package org.apache.camel.converter.crypto;

import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.apache.camel.Exchange;
import org.apache.camel.converter.stream.CachedOutputStream;
import org.apache.camel.spi.DataFormat;
import org.apache.camel.support.ServiceSupport;
import org.apache.camel.util.ExchangeHelper;
import org.apache.camel.util.IOHelper;
import org.apache.camel.util.ObjectHelper;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignature;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.class */
public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat {
    public static final String KEY_USERID = "CamelPGPDataFormatKeyUserid";
    public static final String KEY_USERIDS = "CamelPGPDataFormatKeyUserids";
    public static final String SIGNATURE_KEY_USERID = "CamelPGPDataFormatSignatureKeyUserid";
    public static final String SIGNATURE_KEY_USERIDS = "CamelPGPDataFormatSignatureKeyUserids";
    public static final String ENCRYPTION_ALGORITHM = "CamelPGPDataFormatEncryptionAlgorithm";
    public static final String SIGNATURE_HASH_ALGORITHM = "CamelPGPDataFormatSignatureHashAlgorithm";
    public static final String COMPRESSION_ALGORITHM = "CamelPGPDataFormatCompressionAlgorithm";
    public static final String NUMBER_OF_ENCRYPTION_KEYS = "CamelPGPDataFormatNumberOfEncryptionKeys";
    public static final String NUMBER_OF_SIGNING_KEYS = "CamelPGPDataFormatNumberOfSigningKeys";
    private static final String BC = "BC";
    private static final int BUFFER_SIZE = 16384;
    PGPPublicKeyAccessor publicKeyAccessor;
    PGPSecretKeyAccessor secretKeyAccessor;
    private String keyUserid;
    private List<String> keyUserids;
    private String signatureKeyUserid;
    private List<String> signatureKeyUserids;
    private boolean armored;
    private static final Logger LOG = LoggerFactory.getLogger(PGPKeyAccessDataFormat.class);
    public static final String SIGNATURE_VERIFICATION_OPTION_OPTIONAL = "optional";
    public static final String SIGNATURE_VERIFICATION_OPTION_REQUIRED = "required";
    public static final String SIGNATURE_VERIFICATION_OPTION_IGNORE = "ignore";
    public static final String SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED = "no_signature_allowed";
    private static final List<String> SIGNATURE_VERIFICATION_OPTIONS = Arrays.asList(SIGNATURE_VERIFICATION_OPTION_OPTIONAL, SIGNATURE_VERIFICATION_OPTION_REQUIRED, SIGNATURE_VERIFICATION_OPTION_IGNORE, SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED);
    private String provider = "BC";
    private boolean integrity = true;
    private int hashAlgorithm = 2;
    private int algorithm = 3;
    private int compressionAlgorithm = 1;
    private String signatureVerificationOption = SIGNATURE_VERIFICATION_OPTION_OPTIONAL;

    protected String findKeyUserid(Exchange exchange) {
        return (String) exchange.getIn().getHeader(KEY_USERID, getKeyUserid(), String.class);
    }

    protected List<String> findKeyUserids(Exchange exchange) {
        return (List) exchange.getIn().getHeader(KEY_USERIDS, getKeyUserids(), List.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String findSignatureKeyUserid(Exchange exchange) {
        return (String) exchange.getIn().getHeader(SIGNATURE_KEY_USERID, getSignatureKeyUserid(), String.class);
    }

    protected List<String> findSignatureKeyUserids(Exchange exchange) {
        return (List) exchange.getIn().getHeader(SIGNATURE_KEY_USERIDS, getSignatureKeyUserids(), List.class);
    }

    protected int findCompressionAlgorithm(Exchange exchange) {
        return ((Integer) exchange.getIn().getHeader(COMPRESSION_ALGORITHM, Integer.valueOf(getCompressionAlgorithm()), Integer.class)).intValue();
    }

    protected int findAlgorithm(Exchange exchange) {
        return ((Integer) exchange.getIn().getHeader(ENCRYPTION_ALGORITHM, Integer.valueOf(getAlgorithm()), Integer.class)).intValue();
    }

    protected int findHashAlgorithm(Exchange exchange) {
        return ((Integer) exchange.getIn().getHeader(SIGNATURE_HASH_ALGORITHM, Integer.valueOf(getHashAlgorithm()), Integer.class)).intValue();
    }

