package org.mule.module.pgp;

import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchProviderException;
import java.util.Iterator;
import org.apache.commons.lang.Validate;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;
import org.mule.module.pgp.util.BouncyCastleUtil;

/* loaded from: input_file:org/mule/module/pgp/DecryptStreamTransformer.class */
public class DecryptStreamTransformer implements StreamTransformer {
    public static final String INVALID_KEY_ERROR_MESSAGE = "User selected private key ID %s (through secretAliasId) but message was encrypted for key ID %s";
    public static final String INVALID_PGP_MESSAGE_ERROR = "Invalid PGP message";
    public static final String INVALID_PASS_PHRASE_ERROR_MESSAGE = "PassPhrase '%s' is invalid for the private key with id '%s'";
    private static final String CHECKSUM_MESSAGE = "checksum mismatch";
    private PGPSecretKeyRingCollection secretKeys;
    private PGPSecretKey secretKey;
    private String password;
    private final boolean configuredSecretKey;
    private InputStream compressedStream;
    private InputStream clearStream;

    public DecryptStreamTransformer(PGPSecretKey pGPSecretKey, PGPSecretKeyRingCollection pGPSecretKeyRingCollection, String str) throws IOException {
        Validate.notNull(str, "The password should not be null");
        this.configuredSecretKey = pGPSecretKey != null;
        this.secretKey = pGPSecretKey;
        this.secretKeys = pGPSecretKeyRingCollection;
        this.password = str;
    }

    @Override // org.mule.module.pgp.StreamTransformer
    public InputStream process(InputStream inputStream) throws Exception {
        PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(PGPUtil.getDecoderStream(inputStream), BouncyCastleUtil.KEY_FINGERPRINT_CALCULATOR);
        Object nextObject = pGPObjectFactory.nextObject();
        if (nextObject == null) {
            throw new PGPException(INVALID_PGP_MESSAGE_ERROR);
        }
        Iterator encryptedDataObjects = (nextObject instanceof PGPEncryptedDataList ? (PGPEncryptedDataList) nextObject : (PGPEncryptedDataList) pGPObjectFactory.nextObject()).getEncryptedDataObjects();
        PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData = null;
        PGPPrivateKey pGPPrivateKey = null;
        while (pGPPrivateKey == null && encryptedDataObjects.hasNext()) {
            pGPPublicKeyEncryptedData = (PGPPublicKeyEncryptedData) encryptedDataObjects.next();
            pGPPrivateKey = getPrivateKey(pGPPublicKeyEncryptedData.getKeyID(), this.password);
            if (pGPPrivateKey == null) {
                throw new PGPException("Failed to find private key with ID " + pGPPublicKeyEncryptedData.getKeyID());
            }
        }
        this.clearStream = pGPPublicKeyEncryptedData.getDataStream(new BcPublicKeyDataDecryptorFactory(pGPPrivateKey));
        PGPObjectFactory pGPObjectFactory2 = new PGPObjectFactory(this.clearStream, BouncyCastleUtil.KEY_FINGERPRINT_CALCULATOR);
        Object nextObject2 = pGPObjectFactory2.nextObject();
        while (true) {
            Object obj = nextObject2;
            if (obj instanceof PGPLiteralData) {
                return ((PGPLiteralData) obj).getInputStream();
            }
            if (obj instanceof PGPOnePassSignatureList) {
                nextObject2 = pGPObjectFactory2.nextObject();
            } else {
                if (!(obj instanceof PGPCompressedData)) {
                    throw new PGPException("input is not PGPLiteralData - type unknown.");
                }
                this.compressedStream = new BufferedInputStream(((PGPCompressedData) obj).getDataStream());
                pGPObjectFactory2 = new PGPObjectFactory(this.compressedStream, BouncyCastleUtil.KEY_FINGERPRINT_CALCULATOR);
                nextObject2 = pGPObjectFactory2.nextObject();
            }
        }
    }

    private PGPPrivateKey getPrivateKey(long j, String str) throws PGPException, NoSuchProviderException {
        PGPSecretKey secretKey = this.configuredSecretKey ? this.secretKey : this.secretKeys.getSecretKey(j);
        if (this.configuredSecretKey && secretKey.getKeyID() != j) {
            throw new PGPException(createInvalidKeyErrorMessage(Long.valueOf(secretKey.getKeyID()), Long.valueOf(j)));
        }
        try {
            return secretKey.extractPrivateKey(BouncyCastleUtil.PBE_SECRET_KEY_DECRYPTOR_BUILDER.build(str.toCharArray()));
        } catch (PGPException e) {
            throw wrapWrongPassPhraseException(e, str, Long.valueOf(secretKey.getKeyID()));
        }
    }

    private String createInvalidKeyErrorMessage(Long l, Long l2) {
        return String.format(INVALID_KEY_ERROR_MESSAGE, Long.toHexString(l.longValue()).toUpperCase(), Long.toHexString(l2.longValue()).toUpperCase());
    }

    private PGPException wrapWrongPassPhraseException(PGPException pGPException, String str, Long l) {
        return pGPException.getMessage().contains(CHECKSUM_MESSAGE) ? new PGPException(createInvalidPassPhraseErrorMessage(str, l.longValue())) : pGPException;
    }

    private String createInvalidPassPhraseErrorMessage(String str, long j) {
        return String.format(INVALID_PASS_PHRASE_ERROR_MESSAGE, str, Long.toHexString(j).toUpperCase());
    }
}
