package com.google.gerrit.gpg.server;

import com.google.common.base.CharMatcher;
import com.google.common.collect.ImmutableList;
import com.google.common.flogger.FluentLogger;
import com.google.common.io.BaseEncoding;
import com.google.gerrit.extensions.common.GpgKeyInfo;
import com.google.gerrit.extensions.registration.DynamicMap;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.ChildCollection;
import com.google.gerrit.extensions.restapi.IdString;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.gpg.BouncyCastleUtil;
import com.google.gerrit.gpg.CheckResult;
import com.google.gerrit.gpg.Fingerprint;
import com.google.gerrit.gpg.GerritPublicKeyChecker;
import com.google.gerrit.gpg.PublicKeyChecker;
import com.google.gerrit.gpg.PublicKeyStore;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.account.externalids.ExternalIds;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.eclipse.jgit.util.NB;

@Singleton
/* loaded from: input_file:com/google/gerrit/gpg/server/GpgKeys.class */
public class GpgKeys implements ChildCollection<AccountResource, GpgKey> {
    private static final FluentLogger logger = FluentLogger.forEnclosingClass();
    private final DynamicMap<RestView<GpgKey>> views;
    private final Provider<CurrentUser> self;
    private final Provider<PublicKeyStore> storeProvider;
    private final GerritPublicKeyChecker.Factory checkerFactory;
    private final ExternalIds externalIds;

    @Singleton
    /* loaded from: input_file:com/google/gerrit/gpg/server/GpgKeys$Get.class */
    public static class Get implements RestReadView<GpgKey> {
        private final Provider<PublicKeyStore> storeProvider;
        private final GerritPublicKeyChecker.Factory checkerFactory;

        @Inject
        Get(Provider<PublicKeyStore> provider, GerritPublicKeyChecker.Factory factory) {
            this.storeProvider = provider;
            this.checkerFactory = factory;
        }

        @Override // com.google.gerrit.extensions.restapi.RestReadView
        public GpgKeyInfo apply(GpgKey gpgKey) throws IOException {
            PublicKeyStore publicKeyStore = this.storeProvider.get();
            Throwable th = null;
            try {
                try {
                    GpgKeyInfo json = GpgKeys.toJson(gpgKey.getKeyRing().getPublicKey(), this.checkerFactory.create().setExpectedUser(gpgKey.getUser()), publicKeyStore);
                    if (publicKeyStore != null) {
                        if (0 != 0) {
                            try {
                                publicKeyStore.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            publicKeyStore.close();
                        }
                    }
                    return json;
                } finally {
                }
            } catch (Throwable th3) {
                if (publicKeyStore != null) {
                    if (th != null) {
                        try {
                            publicKeyStore.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        publicKeyStore.close();
                    }
                }
                throw th3;
            }
        }
    }

    /* loaded from: input_file:com/google/gerrit/gpg/server/GpgKeys$ListGpgKeys.class */
    public class ListGpgKeys implements RestReadView<AccountResource> {
        public ListGpgKeys() {
        }

        @Override // com.google.gerrit.extensions.restapi.RestReadView
        public Map<String, GpgKeyInfo> apply(AccountResource accountResource) throws OrmException, PGPException, IOException, ResourceNotFoundException {
            GpgKeys.checkVisible(GpgKeys.this.self, accountResource);
            HashMap hashMap = new HashMap();
            PublicKeyStore publicKeyStore = (PublicKeyStore) GpgKeys.this.storeProvider.get();
            Throwable th = null;
            try {
                try {
                    Iterator it = GpgKeys.this.getGpgExtIds(accountResource).iterator();
                    while (it.hasNext()) {
                        byte[] parseFingerprint = GpgKeys.parseFingerprint((ExternalId) it.next());
                        boolean z = false;
                        Iterator it2 = publicKeyStore.get(GpgKeys.keyId(parseFingerprint)).iterator();
                        while (true) {
                            if (!it2.hasNext()) {
                                break;
                            }
                            PGPPublicKeyRing pGPPublicKeyRing = (PGPPublicKeyRing) it2.next();
                            if (Arrays.equals(pGPPublicKeyRing.getPublicKey().getFingerprint(), parseFingerprint)) {
                                z = true;
                                GpgKeyInfo json = GpgKeys.toJson(pGPPublicKeyRing.getPublicKey(), GpgKeys.this.checkerFactory.create(accountResource.getUser(), publicKeyStore), publicKeyStore);
                                hashMap.put(json.id, json);
                                json.id = null;
                                break;
                            }
                        }
                        if (!z) {
                            GpgKeys.logger.atWarning().log("No public key stored for fingerprint %s", Fingerprint.toString(parseFingerprint));
                        }
                    }
                    if (publicKeyStore != null) {
                        if (0 != 0) {
                            try {
                                publicKeyStore.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            publicKeyStore.close();
                        }
                    }
                    return hashMap;
                } finally {
                }
            } catch (Throwable th3) {
                if (publicKeyStore != null) {
                    if (th != null) {
                        try {
                            publicKeyStore.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        publicKeyStore.close();
                    }
                }
                throw th3;
            }
        }
    }

