package dev.sigstore.encryption;

import com.google.common.annotations.VisibleForTesting;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.logging.Logger;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.ECPointUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:dev/sigstore/encryption/Keys.class */
public class Keys {
    private static final Logger log = Logger.getLogger(Keys.class.getName());

    public static PublicKey parsePublicKey(byte[] bArr) throws InvalidKeySpecException, IOException, NoSuchAlgorithmException {
        PemReader pemReader = new PemReader(new InputStreamReader(new ByteArrayInputStream(bArr), StandardCharsets.UTF_8));
        PemObject readPemObject = pemReader.readPemObject();
        if (pemReader.readPemObject() != null) {
            throw new InvalidKeySpecException("sigstore public keys must be only a single PEM encoded public key");
        }
        if (!readPemObject.getType().equals("RSA PUBLIC KEY")) {
            byte[] content = readPemObject.getContent();
            return KeyFactory.getInstance(extractKeyAlgorithm(PublicKeyFactory.createKey(content))).generatePublic(new X509EncodedKeySpec(content));
        }
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(readPemObject.getContent());
        return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(ASN1Integer.getInstance(aSN1Sequence.getObjectAt(0)).getPositiveValue(), ASN1Integer.getInstance(aSN1Sequence.getObjectAt(1)).getPositiveValue()));
    }

    public static PublicKey constructTufPublicKey(byte[] bArr, String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        PublicKey publicKey = null;
        boolean z = -1;
        switch (str.hashCode()) {
            case -1940686149:
                if (str.equals("ed25519")) {
                    z = true;
                    break;
                }
                break;
            case 972161360:
                if (str.equals("rsassa-pss-sha256")) {
                    z = false;
                    break;
                }
                break;
            case 1437975149:
                if (str.equals("ecdsa-sha2-nistp256")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case PUBLIC_KEY_ALGORITHM_UNSPECIFIED_VALUE:
                throw new RuntimeException("rsassa-pss-sha256 not currently supported");
            case true:
                publicKey = KeyFactory.getInstance("Ed25519").generatePublic(new X509EncodedKeySpec(bArr));
                break;
            case true:
                ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("P-256");
                try {
                    KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
                    ECNamedCurveSpec eCNamedCurveSpec = new ECNamedCurveSpec("P-256", parameterSpec.getCurve(), parameterSpec.getG(), parameterSpec.getN());
                    publicKey = keyFactory.generatePublic(new ECPublicKeySpec(ECPointUtil.decodePoint(eCNamedCurveSpec.getCurve(), bArr), eCNamedCurveSpec));
                    break;
                } catch (NoSuchProviderException e) {
                    throw new RuntimeException(e);
                }
        }
        return publicKey;
    }

    private static String extractKeyAlgorithm(AsymmetricKeyParameter asymmetricKeyParameter) throws NoSuchAlgorithmException {
        if (asymmetricKeyParameter instanceof RSAKeyParameters) {
            return "RSA";
        }
        if (asymmetricKeyParameter instanceof Ed25519PublicKeyParameters) {
            return "EdDSA";
        }
        if (asymmetricKeyParameter instanceof ECKeyParameters) {
            return "EC";
        }
        String format = String.format("The key provided was of type: %s. We only support RSA, EdDSA, and EC ", asymmetricKeyParameter);
        log.warning(format);
        throw new NoSuchAlgorithmException(format);
    }

    @VisibleForTesting
    protected static int getJavaVersion() {
        return getJavaVersion(System.getProperty("java.version"));
    }

    @VisibleForTesting
    protected static int getJavaVersion(String str) {
        return Integer.parseInt(str.substring(0, str.indexOf(".")));
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
