package org.eclipse.jgit.lib.internal;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URISyntaxException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.annotations.Nullable;
import org.eclipse.jgit.api.errors.CanceledException;
import org.eclipse.jgit.api.errors.JGitInternalException;
import org.eclipse.jgit.errors.UnsupportedCredentialItem;
import org.eclipse.jgit.internal.JGitText;
import org.eclipse.jgit.lib.CommitBuilder;
import org.eclipse.jgit.lib.GpgSignature;
import org.eclipse.jgit.lib.GpgSigner;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.transport.CredentialsProvider;

/* loaded from: input_file:.war:WEB-INF/lib/org.eclipse.jgit-5.5.0.201909110433-r.jar:org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.class */
public class BouncyCastleGpgSigner extends GpgSigner {
    private static void registerBouncyCastleProviderIfNecessary() {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public BouncyCastleGpgSigner() {
        registerBouncyCastleProviderIfNecessary();
    }

    @Override // org.eclipse.jgit.lib.GpgSigner
    public boolean canLocateSigningKey(@Nullable String str, PersonIdent personIdent, CredentialsProvider credentialsProvider) throws CanceledException {
        Throwable th = null;
        try {
            try {
                BouncyCastleGpgKeyPassphrasePrompt bouncyCastleGpgKeyPassphrasePrompt = new BouncyCastleGpgKeyPassphrasePrompt(credentialsProvider);
                try {
                    return locateSigningKey(str, personIdent, bouncyCastleGpgKeyPassphrasePrompt) != null;
                } finally {
                    if (bouncyCastleGpgKeyPassphrasePrompt != null) {
                        bouncyCastleGpgKeyPassphrasePrompt.close();
                    }
                }
            } catch (Throwable th2) {
                if (0 == 0) {
                    th = th2;
                } else if (null != th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | URISyntaxException | NoSuchAlgorithmException | NoSuchProviderException | PGPException e) {
            return false;
        }
    }

    private BouncyCastleGpgKey locateSigningKey(@Nullable String str, PersonIdent personIdent, BouncyCastleGpgKeyPassphrasePrompt bouncyCastleGpgKeyPassphrasePrompt) throws CanceledException, UnsupportedCredentialItem, IOException, NoSuchAlgorithmException, NoSuchProviderException, PGPException, URISyntaxException {
        if (str == null || str.isEmpty()) {
            str = personIdent.getEmailAddress();
        }
        return new BouncyCastleGpgKeyLocator(str, bouncyCastleGpgKeyPassphrasePrompt).findSecretKey();
    }

    @Override // org.eclipse.jgit.lib.GpgSigner
    public void sign(@NonNull CommitBuilder commitBuilder, @Nullable String str, @NonNull PersonIdent personIdent, CredentialsProvider credentialsProvider) throws CanceledException {
        Throwable th;
        Throwable th2 = null;
        try {
            try {
                BouncyCastleGpgKeyPassphrasePrompt bouncyCastleGpgKeyPassphrasePrompt = new BouncyCastleGpgKeyPassphrasePrompt(credentialsProvider);
                try {
                    BouncyCastleGpgKey locateSigningKey = locateSigningKey(str, personIdent, bouncyCastleGpgKeyPassphrasePrompt);
                    PGPSecretKey secretKey = locateSigningKey.getSecretKey();
                    if (secretKey == null) {
                        throw new JGitInternalException(JGitText.get().unableToSignCommitNoSecretKey);
                    }
                    PGPPrivateKey extractPrivateKey = secretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(bouncyCastleGpgKeyPassphrasePrompt.getPassphrase(secretKey.getPublicKey().getFingerprint(), locateSigningKey.getOrigin())));
                    PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(new JcaPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), 8).setProvider(BouncyCastleProvider.PROVIDER_NAME));
                    pGPSignatureGenerator.init(0, extractPrivateKey);
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    th2 = null;
                    try {
                        BCPGOutputStream bCPGOutputStream = new BCPGOutputStream(new ArmoredOutputStream(byteArrayOutputStream));
                        try {
                            pGPSignatureGenerator.update(commitBuilder.build());
                            pGPSignatureGenerator.generate().encode(bCPGOutputStream);
                            if (bCPGOutputStream != null) {
                                bCPGOutputStream.close();
                            }
                            commitBuilder.setGpgSignature(new GpgSignature(byteArrayOutputStream.toByteArray()));
                            if (bouncyCastleGpgKeyPassphrasePrompt != null) {
                                bouncyCastleGpgKeyPassphrasePrompt.close();
                            }
                        } catch (Throwable th3) {
                            if (bCPGOutputStream != null) {
                                bCPGOutputStream.close();
                            }
                            throw th3;
                        }
                    } finally {
                    }
                } catch (Throwable th4) {
                    if (bouncyCastleGpgKeyPassphrasePrompt != null) {
                        bouncyCastleGpgKeyPassphrasePrompt.close();
                    }
                    throw th4;
                }
            } finally {
            }
        } catch (IOException | URISyntaxException | NoSuchAlgorithmException | NoSuchProviderException | PGPException e) {
            throw new JGitInternalException(e.getMessage(), e);
        }
    }
}
