package org.eclipse.jgit.gpg.bc.internal;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.text.MessageFormat;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import org.bouncycastle.bcpg.sig.IssuerFingerprint;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import org.bouncycastle.util.encoders.Hex;
import org.eclipse.jgit.api.errors.JGitInternalException;
import org.eclipse.jgit.lib.GpgConfig;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.lib.SignatureVerifier;
import org.eclipse.jgit.util.LRUMap;
import org.eclipse.jgit.util.StringUtils;

/* loaded from: input_file:oxygen-git-client-addon-5.4.0/lib/org.eclipse.jgit.gpg.bc-7.0.0.202409031743-r.jar:org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSignatureVerifier.class */
public class BouncyCastleGpgSignatureVerifier implements SignatureVerifier {
    private static final String NAME = "bc";
    private static final Object NO_KEY = new Object();
    private LRUMap<String, Object> byFingerprint = new LRUMap<>(16, 200);
    private LRUMap<String, Object> bySigner = new LRUMap<>(16, 200);

    @Override // org.eclipse.jgit.lib.SignatureVerifier
    public String getName() {
        return NAME;
    }

    static PGPSignature parseSignature(InputStream inputStream) throws IOException, PGPException {
        Throwable th = null;
        try {
            InputStream decoderStream = PGPUtil.getDecoderStream(inputStream);
            try {
                Object nextObject = new JcaPGPObjectFactory(decoderStream).nextObject();
                if (nextObject instanceof PGPCompressedData) {
                    nextObject = new JcaPGPObjectFactory(((PGPCompressedData) nextObject).getDataStream()).nextObject();
                }
                if (!(nextObject instanceof PGPSignatureList)) {
                }
                PGPSignature pGPSignature = ((PGPSignatureList) nextObject).get(0);
                if (decoderStream != null) {
                    decoderStream.close();
                }
                return pGPSignature;
            } finally {
                if (decoderStream != null) {
                    decoderStream.close();
                }
            }
        } catch (Throwable th2) {
            if (0 == 0) {
                th = th2;
            } else if (null != th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.eclipse.jgit.lib.SignatureVerifier
    public SignatureVerifier.SignatureVerification verify(Repository repository, GpgConfig gpgConfig, byte[] bArr, byte[] bArr2) throws IOException {
        String str = null;
        String str2 = null;
        Throwable th = null;
        try {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr2);
                try {
                    PGPSignature parseSignature = parseSignature(byteArrayInputStream);
                    if (parseSignature == null) {
                        throw new JGitInternalException(BCText.get().nonSignatureError);
                    }
                    if (parseSignature.hasSubpackets()) {
                        PGPSignatureSubpacketVector hashedSubPackets = parseSignature.getHashedSubPackets();
                        IssuerFingerprint issuerFingerprint = hashedSubPackets.getIssuerFingerprint();
                        if (issuerFingerprint != null) {
                            str = Hex.toHexString(issuerFingerprint.getFingerprint()).toLowerCase(Locale.ROOT);
                        }
                        str2 = hashedSubPackets.getSignerUserID();
                        if (str2 != null) {
                            str2 = BouncyCastleGpgSigner.extractSignerId(str2);
                        }
                    }
                    String lowerCase = Long.toUnsignedString(parseSignature.getKeyID(), 16).toLowerCase(Locale.ROOT);
                    if (byteArrayInputStream != null) {
                        byteArrayInputStream.close();
                    }
                    Date creationTime = parseSignature.getCreationTime();
                    if (str == null && str2 == null && lowerCase == null) {
                        return new SignatureVerifier.SignatureVerification(NAME, creationTime, null, null, null, false, false, SignatureVerifier.TrustLevel.UNKNOWN, BCText.get().signatureNoKeyInfo);
                    }
                    if (str != null && lowerCase != null && !str.endsWith(lowerCase)) {
                        return new SignatureVerifier.SignatureVerification(NAME, creationTime, str2, str, str2, false, false, SignatureVerifier.TrustLevel.UNKNOWN, MessageFormat.format(BCText.get().signatureInconsistent, lowerCase, str));
                    }
                    if (str == null && lowerCase != null) {
                        str = lowerCase;
                    }
                    String str3 = "<" + str2 + ">";
                    BouncyCastleGpgPublicKey bouncyCastleGpgPublicKey = null;
                    try {
                        Object obj = this.byFingerprint.get(str);
                        if (obj != null) {
                            if (obj instanceof BouncyCastleGpgPublicKey) {
                                bouncyCastleGpgPublicKey = (BouncyCastleGpgPublicKey) obj;
                            }
                        } else if (!StringUtils.isEmptyOrNull(str2)) {
                            obj = this.bySigner.get(str2);
                            if (obj != null && (obj instanceof BouncyCastleGpgPublicKey)) {
                                bouncyCastleGpgPublicKey = (BouncyCastleGpgPublicKey) obj;