    @Inject
    GpgKeys(DynamicMap<RestView<GpgKey>> dynamicMap, Provider<CurrentUser> provider, Provider<PublicKeyStore> provider2, GerritPublicKeyChecker.Factory factory, ExternalIds externalIds) {
        this.views = dynamicMap;
        this.self = provider;
        this.storeProvider = provider2;
        this.checkerFactory = factory;
        this.externalIds = externalIds;
    }

    @Override // com.google.gerrit.extensions.restapi.RestCollection
    /* renamed from: list */
    public ListGpgKeys list2() throws ResourceNotFoundException, AuthException {
        return new ListGpgKeys();
    }

    @Override // com.google.gerrit.extensions.restapi.RestCollection
    public GpgKey parse(AccountResource accountResource, IdString idString) throws ResourceNotFoundException, PGPException, OrmException, IOException {
        checkVisible(this.self, accountResource);
        byte[] parseFingerprint = parseFingerprint(findGpgKey(idString.get(), getGpgExtIds(accountResource)));
        PublicKeyStore publicKeyStore = this.storeProvider.get();
        try {
            Iterator it = publicKeyStore.get(keyId(parseFingerprint)).iterator();
            while (it.hasNext()) {
                PGPPublicKeyRing pGPPublicKeyRing = (PGPPublicKeyRing) it.next();
                if (Arrays.equals(pGPPublicKeyRing.getPublicKey().getFingerprint(), parseFingerprint)) {
                    GpgKey gpgKey = new GpgKey(accountResource.getUser(), pGPPublicKeyRing);
                    if (publicKeyStore != null) {
                        $closeResource(null, publicKeyStore);
                    }
                    return gpgKey;
                }
            }
            throw new ResourceNotFoundException(idString);
        } finally {
            if (publicKeyStore != null) {
                $closeResource(null, publicKeyStore);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ExternalId findGpgKey(String str, Iterable<ExternalId> iterable) throws ResourceNotFoundException {
        String upperCase = CharMatcher.whitespace().removeFrom(str).toUpperCase();
        if ((upperCase.length() != 8 && upperCase.length() != 40) || !CharMatcher.anyOf("0123456789ABCDEF").matchesAllOf(upperCase)) {
            throw new ResourceNotFoundException(upperCase);
        }
        ExternalId externalId = null;
        for (ExternalId externalId2 : iterable) {
            if (externalId2.key().id().endsWith(upperCase)) {
                if (externalId != null) {
                    throw new ResourceNotFoundException("Multiple keys found for " + upperCase);
                }
                externalId = externalId2;
                if (upperCase.length() == 40) {
                    break;
                }
            }
        }
        if (externalId == null) {
            throw new ResourceNotFoundException(upperCase);
        }
        return externalId;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] parseFingerprint(ExternalId externalId) {
        return BaseEncoding.base16().decode(externalId.key().id());
    }

    @Override // com.google.gerrit.extensions.restapi.RestCollection
    public DynamicMap<RestView<GpgKey>> views() {
        return this.views;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Iterable<ExternalId> getGpgExtIds(AccountResource accountResource) throws IOException {
        return this.externalIds.byAccount(accountResource.getUser().getAccountId(), ExternalId.SCHEME_GPGKEY);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static long keyId(byte[] bArr) {
        return NB.decodeInt64(bArr, bArr.length - 8);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkVisible(Provider<CurrentUser> provider, AccountResource accountResource) throws ResourceNotFoundException {
        if (!BouncyCastleUtil.havePGP()) {
            throw new ResourceNotFoundException("GPG not enabled");
        }
        if (!provider.get().hasSameAccountId(accountResource.getUser())) {
            throw new ResourceNotFoundException();
        }
    }

    public static GpgKeyInfo toJson(PGPPublicKey pGPPublicKey, CheckResult checkResult) throws IOException {
        GpgKeyInfo gpgKeyInfo = new GpgKeyInfo();
        if (pGPPublicKey != null) {
            gpgKeyInfo.id = PublicKeyStore.keyIdToString(pGPPublicKey.getKeyID());
            gpgKeyInfo.fingerprint = Fingerprint.toString(pGPPublicKey.getFingerprint());
            gpgKeyInfo.userIds = ImmutableList.copyOf(pGPPublicKey.getUserIDs());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(4096);
            try {
                ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(byteArrayOutputStream);
                Throwable th = null;
                try {
                    try {
                        pGPPublicKey.encode(armoredOutputStream);
                        gpgKeyInfo.key = new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8);
                        $closeResource(null, armoredOutputStream);
                    } finally {
                    }
                } catch (Throwable th2) {
                    $closeResource(th, armoredOutputStream);
                    throw th2;
                }
            } finally {
                $closeResource(null, byteArrayOutputStream);
            }
        }
        gpgKeyInfo.status = checkResult.getStatus();
        gpgKeyInfo.problems = checkResult.getProblems();
        return gpgKeyInfo;
    }

    static GpgKeyInfo toJson(PGPPublicKey pGPPublicKey, PublicKeyChecker publicKeyChecker, PublicKeyStore publicKeyStore) throws IOException {
        return toJson(pGPPublicKey, publicKeyChecker.setStore(publicKeyStore).check(pGPPublicKey));
    }

    public static void toJson(GpgKeyInfo gpgKeyInfo, CheckResult checkResult) {
        gpgKeyInfo.status = checkResult.getStatus();
        gpgKeyInfo.problems = checkResult.getProblems();
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }
}
