package org.pgpainless.key.util;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.SecureRandom;
import kotlin.Metadata;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import org.bouncycastle.bcpg.BCPGKey;
import org.bouncycastle.bcpg.DSAPublicBCPGKey;
import org.bouncycastle.bcpg.DSASecretBCPGKey;
import org.bouncycastle.bcpg.EdDSAPublicBCPGKey;
import org.bouncycastle.bcpg.EdSecretBCPGKey;
import org.bouncycastle.bcpg.ElGamalPublicBCPGKey;
import org.bouncycastle.bcpg.ElGamalSecretBCPGKey;
import org.bouncycastle.bcpg.RSAPublicBCPGKey;
import org.bouncycastle.bcpg.RSASecretBCPGKey;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.io.Streams;
import org.jetbrains.annotations.NotNull;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.algorithm.Trustworthiness;
import org.pgpainless.bouncycastle.extensions.PGPPublicKeyExtensionsKt;
import org.pgpainless.encryption_signing.EncryptionStreamKt;
import org.pgpainless.exception.KeyIntegrityException;
import org.pgpainless.implementation.ImplementationFactory;

/* compiled from: PublicKeyParameterValidationUtil.kt */
@Metadata(mv = {1, 8, Trustworthiness.NOT_TRUSTED}, k = 1, xi = 48, d1 = {"��\f\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0003\u0018�� \u00032\u00020\u0001:\u0001\u0003B\u0005¢\u0006\u0002\u0010\u0002¨\u0006\u0004"}, d2 = {"Lorg/pgpainless/key/util/PublicKeyParameterValidationUtil;", "", "()V", "Companion", "pgpainless-core"})
/* loaded from: input_file:org/pgpainless/key/util/PublicKeyParameterValidationUtil.class */
public final class PublicKeyParameterValidationUtil {

    @NotNull
    public static final Companion Companion = new Companion(null);

