package org.tokenscript.attestation.core;

import com.alphawallet.token.entity.EthereumMessage;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.sec.SECNamedCurves;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.digests.KeccakDigest;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
import org.bouncycastle.crypto.util.PrivateKeyInfoFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:org/tokenscript/attestation/core/SignatureUtility.class */
public class SignatureUtility {
    public static final String MAC_ALGO = "HmacSHA256";
    private static final String personalMessagePrefix = "\u0019Ethereum Signed Message:\n";
    static final String MESSAGE_PREFIX = "\u0019Ethereum Signed Message:\n";
    private static final Logger logger = LogManager.getLogger((Class<?>) SignatureUtility.class);
    public static final X9ECParameters ECDSA_CURVE = SECNamedCurves.getByName("secp256k1");
    public static final ECDomainParameters ECDSA_DOMAIN = new ECDomainParameters(ECDSA_CURVE.getCurve(), ECDSA_CURVE.getG(), ECDSA_CURVE.getN(), ECDSA_CURVE.getH());
    public static final ASN1ObjectIdentifier OID_ECDSA_PUBLICKEY = new ASN1ObjectIdentifier("1.2.840.10045.2.1");
    public static final AlgorithmIdentifier SECP256K1_DESCRIPTION = new AlgorithmIdentifier(OID_ECDSA_PUBLICKEY, ECDSA_CURVE);

    public static AsymmetricCipherKeyPair constructECKeysWithSmallestY(SecureRandom secureRandom) {
        AsymmetricCipherKeyPair constructECKeys;
        BigInteger characteristic = ECDSA_DOMAIN.getCurve().getField().getCharacteristic();
        do {
            constructECKeys = constructECKeys(secureRandom);
        } while (((ECPublicKeyParameters) constructECKeys.getPublic()).getQ().getAffineYCoord().toBigInteger().compareTo(characteristic.shiftRight(1)) > 0);
        return constructECKeys;
    }

    public static AsymmetricCipherKeyPair constructECKeys(SecureRandom secureRandom) {
        return constructECKeys(ECDSA_DOMAIN, secureRandom);
    }

    public static AsymmetricCipherKeyPair constructECKeys(X9ECParameters x9ECParameters, SecureRandom secureRandom) {
        return constructECKeys(new ECDomainParameters(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN(), x9ECParameters.getH()), secureRandom);
    }

    private static AsymmetricCipherKeyPair constructECKeys(ECDomainParameters eCDomainParameters, SecureRandom secureRandom) {
        ECKeyPairGenerator eCKeyPairGenerator = new ECKeyPairGenerator();
        eCKeyPairGenerator.init(new ECKeyGenerationParameters(eCDomainParameters, secureRandom));
        return eCKeyPairGenerator.generateKeyPair();
    }

    public static AsymmetricKeyParameter restoreDefaultKey(byte[] bArr) throws IOException {
        return restoreDefaultKey(SECP256K1_DESCRIPTION, bArr);
    }

    public static AsymmetricKeyParameter restoreDefaultKey(AlgorithmIdentifier algorithmIdentifier, byte[] bArr) throws IOException {
        return restoreKeyFromSPKI(new DERSequence(new ASN1Encodable[]{algorithmIdentifier, DERBitString.getInstance((Object) bArr)}).getEncoded());
    }

    public static AsymmetricKeyParameter restoreKeyFromSPKI(byte[] bArr) throws IOException {
        return PublicKeyFactory.createKey(SubjectPublicKeyInfo.getInstance(bArr));
    }

    public static PrivateKey convertPrivateBouncyCastleKeyToJavaKey(AsymmetricKeyParameter asymmetricKeyParameter) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            return getFactory(asymmetricKeyParameter).generatePrivate(new PKCS8EncodedKeySpec(PrivateKeyInfoFactory.createPrivateKeyInfo(asymmetricKeyParameter).getEncoded()));
        } catch (Exception e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not convert key", e);
        }
    }

    public static PublicKey convertPublicBouncyCastleKeyToJavaKey(AsymmetricKeyParameter asymmetricKeyParameter) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            return getFactory(asymmetricKeyParameter).generatePublic(new X509EncodedKeySpec(SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(asymmetricKeyParameter).getEncoded()));
        } catch (Exception e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not convert key", e);
        }
    }

    private static KeyFactory getFactory(AsymmetricKeyParameter asymmetricKeyParameter) throws Exception {
        if (asymmetricKeyParameter instanceof ECKeyParameters) {
            return KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
        }
        if (asymmetricKeyParameter instanceof RSAKeyParameters) {
            return KeyFactory.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
        }
        throw ((IllegalArgumentException) ExceptionUtil.throwException(logger, new IllegalArgumentException("Only ECDSA or RSA keys are supported")));
    }

