package dev.sigstore.encryption;

import com.google.common.annotations.VisibleForTesting;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.logging.Logger;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:dev/sigstore/encryption/Keys.class */
public class Keys {
    private static final Logger log = Logger.getLogger(Keys.class.getName());

    public static PublicKey parsePublicKey(byte[] bArr) throws InvalidKeySpecException, IOException, NoSuchAlgorithmException {
        PemReader pemReader = new PemReader(new InputStreamReader(new ByteArrayInputStream(bArr), StandardCharsets.UTF_8));
        PemObject readPemObject = pemReader.readPemObject();
        if (pemReader.readPemObject() != null) {
            throw new InvalidKeySpecException("sigstore public keys must be only a single PEM encoded public key");
        }
        if (!readPemObject.getType().equals("RSA PUBLIC KEY")) {
            byte[] content = readPemObject.getContent();
            return KeyFactory.getInstance(extractKeyAlgorithm(PublicKeyFactory.createKey(content))).generatePublic(new X509EncodedKeySpec(content));
        }
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(readPemObject.getContent());
        return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(ASN1Integer.getInstance(aSN1Sequence.getObjectAt(0)).getPositiveValue(), ASN1Integer.getInstance(aSN1Sequence.getObjectAt(1)).getPositiveValue()));
    }

    private static String extractKeyAlgorithm(AsymmetricKeyParameter asymmetricKeyParameter) throws NoSuchAlgorithmException {
        if (asymmetricKeyParameter instanceof RSAKeyParameters) {
            return "RSA";
        }
        if (asymmetricKeyParameter instanceof Ed25519PublicKeyParameters) {
            return "EdDSA";
        }
        if (asymmetricKeyParameter instanceof ECKeyParameters) {
            return "EC";
        }
        String format = String.format("The key provided was of type: %s. We only support RSA, EdDSA, and EC ", asymmetricKeyParameter);
        log.warning(format);
        throw new NoSuchAlgorithmException(format);
    }

    @VisibleForTesting
    protected static int getJavaVersion() {
        return getJavaVersion(System.getProperty("java.version"));
    }

    @VisibleForTesting
    protected static int getJavaVersion(String str) {
        return Integer.parseInt(str.substring(0, str.indexOf(".")));
    }

    static {
        if (getJavaVersion() < 15) {
            try {
                log.info("Adding BouncyCastleProvider to SecurityManager for EdDSA algorithm support on Java <15.");
                Security.addProvider(new BouncyCastleProvider());
            } catch (SecurityException e) {
                log.warning("Could not configure BouncyCastleProvider due to SecurityManager restrictions. EdDSA algorithms will not be supported. Refer to https://docs.oracle.com/cd/E19830-01/819-4712/ablsc/index.html to configure BouncyCastle for your JVM");
            }
        }
    }
}
