package org.pgpainless.signature.consumer;

import androidx.activity.ComponentActivity$2$$ExternalSyntheticOutline0;
import androidx.activity.ComponentActivity$2$$ExternalSyntheticOutline1;
import androidx.fragment.R$id;
import j$.util.concurrent.ConcurrentHashMap;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import okhttp3.ConnectionPool;
import org.bouncycastle.bcpg.sig.IssuerKeyID;
import org.bouncycastle.bcpg.sig.NotationData;
import org.bouncycastle.bcpg.sig.SignatureCreationTime;
import org.bouncycastle.bcpg.sig.SignatureExpirationTime;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.algorithm.SignatureSubpacket;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.key.OpenPgpFingerprint;
import org.pgpainless.policy.Policy;
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
import org.pgpainless.util.BCUtil;

/* loaded from: classes.dex */
public abstract class SignatureValidator {

    /* renamed from: org.pgpainless.signature.consumer.SignatureValidator$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public class AnonymousClass1 extends SignatureValidator {
        public final /* synthetic */ PGPPublicKey val$signingKey;

        public AnonymousClass1(PGPPublicKey pGPPublicKey) {
            this.val$signingKey = pGPPublicKey;
        }

        @Override // org.pgpainless.signature.consumer.SignatureValidator
        public void verify(PGPSignature pGPSignature) throws SignatureValidationException {
            OpenPgpFingerprint of = OpenPgpFingerprint.of(this.val$signingKey);
            IssuerKeyID issuerKeyID = (IssuerKeyID) SignatureSubpacketsUtil.hashedOrUnhashed(pGPSignature, SignatureSubpacket.issuerKeyId);
            Long valueOf = issuerKeyID == null ? null : Long.valueOf(issuerKeyID.getKeyID());
            if (valueOf != null && valueOf.longValue() != this.val$signingKey.keyID) {
                throw new SignatureValidationException("Signature was not created by " + ((Object) of) + " (signature issuer: " + Long.toHexString(valueOf.longValue()) + ")");
            }
            OpenPgpFingerprint issuerFingerprintAsOpenPgpFingerprint = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpFingerprint(pGPSignature);
            if (issuerFingerprintAsOpenPgpFingerprint == null || issuerFingerprintAsOpenPgpFingerprint.equals(of)) {
                return;
            }
            throw new SignatureValidationException("Signature was not created by " + ((Object) of) + " (signature fingerprint: " + ((Object) issuerFingerprintAsOpenPgpFingerprint) + ")");
        }
    }

    /* renamed from: org.pgpainless.signature.consumer.SignatureValidator$3, reason: invalid class name */
    /* loaded from: classes.dex */
    public class AnonymousClass3 extends SignatureValidator {
        public final /* synthetic */ Policy val$policy;
        public final /* synthetic */ PGPPublicKey val$signingKey;

        public AnonymousClass3(PGPPublicKey pGPPublicKey, Policy policy) {
            this.val$signingKey = pGPPublicKey;
            this.val$policy = policy;
        }

