package org.pgpainless.signature.consumer;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import org.bouncycastle.bcpg.sig.KeyFlags;
import org.bouncycastle.bcpg.sig.SignerUserID;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.key.util.KeyRingUtils;
import org.pgpainless.policy.Policy;
import org.pgpainless.signature.SignatureUtils;
import org.pgpainless.signature.consumer.SignatureCreationDateComparator;
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public final class CertificateValidator {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f23868a = LoggerFactory.i(CertificateValidator.class);

    private CertificateValidator() {
    }

    public static boolean a(PGPSignature pGPSignature, PGPPublicKeyRing pGPPublicKeyRing, Policy policy) throws SignatureValidationException {
        KeyFlags i;
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        long b2 = SignatureUtils.b(pGPSignature);
        PGPPublicKey b3 = pGPPublicKeyRing.b(b2);
        if (b3 == null) {
            throw new SignatureValidationException("Provided key ring does not contain a subkey with id " + Long.toHexString(b2));
        }
        PGPPublicKey a2 = pGPPublicKeyRing.a();
        ArrayList arrayList = new ArrayList();
        Iterator<PGPSignature> k2 = a2.k(SignatureType.KEY_REVOCATION.getCode());
        while (k2.hasNext()) {
            PGPSignature next = k2.next();
            if (next.s() == a2.e()) {
                try {
                    if (SignatureVerifier.d(next, a2, policy, pGPSignature.m())) {
                        arrayList.add(next);
                    }
                } catch (SignatureValidationException e2) {
                    concurrentHashMap.put(next, e2);
                    f23868a.debug("Rejecting key revocation signature: {}", e2.getMessage(), e2);
                }
            }
        }
        Iterator<PGPSignature> k3 = a2.k(SignatureType.DIRECT_KEY.getCode());
        while (k3.hasNext()) {
            PGPSignature next2 = k3.next();
            if (next2.s() == a2.e()) {
                try {
                    if (SignatureVerifier.b(next2, a2, policy, pGPSignature.m())) {
                        arrayList.add(next2);
                    }
                } catch (SignatureValidationException e3) {
                    concurrentHashMap.put(next2, e3);
                    f23868a.debug("Rejecting key signature: {}", e3.getMessage(), e3);
                }
            }
        }
        Collections.sort(arrayList, new SignatureValidityComparator(SignatureCreationDateComparator.Order.NEW_TO_OLD));
        if (!arrayList.isEmpty() && ((PGPSignature) arrayList.get(0)).v() == SignatureType.KEY_REVOCATION.getCode()) {
            throw new SignatureValidationException("Primary key has been revoked.");
        }
        List<String> a3 = KeyRingUtils.a(a2);
        ConcurrentHashMap concurrentHashMap2 = new ConcurrentHashMap();
        for (String str : a3) {
            ArrayList arrayList2 = new ArrayList();
            Iterator<PGPSignature> i2 = a2.i(str);
            while (i2.hasNext()) {
                PGPSignature next3 = i2.next();
                if (next3.s() == a2.e()) {
                    try {
                        if (SignatureVerifier.g(str, next3, a2, policy, pGPSignature.m())) {
                            arrayList2.add(next3);
                        }
                    } catch (SignatureValidationException e4) {
                        concurrentHashMap.put(next3, e4);
                        f23868a.debug("Rejecting user-id signature: {}", e4.getMessage(), e4);
                    }
                }
            }
            Collections.sort(arrayList2, new SignatureValidityComparator(SignatureCreationDateComparator.Order.NEW_TO_OLD));
            concurrentHashMap2.put(str, arrayList2);
        }
        boolean z = !concurrentHashMap2.keySet().isEmpty();
        boolean z2 = false;
        for (String str2 : concurrentHashMap2.keySet()) {
            if (!((List) concurrentHashMap2.get(str2)).isEmpty()) {
                if (((PGPSignature) ((List) concurrentHashMap2.get(str2)).get(0)).v() == SignatureType.CERTIFICATION_REVOCATION.getCode()) {
                    f23868a.debug("User-ID '{}' is revoked.", str2);
                } else {
                    z2 = true;
                }
            }
        }
        if (z && !z2) {
            throw new SignatureValidationException("No valid user-id found.", concurrentHashMap);
