package com.mulesoft.modules.cryptography.internal.pgp;

import com.mulesoft.modules.cryptography.api.pgp.config.PgpKeyInfo;
import com.mulesoft.modules.cryptography.api.pgp.config.PgpSignatureAlgorithm;
import com.mulesoft.modules.cryptography.internal.FipsUtils;
import com.mulesoft.modules.cryptography.internal.WrappedErrorPipedInputStream;
import com.mulesoft.modules.cryptography.internal.errors.CryptoErrors;
import com.mulesoft.modules.cryptography.internal.pgp.config.PgpConfiguration;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PipedOutputStream;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.shaded.bcpg.ArmoredOutputStream;
import org.bouncycastle.shaded.bcpg.BCPGOutputStream;
import org.bouncycastle.shaded.jce.provider.BouncyCastleProvider;
import org.bouncycastle.shaded.openpgp.PGPCompressedData;
import org.bouncycastle.shaded.openpgp.PGPException;
import org.bouncycastle.shaded.openpgp.PGPObjectFactory;
import org.bouncycastle.shaded.openpgp.PGPPrivateKey;
import org.bouncycastle.shaded.openpgp.PGPPublicKey;
import org.bouncycastle.shaded.openpgp.PGPSignature;
import org.bouncycastle.shaded.openpgp.PGPSignatureGenerator;
import org.bouncycastle.shaded.openpgp.PGPSignatureList;
import org.bouncycastle.shaded.openpgp.PGPUtil;
import org.bouncycastle.shaded.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.shaded.openpgp.operator.KeyFingerPrintCalculator;
import org.bouncycastle.shaded.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import org.bouncycastle.shaded.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import org.mule.runtime.api.i18n.I18nMessageFactory;
import org.mule.runtime.api.scheduler.Scheduler;
import org.mule.runtime.extension.api.exception.ModuleException;

/* loaded from: input_file:com/mulesoft/modules/cryptography/internal/pgp/PgpSigner.class */
public class PgpSigner {
    private PgpConfiguration config;
    private static final String PGP_SIGNATURE_ERROR_MESSAGE = "Could not sign with PGP";
    private static final int BUFFER_SIZE = 65536;

    public PgpSigner(PgpConfiguration pgpConfiguration) {
        this.config = pgpConfiguration;
    }

    public InputStream sign(InputStream inputStream, PgpKeyInfo pgpKeyInfo, PgpSignatureAlgorithm pgpSignatureAlgorithm, Scheduler scheduler, Boolean bool) {
        try {
            if (pgpKeyInfo.isSymmetric()) {
                throw new ModuleException(I18nMessageFactory.createStaticMessage("PGP signing is only possible with asymmetric keys"), CryptoErrors.KEY);
            }
            WrappedErrorPipedInputStream wrappedErrorPipedInputStream = new WrappedErrorPipedInputStream();
            BCPGOutputStream bCPGOutputStream = new BCPGOutputStream(new PipedOutputStream(wrappedErrorPipedInputStream));
            ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(bCPGOutputStream);
            scheduler.submit(() -> {
                FipsUtils.executeWithinSecurityProvider(() -> {
                    return asyncSign(inputStream, pgpKeyInfo, pgpSignatureAlgorithm, bool, armoredOutputStream, bCPGOutputStream, wrappedErrorPipedInputStream);
                });
            });
            return wrappedErrorPipedInputStream;
        } catch (ModuleException e) {
            throw e;
        } catch (Throwable th) {
            throw new ModuleException(I18nMessageFactory.createStaticMessage(PGP_SIGNATURE_ERROR_MESSAGE), CryptoErrors.SIGNATURE, th);
        }
    }