    public void marshal(Exchange exchange, Object obj, OutputStream outputStream) throws Exception {
        List<String> determineEncryptionUserIds = determineEncryptionUserIds(exchange);
        List<PGPPublicKey> encryptionKeys = this.publicKeyAccessor.getEncryptionKeys(exchange, determineEncryptionUserIds);
        if (encryptionKeys.isEmpty()) {
            throw new IllegalArgumentException("Cannot PGP encrypt message. No public encryption key found for the User Ids " + determineEncryptionUserIds + " in the public keyring. Either specify other User IDs or add correct public keys to the keyring.");
        }
        exchange.getOut().setHeader(NUMBER_OF_ENCRYPTION_KEYS, Integer.valueOf(encryptionKeys.size()));
        InputStream inputStream = (InputStream) ExchangeHelper.convertToMandatoryType(exchange, InputStream.class, obj);
        if (this.armored) {
            outputStream = new ArmoredOutputStream(outputStream);
        }
        PGPEncryptedDataGenerator pGPEncryptedDataGenerator = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(findAlgorithm(exchange)).setWithIntegrityPacket(this.integrity).setSecureRandom(new SecureRandom()).setProvider(getProvider()));
        Iterator<PGPPublicKey> it = encryptionKeys.iterator();
        while (it.hasNext()) {
            pGPEncryptedDataGenerator.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(it.next()));
        }
        OutputStream open = pGPEncryptedDataGenerator.open(outputStream, new byte[16384]);
        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new PGPCompressedDataGenerator(findCompressionAlgorithm(exchange)).open(open));
        List<PGPSignatureGenerator> createSignatureGenerator = createSignatureGenerator(exchange, bufferedOutputStream);
        PGPLiteralDataGenerator pGPLiteralDataGenerator = new PGPLiteralDataGenerator();
        String str = (String) exchange.getIn().getHeader("CamelFileName", String.class);
        if (ObjectHelper.isEmpty(str)) {
            str = "_CONSOLE";
        }
        OutputStream open2 = pGPLiteralDataGenerator.open((OutputStream) bufferedOutputStream, 'b', str, new Date(), new byte[16384]);
        try {
            byte[] bArr = new byte[16384];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    break;
                }
                open2.write(bArr, 0, read);
                if (createSignatureGenerator != null && !createSignatureGenerator.isEmpty()) {
                    Iterator<PGPSignatureGenerator> it2 = createSignatureGenerator.iterator();
                    while (it2.hasNext()) {
                        it2.next().update(bArr, 0, read);
                    }
                }
                open2.flush();
            }
            IOHelper.close(open2);
            if (createSignatureGenerator != null && !createSignatureGenerator.isEmpty()) {
                for (int size = createSignatureGenerator.size() - 1; size > -1; size--) {
                    createSignatureGenerator.get(size).generate().encode(bufferedOutputStream);
                }
            }
            IOHelper.close(new Closeable[]{bufferedOutputStream, open, outputStream, inputStream});
        } catch (Throwable th) {
            IOHelper.close(open2);
            if (createSignatureGenerator != null && !createSignatureGenerator.isEmpty()) {
                for (int size2 = createSignatureGenerator.size() - 1; size2 > -1; size2--) {
                    createSignatureGenerator.get(size2).generate().encode(bufferedOutputStream);
                }
            }
            IOHelper.close(new Closeable[]{bufferedOutputStream, open, outputStream, inputStream});
            throw th;
        }
    }

    protected List<String> determineEncryptionUserIds(Exchange exchange) {
        List<String> list;
        String findKeyUserid = findKeyUserid(exchange);
        List<String> findKeyUserids = findKeyUserids(exchange);
        if (findKeyUserid != null) {
            if (findKeyUserids == null || findKeyUserids.isEmpty()) {
                list = Collections.singletonList(findKeyUserid);
            } else {
                list = new ArrayList(findKeyUserids.size() + 1);
                list.add(findKeyUserid);
                list.addAll(findKeyUserids);
            }
        } else {
            if (findKeyUserids == null || findKeyUserids.isEmpty()) {
                throw new IllegalStateException("Cannot PGP encrypt message. No User ID of the public key specified.");
            }
            list = findKeyUserids;
        }
        return list;
    }

