey> it4 = it3.next().iterator();
                while (it4.hasNext()) {
                    PGPSecretKey next = it4.next();
                    if (!next.isPrivateKeyEmpty() && (bArr2 == null || Arrays.equals(bArr2, next.getFingerprint()))) {
                        pGPSecretKey = next;
                        break;
                    }
                }
            }
            if (pGPSecretKey == null) {
                throw new IllegalArgumentException("Secret key not found");
            }
            if (pGPSecretKey.isPrivateKeyEmpty()) {
                throw new IllegalArgumentException("Private key not found in Secret key");
            }
            long validSeconds = pGPSecretKey.getPublicKey().getValidSeconds();
            if (validSeconds > 0) {
                LocalDateTime plusSeconds = pGPSecretKey.getPublicKey().getCreationTime().toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime().plusSeconds(validSeconds);
                if (LocalDateTime.now().isAfter(plusSeconds)) {
                    throw new IllegalArgumentException("Secret key expired at: " + String.valueOf(plusSeconds));
                }
            }
            char[] cArr = null;
            if (pGPSecretKey.getKeyEncryptionAlgorithm() != 0) {
                Iterator<Loader> it5 = this.loaders.values().iterator();
                while (it5.hasNext()) {
                    cArr = it5.next().loadPassword(repositorySystemSession, pGPSecretKey.getFingerprint());
                    if (cArr != null) {
                        break;
                    }
                }
                if (cArr == null) {
                    throw new IllegalArgumentException("Secret key is encrypted but no key password provided");
                }
            }
            PGPPrivateKey extractPrivateKey = pGPSecretKey.extractPrivateKey(new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(cArr));
            if (cArr != null) {
                Arrays.fill(cArr, ' ');
            }
            PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator = new PGPSignatureSubpacketGenerator();
            pGPSignatureSubpacketGenerator.setIssuerFingerprint(false, pGPSecretKey);
            return new GnupgSignatureArtifactGenerator(collection, predicate, pGPSecretKey, extractPrivateKey, pGPSignatureSubpacketGenerator.generate(), getKeyInfo(pGPSecretKey));
        } catch (IOException | PGPException e) {
            throw new IllegalStateException(e);
        }
    }

    private static String getKeyInfo(PGPSecretKey pGPSecretKey) {
        Iterator<String> userIDs = pGPSecretKey.getPublicKey().getUserIDs();
        return userIDs.hasNext() ? userIDs.next() : Hex.toHexString(pGPSecretKey.getPublicKey().getFingerprint());
    }
}
