package org.pgpainless.signature.consumer;

import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.concurrent.ConcurrentHashMap;
import org.bouncycastle.bcpg.sig.KeyFlags;
import org.bouncycastle.bcpg.sig.NotationData;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.algorithm.SignatureSubpacket;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.OpenPgpFingerprint;
import org.pgpainless.policy.Policy;
import org.pgpainless.signature.SignatureUtils;
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
import org.pgpainless.util.DateUtil;
import org.pgpainless.util.NotationRegistry;

/* loaded from: classes3.dex */
public abstract class SignatureValidator {

    /* renamed from: org.pgpainless.signature.consumer.SignatureValidator$20, reason: invalid class name */
    /* loaded from: classes3.dex */
    class AnonymousClass20 extends SignatureValidator {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ PGPPublicKey f23894a;

        /* renamed from: b, reason: collision with root package name */
        final /* synthetic */ PGPUserAttributeSubpacketVector f23895b;

        /* renamed from: c, reason: collision with root package name */
        final /* synthetic */ PGPPublicKey f23896c;

        @Override // org.pgpainless.signature.consumer.SignatureValidator
        public void z(PGPSignature pGPSignature) throws SignatureValidationException {
            try {
                pGPSignature.z(ImplementationFactory.a().g(), this.f23894a);
                if (pGPSignature.K(this.f23895b, this.f23896c)) {
                } else {
                    throw new SignatureValidationException("Signature over user-attribute vector is not correct.");
                }
            } catch (ClassCastException | PGPException e2) {
                throw new SignatureValidationException("Cannot verify signature over user-attribute vector.", e2);
            }
        }
    }

    public static SignatureValidator A(final PGPPublicKey pGPPublicKey) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.1
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                OpenPgpFingerprint q = OpenPgpFingerprint.q(PGPPublicKey.this);
                Long f2 = SignatureSubpacketsUtil.f(pGPSignature);
                if (f2 != null && f2.longValue() != PGPPublicKey.this.e()) {
                    throw new SignatureValidationException("Signature was not created by " + ((Object) q) + " (signature issuer: " + Long.toHexString(f2.longValue()) + ")");
                }
                OpenPgpFingerprint d2 = SignatureSubpacketsUtil.d(pGPSignature);
                if (d2 == null || d2.equals(q)) {
                    return;
                }
                throw new SignatureValidationException("Signature was not created by " + ((Object) q) + " (signature fingerprint: " + ((Object) d2) + ")");
            }
        };
    }

    public static SignatureValidator b(final PGPPublicKey pGPPublicKey, final PGPPublicKey pGPPublicKey2) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.16
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                try {
                    pGPSignature.z(ImplementationFactory.a().g(), PGPPublicKey.this);
                    if (pGPSignature.J(pGPPublicKey, PGPPublicKey.this)) {
                    } else {
                        throw new SignatureValidationException("Primary Key Binding Signature is not correct.");
                    }
                } catch (ClassCastException | PGPException e2) {
                    throw new SignatureValidationException("Cannot verify primary key binding signature correctness", e2);
                }
            }
        };
    }