        @Override // org.pgpainless.signature.consumer.SignatureValidator
        public void verify(PGPSignature pGPSignature) throws SignatureValidationException {
            final PGPPublicKey pGPPublicKey = this.val$signingKey;
            new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.11
                @Override // org.pgpainless.signature.consumer.SignatureValidator
                public void verify(PGPSignature pGPSignature2) throws SignatureValidationException {
                    if (((SignatureCreationTime) SignatureSubpacketsUtil.getSignatureSubpacket(pGPSignature2.getHashedSubPackets(), SignatureSubpacket.signatureCreationTime)) == null) {
                        throw new SignatureValidationException("Malformed signature. Signature has no signature creation time subpacket in its hashed area.");
                    }
                    Date creationTime = PGPPublicKey.this.getCreationTime();
                    Date creationTime2 = pGPSignature2.getCreationTime();
                    if (creationTime.after(creationTime2)) {
                        throw new SignatureValidationException("Signature predates its signing key (key creation: " + creationTime + ", signature creation: " + creationTime2 + ")");
                    }
                    PGPPublicKey pGPPublicKey2 = PGPPublicKey.this;
                    if (pGPPublicKey2.isMasterKey()) {
                        return;
                    }
                    boolean z = true;
                    SignatureType signatureType = SignatureType.SUBKEY_BINDING;
                    Iterator<PGPSignature> signaturesOfType = pGPPublicKey2.getSignaturesOfType(24);
                    if (!signaturesOfType.hasNext()) {
                        throw new SignatureValidationException("Signing subkey does not have a subkey binding signature.");
                    }
                    while (signaturesOfType.hasNext()) {
                        if (!signaturesOfType.next().getCreationTime().after(pGPSignature2.getCreationTime())) {
                            z = false;
                        }
                    }
                    if (z) {
                        throw new SignatureValidationException("Signature was created before the signing key was bound to the key ring.");
                    }
                }
            }.verify(pGPSignature);
            ConnectionPool connectionPool = this.val$policy.notationRegistry;
            org.bouncycastle.bcpg.SignatureSubpacket[] subpackets = pGPSignature.getHashedSubPackets().getSubpackets(20);
            NotationData[] notationDataArr = new NotationData[subpackets.length];
            for (int i = 0; i < subpackets.length; i++) {
                notationDataArr[i] = (NotationData) subpackets[i];
            }
            for (NotationData notationData : Arrays.asList(notationDataArr)) {
                if (notationData.critical) {
                    if (!((Set) connectionPool.delegate).contains(notationData.getNotationName())) {
                        StringBuilder m = ComponentActivity$2$$ExternalSyntheticOutline1.m("Signature contains unknown critical notation '");
                        m.append(notationData.getNotationName());
                        m.append("' in its hashed area.");
                        throw new SignatureValidationException(m.toString());
                    }
                }
            }
            new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.7
                @Override // org.pgpainless.signature.consumer.SignatureValidator
                public void verify(PGPSignature pGPSignature2) throws SignatureValidationException {
                    PGPSignatureSubpacketVector hashedSubPackets = pGPSignature2.getHashedSubPackets();
                    int i2 = 0;
                    int i3 = 0;
                    while (true) {
                        org.bouncycastle.bcpg.SignatureSubpacket[] signatureSubpacketArr = (org.bouncycastle.bcpg.SignatureSubpacket[]) hashedSubPackets.packets;
                        if (i2 == signatureSubpacketArr.length) {
                            break;
                        }
                        if (signatureSubpacketArr[i2].critical) {
                            i3++;
                        }
                        i2++;
                    }
                    int[] iArr = new int[i3];
                    int i4 = 0;
                    int i5 = 0;
                    while (true) {
                        org.bouncycastle.bcpg.SignatureSubpacket[] signatureSubpacketArr2 = (org.bouncycastle.bcpg.SignatureSubpacket[]) hashedSubPackets.packets;
                        if (i4 == signatureSubpacketArr2.length) {
                            break;
                        }
                        if (signatureSubpacketArr2[i4].critical) {
                            iArr[i5] = signatureSubpacketArr2[i4].type;
                            i5++;
                        }
                        i4++;
                    }
                    for (int i6 = 0; i6 < i3; i6++) {
                        int i7 = iArr[i6];
                        try {
                            if (((SignatureSubpacket) ((ConcurrentHashMap) SignatureSubpacket.MAP).get(Integer.valueOf(i7))) == null) {
                                throw new IllegalArgumentException("No SignatureSubpacket tag found with code " + i7);
                            }
                        } catch (IllegalArgumentException unused) {
                            StringBuilder m2 = ComponentActivity$2$$ExternalSyntheticOutline1.m("Signature contains unknown critical subpacket of type ");
                            m2.append(Long.toHexString(i7));
                            throw new SignatureValidationException(m2.toString());
                        }
                    }
                }
            }.verify(pGPSignature);
            Policy policy = this.val$policy;
            HashAlgorithm fromId = HashAlgorithm.fromId(pGPSignature.sigPck.hashAlgorithm);
            SignatureType valueOf = SignatureType.valueOf(pGPSignature.sigPck.signatureType);
            Policy.HashAlgorithmPolicy hashAlgorithmPolicy = (valueOf == SignatureType.CERTIFICATION_REVOCATION || valueOf == SignatureType.KEY_REVOCATION || valueOf == SignatureType.SUBKEY_REVOCATION) ? policy.revocationSignatureHashAlgorithmPolicy : policy.signatureHashAlgorithmPolicy;
            int i2 = pGPSignature.sigPck.hashAlgorithm;
            Objects.requireNonNull(hashAlgorithmPolicy);
            if (!hashAlgorithmPolicy.acceptableHashAlgorithms.contains(HashAlgorithm.fromId(i2))) {
                throw new SignatureValidationException("Signature uses unacceptable hash algorithm " + fromId);
            }
            Policy policy2 = this.val$policy;
            PGPPublicKey pGPPublicKey2 = this.val$signingKey;
            PublicKeyAlgorithm fromId2 = PublicKeyAlgorithm.fromId(pGPPublicKey2.publicPk.algorithm);
            try {
                int bitStrength = BCUtil.getBitStrength(pGPPublicKey2);
                if (policy2.publicKeyAlgorithmPolicy.isAcceptable(fromId2, bitStrength)) {
                    return;
                }
                throw new SignatureValidationException("Signature was made using unacceptable key. " + fromId2 + " (" + bitStrength + " bits) is not acceptable according to the public key algorithm policy.");
            } catch (NoSuchAlgorithmException e) {
                throw new SignatureValidationException("Cannot determine bit strength of signing key.", e);
            }
        }
    }