        }
        SignerUserID q = SignatureSubpacketsUtil.q(pGPSignature);
        if (q != null && policy.g() == Policy.SignerUserIdValidationLevel.STRICT) {
            List list = (List) concurrentHashMap2.get(q.f());
            if (list == null || list.isEmpty()) {
                throw new SignatureValidationException("Signature was allegedly made by user-id '" + q.f() + "' but we have no valid signatures for that on the certificate.");
            }
            if (((PGPSignature) list.get(0)).v() == SignatureType.CERTIFICATION_REVOCATION.getCode()) {
                throw new SignatureValidationException("Signature was made with user-id '" + q.f() + "' which is revoked.");
            }
        }
        if (b3 != a2) {
            ArrayList arrayList3 = new ArrayList();
            Iterator<PGPSignature> k4 = b3.k(SignatureType.SUBKEY_REVOCATION.getCode());
            while (k4.hasNext()) {
                PGPSignature next4 = k4.next();
                if (next4.s() == a2.e()) {
                    try {
                        if (SignatureVerifier.h(next4, a2, b3, policy, pGPSignature.m())) {
                            arrayList3.add(next4);
                        }
                    } catch (SignatureValidationException e5) {
                        concurrentHashMap.put(next4, e5);
                        f23868a.debug("Rejecting subkey revocation signature: {}", e5.getMessage(), e5);
                    }
                }
            }
            Iterator<PGPSignature> k5 = b3.k(SignatureType.SUBKEY_BINDING.getCode());
            while (k5.hasNext()) {
                PGPSignature next5 = k5.next();
                try {
                    if (SignatureVerifier.i(next5, a2, b3, policy, pGPSignature.m())) {
                        arrayList3.add(next5);
                    }
                } catch (SignatureValidationException e6) {
                    concurrentHashMap.put(next5, e6);
                    f23868a.debug("Rejecting subkey binding signature: {}", e6.getMessage(), e6);
                }
            }
            Collections.sort(arrayList3, new SignatureValidityComparator(SignatureCreationDateComparator.Order.NEW_TO_OLD));
            if (arrayList3.isEmpty()) {
                throw new SignatureValidationException("Subkey is not bound.", concurrentHashMap);
            }
            PGPSignature pGPSignature2 = (PGPSignature) arrayList3.get(0);
            if (pGPSignature2.v() == SignatureType.SUBKEY_REVOCATION.getCode()) {
                throw new SignatureValidationException("Subkey is revoked.");
            }
            KeyFlags i3 = SignatureSubpacketsUtil.i(pGPSignature2);
            if (i3 == null) {
                if (arrayList.isEmpty()) {
                    throw new SignatureValidationException("Signature was made by key which is not capable of signing (no keyflags on binding sig, no direct-key sig).");
                }
                KeyFlags i4 = SignatureSubpacketsUtil.i((PGPSignature) arrayList.get(0));
                if (i4 == null || !KeyFlag.hasKeyFlag(i4.f(), KeyFlag.SIGN_DATA)) {
                    throw new SignatureValidationException("Signature was made by key which is not capable of signing (no keyflags on binding sig, no SIGN flag on direct-key sig).");
                }
            } else if (!KeyFlag.hasKeyFlag(i3.f(), KeyFlag.SIGN_DATA)) {
                throw new SignatureValidationException("Signature was made by key which is not capable of signing (no SIGN flag on binding sig).");
            }
        } else if (!arrayList.isEmpty() && (i = SignatureSubpacketsUtil.i((PGPSignature) arrayList.get(0))) != null) {
            KeyFlag.hasKeyFlag(i.f(), KeyFlag.SIGN_DATA);
            return true;
        }
        return true;
    }

    public static boolean b(PGPSignature pGPSignature, PGPPublicKeyRing pGPPublicKeyRing, Policy policy) throws SignatureValidationException {
        a(pGPSignature, pGPPublicKeyRing, policy);
        SignatureVerifier.c(pGPSignature, pGPPublicKeyRing.b(SignatureUtils.b(pGPSignature)), policy, pGPSignature.m());
        return true;
    }

    public static boolean c(OnePassSignatureCheck onePassSignatureCheck, Policy policy) throws SignatureValidationException {
        PGPSignature b2 = onePassSignatureCheck.b();
        a(b2, onePassSignatureCheck.c(), policy);
        SignatureVerifier.e(b2, onePassSignatureCheck.c().b(b2.s()), onePassSignatureCheck, policy);
        return true;
    }
}
