package dev.sigstore.rekor.client;

import com.google.common.hash.Hashing;
import dev.sigstore.encryption.signers.Verifiers;
import dev.sigstore.rekor.client.RekorEntry;
import dev.sigstore.trustroot.SigstoreTrustedRoot;
import dev.sigstore.trustroot.TransparencyLog;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:dev/sigstore/rekor/client/RekorVerifier.class */
public class RekorVerifier {
    private final List<TransparencyLog> tlogs;

    public static RekorVerifier newRekorVerifier(SigstoreTrustedRoot sigstoreTrustedRoot) {
        return newRekorVerifier(sigstoreTrustedRoot.mo7594getTLogs());
    }

    public static RekorVerifier newRekorVerifier(List<TransparencyLog> list) {
        return new RekorVerifier(list);
    }

    private RekorVerifier(List<TransparencyLog> list) {
        this.tlogs = list;
    }

    public void verifyEntry(RekorEntry rekorEntry) throws RekorVerificationException {
        if (rekorEntry.getVerification() == null) {
            throw new RekorVerificationException("No verification information in entry.");
        }
        if (rekorEntry.getVerification().getSignedEntryTimestamp() == null) {
            throw new RekorVerificationException("No signed entry timestamp found in entry.");
        }
        TransparencyLog orElseThrow = TransparencyLog.find(this.tlogs, Hex.decode(rekorEntry.getLogID()), rekorEntry.getIntegratedTimeInstant()).orElseThrow(() -> {
            return new RekorVerificationException("Log entry (logid, timestamp) does not match any provided transparency logs.");
        });
        try {
            if (!Verifiers.newVerifier(orElseThrow.getPublicKey().toJavaPublicKey()).verify(rekorEntry.getSignableContent(), Base64.getDecoder().decode(rekorEntry.getVerification().getSignedEntryTimestamp()))) {
                throw new RekorVerificationException("Entry SET was not valid");
            }
            verifyInclusionProof(rekorEntry);
            verifyCheckpoint(rekorEntry, orElseThrow);
        } catch (InvalidKeyException e) {
            throw new RekorVerificationException("Public Key was invalid", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError("Required verification algorithm 'SHA256withECDSA' not found.");
        } catch (SignatureException e3) {
            throw new RekorVerificationException("Signature was invalid", e3);
        } catch (InvalidKeySpecException e4) {
            throw new RekorVerificationException("Public Key could be parsed", e4);
        }
    }

    private void verifyInclusionProof(RekorEntry rekorEntry) throws RekorVerificationException {
        RekorEntry.InclusionProof inclusionProof = rekorEntry.getVerification().getInclusionProof();
        byte[] asBytes = Hashing.sha256().hashBytes(combineBytes(new byte[]{0}, Base64.getDecoder().decode(rekorEntry.getBody()))).asBytes();
        Long logIndex = inclusionProof.getLogIndex();
        long longValue = inclusionProof.getTreeSize().longValue() - 1;
        byte[] bArr = asBytes;
        Iterator<String> it = inclusionProof.mo7591getHashes().iterator();
        while (it.hasNext()) {
            byte[] decode = Hex.decode(it.next());
            if (longValue == 0) {
                throw new RekorVerificationException("Inclusion proof failed, ended prematurely");
            }
            if (logIndex.longValue() == longValue || logIndex.longValue() % 2 == 1) {
                bArr = hashChildren(decode, bArr);
                while (logIndex.longValue() % 2 == 0) {
                    logIndex = Long.valueOf(logIndex.longValue() >> 1);
                    longValue >>= 1;
                }
            } else {
                bArr = hashChildren(bArr, decode);
            }
            logIndex = Long.valueOf(logIndex.longValue() >> 1);
            longValue >>= 1;
        }
        String hexString = Hex.toHexString(bArr);
        if (!hexString.equals(inclusionProof.getRootHash())) {
            throw new RekorVerificationException("Calculated inclusion proof root hash does not match provided root hash\n" + hexString + "\n" + inclusionProof.getRootHash());
        }
    }

    private void verifyCheckpoint(RekorEntry rekorEntry, TransparencyLog transparencyLog) throws RekorVerificationException {
        try {
            RekorEntry.Checkpoint parsedCheckpoint = rekorEntry.getVerification().getInclusionProof().parsedCheckpoint();
            byte[] decode = Hex.decode(rekorEntry.getVerification().getInclusionProof().getRootHash());
            if (!Arrays.equals(decode, Base64.getDecoder().decode(parsedCheckpoint.getBase64Hash()))) {
                throw new RekorVerificationException("Checkpoint root hash does not match root hash provided in inclusion proof");
            }
            byte[] asBytes = Hashing.sha256().hashBytes(transparencyLog.getPublicKey().getRawBytes()).asBytes();
            RekorEntry.CheckpointSignature checkpointSignature = parsedCheckpoint.mo7590getSignatures().get(0);
            for (int i = 0; i < 4; i++) {
                if (checkpointSignature.getKeyHint()[i] != asBytes[i]) {
                    throw new RekorVerificationException("Checkpoint key hint did not match provided log public key");
                }
            }
            try {
                Verifiers.newVerifier(transparencyLog.getPublicKey().toJavaPublicKey()).verifyDigest(decode, checkpointSignature.getSignature());
            } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e) {
                throw new RekorVerificationException("Could not verify checkpoint signature", e);
            }
        } catch (RekorParseException e2) {
            throw new RekorVerificationException("Could not parse checkpoint", e2);
        }
    }

    private static byte[] combineBytes(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    private static byte[] hashChildren(byte[] bArr, byte[] bArr2) {
        return Hashing.sha256().hashBytes(combineBytes(new byte[]{1}, combineBytes(bArr, bArr2))).asBytes();
    }
}