    protected List<String> determineSignaturenUserIds(Exchange exchange) {
        List<String> list;
        String findSignatureKeyUserid = findSignatureKeyUserid(exchange);
        List<String> findSignatureKeyUserids = findSignatureKeyUserids(exchange);
        if (findSignatureKeyUserid == null) {
            list = findSignatureKeyUserids;
        } else if (findSignatureKeyUserids == null || findSignatureKeyUserids.isEmpty()) {
            list = Collections.singletonList(findSignatureKeyUserid);
        } else {
            list = new ArrayList(findSignatureKeyUserids.size() + 1);
            list.add(findSignatureKeyUserid);
            list.addAll(findSignatureKeyUserids);
        }
        return list;
    }

    protected List<PGPSignatureGenerator> createSignatureGenerator(Exchange exchange, OutputStream outputStream) throws Exception {
        if (this.secretKeyAccessor == null) {
            return null;
        }
        List<PGPSecretKeyAndPrivateKeyAndUserId> signerKeys = this.secretKeyAccessor.getSignerKeys(exchange, determineSignaturenUserIds(exchange));
        if (signerKeys.isEmpty()) {
            return null;
        }
        exchange.getOut().setHeader(NUMBER_OF_SIGNING_KEYS, Integer.valueOf(signerKeys.size()));
        ArrayList arrayList = new ArrayList();
        for (PGPSecretKeyAndPrivateKeyAndUserId pGPSecretKeyAndPrivateKeyAndUserId : signerKeys) {
            PGPPrivateKey privateKey = pGPSecretKeyAndPrivateKeyAndUserId.getPrivateKey();
            PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator = new PGPSignatureSubpacketGenerator();
            pGPSignatureSubpacketGenerator.setSignerUserID(false, pGPSecretKeyAndPrivateKeyAndUserId.getUserId());
            PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(new JcaPGPContentSignerBuilder(pGPSecretKeyAndPrivateKeyAndUserId.getSecretKey().getPublicKey().getAlgorithm(), findHashAlgorithm(exchange)).setProvider(getProvider()));
            pGPSignatureGenerator.init(0, privateKey);
            pGPSignatureGenerator.setHashedSubpackets(pGPSignatureSubpacketGenerator.generate());
            pGPSignatureGenerator.generateOnePassVersion(false).encode(outputStream);
            arrayList.add(pGPSignatureGenerator);
        }
        return arrayList;
    }

    public Object unmarshal(Exchange exchange, InputStream inputStream) throws Exception {
        PGPOnePassSignature pGPOnePassSignature;
        CachedOutputStream cachedOutputStream;
        CachedOutputStream byteArrayOutputStream;
        CachedOutputStream cachedOutputStream2;
        if (inputStream == null) {
            return null;
        }
        try {
            InputStream decoderStream = PGPUtil.getDecoderStream(inputStream);
            InputStream decryptedData = getDecryptedData(exchange, decoderStream);
            InputStream uncompressedData = getUncompressedData(decryptedData);
            PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(uncompressedData);
            PGPOnePassSignatureList nextObject = pGPObjectFactory.nextObject();
            if (nextObject instanceof PGPOnePassSignatureList) {
                pGPOnePassSignature = getSignature(exchange, nextObject);
                nextObject = pGPObjectFactory.nextObject();
            } else {
                pGPOnePassSignature = null;
                if (SIGNATURE_VERIFICATION_OPTION_REQUIRED.equals(getSignatureVerificationOption())) {
                    throw new PGPException("PGP message does not contain any signatures although a signature is expected. Either send a PGP message with signature or change the configuration of the PGP decryptor.");
                }
            }
            if (!(nextObject instanceof PGPLiteralData)) {
                throw getFormatException();
            }
            InputStream inputStream2 = ((PGPLiteralData) nextObject).getInputStream();
            if (exchange.getContext().getStreamCachingStrategy().isEnabled()) {
                cachedOutputStream = new CachedOutputStream(exchange);
                byteArrayOutputStream = null;
                cachedOutputStream2 = cachedOutputStream;
            } else {
                cachedOutputStream = null;
                byteArrayOutputStream = new ByteArrayOutputStream();
                cachedOutputStream2 = byteArrayOutputStream;
            }
            byte[] bArr = new byte[16384];
            while (true) {
                int read = inputStream2.read(bArr);
                if (read == -1) {
                    break;
                }
                cachedOutputStream2.write(bArr, 0, read);
                if (pGPOnePassSignature != null) {
                    pGPOnePassSignature.update(bArr, 0, read);
                }
                cachedOutputStream2.flush();
            }
            verifySignature(pGPObjectFactory, pGPOnePassSignature);
            IOHelper.close(new Closeable[]{cachedOutputStream2, inputStream2, uncompressedData, decryptedData, decoderStream, inputStream});
            return cachedOutputStream != null ? cachedOutputStream.newStreamCache() : byteArrayOutputStream.toByteArray();
        } catch (Throwable th) {
            IOHelper.close(new Closeable[]{null, null, null, null, null, inputStream});
            throw th;
        }
    }