    public static KeyPair convertBouncyCastleKeysToJavaKey(AsymmetricCipherKeyPair asymmetricCipherKeyPair) {
        return new KeyPair(convertPublicBouncyCastleKeyToJavaKey(asymmetricCipherKeyPair.getPublic()), convertPrivateBouncyCastleKeyToJavaKey(asymmetricCipherKeyPair.getPrivate()));
    }

    public static String addressFromKey(AsymmetricKeyParameter asymmetricKeyParameter) {
        try {
            byte[] octets = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(asymmetricKeyParameter).getPublicKeyData().getOctets();
            byte[] hashWithKeccak = AttestationCrypto.hashWithKeccak(Arrays.copyOfRange(octets, 1, octets.length));
            return "0x" + Hex.toHexString(Arrays.copyOfRange(hashWithKeccak, hashWithKeccak.length - 20, hashWithKeccak.length)).toUpperCase();
        } catch (IOException e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not create spki", e);
        }
    }

    public static byte[] signPersonalMsgWithEthereum(byte[] bArr, AsymmetricKeyParameter asymmetricKeyParameter) {
        return signPersonalMsgWithEthereum(bArr, 0, asymmetricKeyParameter);
    }

    public static byte[] signPersonalMsgWithEthereum(byte[] bArr, int i, AsymmetricKeyParameter asymmetricKeyParameter) {
        return signWithEthereum(convertToPersonalEthMessage(bArr), i, asymmetricKeyParameter);
    }

    public static byte[] signWithEthereum(byte[] bArr, AsymmetricKeyParameter asymmetricKeyParameter) {
        return signWithEthereum(bArr, 0L, asymmetricKeyParameter);
    }

    public static byte[] signWithEthereum(byte[] bArr, long j, AsymmetricKeyParameter asymmetricKeyParameter) {
        return normalizeAndEncodeEthereumSignature(computeInternalSignature(AttestationCrypto.hashWithKeccak(bArr), (ECPrivateKeyParameters) asymmetricKeyParameter), j);
    }

    public static byte[] signDeterministicSHA256(byte[] bArr, AsymmetricKeyParameter asymmetricKeyParameter) {
        return normalizeAndEncodeDerSignature(computeInternalSignature(AttestationCrypto.hashWithSHA256(bArr), (ECPrivateKeyParameters) asymmetricKeyParameter), ((ECKeyParameters) asymmetricKeyParameter).getParameters());
    }

    public static byte[] signHashedRandomized(byte[] bArr, AsymmetricKeyParameter asymmetricKeyParameter) {
        ECDSASigner eCDSASigner = new ECDSASigner();
        eCDSASigner.init(true, asymmetricKeyParameter);
        return normalizeAndEncodeDerSignature(eCDSASigner.generateSignature(bArr), ((ECKeyParameters) asymmetricKeyParameter).getParameters());
    }

    private static byte[] normalizeAndEncodeDerSignature(BigInteger[] bigIntegerArr, ECDomainParameters eCDomainParameters) {
        try {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new ASN1Integer(bigIntegerArr[0]));
            aSN1EncodableVector.add(new ASN1Integer(normalizeS(bigIntegerArr[1], eCDomainParameters)));
            return new DERSequence(aSN1EncodableVector).getEncoded();
        } catch (Exception e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not encode asn1", e);
        }
    }

    static BigInteger[] computeInternalSignature(byte[] bArr, ECPrivateKeyParameters eCPrivateKeyParameters) {
        BigInteger nextK;
        ECPoint normalize;
        BigInteger mod;
        BigInteger bigInteger = new BigInteger(1, bArr);
        HMacDSAKCalculator hMacDSAKCalculator = new HMacDSAKCalculator(new KeccakDigest(256));
        hMacDSAKCalculator.init(eCPrivateKeyParameters.getParameters().getN(), eCPrivateKeyParameters.getD(), bArr);
        BigInteger n = eCPrivateKeyParameters.getParameters().getN();
        do {
            nextK = hMacDSAKCalculator.nextK();
            normalize = eCPrivateKeyParameters.getParameters().getG().multiply(nextK).normalize();
            mod = normalize.getAffineXCoord().toBigInteger().mod(n);
        } while (mod.equals(BigInteger.ZERO));
        BigInteger mod2 = nextK.modInverse(n).multiply(bigInteger.add(mod.multiply(eCPrivateKeyParameters.getD()))).mod(n);
        BigInteger normalizeS = normalizeS(mod2, eCPrivateKeyParameters.getParameters());
        BigInteger mod3 = normalize.getAffineYCoord().toBigInteger().mod(new BigInteger("2"));
        if (!normalizeS.equals(mod2)) {
            logger.info("Normalizing s value");
            mod3 = BigInteger.ONE.subtract(mod3);
        }
        return new BigInteger[]{mod, normalizeS, mod3};
    }

