package org.bouncycastle.openpgp.api;

import java.util.Date;
import org.bouncycastle.bcpg.KeyIdentifier;
import org.bouncycastle.bcpg.PublicKeyUtils;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPKeyValidationException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.api.OpenPGPCertificate;
import org.bouncycastle.openpgp.api.OpenPGPKey;
import org.bouncycastle.openpgp.api.SignatureParameters;
import org.bouncycastle.openpgp.api.Utils;
import org.bouncycastle.openpgp.api.exception.OpenPGPKeyException;
import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor;

/* loaded from: input_file:org/bouncycastle/openpgp/api/OpenPGPKeyEditor.class */
public class OpenPGPKeyEditor extends AbstractOpenPGPKeySignatureGenerator {
    private final OpenPGPImplementation implementation;
    private final OpenPGPPolicy policy;
    private OpenPGPKey key;
    private final OpenPGPKey.OpenPGPPrivateKey primaryKey;

    public OpenPGPKeyEditor(OpenPGPKey openPGPKey, KeyPassphraseProvider keyPassphraseProvider) throws PGPException {
        this(openPGPKey, keyPassphraseProvider, openPGPKey.implementation);
    }

    public OpenPGPKeyEditor(OpenPGPKey openPGPKey, KeyPassphraseProvider keyPassphraseProvider, OpenPGPImplementation openPGPImplementation) throws PGPException {
        this(openPGPKey, keyPassphraseProvider, openPGPImplementation, openPGPImplementation.policy());
    }

    public OpenPGPKeyEditor(OpenPGPKey openPGPKey, KeyPassphraseProvider keyPassphraseProvider, OpenPGPImplementation openPGPImplementation, OpenPGPPolicy openPGPPolicy) throws PGPException {
        this.key = openPGPKey;
        this.primaryKey = openPGPKey.getPrimarySecretKey().unlock(keyPassphraseProvider);
        this.implementation = openPGPImplementation;
        this.policy = openPGPPolicy;
    }

    public OpenPGPKeyEditor addDirectKeySignature(SignatureParameters.Callback callback) throws PGPException {
        SignatureParameters applySignatureParameters = Utils.applySignatureParameters(callback, SignatureParameters.directKeySignature(this.policy));
        if (applySignatureParameters != null) {
            PGPPublicKey pGPPublicKey = this.key.getPrimaryKey().getPGPPublicKey();
            this.key = generateOpenPGPKey(Utils.injectCertification(pGPPublicKey, Utils.getPgpSignatureGenerator(this.implementation, pGPPublicKey, this.primaryKey.getKeyPair().getPrivateKey(), applySignatureParameters, applySignatureParameters.getSignatureCreationTime(), null)));
        }
        return this;
    }

    public OpenPGPKeyEditor addUserId(String str) throws PGPException {
        return addUserId(str, null);
    }

    public OpenPGPKeyEditor addUserId(String str, SignatureParameters.Callback callback) throws PGPException {
        if (str == null || str.trim().length() == 0) {
            throw new IllegalArgumentException("User-ID cannot be null or empty.");
        }
        SignatureParameters applySignatureParameters = Utils.applySignatureParameters(callback, SignatureParameters.certification(this.policy));
        if (applySignatureParameters != null) {
            PGPPublicKey pGPPublicKey = this.key.getPrimaryKey().getPGPPublicKey();
            this.key = generateOpenPGPKey(Utils.injectCertification(str, pGPPublicKey, Utils.getPgpSignatureGenerator(this.implementation, pGPPublicKey, this.primaryKey.getKeyPair().getPrivateKey(), applySignatureParameters, applySignatureParameters.getSignatureCreationTime(), null)));
        }
        return this;
    }

    public OpenPGPKeyEditor revokeIdentity(OpenPGPCertificate.OpenPGPIdentityComponent openPGPIdentityComponent) throws PGPException {
        return revokeIdentity(openPGPIdentityComponent, null);
    }

