package org.mule.module.pgp;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Provider;
import java.util.Date;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.Validate;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
import org.mule.module.pgp.config.PGPOutputMode;

/* loaded from: input_file:org/mule/module/pgp/EncryptStreamTransformer.class */
public class EncryptStreamTransformer implements StreamTransformer {
    private PGPPublicKey publicKey;
    private Provider provider;
    private final int algorithm;
    private OutputStream pgpOutputStream;
    private OutputStream compressedEncryptedOutputStream;
    private OutputStream encryptedOutputStream;
    private ByteArrayOutputStream outputStream;
    private PGPOutputMode pgpOutputMode;
    private OutputStream result;
    private String streamName;
    private boolean signatureEnabled;
    private PGPPrivateKey signerPrivateKey;
    private String signerId;
    private PGPSignatureGenerator signatureGenerator;

    public EncryptStreamTransformer(PGPPublicKey pGPPublicKey, Provider provider, int i, PGPOutputMode pGPOutputMode, String str) throws IOException {
        this(pGPPublicKey, provider, i, pGPOutputMode);
        if (str != null) {
            this.streamName = str;
        }
    }

    public EncryptStreamTransformer(PGPPublicKey pGPPublicKey, Provider provider, int i, PGPOutputMode pGPOutputMode) throws IOException {
        this.streamName = "stream";
        this.signatureEnabled = false;
        this.signerPrivateKey = null;
        this.signatureGenerator = null;
        Validate.notNull(pGPPublicKey, "The publicKey should not be null");
        this.publicKey = pGPPublicKey;
        this.provider = provider;
        this.algorithm = i;
        this.pgpOutputMode = pGPOutputMode;
        this.outputStream = new ByteArrayOutputStream();
    }

    public EncryptStreamTransformer signContentsWith(PGPPrivateKey pGPPrivateKey, String str) {
        this.signerPrivateKey = pGPPrivateKey;
        this.signerId = str;
        this.signatureEnabled = true;
        return this;
    }

    @Override // org.mule.module.pgp.StreamTransformer
    public InputStream process(InputStream inputStream) throws Exception {
        if (this.pgpOutputMode == PGPOutputMode.ARMOR) {
            this.result = new ArmoredOutputStream(this.outputStream);
        } else {
            this.result = this.outputStream;
        }
        BcPGPDataEncryptorBuilder bcPGPDataEncryptorBuilder = new BcPGPDataEncryptorBuilder(this.algorithm);
        if (this.signatureEnabled) {
            bcPGPDataEncryptorBuilder.setWithIntegrityPacket(true);
        }
        PGPEncryptedDataGenerator pGPEncryptedDataGenerator = new PGPEncryptedDataGenerator(bcPGPDataEncryptorBuilder, false);
        pGPEncryptedDataGenerator.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(this.publicKey));
        this.encryptedOutputStream = pGPEncryptedDataGenerator.open(this.result, new byte[65536]);
        this.compressedEncryptedOutputStream = new PGPCompressedDataGenerator(1).open(this.encryptedOutputStream, new byte[65536]);
        if (this.signatureEnabled) {
            this.signatureGenerator = new PGPSignatureGenerator(new BcPGPContentSignerBuilder(this.signerPrivateKey.getPublicKeyPacket().getAlgorithm(), 2));
            this.signatureGenerator.init(0, this.signerPrivateKey);
            PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator = new PGPSignatureSubpacketGenerator();
            pGPSignatureSubpacketGenerator.setSignerUserID(false, this.signerId);
            this.signatureGenerator.setHashedSubpackets(pGPSignatureSubpacketGenerator.generate());
            this.signatureGenerator.generateOnePassVersion(false).encode(this.compressedEncryptedOutputStream);
        }
        this.pgpOutputStream = new PGPLiteralDataGenerator().open(this.compressedEncryptedOutputStream, 'b', this.streamName, new Date(), new byte[65536]);
        write(inputStream);
        return new ByteArrayInputStream(this.outputStream.toByteArray());
    }

    private void write(InputStream inputStream) throws IOException, PGPException {
        try {
            if (this.signatureEnabled) {
                byte[] bArr = new byte[65536];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read <= 0) {
                        break;
                    }
                    this.pgpOutputStream.write(bArr, 0, read);
                    this.signatureGenerator.update(bArr, 0, read);
                }
            } else {
                IOUtils.copy(inputStream, this.pgpOutputStream);
            }
        } finally {
            this.pgpOutputStream.close();
            if (this.signatureEnabled) {
                this.signatureGenerator.generate().encode(this.compressedEncryptedOutputStream);
            }
            this.compressedEncryptedOutputStream.close();
            this.encryptedOutputStream.close();
            this.result.close();
            inputStream.close();
            this.outputStream.close();
        }
    }
}