    private InputStream getUncompressedData(InputStream inputStream) throws IOException, PGPException {
        Object nextObject = new PGPObjectFactory(inputStream).nextObject();
        if (nextObject instanceof PGPCompressedData) {
            return ((PGPCompressedData) nextObject).getDataStream();
        }
        throw getFormatException();
    }

    private InputStream getDecryptedData(Exchange exchange, InputStream inputStream) throws Exception, PGPException {
        PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(inputStream);
        PGPEncryptedDataList ecryptedDataList = getEcryptedDataList(pGPObjectFactory, pGPObjectFactory.nextObject());
        if (ecryptedDataList == null) {
            throw getFormatException();
        }
        PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData = null;
        PGPPrivateKey pGPPrivateKey = null;
        for (int i = 0; i < ecryptedDataList.size() && pGPPrivateKey == null; i++) {
            Object obj = ecryptedDataList.get(i);
            if (!(obj instanceof PGPPublicKeyEncryptedData)) {
                throw getFormatException();
            }
            pGPPublicKeyEncryptedData = (PGPPublicKeyEncryptedData) obj;
            pGPPrivateKey = this.secretKeyAccessor.getPrivateKey(exchange, pGPPublicKeyEncryptedData.getKeyID());
            if (pGPPrivateKey != null) {
                break;
            }
        }
        if (pGPPrivateKey == null) {
            throw new PGPException("PGP message is encrypted with a key which could not be found in the Secret Keyring.");
        }
        return pGPPublicKeyEncryptedData.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider(getProvider()).build(pGPPrivateKey));
    }

    private PGPEncryptedDataList getEcryptedDataList(PGPObjectFactory pGPObjectFactory, Object obj) throws IOException {
        PGPEncryptedDataList pGPEncryptedDataList;
        if (obj instanceof PGPEncryptedDataList) {
            pGPEncryptedDataList = (PGPEncryptedDataList) obj;
        } else {
            Object nextObject = pGPObjectFactory.nextObject();
            pGPEncryptedDataList = nextObject instanceof PGPEncryptedDataList ? (PGPEncryptedDataList) nextObject : null;
        }
        return pGPEncryptedDataList;
    }

    private void verifySignature(PGPObjectFactory pGPObjectFactory, PGPOnePassSignature pGPOnePassSignature) throws IOException, PGPException, SignatureException {
        if (pGPOnePassSignature != null) {
            if (!pGPOnePassSignature.verify(getSignatureWithKeyId(pGPOnePassSignature.getKeyID(), (PGPSignatureList) pGPObjectFactory.nextObject()))) {
                throw new SignatureException("Verification of the PGP signature with the key ID " + pGPOnePassSignature.getKeyID() + " failed. The PGP message may have been tampered.");
            }
        }
    }

    private IllegalArgumentException getFormatException() {
        return new IllegalArgumentException("The input message body has an invalid format. The PGP decryption/verification processor expects a sequence of PGP packets of the form (entries in brackets are optional and ellipses indicate repetition, comma represents  sequential composition, and vertical bar separates alternatives): Public Key Encrypted Session Key ..., Symmetrically Encrypted Data | Sym. Encrypted and Integrity Protected Data, Compressed Data, (One Pass Signature ...,) Literal Data, (Signature ...,)");
    }

    protected PGPSignature getSignatureWithKeyId(long j, PGPSignatureList pGPSignatureList) {
        for (int i = 0; i < pGPSignatureList.size(); i++) {
            PGPSignature pGPSignature = pGPSignatureList.get(i);
            if (j == pGPSignature.getKeyID()) {
                return pGPSignature;
            }
        }
        throw new IllegalStateException("PGP signature is inconsistent");
    }