    public OpenPGPKeyEditor revokeIdentity(OpenPGPCertificate.OpenPGPIdentityComponent openPGPIdentityComponent, SignatureParameters.Callback callback) throws PGPException {
        PGPPublicKey addCertification;
        if (!this.key.getComponents().contains(openPGPIdentityComponent)) {
            throw new IllegalArgumentException("UserID or UserAttribute is not part of the certificate.");
        }
        SignatureParameters applySignatureParameters = Utils.applySignatureParameters(callback, SignatureParameters.certificationRevocation(this.policy));
        if (applySignatureParameters != null) {
            PGPPublicKey pGPPublicKey = this.key.getPrimaryKey().getPGPPublicKey();
            PGPSignatureGenerator pgpSignatureGenerator = Utils.getPgpSignatureGenerator(this.implementation, pGPPublicKey, this.primaryKey.getKeyPair().getPrivateKey(), applySignatureParameters, applySignatureParameters.getSignatureCreationTime(), null);
            if (openPGPIdentityComponent instanceof OpenPGPCertificate.OpenPGPUserId) {
                addCertification = Utils.injectCertification(((OpenPGPCertificate.OpenPGPUserId) openPGPIdentityComponent).getUserId(), pGPPublicKey, pgpSignatureGenerator);
            } else {
                OpenPGPCertificate.OpenPGPUserAttribute openPGPUserAttribute = (OpenPGPCertificate.OpenPGPUserAttribute) openPGPIdentityComponent;
                addCertification = PGPPublicKey.addCertification(pGPPublicKey, openPGPUserAttribute.getUserAttribute(), pgpSignatureGenerator.generateCertification(openPGPUserAttribute.getUserAttribute(), pGPPublicKey));
            }
            this.key = generateOpenPGPKey(addCertification);
        }
        return this;
    }

    public OpenPGPKeyEditor addEncryptionSubkey() throws PGPException {
        return addEncryptionSubkey(KeyPairGeneratorCallback.encryptionKey());
    }

    public OpenPGPKeyEditor addEncryptionSubkey(KeyPairGeneratorCallback keyPairGeneratorCallback) throws PGPException {
        return addEncryptionSubkey(keyPairGeneratorCallback, this.key.getPrimaryKey().getVersion(), new Date());
    }

    public OpenPGPKeyEditor addEncryptionSubkey(KeyPairGeneratorCallback keyPairGeneratorCallback, int i, Date date) throws PGPException {
        return addEncryptionSubkey(keyPairGeneratorCallback.generateFrom(this.implementation.pgpKeyPairGeneratorProvider().get(i, date)), null);
    }

    public OpenPGPKeyEditor addEncryptionSubkey(PGPKeyPair pGPKeyPair, SignatureParameters.Callback callback) throws PGPException {
        if (!pGPKeyPair.getPublicKey().isEncryptionKey()) {
            throw new PGPKeyValidationException("Provided subkey is not encryption-capable.");
        }
        updateKey(pGPKeyPair, callback, this.key.getPrimaryKey().getPGPPublicKey(), new Utils.HashedSubpacketsOperation() { // from class: org.bouncycastle.openpgp.api.OpenPGPKeyEditor.1
            @Override // org.bouncycastle.openpgp.api.Utils.HashedSubpacketsOperation
            public void operate(PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator) throws PGPException {
                pGPSignatureSubpacketGenerator.setKeyFlags(12);
            }
        });
        return this;
    }

    public OpenPGPKeyEditor addSigningSubkey() throws PGPException {
        return addSigningSubkey(KeyPairGeneratorCallback.signingKey());
    }

    public OpenPGPKeyEditor addSigningSubkey(KeyPairGeneratorCallback keyPairGeneratorCallback) throws PGPException {
        return addSigningSubkey(keyPairGeneratorCallback, this.key.getPrimaryKey().getVersion(), new Date());
    }

