package com.firestack.laksaj.crypto;

import com.firestack.laksaj.utils.HashUtil;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.prng.SP800SecureRandomBuilder;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.math.ec.ECPoint;
import org.web3j.crypto.ECKeyPair;

/* loaded from: input_file:com/firestack/laksaj/crypto/Schnorr.class */
public class Schnorr {
    private static final ECNamedCurveParameterSpec secp256k1;
    private static final int PUBKEY_COMPRESSED_SIZE_BYTES = 33;
    private static final byte[] ALG;
    private static final int ENT_BITS = 256;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ECKeyPair generateKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC");
        keyPairGenerator.initialize((AlgorithmParameterSpec) new ECNamedCurveGenParameterSpec("secp256k1"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        return new ECKeyPair(generateKeyPair.getPrivate().getD(), new BigInteger(1, generateKeyPair.getPublic().getQ().getEncoded(true)));
    }

    public static Signature sign(ECKeyPair eCKeyPair, byte[] bArr) {
        SecureRandom drbg = getDRBG(bArr);
        byte[] bArr2 = new byte[secp256k1.getN().bitLength() / 8];
        drbg.nextBytes(bArr2);
        Signature signature = null;
        while (true) {
            Signature signature2 = signature;
            if (signature2 != null) {
                return signature2;
            }
            signature = trySign(eCKeyPair, bArr, new BigInteger(1, bArr2));
        }
    }

    public static Signature trySign(ECKeyPair eCKeyPair, byte[] bArr, BigInteger bigInteger) throws IllegalArgumentException {
        BigInteger n = secp256k1.getN();
        BigInteger privateKey = eCKeyPair.getPrivateKey();
        ECPoint decodePoint = secp256k1.getCurve().decodePoint(eCKeyPair.getPublicKey().toByteArray());
        if (privateKey.equals(BigInteger.ZERO)) {
            throw new IllegalArgumentException("Private key must be >= 0");
        }
        if (privateKey.compareTo(n) >= 0) {
            throw new IllegalArgumentException("Private key cannot be greater than curve order");
        }
        BigInteger mod = hash(secp256k1.getG().multiply(bigInteger), decodePoint, bArr).mod(secp256k1.getN());
        if (mod.equals(BigInteger.ZERO)) {
            return null;
        }
        BigInteger mod2 = bigInteger.subtract(mod.multiply(privateKey).mod(n)).mod(n);
        if (mod2.equals(BigInteger.ZERO)) {
            return null;
        }
        return Signature.builder().r(mod).s(mod2).build();
    }

    private static BigInteger hash(ECPoint eCPoint, ECPoint eCPoint2, byte[] bArr) {
        int length = 66 + bArr.length;
        byte[] encoded = eCPoint.getEncoded(true);
        byte[] encoded2 = eCPoint2.getEncoded(true);
        byte[] bArr2 = new byte[length];
        Arrays.fill(bArr2, (byte) 0);
        System.arraycopy(encoded, 0, bArr2, 0, PUBKEY_COMPRESSED_SIZE_BYTES);
        System.arraycopy(encoded2, 0, bArr2, PUBKEY_COMPRESSED_SIZE_BYTES, PUBKEY_COMPRESSED_SIZE_BYTES);
        System.arraycopy(bArr, 0, bArr2, 66, bArr.length);
        return new BigInteger(1, HashUtil.sha256(bArr2));
    }

    static boolean verify(byte[] bArr, Signature signature, ECPoint eCPoint) throws IllegalArgumentException {
        if (signature.getR().equals(BigInteger.ZERO) || signature.getS().equals(BigInteger.ZERO)) {
            throw new IllegalArgumentException("Invalid R or S value: cannot be zero.");
        }
        if (signature.getR().signum() == -1 || signature.getS().signum() == -1) {
            throw new IllegalArgumentException("Invalid R or S value: cannot be negative.");
        }
        if (!eCPoint.getCurve().equals(secp256k1.getCurve())) {
            throw new IllegalArgumentException("The public key must be a point on secp256k1.");
        }
        if (!eCPoint.isValid()) {
            throw new IllegalArgumentException("Invalid public key.");
        }
        ECPoint add = eCPoint.multiply(signature.getR()).add(secp256k1.getG().multiply(signature.getS()));
        if (add.isInfinity() || !add.isValid()) {
            throw new IllegalArgumentException("Invalid intermediate point.");
        }
        BigInteger mod = hash(add, eCPoint, bArr).mod(secp256k1.getN());
        if (mod.equals(BigInteger.ZERO)) {
            throw new IllegalArgumentException("Invalid hash.");
        }
        return mod.equals(signature.getR());
    }

    private static SecureRandom getDRBG(byte[] bArr) {
        return new SP800SecureRandomBuilder().setEntropyBitsRequired(ENT_BITS).setPersonalizationString(ALG).buildHMAC(new HMac(new SHA256Digest()), bArr, true);
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        secp256k1 = ECNamedCurveTable.getParameterSpec("secp256k1");
        ALG = "Schnorr+SHA256 ".getBytes();
    }
}