    /* renamed from: org.pgpainless.signature.consumer.SignatureValidator$8, reason: invalid class name */
    /* loaded from: classes.dex */
    public class AnonymousClass8 extends SignatureValidator {
        public final /* synthetic */ Date val$validationDate;

        public AnonymousClass8(Date date) {
            this.val$validationDate = date;
        }

        @Override // org.pgpainless.signature.consumer.SignatureValidator
        public void verify(PGPSignature pGPSignature) throws SignatureValidationException {
            Date date = this.val$validationDate;
            Date time = ((SignatureCreationTime) SignatureSubpacketsUtil.getSignatureSubpacket(pGPSignature.getHashedSubPackets(), SignatureSubpacket.signatureCreationTime)).getTime();
            if (!R$id.isHardRevocation(pGPSignature) && time.after(date)) {
                throw new SignatureValidationException("Signature was created at " + time + " and is therefore not yet valid at " + date);
            }
            Date date2 = this.val$validationDate;
            if (R$id.isHardRevocation(pGPSignature)) {
                return;
            }
            SignatureExpirationTime signatureExpirationTime = (SignatureExpirationTime) SignatureSubpacketsUtil.getSignatureSubpacket(pGPSignature.getHashedSubPackets(), SignatureSubpacket.signatureExpirationTime);
            Date datePlusSeconds = signatureExpirationTime == null ? null : R$id.datePlusSeconds(pGPSignature.getCreationTime(), signatureExpirationTime.getTime());
            if (datePlusSeconds == null || !datePlusSeconds.before(date2)) {
                return;
            }
            throw new SignatureValidationException("Signature is already expired (expiration: " + datePlusSeconds + ", validation: " + date2 + ")");
        }
    }

    public static SignatureValidator signatureIsCertification() {
        final SignatureType[] signatureTypeArr = {SignatureType.POSITIVE_CERTIFICATION, SignatureType.CASUAL_CERTIFICATION, SignatureType.GENERIC_CERTIFICATION, SignatureType.NO_CERTIFICATION};
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.18
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void verify(PGPSignature pGPSignature) throws SignatureValidationException {
                SignatureType valueOf = SignatureType.valueOf(pGPSignature.sigPck.signatureType);
                SignatureType[] signatureTypeArr2 = signatureTypeArr;
                int length = signatureTypeArr2.length;
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (valueOf == signatureTypeArr2[i]) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (z) {
                    return;
                }
                StringBuilder sb = new StringBuilder();
                sb.append("Signature is of type ");
                sb.append(valueOf);
                sb.append(" while only ");
                throw new SignatureValidationException(ComponentActivity$2$$ExternalSyntheticOutline0.m(sb, Arrays.toString(signatureTypeArr), " are allowed here."));
            }
        };
    }

    public abstract void verify(PGPSignature pGPSignature) throws SignatureValidationException;
}
