package org.gradle.security.internal;

import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import org.gradle.api.logging.Logger;
import org.gradle.api.logging.Logging;
import org.gradle.internal.UncheckedException;
import org.gradle.internal.impldep.org.bouncycastle.openpgp.PGPObjectFactory;
import org.gradle.internal.impldep.org.bouncycastle.openpgp.PGPPublicKey;
import org.gradle.internal.impldep.org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.gradle.internal.impldep.org.bouncycastle.openpgp.PGPUtil;
import org.gradle.internal.impldep.org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.gradle.internal.io.ExponentialBackoff;
import org.gradle.internal.io.IOQuery;
import org.gradle.internal.resource.transfer.ExternalResourceAccessor;
import org.gradle.internal.resource.transfer.ExternalResourceReadResponse;

/* loaded from: input_file:org/gradle/security/internal/PublicKeyDownloadService.class */
public class PublicKeyDownloadService implements PublicKeyService {
    private static final Logger LOGGER = Logging.getLogger(PublicKeyDownloadService.class);
    private final List<URI> keyServers;
    private final ExternalResourceAccessor client;

    public PublicKeyDownloadService(List<URI> list, ExternalResourceAccessor externalResourceAccessor) {
        this.keyServers = list;
        this.client = externalResourceAccessor;
    }

    @Override // org.gradle.security.internal.PublicKeyService
    public void findByLongId(long j, PublicKeyResultBuilder publicKeyResultBuilder) {
        ArrayList arrayList = new ArrayList(this.keyServers);
        Collections.shuffle(arrayList);
        tryDownloadKeyFromServer(SecuritySupport.toLongIdHexString(j), arrayList, publicKeyResultBuilder, pGPPublicKeyRing -> {
            findMatchingKey(j, pGPPublicKeyRing, publicKeyResultBuilder);
        });
    }

    @Override // org.gradle.security.internal.PublicKeyService
    public void findByFingerprint(byte[] bArr, PublicKeyResultBuilder publicKeyResultBuilder) {
        ArrayList arrayList = new ArrayList(this.keyServers);
        Collections.shuffle(arrayList);
        tryDownloadKeyFromServer(Fingerprint.wrap(bArr).toString(), arrayList, publicKeyResultBuilder, pGPPublicKeyRing -> {
            findMatchingKey(bArr, pGPPublicKeyRing, publicKeyResultBuilder);
        });
    }

    private void tryDownloadKeyFromServer(String str, List<URI> list, PublicKeyResultBuilder publicKeyResultBuilder, Consumer<? super PGPPublicKeyRing> consumer) {
        ArrayDeque arrayDeque = new ArrayDeque(list);
        try {
            ExponentialBackoff.of(5, TimeUnit.SECONDS, 50, TimeUnit.MILLISECONDS).retryUntil(() -> {
                ExternalResourceReadResponse openResource;
                URI uri = (URI) arrayDeque.poll();
                if (uri == null) {
                    return IOQuery.Result.successful(false);
                }
                try {
                    openResource = this.client.openResource(toQuery(uri, str), false);
                } catch (Exception e) {
                    logKeyDownloadAttempt(str, uri);
                    arrayDeque.add(uri);
                }
                if (openResource != null) {
                    extractKeyRing(openResource, publicKeyResultBuilder, consumer);
                    return IOQuery.Result.successful(true);
                }
                logKeyDownloadAttempt(str, uri);
                return IOQuery.Result.notSuccessful(false);
            });
        } catch (IOException | InterruptedException e) {
            throw UncheckedException.throwAsUncheckedException(e);
        }
    }

    private void findMatchingKey(long j, PGPPublicKeyRing pGPPublicKeyRing, PublicKeyResultBuilder publicKeyResultBuilder) {
        Iterator<PGPPublicKey> it = pGPPublicKeyRing.iterator();
        while (it.hasNext()) {
            PGPPublicKey next = it.next();
            if (next.getKeyID() == j) {
                publicKeyResultBuilder.publicKey(next);
                return;
            }
        }
    }

    private void findMatchingKey(byte[] bArr, PGPPublicKeyRing pGPPublicKeyRing, PublicKeyResultBuilder publicKeyResultBuilder) {
        Iterator<PGPPublicKey> it = pGPPublicKeyRing.iterator();
        while (it.hasNext()) {
            PGPPublicKey next = it.next();
            if (Arrays.equals(next.getFingerprint(), bArr)) {
                publicKeyResultBuilder.publicKey(next);
                return;
            }
        }
    }

    private void extractKeyRing(ExternalResourceReadResponse externalResourceReadResponse, PublicKeyResultBuilder publicKeyResultBuilder, Consumer<? super PGPPublicKeyRing> consumer) throws IOException {
        InputStream openStream = externalResourceReadResponse.openStream();
        try {
            InputStream decoderStream = PGPUtil.getDecoderStream(openStream);
            try {
                PGPPublicKeyRing pGPPublicKeyRing = (PGPPublicKeyRing) new PGPObjectFactory(decoderStream, new BcKeyFingerprintCalculator()).nextObject();
                consumer.accept(pGPPublicKeyRing);
                publicKeyResultBuilder.keyRing(pGPPublicKeyRing);
                if (decoderStream != null) {
                    decoderStream.close();
                }
                if (openStream != null) {
                    openStream.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (openStream != null) {
                try {
                    openStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static void logKeyDownloadAttempt(String str, URI uri) {
        LOGGER.debug("Cannot download public key " + str + " from " + uri.getHost());
    }

    private URI toQuery(URI uri, String str) throws URISyntaxException {
        String scheme = uri.getScheme();
        int port = uri.getPort();
        if ("hkp".equals(scheme)) {
            scheme = "http";
            port = 11371;
        }
        return new URI(scheme, null, uri.getHost(), port, "/pks/lookup", "op=get&options=mr&search=0x" + str, null);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
    }
}