    /* compiled from: PublicKeyParameterValidationUtil.kt */
    @Metadata(mv = {1, 8, Trustworthiness.NOT_TRUSTED}, k = 1, xi = 48, d1 = {"��P\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\bH\u0003J\u0018\u0010\t\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\bH\u0003J\u0018\u0010\n\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u000b2\u0006\u0010\u0007\u001a\u00020\fH\u0003J\u0018\u0010\r\u001a\u00020\u00042\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0007\u001a\u00020\u0010H\u0003J\u0018\u0010\u0011\u001a\u00020\u00042\u0006\u0010\u000e\u001a\u00020\u00122\u0006\u0010\u0007\u001a\u00020\u0013H\u0003J\u0018\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\bH\u0007J\u0018\u0010\u0016\u001a\u00020\u00042\u0006\u0010\u000e\u001a\u00020\u00172\u0006\u0010\u0007\u001a\u00020\u0018H\u0003¨\u0006\u0019"}, d2 = {"Lorg/pgpainless/key/util/PublicKeyParameterValidationUtil$Companion;", "", "()V", "verifyCanDecrypt", "", "privateKey", "Lorg/bouncycastle/openpgp/PGPPrivateKey;", "publicKey", "Lorg/bouncycastle/openpgp/PGPPublicKey;", "verifyCanSign", "verifyDsaKeyIntegrity", "Lorg/bouncycastle/bcpg/DSASecretBCPGKey;", "Lorg/bouncycastle/bcpg/DSAPublicBCPGKey;", "verifyEdDsaKeyIntegrity", "secretKey", "Lorg/bouncycastle/bcpg/EdSecretBCPGKey;", "Lorg/bouncycastle/bcpg/EdDSAPublicBCPGKey;", "verifyElGamalKeyIntegrity", "Lorg/bouncycastle/bcpg/ElGamalSecretBCPGKey;", "Lorg/bouncycastle/bcpg/ElGamalPublicBCPGKey;", "verifyPublicKeyParameterIntegrity", "", "verifyRSAKeyIntegrity", "Lorg/bouncycastle/bcpg/RSASecretBCPGKey;", "Lorg/bouncycastle/bcpg/RSAPublicBCPGKey;", "pgpainless-core"})
    @SourceDebugExtension({"SMAP\nPublicKeyParameterValidationUtil.kt\nKotlin\n*S Kotlin\n*F\n+ 1 PublicKeyParameterValidationUtil.kt\norg/pgpainless/key/util/PublicKeyParameterValidationUtil$Companion\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,287:1\n1#2:288\n*E\n"})
    /* loaded from: input_file:org/pgpainless/key/util/PublicKeyParameterValidationUtil$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        @JvmStatic
        public final void verifyPublicKeyParameterIntegrity(@NotNull PGPPrivateKey pGPPrivateKey, @NotNull PGPPublicKey pGPPublicKey) throws KeyIntegrityException {
            Intrinsics.checkNotNullParameter(pGPPrivateKey, "privateKey");
            Intrinsics.checkNotNullParameter(pGPPublicKey, "publicKey");
            PublicKeyAlgorithm publicKeyAlgorithm = PGPPublicKeyExtensionsKt.getPublicKeyAlgorithm(pGPPublicKey);
            boolean z = true;
            BCPGKey privateKeyDataPacket = pGPPrivateKey.getPrivateKeyDataPacket();
            BCPGKey privateKeyDataPacket2 = pGPPrivateKey.getPrivateKeyDataPacket();
            if (privateKeyDataPacket2 instanceof RSASecretBCPGKey) {
                Intrinsics.checkNotNull(privateKeyDataPacket, "null cannot be cast to non-null type org.bouncycastle.bcpg.RSASecretBCPGKey");
                BCPGKey key = pGPPublicKey.getPublicKeyPacket().getKey();
                Intrinsics.checkNotNull(key, "null cannot be cast to non-null type org.bouncycastle.bcpg.RSAPublicBCPGKey");
                z = verifyRSAKeyIntegrity((RSASecretBCPGKey) privateKeyDataPacket, (RSAPublicBCPGKey) key);
            } else if (privateKeyDataPacket2 instanceof EdSecretBCPGKey) {
                Intrinsics.checkNotNull(privateKeyDataPacket, "null cannot be cast to non-null type org.bouncycastle.bcpg.EdSecretBCPGKey");
                BCPGKey key2 = pGPPublicKey.getPublicKeyPacket().getKey();
                Intrinsics.checkNotNull(key2, "null cannot be cast to non-null type org.bouncycastle.bcpg.EdDSAPublicBCPGKey");
                z = verifyEdDsaKeyIntegrity((EdSecretBCPGKey) privateKeyDataPacket, (EdDSAPublicBCPGKey) key2);
            } else if (privateKeyDataPacket2 instanceof DSASecretBCPGKey) {
                Intrinsics.checkNotNull(privateKeyDataPacket, "null cannot be cast to non-null type org.bouncycastle.bcpg.DSASecretBCPGKey");
                BCPGKey key3 = pGPPublicKey.getPublicKeyPacket().getKey();
                Intrinsics.checkNotNull(key3, "null cannot be cast to non-null type org.bouncycastle.bcpg.DSAPublicBCPGKey");
                z = verifyDsaKeyIntegrity((DSASecretBCPGKey) privateKeyDataPacket, (DSAPublicBCPGKey) key3);
            } else if (privateKeyDataPacket2 instanceof ElGamalSecretBCPGKey) {
                Intrinsics.checkNotNull(privateKeyDataPacket, "null cannot be cast to non-null type org.bouncycastle.bcpg.ElGamalSecretBCPGKey");
                BCPGKey key4 = pGPPublicKey.getPublicKeyPacket().getKey();
                Intrinsics.checkNotNull(key4, "null cannot be cast to non-null type org.bouncycastle.bcpg.ElGamalPublicBCPGKey");
                z = verifyElGamalKeyIntegrity((ElGamalSecretBCPGKey) privateKeyDataPacket, (ElGamalPublicBCPGKey) key4);
            }
            if (!z) {
                throw new KeyIntegrityException();
            }
            if (publicKeyAlgorithm.isSigningCapable()) {
                z = verifyCanSign(pGPPrivateKey, pGPPublicKey);
            }
            if (publicKeyAlgorithm.isEncryptionCapable()) {
                z &= verifyCanDecrypt(pGPPrivateKey, pGPPublicKey);
            }
            if (!z) {
                throw new KeyIntegrityException();
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        @JvmStatic
        public final boolean verifyRSAKeyIntegrity(RSASecretBCPGKey rSASecretBCPGKey, RSAPublicBCPGKey rSAPublicBCPGKey) throws KeyIntegrityException {
            return rSAPublicBCPGKey.getModulus().equals(rSASecretBCPGKey.getPrimeP().multiply(rSASecretBCPGKey.getPrimeQ()));
        }

