package org.pgpainless.key.util;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.SecureRandom;
import org.bouncycastle.bcpg.DSAPublicBCPGKey;
import org.bouncycastle.bcpg.DSASecretBCPGKey;
import org.bouncycastle.bcpg.EdDSAPublicBCPGKey;
import org.bouncycastle.bcpg.EdSecretBCPGKey;
import org.bouncycastle.bcpg.ElGamalPublicBCPGKey;
import org.bouncycastle.bcpg.ElGamalSecretBCPGKey;
import org.bouncycastle.bcpg.RSAPublicBCPGKey;
import org.bouncycastle.bcpg.RSASecretBCPGKey;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.io.Streams;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.exception.KeyIntegrityException;
import org.pgpainless.implementation.ImplementationFactory;

/* loaded from: input_file:org/pgpainless/key/util/PublicKeyParameterValidationUtil.class */
public class PublicKeyParameterValidationUtil {
    public static void verifyPublicKeyParameterIntegrity(PGPPrivateKey pGPPrivateKey, PGPPublicKey pGPPublicKey) throws KeyIntegrityException {
        PublicKeyAlgorithm requireFromId = PublicKeyAlgorithm.requireFromId(pGPPublicKey.getAlgorithm());
        boolean z = true;
        RSASecretBCPGKey privateKeyDataPacket = pGPPrivateKey.getPrivateKeyDataPacket();
        if (privateKeyDataPacket instanceof RSASecretBCPGKey) {
            z = verifyRSAKeyIntegrity(privateKeyDataPacket, pGPPublicKey.getPublicKeyPacket().getKey()) && 1 != 0;
        } else if (privateKeyDataPacket instanceof EdSecretBCPGKey) {
            z = verifyEdDsaKeyIntegrity((EdSecretBCPGKey) privateKeyDataPacket, pGPPublicKey.getPublicKeyPacket().getKey()) && 1 != 0;
        } else if (privateKeyDataPacket instanceof DSASecretBCPGKey) {
            z = verifyDsaKeyIntegrity((DSASecretBCPGKey) privateKeyDataPacket, pGPPublicKey.getPublicKeyPacket().getKey()) && 1 != 0;
        } else if (privateKeyDataPacket instanceof ElGamalSecretBCPGKey) {
            z = verifyElGamalKeyIntegrity((ElGamalSecretBCPGKey) privateKeyDataPacket, pGPPublicKey.getPublicKeyPacket().getKey()) && 1 != 0;
        }
        if (!z) {
            throw new KeyIntegrityException();
        }
        if (requireFromId.isSigningCapable()) {
            z = verifyCanSign(pGPPrivateKey, pGPPublicKey);
        }
        if (requireFromId.isEncryptionCapable()) {
            z = verifyCanDecrypt(pGPPrivateKey, pGPPublicKey) && z;
        }
        if (!z) {
            throw new KeyIntegrityException();
        }
    }

    private static boolean verifyCanSign(PGPPrivateKey pGPPrivateKey, PGPPublicKey pGPPublicKey) {
        SecureRandom secureRandom = new SecureRandom();
        PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(ImplementationFactory.getInstance().getPGPContentSignerBuilder(PublicKeyAlgorithm.requireFromId(pGPPublicKey.getAlgorithm()), HashAlgorithm.SHA256));
        try {
            pGPSignatureGenerator.init(SignatureType.TIMESTAMP.getCode(), pGPPrivateKey);
            byte[] bArr = new byte[512];
            secureRandom.nextBytes(bArr);
            pGPSignatureGenerator.update(bArr);
            PGPSignature generate = pGPSignatureGenerator.generate();
            generate.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), pGPPublicKey);
            generate.update(bArr);
            return generate.verify();
        } catch (PGPException e) {
            return false;
        }
    }

