package org.bouncycastle.openpgp;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Date;
import org.bouncycastle.bcpg.HashUtils;
import org.bouncycastle.bcpg.MPInteger;
import org.bouncycastle.bcpg.OnePassSignaturePacket;
import org.bouncycastle.bcpg.SignaturePacket;
import org.bouncycastle.bcpg.SignatureSubpacket;
import org.bouncycastle.bcpg.sig.IssuerFingerprint;
import org.bouncycastle.bcpg.sig.IssuerKeyID;
import org.bouncycastle.bcpg.sig.SignatureCreationTime;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.openpgp.operator.PGPContentSigner;
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;

/* loaded from: input_file:org/bouncycastle/openpgp/PGPSignatureGenerator.class */
public class PGPSignatureGenerator extends PGPDefaultSignatureGenerator {
    private SignatureSubpacket[] unhashed;
    private SignatureSubpacket[] hashed;
    private PGPContentSignerBuilder contentSignerBuilder;
    private PGPContentSigner contentSigner;
    private int providedKeyAlgorithm;
    private PGPPublicKey signingPubKey;
    private byte[] salt;

    public PGPSignatureGenerator(PGPContentSignerBuilder pGPContentSignerBuilder) {
        this(pGPContentSignerBuilder, 4);
    }

    PGPSignatureGenerator(PGPContentSignerBuilder pGPContentSignerBuilder, int i) {
        super(i);
        this.unhashed = new SignatureSubpacket[0];
        this.hashed = new SignatureSubpacket[0];
        this.providedKeyAlgorithm = -1;
        this.contentSignerBuilder = pGPContentSignerBuilder;
    }

    public PGPSignatureGenerator(PGPContentSignerBuilder pGPContentSignerBuilder, PGPPublicKey pGPPublicKey) {
        this(pGPContentSignerBuilder, pGPPublicKey, pGPPublicKey.getVersion());
    }

    public PGPSignatureGenerator(PGPContentSignerBuilder pGPContentSignerBuilder, PGPPublicKey pGPPublicKey, int i) {
        this(pGPContentSignerBuilder, i);
        this.signingPubKey = pGPPublicKey;
        if (pGPPublicKey.getVersion() == 6 && i != 6) {
            throw new IllegalArgumentException("Version 6 keys MUST only generate version 6 signatures.");
        }
    }

    public void init(int i, PGPPrivateKey pGPPrivateKey) throws PGPException {
        if (i == 255) {
            throw new PGPException("Illegal signature type 0xFF provided.");
        }
        this.contentSigner = this.contentSignerBuilder.build(i, pGPPrivateKey);
        this.sigOut = this.contentSigner.getOutputStream();
        this.sigType = this.contentSigner.getType();
        this.lastb = (byte) 0;
        if (this.providedKeyAlgorithm >= 0 && this.providedKeyAlgorithm != this.contentSigner.getKeyAlgorithm()) {
            throw new PGPException("key algorithm mismatch");
        }
        if (pGPPrivateKey.getPublicKeyPacket().getVersion() != this.version) {
            throw new PGPException("Key version mismatch.");
        }
        if (this.version == 6) {
            this.salt = new byte[HashUtils.getV6SignatureSaltSizeInBytes(this.contentSigner.getHashAlgorithm())];
            CryptoServicesRegistrar.getSecureRandom().nextBytes(this.salt);
            try {
                this.sigOut.write(this.salt);
            } catch (IOException e) {
                throw new PGPException("Cannot update signature with salt.");
            }
        }
    }

    public void setHashedSubpackets(PGPSignatureSubpacketVector pGPSignatureSubpacketVector) {
        if (pGPSignatureSubpacketVector == null) {
            this.hashed = new SignatureSubpacket[0];
        } else {
            this.hashed = pGPSignatureSubpacketVector.toSubpacketArray();
        }
    }

    public void setUnhashedSubpackets(PGPSignatureSubpacketVector pGPSignatureSubpacketVector) {
        if (pGPSignatureSubpacketVector == null) {
            this.unhashed = new SignatureSubpacket[0];
        } else {
            this.unhashed = pGPSignatureSubpacketVector.toSubpacketArray();
        }
    }

    public PGPOnePassSignature generateOnePassVersion(boolean z) throws PGPException {
        return this.version == 6 ? new PGPOnePassSignature(v6OPSPacket(z)) : new PGPOnePassSignature(v3OPSPacket(z));
    }

    private OnePassSignaturePacket v3OPSPacket(boolean z) {
        return new OnePassSignaturePacket(this.sigType, this.contentSigner.getHashAlgorithm(), this.contentSigner.getKeyAlgorithm(), this.contentSigner.getKeyID(), z);
    }

    private OnePassSignaturePacket v6OPSPacket(boolean z) {
        return new OnePassSignaturePacket(this.sigType, this.contentSigner.getHashAlgorithm(), this.contentSigner.getKeyAlgorithm(), this.salt, this.signingPubKey.getFingerprint(), z);
    }

