package dev.sigstore.encryption;

import com.google.common.annotations.VisibleForTesting;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Locale;
import java.util.logging.Logger;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.ECPointUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import org.bouncycastle.util.encoders.DecoderException;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:dev/sigstore/encryption/Keys.class */
public class Keys {
    private static final Logger log = Logger.getLogger(Keys.class.getName());

    public static PublicKey parsePublicKey(byte[] bArr) throws InvalidKeySpecException, IOException, NoSuchAlgorithmException {
        PemReader pemReader = new PemReader(new InputStreamReader(new ByteArrayInputStream(bArr), StandardCharsets.UTF_8));
        try {
            PemObject readPemObject = pemReader.readPemObject();
            if (pemReader.readPemObject() != null) {
                throw new InvalidKeySpecException("sigstore public keys must be only a single PEM encoded public key");
            }
            if (readPemObject == null || readPemObject.getContent() == null || readPemObject.getContent().length == 0) {
                throw new InvalidKeySpecException("Invalid key, empty PEM section");
            }
            if (readPemObject.getType().equals("RSA PUBLIC KEY")) {
                return parsePkcs1RsaPublicKey(readPemObject.getContent());
            }
            byte[] content = readPemObject.getContent();
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(content);
            try {
                AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(content);
                if (createKey == null) {
                    throw new InvalidKeySpecException("Invalid key, could not parse PEM content");
                }
                return KeyFactory.getInstance(extractKeyAlgorithm(createKey)).generatePublic(x509EncodedKeySpec);
            } catch (IllegalStateException e) {
                throw new InvalidKeySpecException("Invalid key, could not parse PEM content");
            }
        } catch (DecoderException e2) {
            throw new InvalidKeySpecException("Invalid key, could not parse PEM section");
        }
    }

    public static PublicKey parsePkixPublicKey(byte[] bArr, String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance(str).generatePublic(new X509EncodedKeySpec(bArr));
    }

    public static PublicKey parsePkcs1RsaPublicKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(bArr);
        return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(ASN1Integer.getInstance(aSN1Sequence.getObjectAt(0)).getPositiveValue(), ASN1Integer.getInstance(aSN1Sequence.getObjectAt(1)).getPositiveValue()));
    }

    public static PublicKey constructTufPublicKey(byte[] bArr, String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1940686149:
                if (str.equals("ed25519")) {
                    z = false;
                    break;
                }
                break;
            case 1437975149:
                if (str.equals("ecdsa-sha2-nistp256")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case PUBLIC_KEY_ALGORITHM_UNSPECIFIED_VALUE:
                return KeyFactory.getInstance("Ed25519").generatePublic(new X509EncodedKeySpec(bArr));
            case true:
                ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("P-256");
                try {
                    KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
                    ECNamedCurveSpec eCNamedCurveSpec = new ECNamedCurveSpec("P-256", parameterSpec.getCurve(), parameterSpec.getG(), parameterSpec.getN());
                    return keyFactory.generatePublic(new ECPublicKeySpec(ECPointUtil.decodePoint(eCNamedCurveSpec.getCurve(), bArr), eCNamedCurveSpec));
                } catch (NoSuchProviderException e) {
                    throw new RuntimeException(e);
                }
            default:
                throw new RuntimeException(str + " not currently supported");
        }
    }

    private static String extractKeyAlgorithm(AsymmetricKeyParameter asymmetricKeyParameter) throws NoSuchAlgorithmException {
        if (asymmetricKeyParameter instanceof RSAKeyParameters) {
            return "RSA";
        }
        if (asymmetricKeyParameter instanceof Ed25519PublicKeyParameters) {
            return "EdDSA";
        }
        if (asymmetricKeyParameter instanceof ECKeyParameters) {
            return "EC";
        }
        String format = String.format(Locale.ROOT, "The key provided was of type: %s. We only support RSA, EdDSA, and EC ", asymmetricKeyParameter);
        log.warning(format);
        throw new NoSuchAlgorithmException(format);
    }

    @VisibleForTesting
    protected static int getJavaVersion() {
        return getJavaVersion(System.getProperty("java.version"));
    }

    @VisibleForTesting
    protected static int getJavaVersion(String str) {
        return Integer.parseInt(str.substring(0, str.indexOf(".")));
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