        /* JADX INFO: Access modifiers changed from: private */
        @JvmStatic
        public final boolean verifyEdDsaKeyIntegrity(EdSecretBCPGKey edSecretBCPGKey, EdDSAPublicBCPGKey edDSAPublicBCPGKey) throws KeyIntegrityException {
            return true;
        }

        /* JADX INFO: Access modifiers changed from: private */
        @JvmStatic
        public final boolean verifyDsaKeyIntegrity(DSASecretBCPGKey dSASecretBCPGKey, DSAPublicBCPGKey dSAPublicBCPGKey) throws KeyIntegrityException {
            BigInteger g = dSAPublicBCPGKey.getG();
            BigInteger p = dSAPublicBCPGKey.getP();
            BigInteger q = dSAPublicBCPGKey.getQ();
            BigInteger y = dSAPublicBCPGKey.getY();
            BigInteger x = dSASecretBCPGKey.getX();
            if (!p.isProbablePrime(40) || !q.isProbablePrime(40)) {
                return false;
            }
            if (!(q.bitLength() > 160) || !Intrinsics.areEqual(p.subtract(BigInteger.ONE).mod(q), BigInteger.ZERO)) {
                return false;
            }
            if ((Intrinsics.areEqual(BigInteger.ONE.max(g), g) && Intrinsics.areEqual(g.max(p), p)) && Intrinsics.areEqual(g.modPow(q, p), BigInteger.ONE)) {
                return Intrinsics.areEqual(y, g.modPow(x, p));
            }
            return false;
        }

        /* JADX INFO: Access modifiers changed from: private */
        @JvmStatic
        public final boolean verifyElGamalKeyIntegrity(ElGamalSecretBCPGKey elGamalSecretBCPGKey, ElGamalPublicBCPGKey elGamalPublicBCPGKey) throws KeyIntegrityException {
            BigInteger p = elGamalPublicBCPGKey.getP();
            BigInteger g = elGamalPublicBCPGKey.getG();
            BigInteger y = elGamalPublicBCPGKey.getY();
            BigInteger bigInteger = BigInteger.ONE;
            if (Intrinsics.areEqual(g.min(bigInteger), g) || Intrinsics.areEqual(g.max(p), g) || p.bitLength() < 1023 || !Intrinsics.areEqual(g.modPow(p.subtract(bigInteger), p), bigInteger)) {
                return false;
            }
            BigInteger bigInteger2 = g;
            for (int i = 1; i < 262144; i++) {
                bigInteger2 = bigInteger2.multiply(g).mod(p);
                if (Intrinsics.areEqual(bigInteger2, bigInteger)) {
                    return false;
                }
            }
            return Intrinsics.areEqual(y, g.modPow(p.subtract(bigInteger).multiply(new BigInteger(p.bitLength(), new SecureRandom())).add(elGamalSecretBCPGKey.getX()), p));
        }

        /* JADX INFO: Access modifiers changed from: private */
        @JvmStatic
        public final boolean verifyCanSign(PGPPrivateKey pGPPrivateKey, PGPPublicKey pGPPublicKey) {
            boolean z;
            byte[] bArr = new byte[EncryptionStreamKt.BUFFER_SIZE];
            new SecureRandom().nextBytes(bArr);
            PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(ImplementationFactory.Companion.getInstance().getPGPContentSignerBuilder(PublicKeyAlgorithm.Companion.requireFromId(pGPPublicKey.getAlgorithm()), HashAlgorithm.SHA256));
            try {
                pGPSignatureGenerator.init(SignatureType.TIMESTAMP.getCode(), pGPPrivateKey);
                pGPSignatureGenerator.update(bArr);
                PGPSignature generate = pGPSignatureGenerator.generate();
                generate.init(ImplementationFactory.Companion.getInstance().mo63getPgpContentVerifierBuilderProvider(), pGPPublicKey);
                generate.update(bArr);
                z = generate.verify();
            } catch (PGPException e) {
                z = false;
            }
            return z;
        }