    protected PGPOnePassSignature getSignature(Exchange exchange, PGPOnePassSignatureList pGPOnePassSignatureList) throws Exception {
        if (SIGNATURE_VERIFICATION_OPTION_IGNORE.equals(getSignatureVerificationOption())) {
            return null;
        }
        if (SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED.equals(getSignatureVerificationOption())) {
            throw new PGPException("PGP message contains a signature although a signature is not expected. Either change the configuration of the PGP decryptor or send a PGP message with no signature.");
        }
        List<String> determineSignaturenUserIds = determineSignaturenUserIds(exchange);
        for (int i = 0; i < pGPOnePassSignatureList.size(); i++) {
            PGPOnePassSignature pGPOnePassSignature = pGPOnePassSignatureList.get(i);
            PGPPublicKey publicKey = this.publicKeyAccessor.getPublicKey(exchange, pGPOnePassSignature.getKeyID(), determineSignaturenUserIds);
            if (publicKey != null) {
                pGPOnePassSignature.init(new JcaPGPContentVerifierBuilderProvider().setProvider(getProvider()), publicKey);
                return pGPOnePassSignature;
            }
        }
        if (pGPOnePassSignatureList.isEmpty()) {
            return null;
        }
        throw new IllegalArgumentException("Cannot verify the PGP signature: No public key found for the key ID(s) contained in the PGP signature(s). Either the received PGP message contains a signature from an unexpected sender or the Public Keyring does not contain the public key of the sender.");
    }

    public void setArmored(boolean z) {
        this.armored = z;
    }

    public boolean getArmored() {
        return this.armored;
    }

    public void setIntegrity(boolean z) {
        this.integrity = z;
    }

    public boolean getIntegrity() {
        return this.integrity;
    }

    public void setKeyUserid(String str) {
        this.keyUserid = str;
    }

    public String getKeyUserid() {
        return this.keyUserid;
    }

    public List<String> getKeyUserids() {
        return this.keyUserids;
    }

    public void setKeyUserids(List<String> list) {
        this.keyUserids = list;
    }

    public void setSignatureKeyUserid(String str) {
        this.signatureKeyUserid = str;
    }

    public String getSignatureKeyUserid() {
        return this.signatureKeyUserid;
    }

    public List<String> getSignatureKeyUserids() {
        return this.signatureKeyUserids;
    }

    public void setSignatureKeyUserids(List<String> list) {
        this.signatureKeyUserids = list;
    }

    public String getProvider() {
        return this.provider;
    }

    public void setProvider(String str) {
        this.provider = str;
    }

    public int getCompressionAlgorithm() {
        return this.compressionAlgorithm;
    }

    public void setCompressionAlgorithm(int i) {
        this.compressionAlgorithm = i;
    }

    public int getHashAlgorithm() {
        return this.hashAlgorithm;
    }

    public void setHashAlgorithm(int i) {
        this.hashAlgorithm = i;
    }

    public int getAlgorithm() {
        return this.algorithm;
    }

    public void setAlgorithm(int i) {
        this.algorithm = i;
    }

    public PGPPublicKeyAccessor getPublicKeyAccessor() {
        return this.publicKeyAccessor;
    }

    public void setPublicKeyAccessor(PGPPublicKeyAccessor pGPPublicKeyAccessor) {
        this.publicKeyAccessor = pGPPublicKeyAccessor;
    }

    public PGPSecretKeyAccessor getSecretKeyAccessor() {
        return this.secretKeyAccessor;
    }

    public void setSecretKeyAccessor(PGPSecretKeyAccessor pGPSecretKeyAccessor) {
        this.secretKeyAccessor = pGPSecretKeyAccessor;
    }

    public String getSignatureVerificationOption() {
        return this.signatureVerificationOption;
    }

    public void setSignatureVerificationOption(String str) {
        if (!SIGNATURE_VERIFICATION_OPTIONS.contains(str)) {
            throw new IllegalArgumentException(str + " is not a valid signature verification option");
        }
        this.signatureVerificationOption = str;
    }

    protected void doStart() throws Exception {
        if (Security.getProvider("BC") != null || !"BC".equals(getProvider())) {
            LOG.debug("Using custom provider {} which is expected to be enlisted manually.", getProvider());
        } else {
            LOG.debug("Adding BouncyCastleProvider as security provider");
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    protected void doStop() throws Exception {
    }
}
