package com.google.gerrit.server.contact;

import com.google.gerrit.common.errors.ContactInformationStoreException;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountExternalId;
import com.google.gerrit.reviewdb.client.ContactInformation;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.UrlEncoded;
import com.google.gerrit.server.contact.ContactStoreConnection;
import com.google.gerrit.server.util.TimeUtil;
import com.google.gwtorm.server.OrmException;
import com.google.gwtorm.server.SchemaFactory;
import com.google.inject.ProvisionException;
import com.google.inject.Singleton;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Iterator;
import java.util.TimeZone;
import org.apache.lucene.analysis.shingle.ShingleFilter;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
import org.eclipse.jgit.lib.ConfigConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:com/google/gerrit/server/contact/EncryptedContactStore.class */
class EncryptedContactStore implements ContactStore {
    private static final Logger log = LoggerFactory.getLogger(EncryptedContactStore.class);
    private static final TimeZone UTC = TimeZone.getTimeZone("UTC");
    private final SchemaFactory<ReviewDb> schema;
    private final PGPPublicKey dest;
    private final SecureRandom prng;
    private final URL storeUrl;
    private final String storeAPPSEC;
    private final ContactStoreConnection.Factory connFactory;

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptedContactStore(URL url, String str, File file, SchemaFactory<ReviewDb> schemaFactory, ContactStoreConnection.Factory factory) {
        this.storeUrl = url;
        this.storeAPPSEC = str;
        this.schema = schemaFactory;
        this.dest = selectKey(readPubRing(file));
        this.connFactory = factory;
        try {
            this.prng = SecureRandom.getInstance("SHA1PRNG");
            try {
                encrypt("test", new Date(0L), "test".getBytes("UTF-8"));
            } catch (PGPException | IOException e) {
                throw new ProvisionException("PGP encryption not available", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new ProvisionException("Cannot create SHA1PRNG", e2);
        }
    }

    @Override // com.google.gerrit.server.contact.ContactStore
    public boolean isEnabled() {
        return true;
    }

    private static PGPPublicKeyRingCollection readPubRing(File file) {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                InputStream decoderStream = PGPUtil.getDecoderStream(fileInputStream);
                Throwable th2 = null;
                try {
                    try {
                        BcPGPPublicKeyRingCollection bcPGPPublicKeyRingCollection = new BcPGPPublicKeyRingCollection(decoderStream);
                        if (decoderStream != null) {
                            if (0 != 0) {
                                try {
                                    decoderStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                decoderStream.close();
                            }
                        }
                        return bcPGPPublicKeyRingCollection;
                    } finally {
                    }
                } catch (Throwable th4) {
                    if (decoderStream != null) {
                        if (th2 != null) {
                            try {
                                decoderStream.close();
                            } catch (Throwable th5) {
                                th2.addSuppressed(th5);
                            }
                        } else {
                            decoderStream.close();
                        }
                    }
                    throw th4;
                }
            } finally {
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th6) {
                            th.addSuppressed(th6);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
            }
        } catch (PGPException e) {
            throw new ProvisionException("Cannot read " + file, e);
        } catch (IOException e2) {
            throw new ProvisionException("Cannot read " + file, e2);
        }
    }

    private static PGPPublicKey selectKey(PGPPublicKeyRingCollection pGPPublicKeyRingCollection) {
        Iterator keyRings = pGPPublicKeyRingCollection.getKeyRings();
        while (keyRings.hasNext()) {
            Iterator publicKeys = ((PGPPublicKeyRing) keyRings.next()).getPublicKeys();
            while (publicKeys.hasNext()) {
                PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKeys.next();
                if (pGPPublicKey.isEncryptionKey()) {
                    return pGPPublicKey;
                }
            }
        }
        return null;
    }

    @Override // com.google.gerrit.server.contact.ContactStore
    public void store(Account account, ContactInformation contactInformation) throws ContactInformationStoreException {
        try {
            String str = new String(encrypt("account-" + account.getId(), account.getContactFiledOn(), format(account, contactInformation).getBytes("UTF-8")), "UTF-8");
            Timestamp contactFiledOn = account.getContactFiledOn();
            UrlEncoded urlEncoded = new UrlEncoded();
            if (this.storeAPPSEC != null) {
                urlEncoded.put("APPSEC", this.storeAPPSEC);
            }
            if (account.getPreferredEmail() != null) {
                urlEncoded.put(ConfigConstants.CONFIG_KEY_EMAIL, account.getPreferredEmail());
            }
            if (contactFiledOn != null) {
                urlEncoded.put("filed", String.valueOf(contactFiledOn.getTime() / 1000));
            }
            urlEncoded.put("account_id", String.valueOf(account.getId().get()));
            urlEncoded.put("data", str);
            this.connFactory.open(this.storeUrl).store(urlEncoded.toString().getBytes("UTF-8"));
        } catch (IOException | PGPException e) {
            log.error("Cannot store encrypted contact information", (Throwable) e);
            throw new ContactInformationStoreException(e);
        }
    }