    public static SignatureValidator c(final PGPPublicKey pGPPublicKey, final PGPPublicKey pGPPublicKey2) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.17
            /* JADX WARN: Removed duplicated region for block: B:11:0x0038 A[Catch: ClassCastException -> 0x0040, ClassCastException | PGPException -> 0x0042, TryCatch #2 {ClassCastException | PGPException -> 0x0042, blocks: (B:2:0x0000, B:4:0x001d, B:7:0x0026, B:11:0x0038, B:12:0x003f, B:14:0x002f), top: B:1:0x0000 }] */
            /* JADX WARN: Removed duplicated region for block: B:9:0x0037 A[RETURN] */
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public void z(org.bouncycastle.openpgp.PGPSignature r6) throws org.pgpainless.exception.SignatureValidationException {
                /*
                    r5 = this;
                    org.pgpainless.implementation.ImplementationFactory r0 = org.pgpainless.implementation.ImplementationFactory.a()     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    org.bouncycastle.openpgp.operator.PGPContentVerifierBuilderProvider r0 = r0.g()     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    org.bouncycastle.openpgp.PGPPublicKey r1 = org.bouncycastle.openpgp.PGPPublicKey.this     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    r6.z(r0, r1)     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    org.bouncycastle.openpgp.PGPPublicKey r0 = org.bouncycastle.openpgp.PGPPublicKey.this     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    long r0 = r0.e()     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    org.bouncycastle.openpgp.PGPPublicKey r2 = r2     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    long r2 = r2.e()     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    int r4 = (r0 > r2 ? 1 : (r0 == r2 ? 0 : -1))
                    if (r4 == 0) goto L2f
                    int r0 = r6.v()     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    r1 = 31
                    if (r0 != r1) goto L26
                    goto L2f
                L26:
                    org.bouncycastle.openpgp.PGPPublicKey r0 = org.bouncycastle.openpgp.PGPPublicKey.this     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    org.bouncycastle.openpgp.PGPPublicKey r1 = r2     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    boolean r6 = r6.J(r0, r1)     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    goto L35
                L2f:
                    org.bouncycastle.openpgp.PGPPublicKey r0 = r2     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    boolean r6 = r6.I(r0)     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                L35:
                    if (r6 == 0) goto L38
                    return
                L38:
                    org.pgpainless.exception.SignatureValidationException r6 = new org.pgpainless.exception.SignatureValidationException     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    java.lang.String r0 = "Signature is not correct."
                    r6.<init>(r0)     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                    throw r6     // Catch: java.lang.ClassCastException -> L40 org.bouncycastle.openpgp.PGPException -> L42
                L40:
                    r6 = move-exception
                    goto L43
                L42:
                    r6 = move-exception
                L43:
                    org.pgpainless.exception.SignatureValidationException r0 = new org.pgpainless.exception.SignatureValidationException
                    java.lang.String r1 = "Cannot verify direct-key signature correctness"
                    r0.<init>(r1, r6)
                    throw r0
                */
                throw new UnsupportedOperationException("Method not decompiled: org.pgpainless.signature.consumer.SignatureValidator.AnonymousClass17.z(org.bouncycastle.openpgp.PGPSignature):void");
            }
        };
    }

    public static SignatureValidator d(final String str, final PGPPublicKey pGPPublicKey, final PGPPublicKey pGPPublicKey2) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.19
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                try {
                    pGPSignature.z(ImplementationFactory.a().g(), PGPPublicKey.this);
                    if (pGPSignature.H(str, pGPPublicKey)) {
                        return;
                    }
                    throw new SignatureValidationException("Signature over user-id '" + str + "' is not correct.");
                } catch (ClassCastException | PGPException e2) {
                    throw new SignatureValidationException("Cannot verify signature over user-id '" + str + "'.", e2);
                }
            }
        };
    }

    public static SignatureValidator e(final PGPPublicKey pGPPublicKey, final PGPPublicKey pGPPublicKey2) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.15
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                if (PGPPublicKey.this.e() == pGPPublicKey2.e()) {
                    throw new SignatureValidationException("Primary key cannot be its own subkey.");
                }
                try {
                    pGPSignature.z(ImplementationFactory.a().g(), PGPPublicKey.this);
                    if (pGPSignature.J(PGPPublicKey.this, pGPPublicKey2)) {
                    } else {
                        throw new SignatureValidationException("Signature is not correct.");
                    }
                } catch (ClassCastException | PGPException e2) {
                    throw new SignatureValidationException("Cannot verify subkey binding signature correctness", e2);
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Policy.HashAlgorithmPolicy f(PGPSignature pGPSignature, Policy policy) {
        SignatureType valueOf = SignatureType.valueOf(pGPSignature.v());
        return (valueOf == SignatureType.CERTIFICATION_REVOCATION || valueOf == SignatureType.KEY_REVOCATION || valueOf == SignatureType.SUBKEY_REVOCATION) ? policy.e() : policy.f();
    }

