package co.elastic.apm.attach.bouncycastle;

import co.elastic.apm.attach.PgpSignatureVerifier;
import java.io.InputStream;
import java.util.Locale;
import org.bouncycastle.bcpg.ArmoredInputStream;
import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;

/* loaded from: input_file:bc-lib/apm-agent-attach-cli-1.36.0-bc-verifier.jar:co/elastic/apm/attach/bouncycastle/BouncyCastleVerifier.class */
public class BouncyCastleVerifier implements PgpSignatureVerifier {
    @Override // co.elastic.apm.attach.PgpSignatureVerifier
    public boolean verifyPgpSignature(InputStream inputStream, InputStream inputStream2, InputStream inputStream3, String str) throws Exception {
        PGPSignature pGPSignature = ((PGPSignatureList) new JcaPGPObjectFactory(PGPUtil.getDecoderStream(inputStream2)).nextObject()).get(0);
        String upperCase = Long.toHexString(pGPSignature.getKeyID()).toUpperCase(Locale.ROOT);
        if (!str.equals(upperCase)) {
            throw new IllegalStateException("Key id [" + upperCase + "] does not match expected key id [" + str + "]");
        }
        pGPSignature.init(new JcaPGPContentVerifierBuilderProvider().setProvider(new BouncyCastleFipsProvider()), new PGPPublicKeyRingCollection(new ArmoredInputStream(inputStream3), new JcaKeyFingerprintCalculator()).getPublicKey(pGPSignature.getKeyID()));
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return pGPSignature.verify();
            }
            pGPSignature.update(bArr, 0, read);
        }
    }
}