    private final PGPEncryptedDataGenerator cpk() {
        PGPEncryptedDataGenerator pGPEncryptedDataGenerator = new PGPEncryptedDataGenerator(new BcPGPDataEncryptorBuilder(3).setSecureRandom(this.prng), true);
        pGPEncryptedDataGenerator.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(this.dest));
        return pGPEncryptedDataGenerator;
    }

    private byte[] encrypt(String str, Date date, byte[] bArr) throws PGPException, IOException {
        byte[] compress = compress(str, date, bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(byteArrayOutputStream);
        OutputStream open = cpk().open(armoredOutputStream, compress.length);
        open.write(compress);
        open.close();
        armoredOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    private static byte[] compress(String str, Date date, byte[] bArr) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int length = bArr.length;
        if (date == null) {
            date = PGPLiteralData.NOW;
        }
        PGPCompressedDataGenerator pGPCompressedDataGenerator = new PGPCompressedDataGenerator(1);
        OutputStream open = new PGPLiteralDataGenerator().open(pGPCompressedDataGenerator.open(byteArrayOutputStream), 'b', str, length, date);
        open.write(bArr);
        open.close();
        pGPCompressedDataGenerator.close();
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX WARN: Finally extract failed */
    private String format(Account account, ContactInformation contactInformation) throws ContactInformationStoreException {
        Timestamp contactFiledOn = account.getContactFiledOn();
        if (contactFiledOn == null) {
            contactFiledOn = TimeUtil.nowTs();
        }
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS");
        simpleDateFormat.setTimeZone(UTC);
        StringBuilder sb = new StringBuilder();
        field(sb, "Account-Id", account.getId().toString());
        field(sb, "Date", simpleDateFormat.format((Date) contactFiledOn) + ShingleFilter.DEFAULT_TOKEN_SEPARATOR + UTC.getID());
        field(sb, "Full-Name", account.getFullName());
        field(sb, "Preferred-Email", account.getPreferredEmail());
        try {
            ReviewDb open = this.schema.open();
            try {
                for (AccountExternalId accountExternalId : open.accountExternalIds().byAccount(account.getId())) {
                    StringBuilder sb2 = new StringBuilder();
                    if (accountExternalId.getEmailAddress() != null && accountExternalId.getEmailAddress().length() > 0) {
                        if (sb2.length() > 0) {
                            sb2.append(' ');
                        }
                        sb2.append(accountExternalId.getEmailAddress());
                    }
                    if (accountExternalId.isScheme(AccountExternalId.SCHEME_MAILTO)) {
                        if (sb2.length() > 0) {
                            sb2.append(' ');
                        }
                        sb2.append('<');
                        sb2.append(accountExternalId.getExternalId());
                        sb2.append('>');
                    }
                    field(sb, "Identity", sb2.toString());
                }
                open.close();
                field(sb, "Address", contactInformation.getAddress());
                field(sb, "Country", contactInformation.getCountry());
                field(sb, "Phone-Number", contactInformation.getPhoneNumber());
                field(sb, "Fax-Number", contactInformation.getFaxNumber());
                return sb.toString();
            } catch (Throwable th) {
                open.close();
                throw th;
            }
        } catch (OrmException e) {
            throw new ContactInformationStoreException(e);
        }
    }

    private static void field(StringBuilder sb, String str, String str2) {
        if (str2 == null) {
            return;
        }
        String trim = str2.trim();
        if (trim.length() == 0) {
            return;
        }
        sb.append(str);
        sb.append(':');
        if (trim.indexOf(10) == -1) {
            sb.append(' ');
            sb.append(trim);
        } else {
            String replaceAll = trim.replaceAll("\r\n", "\n").replaceAll("\n", "\n\t");
            sb.append("\n\t");
            sb.append(replaceAll);
        }
        sb.append('\n');
    }
}