    public static SignatureValidator g(final PGPPublicKey pGPPublicKey, final PGPPublicKey pGPPublicKey2, final Policy policy, final Date date) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.2
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                KeyFlags i;
                if (PublicKeyAlgorithm.requireFromId(pGPSignature.r()).isSigningCapable() && (i = SignatureSubpacketsUtil.i(pGPSignature)) != null) {
                    if (KeyFlag.hasKeyFlag(i.f(), KeyFlag.SIGN_DATA) || KeyFlag.hasKeyFlag(i.f(), KeyFlag.CERTIFY_OTHER)) {
                        try {
                            PGPSignatureList a2 = SignatureSubpacketsUtil.a(pGPSignature);
                            if (a2 == null) {
                                throw new SignatureValidationException("Missing primary key binding signature on signing capable subkey " + Long.toHexString(PGPPublicKey.this.e()), (Map<PGPSignature, Exception>) Collections.emptyMap());
                            }
                            boolean z = false;
                            ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
                            Iterator<PGPSignature> it = a2.iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                PGPSignature next = it.next();
                                if (SignatureType.valueOf(next.v()) == SignatureType.PRIMARYKEY_BINDING) {
                                    try {
                                        SignatureValidator.v(PGPPublicKey.this, policy).z(next);
                                        SignatureValidator.r(date).z(next);
                                        SignatureValidator.b(pGPPublicKey, PGPPublicKey.this).z(next);
                                        z = true;
                                        break;
                                    } catch (SignatureValidationException e2) {
                                        concurrentHashMap.put(next, e2);
                                    }
                                }
                            }
                            if (z) {
                                return;
                            }
                            throw new SignatureValidationException("Missing primary key binding signature on signing capable subkey " + Long.toHexString(PGPPublicKey.this.e()), concurrentHashMap);
                        } catch (PGPException e3) {
                            throw new SignatureValidationException("Cannot process list of embedded signatures.", e3);
                        }
                    }
                }
            }
        };
    }

    public static SignatureValidator h(final NotationRegistry notationRegistry) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.6
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                for (NotationData notationData : SignatureSubpacketsUtil.b(pGPSignature)) {
                    if (notationData.d() && !NotationRegistry.this.a(notationData.f())) {
                        throw new SignatureValidationException("Signature contains unknown critical notation '" + notationData.f() + "' in its hashed area.");
                    }
                }
            }
        };
    }

    public static SignatureValidator i() {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.7
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                for (int i : pGPSignature.q().a()) {
                    try {
                        SignatureSubpacket.requireFromCode(i);
                    } catch (NoSuchElementException unused) {
                        throw new SignatureValidationException("Signature contains unknown critical subpacket of type " + Long.toHexString(i));
                    }
                }
            }
        };
    }

    public static SignatureValidator j(final PGPPublicKey pGPPublicKey) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.13
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                Date c2 = PGPPublicKey.this.c();
                Date m = pGPSignature.m();
                if (c2.after(m)) {
                    throw new SignatureValidationException("Signature predates key (key creation: " + c2 + ", signature creation: " + m + ")");
                }
            }
        };
    }

    public static SignatureValidator k(PGPPublicKey pGPPublicKey) {
        return j(pGPPublicKey);
    }

    public static SignatureValidator l(PGPPublicKey pGPPublicKey) {
        return j(pGPPublicKey);
    }

    public static SignatureValidator m(final PGPPublicKey pGPPublicKey) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.14
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                if (PGPPublicKey.this.o()) {
                    return;
                }
                boolean z = true;
                Iterator<PGPSignature> k2 = PGPPublicKey.this.k(SignatureType.SUBKEY_BINDING.getCode());
                if (!k2.hasNext()) {
                    throw new SignatureValidationException("Signing subkey does not have a subkey binding signature.");
                }
                while (k2.hasNext()) {
                    if (!k2.next().m().after(pGPSignature.m())) {
                        z = false;
                    }
                }
                if (z) {
                    throw new SignatureValidationException("Signature was created before the signing key was bound to the key ring.");
                }
            }
        };
    }

    public static SignatureValidator n() {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.12
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                if (SignatureSubpacketsUtil.m(pGPSignature) == null) {
                    throw new SignatureValidationException("Malformed signature. Signature has no signature creation time subpacket in its hashed area.");
                }
            }
        };
    }

    public static SignatureValidator o(final Date date) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.9
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                Date f2 = SignatureSubpacketsUtil.m(pGPSignature).f();
                if (!SignatureUtils.e(pGPSignature) && f2.after(date)) {
                    throw new SignatureValidationException("Signature was created at " + f2 + " and is therefore not yet valid at " + date);
                }
            }
        };
    }

    public static SignatureValidator p() {
        return u(SignatureType.POSITIVE_CERTIFICATION, SignatureType.CASUAL_CERTIFICATION, SignatureType.GENERIC_CERTIFICATION, SignatureType.NO_CERTIFICATION);
    }

    public static SignatureValidator q() {
        return r(new Date());
    }

    public static SignatureValidator r(final Date date) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.8
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                SignatureValidator.o(date).z(pGPSignature);
                SignatureValidator.t(date).z(pGPSignature);
            }
        };
    }