    private static boolean verifyCanDecrypt(PGPPrivateKey pGPPrivateKey, PGPPublicKey pGPPublicKey) {
        SecureRandom secureRandom = new SecureRandom();
        PGPEncryptedDataGenerator pGPEncryptedDataGenerator = new PGPEncryptedDataGenerator(ImplementationFactory.getInstance().getPGPDataEncryptorBuilder(SymmetricKeyAlgorithm.AES_256));
        pGPEncryptedDataGenerator.addMethod(ImplementationFactory.getInstance().getPublicKeyKeyEncryptionMethodGenerator(pGPPublicKey));
        byte[] bArr = new byte[1024];
        secureRandom.nextBytes(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            pGPEncryptedDataGenerator.open(byteArrayOutputStream, new byte[1024]).write(bArr);
            pGPEncryptedDataGenerator.close();
            PGPEncryptedDataList pGPEncryptedDataList = new PGPEncryptedDataList(byteArrayOutputStream.toByteArray());
            InputStream dataStream = ((PGPPublicKeyEncryptedData) pGPEncryptedDataList.getEncryptedDataObjects().next()).getDataStream(ImplementationFactory.getInstance().getPublicKeyDataDecryptorFactory(pGPPrivateKey));
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            Streams.pipeAll(dataStream, byteArrayOutputStream2);
            dataStream.close();
            return Arrays.constantTimeAreEqual(bArr, byteArrayOutputStream2.toByteArray());
        } catch (IOException | PGPException e) {
            return false;
        }
    }

    private static boolean verifyEdDsaKeyIntegrity(EdSecretBCPGKey edSecretBCPGKey, EdDSAPublicBCPGKey edDSAPublicBCPGKey) throws KeyIntegrityException {
        return true;
    }

    private static boolean verifyDsaKeyIntegrity(DSASecretBCPGKey dSASecretBCPGKey, DSAPublicBCPGKey dSAPublicBCPGKey) throws KeyIntegrityException {
        BigInteger g = dSAPublicBCPGKey.getG();
        BigInteger p = dSAPublicBCPGKey.getP();
        BigInteger q = dSAPublicBCPGKey.getQ();
        BigInteger y = dSAPublicBCPGKey.getY();
        BigInteger x = dSASecretBCPGKey.getX();
        if (!p.isProbablePrime(40) || !q.isProbablePrime(40)) {
            return false;
        }
        if ((q.bitLength() > 160) && p.subtract(BigInteger.ONE).mod(q).equals(BigInteger.ZERO)) {
            return (BigInteger.ONE.max(g).equals(g) && g.max(p).equals(p)) && g.modPow(q, p).equals(BigInteger.ONE) && y.equals(g.modPow(x, p));
        }
        return false;
    }

    private static boolean verifyRSAKeyIntegrity(RSASecretBCPGKey rSASecretBCPGKey, RSAPublicBCPGKey rSAPublicBCPGKey) throws KeyIntegrityException {
        return rSAPublicBCPGKey.getModulus().equals(rSASecretBCPGKey.getPrimeP().multiply(rSASecretBCPGKey.getPrimeQ()));
    }

    private static boolean verifyElGamalKeyIntegrity(ElGamalSecretBCPGKey elGamalSecretBCPGKey, ElGamalPublicBCPGKey elGamalPublicBCPGKey) {
        BigInteger p = elGamalPublicBCPGKey.getP();
        BigInteger g = elGamalPublicBCPGKey.getG();
        BigInteger y = elGamalPublicBCPGKey.getY();
        BigInteger bigInteger = BigInteger.ONE;
        if (g.min(bigInteger).equals(g) || g.max(p).equals(g) || p.bitLength() < 1023 || !g.modPow(p.subtract(bigInteger), p).equals(bigInteger)) {
            return false;
        }
        BigInteger bigInteger2 = g;
        for (int i = 1; i < 262144; i++) {
            bigInteger2 = bigInteger2.multiply(g).mod(p);
            if (bigInteger2.equals(bigInteger)) {
                return false;
            }
        }
        return y.equals(g.modPow(p.subtract(bigInteger).multiply(new BigInteger(p.bitLength(), new SecureRandom())).add(elGamalSecretBCPGKey.getX()), p));
    }
}