    public OpenPGPKeyEditor addSigningSubkey(KeyPairGeneratorCallback keyPairGeneratorCallback, int i, Date date) throws PGPException {
        return addSigningSubkey(keyPairGeneratorCallback.generateFrom(this.implementation.pgpKeyPairGeneratorProvider().get(i, date)), (SignatureParameters.Callback) null, (SignatureParameters.Callback) null);
    }

    public OpenPGPKeyEditor addSigningSubkey(PGPKeyPair pGPKeyPair, SignatureParameters.Callback callback, SignatureParameters.Callback callback2) throws PGPException {
        if (!PublicKeyUtils.isSigningAlgorithm(pGPKeyPair.getPublicKey().getAlgorithm())) {
            throw new PGPKeyValidationException("Provided subkey is not signing-capable.");
        }
        SignatureParameters applySignatureParameters = Utils.applySignatureParameters(callback2, SignatureParameters.primaryKeyBinding(this.policy));
        PGPPublicKey pGPPublicKey = this.key.getPrimaryKey().getPGPPublicKey();
        final PGPSignature backSignature = Utils.getBackSignature(pGPKeyPair, applySignatureParameters, pGPPublicKey, this.implementation, null);
        updateKey(pGPKeyPair, callback, pGPPublicKey, new Utils.HashedSubpacketsOperation() { // from class: org.bouncycastle.openpgp.api.OpenPGPKeyEditor.2
            @Override // org.bouncycastle.openpgp.api.Utils.HashedSubpacketsOperation
            public void operate(PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator) throws PGPException {
                pGPSignatureSubpacketGenerator.setKeyFlags(2);
                Utils.addEmbeddedSiganture(backSignature, pGPSignatureSubpacketGenerator);
            }
        });
        return this;
    }

    public OpenPGPKeyEditor addSubkey(PGPKeyPair pGPKeyPair, SignatureParameters.Callback callback, SignatureParameters.Callback callback2) throws PGPException {
        if (PublicKeyUtils.isSigningAlgorithm(pGPKeyPair.getPublicKey().getAlgorithm()) && callback2 != null) {
            throw new PGPKeyValidationException("Provided subkey is not signing-capable, so we cannot create a back-signature.");
        }
        PGPPublicKey publicKey = pGPKeyPair.getPublicKey();
        SignatureParameters applySignatureParameters = Utils.applySignatureParameters(callback2, SignatureParameters.primaryKeyBinding(this.policy));
        PGPPublicKey pGPPublicKey = this.key.getPrimaryKey().getPGPPublicKey();
        final PGPSignature backSignature = Utils.getBackSignature(pGPKeyPair, applySignatureParameters, pGPPublicKey, this.implementation, null);
        SignatureParameters applySignatureParameters2 = Utils.applySignatureParameters(callback, SignatureParameters.subkeyBinding(this.policy));
        if (applySignatureParameters2 != null) {
            publicKey = Utils.injectCertification(publicKey, Utils.getPgpSignatureGenerator(this.implementation, pGPPublicKey, this.primaryKey.getKeyPair().getPrivateKey(), applySignatureParameters2, applySignatureParameters2.getSignatureCreationTime(), new Utils.HashedSubpacketsOperation() { // from class: org.bouncycastle.openpgp.api.OpenPGPKeyEditor.3
                @Override // org.bouncycastle.openpgp.api.Utils.HashedSubpacketsOperation
                public void operate(PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator) throws PGPException {
                    Utils.addEmbeddedSiganture(backSignature, pGPSignatureSubpacketGenerator);
                }
            }), pGPPublicKey);
        }
        this.key = generateOpenPGPKey(pGPKeyPair, publicKey);
        return this;
    }

    public OpenPGPKeyEditor revokeComponentKey(OpenPGPCertificate.OpenPGPComponentKey openPGPComponentKey) throws PGPException {
        return revokeComponentKey(openPGPComponentKey, null);
    }

