package io.pureid.android.core.cryptography;

import io.pureid.android.core.common.domain.CodeSigningAlgorithm;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Security;
import java.util.Iterator;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.Regex;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;

/* compiled from: SignCodeWithPrivateKey.kt */
@Metadata(d1 = {"\u0000 \n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0003\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u000e\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u0006J \u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\b2\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\n\u001a\u00020\bH\u0016¨\u0006\u000b"}, d2 = {"Lio/pureid/android/core/cryptography/SignCodeWithPrivateKey;", "Lio/pureid/android/core/common/domain/CodeSigningAlgorithm;", "()V", "getSecretKeyRingFromBytes", "Lorg/bouncycastle/openpgp/PGPSecretKeyRing;", "secretKeyRing", "", "sign", "", "message", "passPhrase", "core_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes2.dex */
public final class SignCodeWithPrivateKey implements CodeSigningAlgorithm {
    public final PGPSecretKeyRing getSecretKeyRingFromBytes(byte[] secretKeyRing) {
        Intrinsics.checkNotNullParameter(secretKeyRing, "secretKeyRing");
        return new PGPSecretKeyRing(secretKeyRing, new BcKeyFingerprintCalculator());
    }

    @Override // io.pureid.android.core.common.domain.CodeSigningAlgorithm
    public String sign(String message, byte[] secretKeyRing, String passPhrase) {
        Intrinsics.checkNotNullParameter(message, "message");
        Intrinsics.checkNotNullParameter(secretKeyRing, "secretKeyRing");
        Intrinsics.checkNotNullParameter(passPhrase, "passPhrase");
        BouncyCastleProvider companion = BouncyCastleProviderSingleton.INSTANCE.getInstance();
        Security.addProvider(companion);
        PGPSecretKeyRing secretKeyRingFromBytes = getSecretKeyRingFromBytes(secretKeyRing);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(byteArrayOutputStream);
        char[] charArray = passPhrase.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");
        try {
            try {
                PGPSecretKey secretKey = secretKeyRingFromBytes.getSecretKey();
                Intrinsics.checkNotNullExpressionValue(secretKey, "getSecretKey(...)");
                PGPPrivateKey extractPrivateKey = secretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(companion).build(charArray));
                PGPSignatureGenerator pGPSignatureGenerator = new PGPSignatureGenerator(new JcaPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), 8).setProvider(companion));
                PGPSignatureSubpacketGenerator pGPSignatureSubpacketGenerator = new PGPSignatureSubpacketGenerator();
                Iterator<String> userIDs = secretKey.getPublicKey().getUserIDs();
                Intrinsics.checkNotNullExpressionValue(userIDs, "getUserIDs(...)");
                if (userIDs.hasNext()) {
                    pGPSignatureSubpacketGenerator.setSignerUserID(false, userIDs.next());
                    pGPSignatureGenerator.setHashedSubpackets(pGPSignatureSubpacketGenerator.generate());
                }
                pGPSignatureGenerator.init(1, extractPrivateKey);
                byte[] bytes = message.getBytes(Charsets.UTF_8);
                Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
                pGPSignatureGenerator.update(bytes, 0, bytes.length);
                pGPSignatureGenerator.generate().encode(armoredOutputStream);
                armoredOutputStream.close();
                String byteArrayOutputStream2 = byteArrayOutputStream.toString("utf8");
                Intrinsics.checkNotNull(byteArrayOutputStream2);
                String replace = new Regex("([a-z0-9])-----BEGIN PGP SIGNATURE-----").replace(byteArrayOutputStream2, "$1\n-----BEGIN PGP SIGNATURE-----");
                Intrinsics.checkNotNull(replace);
                try {
                    byteArrayOutputStream.close();
                } catch (IOException unused) {
                }
                return replace;
            } catch (Exception e) {
                throw new Exception(e.getLocalizedMessage());
            }
        } catch (Throwable th) {
            try {
                byteArrayOutputStream.close();
            } catch (IOException unused2) {
            }
            throw th;
        }
    }
}