    public PGPSignature generate() throws PGPException {
        MPInteger[] dsaSigToMpi;
        prepareSignatureSubpackets();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write((byte) this.version);
            byteArrayOutputStream.write((byte) this.sigType);
            byteArrayOutputStream.write((byte) this.contentSigner.getKeyAlgorithm());
            byteArrayOutputStream.write((byte) this.contentSigner.getHashAlgorithm());
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            for (int i = 0; i != this.hashed.length; i++) {
                this.hashed[i].encode(byteArrayOutputStream2);
            }
            byte[] byteArray = byteArrayOutputStream2.toByteArray();
            if (this.version == 6) {
                byteArrayOutputStream.write((byte) (byteArray.length >> 24));
                byteArrayOutputStream.write((byte) (byteArray.length >> 16));
            }
            byteArrayOutputStream.write((byte) (byteArray.length >> 8));
            byteArrayOutputStream.write((byte) byteArray.length);
            byteArrayOutputStream.write(byteArray);
            int length = byteArrayOutputStream.toByteArray().length;
            byteArrayOutputStream.write((byte) this.version);
            byteArrayOutputStream.write(-1);
            byteArrayOutputStream.write((byte) (length >> 24));
            byteArrayOutputStream.write((byte) (length >> 16));
            byteArrayOutputStream.write((byte) (length >> 8));
            byteArrayOutputStream.write((byte) length);
            byte[] byteArray2 = byteArrayOutputStream.toByteArray();
            blockUpdate(byteArray2, 0, byteArray2.length);
            switch (this.contentSigner.getKeyAlgorithm()) {
                case 1:
                case 3:
                    dsaSigToMpi = new MPInteger[]{new MPInteger(new BigInteger(1, this.contentSigner.getSignature()))};
                    break;
                case 22:
                    byte[] signature = this.contentSigner.getSignature();
                    dsaSigToMpi = new MPInteger[]{new MPInteger(new BigInteger(1, Arrays.copyOfRange(signature, 0, signature.length / 2))), new MPInteger(new BigInteger(1, Arrays.copyOfRange(signature, signature.length / 2, signature.length)))};
                    break;
                case 27:
                case 28:
                    dsaSigToMpi = null;
                    break;
                default:
                    dsaSigToMpi = PGPUtil.dsaSigToMpi(this.contentSigner.getSignature());
                    break;
            }
            byte[] digest = this.contentSigner.getDigest();
            byte[] bArr = {digest[0], digest[1]};
            return new PGPSignature(dsaSigToMpi != null ? new SignaturePacket(this.version, this.sigType, this.contentSigner.getKeyID(), this.contentSigner.getKeyAlgorithm(), this.contentSigner.getHashAlgorithm(), this.hashed, this.unhashed, bArr, dsaSigToMpi, this.salt) : new SignaturePacket(this.version, this.sigType, this.contentSigner.getKeyID(), this.contentSigner.getKeyAlgorithm(), this.contentSigner.getHashAlgorithm(), this.hashed, this.unhashed, bArr, this.contentSigner.getSignature(), this.salt));
        } catch (IOException e) {
            throw new PGPException("exception encoding hashed data.", e);
        }
    }

    protected void prepareSignatureSubpackets() throws PGPException {
        switch (this.version) {
            case 4:
            case 5:
                if (packetNotPresent(this.hashed, 2)) {
                    this.hashed = insertSubpacket(this.hashed, new SignatureCreationTime(true, new Date()));
                }
                if (packetNotPresent(this.hashed, 16) && packetNotPresent(this.unhashed, 16)) {
                    this.unhashed = insertSubpacket(this.unhashed, new IssuerKeyID(false, this.contentSigner.getKeyID()));
                    return;
                }
                return;
            case 6:
                if (packetNotPresent(this.hashed, 2)) {
                    this.hashed = insertSubpacket(this.hashed, new SignatureCreationTime(true, new Date()));
                }
                if (packetNotPresent(this.hashed, 33) && packetNotPresent(this.unhashed, 33) && this.signingPubKey != null) {
                    this.hashed = insertSubpacket(this.hashed, new IssuerFingerprint(true, this.version, this.signingPubKey.getFingerprint()));
                    return;
                }
                return;
            default:
                return;
        }
    }

    public PGPSignature generateCertification(String str, PGPPublicKey pGPPublicKey) throws PGPException {
        updateWithPublicKey(pGPPublicKey);
        updateWithIdData(180, Strings.toUTF8ByteArray(str));
        return generate();
    }

    public PGPSignature generateCertification(PGPUserAttributeSubpacketVector pGPUserAttributeSubpacketVector, PGPPublicKey pGPPublicKey) throws PGPException {
        updateWithPublicKey(pGPPublicKey);
        getAttributesHash(pGPUserAttributeSubpacketVector);
        return generate();
    }

    public PGPSignature generateCertification(PGPPublicKey pGPPublicKey, PGPPublicKey pGPPublicKey2) throws PGPException {
        updateWithPublicKey(pGPPublicKey);
        updateWithPublicKey(pGPPublicKey2);
        return generate();
    }

    public PGPSignature generateCertification(PGPPublicKey pGPPublicKey) throws PGPException {
        if ((this.sigType == 40 || this.sigType == 24) && !pGPPublicKey.isMasterKey()) {
            throw new IllegalArgumentException("certifications involving subkey requires public key of revoking key as well.");
        }
        updateWithPublicKey(pGPPublicKey);
        return generate();
    }

    private boolean packetNotPresent(SignatureSubpacket[] signatureSubpacketArr, int i) {
        for (int i2 = 0; i2 != signatureSubpacketArr.length; i2++) {
            if (signatureSubpacketArr[i2].getType() == i) {
                return false;
            }
        }
        return true;
    }

    private SignatureSubpacket[] insertSubpacket(SignatureSubpacket[] signatureSubpacketArr, SignatureSubpacket signatureSubpacket) {
        SignatureSubpacket[] signatureSubpacketArr2 = new SignatureSubpacket[signatureSubpacketArr.length + 1];
        signatureSubpacketArr2[0] = signatureSubpacket;
        System.arraycopy(signatureSubpacketArr, 0, signatureSubpacketArr2, 1, signatureSubpacketArr.length);
        return signatureSubpacketArr2;
    }
}