    public OpenPGPKeyEditor revokeComponentKey(OpenPGPCertificate.OpenPGPComponentKey openPGPComponentKey, SignatureParameters.Callback callback) throws PGPException {
        if (!(this.key.getKey(openPGPComponentKey.getKeyIdentifier()) != null)) {
            throw new IllegalArgumentException("Provided component key is not part of the OpenPGP key.");
        }
        boolean z = !openPGPComponentKey.getKeyIdentifier().equals(this.key.getKeyIdentifier());
        SignatureParameters applySignatureParameters = Utils.applySignatureParameters(callback, z ? SignatureParameters.subkeyRevocation(this.policy) : SignatureParameters.keyRevocation(this.policy));
        PGPPublicKey pGPPublicKey = this.key.getPrimaryKey().getPGPPublicKey();
        PGPSignatureGenerator pgpSignatureGenerator = Utils.getPgpSignatureGenerator(this.implementation, pGPPublicKey, this.primaryKey.getKeyPair().getPrivateKey(), applySignatureParameters, applySignatureParameters.getSignatureCreationTime(), null);
        this.key = generateOpenPGPKey(z ? Utils.injectCertification(openPGPComponentKey.getPGPPublicKey(), pgpSignatureGenerator, pGPPublicKey) : Utils.injectCertification(pGPPublicKey, pgpSignatureGenerator));
        return this;
    }

    public OpenPGPKeyEditor revokeKey() throws PGPException {
        return revokeKey(null);
    }

    public OpenPGPKeyEditor revokeKey(SignatureParameters.Callback callback) throws PGPException {
        return revokeComponentKey(this.key.getPrimaryKey(), callback);
    }

    public OpenPGPKeyEditor changePassphrase(KeyIdentifier keyIdentifier, char[] cArr, char[] cArr2, boolean z) throws OpenPGPKeyException, PGPException {
        OpenPGPKey.OpenPGPSecretKey secretKey = this.key.getSecretKey(keyIdentifier);
        if (secretKey == null) {
            throw new OpenPGPKeyException(this.key, "Secret component key " + keyIdentifier + " is missing from the key.");
        }
        this.key.replaceSecretKey(secretKey.unlock(cArr).changePassphrase(cArr2, this.implementation, z));
        return this;
    }

    public OpenPGPKey done() {
        return this.key;
    }

    private OpenPGPKey generateOpenPGPKey(PGPPublicKey pGPPublicKey) {
        return new OpenPGPKey(PGPSecretKeyRing.replacePublicKeys(this.key.getPGPKeyRing(), PGPPublicKeyRing.insertPublicKey(this.key.getPGPPublicKeyRing(), pGPPublicKey)), this.implementation, this.policy);
    }

    private OpenPGPKey generateOpenPGPKey(PGPKeyPair pGPKeyPair, PGPPublicKey pGPPublicKey) throws PGPException {
        return new OpenPGPKey(PGPSecretKeyRing.insertSecretKey(this.key.getPGPKeyRing(), new PGPSecretKey(pGPKeyPair.getPrivateKey(), pGPPublicKey, this.implementation.pgpDigestCalculatorProvider().get(2), false, (PBESecretKeyEncryptor) null)), this.implementation, this.policy);
    }

    private void updateKey(PGPKeyPair pGPKeyPair, SignatureParameters.Callback callback, PGPPublicKey pGPPublicKey, Utils.HashedSubpacketsOperation hashedSubpacketsOperation) throws PGPException {
        SignatureParameters applySignatureParameters = Utils.applySignatureParameters(callback, SignatureParameters.subkeyBinding(this.policy));
        if (applySignatureParameters != null) {
            this.key = generateOpenPGPKey(pGPKeyPair, Utils.injectCertification(pGPKeyPair.getPublicKey(), Utils.getPgpSignatureGenerator(this.implementation, pGPPublicKey, this.primaryKey.getKeyPair().getPrivateKey(), applySignatureParameters, applySignatureParameters.getSignatureCreationTime(), hashedSubpacketsOperation), pGPPublicKey));
        }
    }
}