                            }
                        }
                        if (obj == null) {
                            bouncyCastleGpgPublicKey = BouncyCastleGpgKeyLocator.findPublicKey(str, str3);
                        }
                        if (bouncyCastleGpgPublicKey == null) {
                            if (obj == null) {
                                this.byFingerprint.put(str, NO_KEY);
                                this.byFingerprint.put(lowerCase, NO_KEY);
                                if (str2 != null) {
                                    this.bySigner.put(str2, NO_KEY);
                                }
                            }
                            return new SignatureVerifier.SignatureVerification(NAME, creationTime, str2, str, str2, false, false, SignatureVerifier.TrustLevel.UNKNOWN, BCText.get().signatureNoPublicKey);
                        }
                        if (str != null && !bouncyCastleGpgPublicKey.isExactMatch()) {
                            return new SignatureVerifier.SignatureVerification(NAME, creationTime, str2, str, str2, false, false, SignatureVerifier.TrustLevel.UNKNOWN, MessageFormat.format(BCText.get().signatureNoSigningKey, str));
                        }
                        if (obj == null) {
                            this.byFingerprint.put(str, bouncyCastleGpgPublicKey);
                            this.byFingerprint.put(lowerCase, bouncyCastleGpgPublicKey);
                            if (str2 != null) {
                                this.bySigner.put(str2, bouncyCastleGpgPublicKey);
                            }
                        }
                        String str4 = null;
                        List<String> userIds = bouncyCastleGpgPublicKey.getUserIds();
                        if (userIds != null && !userIds.isEmpty()) {
                            if (!StringUtils.isEmptyOrNull(str2)) {
                                Iterator<String> it = bouncyCastleGpgPublicKey.getUserIds().iterator();
                                while (true) {
                                    if (!it.hasNext()) {
                                        break;
                                    }
                                    String next = it.next();
                                    if (BouncyCastleGpgKeyLocator.containsSigningKey(next, str3)) {
                                        str4 = next;
                                        break;
                                    }
                                }
                            }
                            if (str4 == null) {
                                str4 = userIds.get(0);
                            }
                        } else if (str2 != null) {
                            str4 = str2;
                        }
                        PGPPublicKey publicKey = bouncyCastleGpgPublicKey.getPublicKey();
                        boolean z = false;
                        long validSeconds = publicKey.getValidSeconds();
                        if (validSeconds > 0 && creationTime != null) {
                            z = publicKey.getCreationTime().toInstant().plusSeconds(validSeconds).isBefore(creationTime.toInstant());
                        }
                        SignatureVerifier.TrustLevel parseGpgTrustPacket = parseGpgTrustPacket(publicKey.getTrustData());
                        try {
                            parseSignature.init(new JcaPGPContentVerifierBuilderProvider(), publicKey);
                            parseSignature.update(bArr);
                            return new SignatureVerifier.SignatureVerification(NAME, creationTime, str2, str, str4, parseSignature.verify(), z, parseGpgTrustPacket, null);
                        } catch (PGPException e) {
                            throw new JGitInternalException(BCText.get().signatureVerificationError, e);
                        }
                    } catch (IOException | PGPException e2) {
                        throw new JGitInternalException(BCText.get().signatureKeyLookupError, e2);
                    }
                } catch (Throwable th2) {
                    if (byteArrayInputStream != null) {
                        byteArrayInputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (NumberFormatException | PGPException e3) {
            throw new JGitInternalException(BCText.get().signatureParseError, e3);
        }
    }

    private SignatureVerifier.TrustLevel parseGpgTrustPacket(byte[] bArr) {
        if (bArr == null || bArr.length < 6) {
            return SignatureVerifier.TrustLevel.UNKNOWN;
        }
        if (bArr[2] != 103 || bArr[3] != 112 || bArr[4] != 103) {
            return SignatureVerifier.TrustLevel.UNKNOWN;
        }
        switch (bArr[0] & 15) {
            case 0:
            case 1:
            case 2:
                return SignatureVerifier.TrustLevel.UNKNOWN;
            case 3:
                return SignatureVerifier.TrustLevel.NEVER;
            case 4:
                return SignatureVerifier.TrustLevel.MARGINAL;
            case 5:
                return SignatureVerifier.TrustLevel.FULL;
            case 6:
                return SignatureVerifier.TrustLevel.ULTIMATE;
            default:
                return SignatureVerifier.TrustLevel.UNKNOWN;
        }
    }

    @Override // org.eclipse.jgit.lib.SignatureVerifier
    public void clear() {
        this.byFingerprint.clear();
        this.bySigner.clear();
    }
}
