package com.mulesoft.modules.cryptography.internal.pgp;

import com.mulesoft.modules.cryptography.internal.errors.CryptoErrors;
import com.mulesoft.modules.cryptography.internal.pgp.config.PgpAsymmetricKeyIdentifier;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.mule.runtime.api.exception.MuleRuntimeException;
import org.mule.runtime.api.i18n.I18nMessageFactory;
import org.mule.runtime.api.util.Preconditions;
import org.mule.runtime.core.api.util.IOUtils;
import org.mule.runtime.extension.api.exception.ModuleException;

/* loaded from: input_file:com/mulesoft/modules/cryptography/internal/pgp/PgpKeystore.class */
public class PgpKeystore {
    private Map<Long, PGPPublicKey> publicKeyMap = new HashMap();
    private Map<Long, PGPSecretKey> privateKeyMap = new HashMap();
    private Map<String, Long> principalMap = new HashMap();
    private Map<Long, String> passPhrasesMap = new HashMap();

    public PgpKeystore(String str, String str2) {
        if (str != null) {
            readPublicKeys(str);
        }
        if (str2 != null) {
            readPrivateKeys(str2);
        }
    }

    public void registerPassphrase(Long l, String str) {
        getPrivateKey(l);
        this.passPhrasesMap.put(l, str);
    }

    public Long getFingerprintFromPrincipal(String str) {
        return this.principalMap.get(str);
    }

    public Long getFingerprintFromIdentifier(PgpAsymmetricKeyIdentifier pgpAsymmetricKeyIdentifier) {
        return pgpAsymmetricKeyIdentifier.getFingerprint(this);
    }

    public PGPPublicKey getPublicKey(Long l) {
        PGPPublicKey pGPPublicKey = this.publicKeyMap.get(l);
        if (pGPPublicKey == null) {
            throw new ModuleException(I18nMessageFactory.createStaticMessage(String.format("Public key with fingerprint '%s' was not found", PgpEncrypter.formatKeyFingerprint(l))), CryptoErrors.MISSING_KEY);
        }
        return pGPPublicKey;
    }

    public PGPSecretKey getPrivateKey(Long l) {
        PGPSecretKey pGPSecretKey = this.privateKeyMap.get(l);
        if (pGPSecretKey == null) {
            throw new ModuleException(I18nMessageFactory.createStaticMessage(String.format("Private key with fingerprint '%s' was not found", PgpEncrypter.formatKeyFingerprint(l))), CryptoErrors.MISSING_KEY);
        }
        return pGPSecretKey;
    }

    public PGPPrivateKey decryptPrivateKey(Long l, Optional<String> optional) {
        PGPSecretKey privateKey = getPrivateKey(l);
        String orElseGet = optional.orElseGet(() -> {
            return this.passPhrasesMap.get(l);
        });
        if (orElseGet == null) {
            throw new ModuleException(I18nMessageFactory.createStaticMessage("Passphrase not available for key " + PgpEncrypter.formatKeyFingerprint(l)), CryptoErrors.PASSPHRASE);
        }
        try {
            return privateKey.extractPrivateKey(PgpEncrypter.PBE_SECRET_KEY_DECRYPTOR_BUILDER.build(orElseGet.toCharArray()));
        } catch (PGPException e) {
            throw new ModuleException(I18nMessageFactory.createStaticMessage("Passphrase is not valid for key " + PgpEncrypter.formatKeyFingerprint(l)), CryptoErrors.PASSPHRASE, e);
        }
    }

    public PGPPrivateKey decryptPrivateKey(Long l) {
        return decryptPrivateKey(l, Optional.empty());
    }

    private void readPublicKeys(String str) {
        try {
            InputStream resourceAsStream = IOUtils.getResourceAsStream(str, getClass());
            Throwable th = null;
            try {
                try {
                    Preconditions.checkArgument(resourceAsStream != null, String.format("Public PGP keyring '%s' does not exist", str));
                    PGPPublicKeyRingCollection pGPPublicKeyRingCollection = new PGPPublicKeyRingCollection(resourceAsStream, PgpEncrypter.KEY_FINGERPRINT_CALCULATOR);
                    resourceAsStream.close();
                    pGPPublicKeyRingCollection.getKeyRings().forEachRemaining(pGPPublicKeyRing -> {
                        pGPPublicKeyRing.getPublicKeys().forEachRemaining(pGPPublicKey -> {
                            this.publicKeyMap.put(Long.valueOf(pGPPublicKey.getKeyID()), pGPPublicKey);
                            pGPPublicKey.getUserIDs().forEachRemaining(str2 -> {
                                if (this.principalMap.containsKey(str2) && pGPPublicKey.getKeyID() != this.principalMap.get(str2).longValue()) {
                                    throw new IllegalArgumentException(String.format("Principal '%s' appears more than once in different keys (%s and %s)", str2, Long.valueOf(pGPPublicKey.getKeyID()), this.principalMap.get(str2)));
                                }
                                this.principalMap.put(str2, Long.valueOf(pGPPublicKey.getKeyID()));
                            });
                        });
                    });
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException | PGPException e) {
            throw new MuleRuntimeException(e);
        }
    }

    private void readPrivateKeys(String str) {
        try {
            InputStream resourceAsStream = IOUtils.getResourceAsStream(str, getClass());
            Throwable th = null;
            try {
                try {
                    Preconditions.checkArgument(resourceAsStream != null, String.format("Private PGP keyring '%s' does not exist", str));
                    new PGPSecretKeyRingCollection(resourceAsStream, PgpEncrypter.KEY_FINGERPRINT_CALCULATOR).getKeyRings().forEachRemaining(pGPSecretKeyRing -> {
                        pGPSecretKeyRing.getSecretKeys().forEachRemaining(pGPSecretKey -> {
                            this.privateKeyMap.put(Long.valueOf(pGPSecretKey.getKeyID()), pGPSecretKey);
                            pGPSecretKey.getUserIDs().forEachRemaining(str2 -> {
                                if (this.principalMap.containsKey(str2) && pGPSecretKey.getKeyID() != this.principalMap.get(str2).longValue()) {
                                    throw new IllegalArgumentException(String.format("Principal '%s' appears more than once in different keys (%s and %s)", str2, Long.valueOf(pGPSecretKey.getKeyID()), this.principalMap.get(str2)));
                                }
                                this.principalMap.put(str2, Long.valueOf(pGPSecretKey.getKeyID()));
                            });
                        });
                    });
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException | PGPException e) {
            throw new MuleRuntimeException(e);
        }
    }
}