        /* JADX INFO: Access modifiers changed from: private */
        @JvmStatic
        public final boolean verifyCanDecrypt(PGPPrivateKey pGPPrivateKey, PGPPublicKey pGPPublicKey) {
            byte[] bArr = new byte[1024];
            new SecureRandom().nextBytes(bArr);
            PGPEncryptedDataGenerator pGPEncryptedDataGenerator = new PGPEncryptedDataGenerator(ImplementationFactory.Companion.getInstance().getPGPDataEncryptorBuilder(SymmetricKeyAlgorithm.AES_256));
            pGPEncryptedDataGenerator.addMethod(ImplementationFactory.Companion.getInstance().getPublicKeyKeyEncryptionMethodGenerator(pGPPublicKey));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                pGPEncryptedDataGenerator.open(byteArrayOutputStream, new byte[1024]).write(bArr);
                pGPEncryptedDataGenerator.close();
                PGPEncryptedDataList pGPEncryptedDataList = new PGPEncryptedDataList(byteArrayOutputStream.toByteArray());
                PublicKeyDataDecryptorFactory publicKeyDataDecryptorFactory = ImplementationFactory.Companion.getInstance().getPublicKeyDataDecryptorFactory(pGPPrivateKey);
                Object next = pGPEncryptedDataList.getEncryptedDataObjects().next();
                Intrinsics.checkNotNull(next, "null cannot be cast to non-null type org.bouncycastle.openpgp.PGPPublicKeyEncryptedData");
                InputStream dataStream = ((PGPPublicKeyEncryptedData) next).getDataStream(publicKeyDataDecryptorFactory);
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                Streams.pipeAll(dataStream, byteArrayOutputStream2);
                dataStream.close();
                return Arrays.constantTimeAreEqual(bArr, byteArrayOutputStream2.toByteArray());
            } catch (IOException e) {
                return false;
            } catch (PGPException e2) {
                return false;
            }
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @JvmStatic
    public static final void verifyPublicKeyParameterIntegrity(@NotNull PGPPrivateKey pGPPrivateKey, @NotNull PGPPublicKey pGPPublicKey) throws KeyIntegrityException {
        Companion.verifyPublicKeyParameterIntegrity(pGPPrivateKey, pGPPublicKey);
    }

    @JvmStatic
    private static final boolean verifyRSAKeyIntegrity(RSASecretBCPGKey rSASecretBCPGKey, RSAPublicBCPGKey rSAPublicBCPGKey) throws KeyIntegrityException {
        return Companion.verifyRSAKeyIntegrity(rSASecretBCPGKey, rSAPublicBCPGKey);
    }

    @JvmStatic
    private static final boolean verifyEdDsaKeyIntegrity(EdSecretBCPGKey edSecretBCPGKey, EdDSAPublicBCPGKey edDSAPublicBCPGKey) throws KeyIntegrityException {
        return Companion.verifyEdDsaKeyIntegrity(edSecretBCPGKey, edDSAPublicBCPGKey);
    }

    @JvmStatic
    private static final boolean verifyDsaKeyIntegrity(DSASecretBCPGKey dSASecretBCPGKey, DSAPublicBCPGKey dSAPublicBCPGKey) throws KeyIntegrityException {
        return Companion.verifyDsaKeyIntegrity(dSASecretBCPGKey, dSAPublicBCPGKey);
    }

    @JvmStatic
    private static final boolean verifyElGamalKeyIntegrity(ElGamalSecretBCPGKey elGamalSecretBCPGKey, ElGamalPublicBCPGKey elGamalPublicBCPGKey) throws KeyIntegrityException {
        return Companion.verifyElGamalKeyIntegrity(elGamalSecretBCPGKey, elGamalPublicBCPGKey);
    }

    @JvmStatic
    private static final boolean verifyCanSign(PGPPrivateKey pGPPrivateKey, PGPPublicKey pGPPublicKey) {
        return Companion.verifyCanSign(pGPPrivateKey, pGPPublicKey);
    }

    @JvmStatic
    private static final boolean verifyCanDecrypt(PGPPrivateKey pGPPrivateKey, PGPPublicKey pGPPublicKey) {
        return Companion.verifyCanDecrypt(pGPPrivateKey, pGPPublicKey);
    }
}