    public static SignatureValidator s(final PGPPublicKey pGPPublicKey) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.11
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                if (pGPSignature.x() >= 4) {
                    SignatureValidator.n().z(pGPSignature);
                }
                SignatureValidator.l(PGPPublicKey.this).z(pGPSignature);
                if (pGPSignature.v() != SignatureType.PRIMARYKEY_BINDING.getCode()) {
                    SignatureValidator.m(PGPPublicKey.this).z(pGPSignature);
                }
            }
        };
    }

    public static SignatureValidator t(final Date date) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.10
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                Date o2;
                if (SignatureUtils.e(pGPSignature) || (o2 = SignatureSubpacketsUtil.o(pGPSignature)) == null || !o2.before(date)) {
                    return;
                }
                throw new SignatureValidationException("Signature is already expired (expiration: " + o2 + ", validation: " + date + ")");
            }
        };
    }

    public static SignatureValidator u(final SignatureType... signatureTypeArr) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.18
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                SignatureType valueOf = SignatureType.valueOf(pGPSignature.v());
                SignatureType[] signatureTypeArr2 = signatureTypeArr;
                int length = signatureTypeArr2.length;
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (valueOf == signatureTypeArr2[i]) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (z) {
                    return;
                }
                throw new SignatureValidationException("Signature is of type " + valueOf + " while only " + Arrays.toString(signatureTypeArr) + " are allowed here.");
            }
        };
    }

    public static SignatureValidator v(final PGPPublicKey pGPPublicKey, final Policy policy) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.3
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                SignatureValidator.s(PGPPublicKey.this).z(pGPSignature);
                if (pGPSignature.x() >= 4) {
                    SignatureValidator.h(policy.c()).z(pGPSignature);
                    SignatureValidator.i().z(pGPSignature);
                }
                SignatureValidator.w(policy).z(pGPSignature);
                SignatureValidator.x(policy, PGPPublicKey.this).z(pGPSignature);
            }
        };
    }

    public static SignatureValidator w(final Policy policy) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.5
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                try {
                    HashAlgorithm requireFromId = HashAlgorithm.requireFromId(pGPSignature.p());
                    if (SignatureValidator.f(pGPSignature, Policy.this).b(pGPSignature.p(), pGPSignature.m())) {
                        return;
                    }
                    throw new SignatureValidationException("Signature uses unacceptable hash algorithm " + requireFromId + " (Signature creation time: " + DateUtil.a(pGPSignature.m()) + ")");
                } catch (NoSuchElementException unused) {
                    throw new SignatureValidationException("Signature uses unknown hash algorithm " + pGPSignature.p());
                }
            }
        };
    }

    public static SignatureValidator x(final Policy policy, final PGPPublicKey pGPPublicKey) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.4
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                PublicKeyAlgorithm requireFromId = PublicKeyAlgorithm.requireFromId(PGPPublicKey.this.a());
                int b2 = PGPPublicKey.this.b();
                if (b2 == -1) {
                    throw new SignatureValidationException("Cannot determine bit strength of signing key.");
                }
                if (policy.d().b(requireFromId, b2)) {
                    return;
                }
                throw new SignatureValidationException("Signature was made using unacceptable key. " + requireFromId + " (" + b2 + " bits) is not acceptable according to the public key algorithm policy.");
            }
        };
    }

    public static SignatureValidator y(final Date date, final Date date2) {
        return new SignatureValidator() { // from class: org.pgpainless.signature.consumer.SignatureValidator.21
            @Override // org.pgpainless.signature.consumer.SignatureValidator
            public void z(PGPSignature pGPSignature) throws SignatureValidationException {
                Date m = pGPSignature.m();
                Date date3 = date;
                if (date3 != null && m.before(date3)) {
                    throw new SignatureValidationException("Signature was made before the earliest allowed signature creation time. Created: " + DateUtil.a(m) + " Earliest allowed: " + DateUtil.a(date));
                }
                Date date4 = date2;
                if (date4 == null || !m.after(date4)) {
                    return;
                }
                throw new SignatureValidationException("Signature was made after the latest allowed signature creation time. Created: " + DateUtil.a(m) + " Latest allowed: " + DateUtil.a(date2));
            }
        };
    }

    public abstract void z(PGPSignature pGPSignature) throws SignatureValidationException;
}