    private InputStream asyncSign(InputStream inputStream, PgpKeyInfo pgpKeyInfo, PgpSignatureAlgorithm pgpSignatureAlgorithm, Boolean bool, OutputStream outputStream, BCPGOutputStream bCPGOutputStream, WrappedErrorPipedInputStream wrappedErrorPipedInputStream) {
        try {
            try {
                try {
                    PGPPrivateKey privateKey = pgpKeyInfo.getPrivateKey(this.config.getKeystore());
                    JcaPGPContentSignerBuilder jcaPGPContentSignerBuilder = new JcaPGPContentSignerBuilder(privateKey.getPublicKeyPacket().getAlgorithm(), pgpSignatureAlgorithm.getNumericId());
                    if (!FipsUtils.isFipsEnabled()) {
                        jcaPGPContentSignerBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
                    }
                    PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(jcaPGPContentSignerBuilder);
                    pGPSignatureGenerator.init(0, privateKey);
                    byte[] bArr = new byte[BUFFER_SIZE];
                    while (true) {
                        int read = inputStream.read(bArr);
                        if (read < 0) {
                            break;
                        }
                        pGPSignatureGenerator.update(bArr, 0, read);
                    }
                    pGPSignatureGenerator.generate().encode(bool.booleanValue() ? outputStream : bCPGOutputStream);
                    IOUtils.closeQuietly(outputStream);
                    IOUtils.closeQuietly(bCPGOutputStream);
                } catch (ModuleException e) {
                    throw e;
                }
            } catch (Exception e2) {
                wrappedErrorPipedInputStream.fail(new ModuleException(I18nMessageFactory.createStaticMessage(PGP_SIGNATURE_ERROR_MESSAGE), CryptoErrors.SIGNATURE, e2));
                IOUtils.closeQuietly(outputStream);
                IOUtils.closeQuietly(bCPGOutputStream);
            }
            return wrappedErrorPipedInputStream;
        } catch (Throwable th) {
            IOUtils.closeQuietly(outputStream);
            IOUtils.closeQuietly(bCPGOutputStream);
            throw th;
        }
    }

    public boolean validate(InputStream inputStream, InputStream inputStream2) {
        try {
            InputStream decoderStream = PGPUtil.getDecoderStream(inputStream2);
            Object nextObject = new JcaPGPObjectFactory(decoderStream).nextObject();
            PGPSignature pGPSignature = (nextObject instanceof PGPCompressedData ? (PGPSignatureList) new PGPObjectFactory(((PGPCompressedData) nextObject).getDataStream(), (KeyFingerPrintCalculator) null).nextObject() : (PGPSignatureList) nextObject).get(0);
            PGPPublicKey publicKey = this.config.getKeystore().getPublicKey(Long.valueOf(pGPSignature.getKeyID()));
            FipsUtils.executeWithinSecurityProvider(() -> {
                try {
                    return loadSignatureToValidate(pGPSignature, publicKey, inputStream);
                } catch (Exception e) {
                    throw new ModuleException(I18nMessageFactory.createStaticMessage("PGP signature verification failed"), CryptoErrors.VALIDATION, e);
                } catch (ModuleException e2) {
                    throw e2;
                }
            });
            decoderStream.close();
            return pGPSignature.verify();
        } catch (Exception e) {
            throw new ModuleException(I18nMessageFactory.createStaticMessage("PGP signature verification failed"), CryptoErrors.VALIDATION, e);
        } catch (ModuleException e2) {
            throw e2;
        }
    }

    private PGPSignature loadSignatureToValidate(PGPSignature pGPSignature, PGPPublicKey pGPPublicKey, InputStream inputStream) throws PGPException, IOException {
        JcaPGPContentVerifierBuilderProvider jcaPGPContentVerifierBuilderProvider = new JcaPGPContentVerifierBuilderProvider();
        if (!FipsUtils.isFipsEnabled()) {
            jcaPGPContentVerifierBuilderProvider.setProvider(BouncyCastleProvider.PROVIDER_NAME);
        }
        pGPSignature.init(jcaPGPContentVerifierBuilderProvider, pGPPublicKey);
        byte[] bArr = new byte[BUFFER_SIZE];
        while (true) {
            int read = inputStream.read(bArr);
            if (read < 0) {
                return pGPSignature;
            }
            pGPSignature.update(bArr, 0, read);
        }
    }
}
