package name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.callbacks;

import java.io.IOException;
import java.time.Instant;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import javax.annotation.Nullable;
import name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.callbacks.KeySelectionStrategy;
import name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.generation.KeyFlag;
import name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.keyrings.KeyringConfig;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:name/neuhalfen/projects/crypto/bouncycastle/openpgp/keys/callbacks/Rfc4880KeySelectionStrategy.class */
public class Rfc4880KeySelectionStrategy implements KeySelectionStrategy {
    private static final Logger LOGGER = LoggerFactory.getLogger(Rfc4880KeySelectionStrategy.class);
    private final Instant dateOfTimestampVerification;
    private final boolean ignoreCase;
    private final boolean matchPartial;

    public Rfc4880KeySelectionStrategy(Instant instant) {
        this(instant, true, true);
    }

    public Rfc4880KeySelectionStrategy(Instant instant, boolean z, boolean z2) {
        Objects.requireNonNull(instant, "dateOfTimestampVerification must not be null");
        this.dateOfTimestampVerification = instant;
        this.matchPartial = z;
        this.ignoreCase = z2;
    }

    protected Instant getDateOfTimestampVerification() {
        return this.dateOfTimestampVerification;
    }

    protected Set<PGPPublicKeyRing> publicKeyRingsForUid(KeySelectionStrategy.PURPOSE purpose, String str, KeyringConfig keyringConfig) throws IOException, PGPException {
        HashSet hashSet = new HashSet();
        Iterator keyRings = keyringConfig.getPublicKeyRings().getKeyRings(str, this.matchPartial, this.ignoreCase);
        while (keyRings.hasNext()) {
            hashSet.add((PGPPublicKeyRing) keyRings.next());
        }
        return hashSet;
    }

    @Override // name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.callbacks.KeySelectionStrategy
    public Set<PGPPublicKey> validPublicKeysForVerifyingSignatures(String str, KeyringConfig keyringConfig) throws PGPException, IOException {
        Objects.requireNonNull(str, "uid must not be null");
        Objects.requireNonNull(keyringConfig, "keyringConfig must not be null");
        return (Set) publicKeyRingsForUid(KeySelectionStrategy.PURPOSE.FOR_SIGNING, str, keyringConfig).stream().flatMap(pGPPublicKeyRing -> {
            return StreamSupport.stream(pGPPublicKeyRing.spliterator(), false);
        }).filter(this::isVerificationKey).filter(this::isNotRevoked).filter(this::isNotExpired).collect(Collectors.toSet());
    }

    @Override // name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.callbacks.KeySelectionStrategy
    @Nullable
    public PGPPublicKey selectPublicKey(KeySelectionStrategy.PURPOSE purpose, String str, KeyringConfig keyringConfig) throws PGPException, IOException {
        Objects.requireNonNull(purpose, "purpose must not be null");
        Objects.requireNonNull(str, "uid must not be null");
        Objects.requireNonNull(keyringConfig, "keyringConfig must not be null");
        Set<PGPPublicKeyRing> publicKeyRingsForUid = publicKeyRingsForUid(purpose, str, keyringConfig);
        switch (purpose) {
            case FOR_SIGNING:
                return (PGPPublicKey) publicKeyRingsForUid.stream().flatMap(pGPPublicKeyRing -> {
                    return StreamSupport.stream(pGPPublicKeyRing.spliterator(), false);
                }).filter(this::isVerificationKey).filter(this::isNotRevoked).filter(this::isNotExpired).filter(hasPrivateKey(keyringConfig.getSecretKeyRings())).reduce((pGPPublicKey, pGPPublicKey2) -> {
                    return pGPPublicKey2;
                }).orElse(null);
            case FOR_ENCRYPTION:
                return (PGPPublicKey) publicKeyRingsForUid.stream().flatMap(pGPPublicKeyRing2 -> {
                    return StreamSupport.stream(pGPPublicKeyRing2.spliterator(), false);
                }).filter(this::isEncryptionKey).filter(this::isNotRevoked).filter(this::isNotExpired).reduce((pGPPublicKey3, pGPPublicKey4) -> {
                    return pGPPublicKey4;
                }).orElse(null);
            default:
                return null;
        }
    }

    protected Predicate<PGPPublicKey> hasPrivateKey(PGPSecretKeyRingCollection pGPSecretKeyRingCollection) {
        return pGPPublicKey -> {
            Objects.requireNonNull(pGPPublicKey, "pubKey must not be null");
            try {
                boolean contains = pGPSecretKeyRingCollection.contains(pGPPublicKey.getKeyID());
                if (!contains) {
                    LOGGER.trace("Skipping pubkey {} (no private key found)", Long.toHexString(pGPPublicKey.getKeyID()));
                }
                return contains;
            } catch (PGPException e) {
                LOGGER.debug("Failed to test for private key for pubkey " + pGPPublicKey.getKeyID());
                return false;
            }
        };
    }

    protected boolean isNotMasterKey(PGPPublicKey pGPPublicKey) {
        return !pGPPublicKey.isMasterKey();
    }

    protected boolean isNotExpired(PGPPublicKey pGPPublicKey) {
        return !isExpired(pGPPublicKey);
    }

    protected boolean isExpired(PGPPublicKey pGPPublicKey) {
        boolean z;
        Objects.requireNonNull(pGPPublicKey, "pubKey must not be null");
        if (pGPPublicKey.getValidSeconds() > 0) {
            Instant plusSeconds = pGPPublicKey.getCreationTime().toInstant().plusSeconds(pGPPublicKey.getValidSeconds());
            z = plusSeconds.isBefore(getDateOfTimestampVerification());
            if (z) {
                LOGGER.trace("Skipping pubkey {} (expired since {})", Long.toHexString(pGPPublicKey.getKeyID()), plusSeconds.toString());
            }
        } else {
            z = false;
        }
        return z;
    }

    protected boolean isEncryptionKey(PGPPublicKey pGPPublicKey) {
        Objects.requireNonNull(pGPPublicKey, "publicKey must not be null");
        Set<KeyFlag> extractPublicKeyFlags = KeyFlag.extractPublicKeyFlags(pGPPublicKey);
        return extractPublicKeyFlags.contains(KeyFlag.ENCRYPT_COMMS) || extractPublicKeyFlags.contains(KeyFlag.ENCRYPT_STORAGE);
    }

    protected boolean isVerificationKey(PGPPublicKey pGPPublicKey) {
        boolean contains = KeyFlag.extractPublicKeyFlags(pGPPublicKey).contains(KeyFlag.SIGN_DATA);
        if (!contains) {
            LOGGER.trace("Skipping pubkey {} (no signing key)", Long.toHexString(pGPPublicKey.getKeyID()));
        }
        return contains;
    }

    protected boolean isRevoked(PGPPublicKey pGPPublicKey) {
        Objects.requireNonNull(pGPPublicKey, "pubKey must not be null");
        boolean hasRevocation = pGPPublicKey.hasRevocation();
        if (hasRevocation) {
            LOGGER.trace("Skipping pubkey {} (revoked)", Long.toHexString(pGPPublicKey.getKeyID()));
        }
        return hasRevocation;
    }

    protected boolean isNotRevoked(PGPPublicKey pGPPublicKey) {
        return !isRevoked(pGPPublicKey);
    }
}