    static byte[] getEthereumMessagePrefix(int i) {
        return EthereumMessage.MESSAGE_PREFIX.concat(String.valueOf(i)).getBytes();
    }

    public static byte[] convertToPersonalEthMessage(byte[] bArr) {
        byte[] ethereumMessagePrefix = getEthereumMessagePrefix(bArr.length);
        byte[] bArr2 = new byte[ethereumMessagePrefix.length + bArr.length];
        System.arraycopy(ethereumMessagePrefix, 0, bArr2, 0, ethereumMessagePrefix.length);
        System.arraycopy(bArr, 0, bArr2, ethereumMessagePrefix.length, bArr.length);
        return bArr2;
    }

    private static byte[] normalizeAndEncodeEthereumSignature(BigInteger[] bigIntegerArr, long j) {
        byte computeRecoveryValue = computeRecoveryValue(bigIntegerArr[2], j);
        byte[] bArr = new byte[65];
        byte[] byteArray = bigIntegerArr[0].toByteArray();
        System.arraycopy(byteArray, Math.max(0, byteArray.length - 32), bArr, Math.max(0, 32 - byteArray.length), Math.min(32, byteArray.length));
        byte[] byteArray2 = bigIntegerArr[1].toByteArray();
        System.arraycopy(byteArray2, Math.max(0, byteArray2.length - 32), bArr, Math.max(32, 64 - byteArray2.length), Math.min(32, byteArray2.length));
        bArr[64] = computeRecoveryValue;
        return bArr;
    }

    private static byte computeRecoveryValue(BigInteger bigInteger, long j) {
        return j != 0 ? (byte) (r0 + (j * 2) + 35) : (byte) (bigInteger.mod(new BigInteger("2")).byteValueExact() + 27);
    }

    public static boolean verifyPersonalEthereumSignature(byte[] bArr, byte[] bArr2, AsymmetricKeyParameter asymmetricKeyParameter) {
        return verifyPersonalEthereumSignature(bArr, bArr2, addressFromKey(asymmetricKeyParameter), 0);
    }

    public static boolean verifyPersonalEthereumSignature(byte[] bArr, byte[] bArr2, String str, int i) {
        return verifyEthereumSignature(convertToPersonalEthMessage(bArr), bArr2, str, i);
    }

    public static boolean verifyEthereumSignature(byte[] bArr, byte[] bArr2, AsymmetricKeyParameter asymmetricKeyParameter) {
        return verifyEthereumSignature(bArr, bArr2, addressFromKey(asymmetricKeyParameter), 0);
    }

    public static boolean verifyEthereumSignature(byte[] bArr, byte[] bArr2, String str, int i) {
        try {
            if (!verifyKeyAgainstAddress(recoverEthPublicKeyFromSignature(bArr, bArr2), str)) {
                logger.error("Address does not match key");
                return false;
            }
            if (getChainIdFromSignature(bArr2) == i) {
                return true;
            }
            logger.error("Chain ID in signature different from expected chain ID");
            return false;
        } catch (Exception e) {
            logger.error("Could not decode signature");
            return false;
        }
    }

    public static boolean verifyKeyAgainstAddress(AsymmetricKeyParameter asymmetricKeyParameter, String str) {
        return addressFromKey(asymmetricKeyParameter).toUpperCase().equals(str.toUpperCase());
    }

    public static int getChainIdFromSignature(byte[] bArr) {
        byte b = bArr[64];
        if (b == 27 || b == 28) {
            return 0;
        }
        return (b - 35) >> 1;
    }

    public static boolean verifySHA256(byte[] bArr, byte[] bArr2, AsymmetricKeyParameter asymmetricKeyParameter) {
        return verifyHashed(AttestationCrypto.hashWithSHA256(bArr), bArr2, asymmetricKeyParameter);
    }

    public static boolean verifyHashed(byte[] bArr, byte[] bArr2, AsymmetricKeyParameter asymmetricKeyParameter) {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr2);
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(aSN1InputStream.readObject());
            aSN1InputStream.close();
            BigInteger value = ASN1Integer.getInstance(aSN1Sequence.getObjectAt(0)).getValue();
            BigInteger normalizeS = normalizeS(ASN1Integer.getInstance(aSN1Sequence.getObjectAt(1)).getValue(), ((ECKeyParameters) asymmetricKeyParameter).getParameters());
            ECDSASigner eCDSASigner = new ECDSASigner();
            eCDSASigner.init(false, asymmetricKeyParameter);
            return eCDSASigner.verifySignature(bArr, value, normalizeS);
        } catch (Exception e) {
            logger.error("Could not decode signature");
            return false;
        }
    }

    public static AsymmetricKeyParameter recoverEthPublicKeyFromPersonalSignature(byte[] bArr, byte[] bArr2) {
        return recoverEthPublicKeyFromSignature(convertToPersonalEthMessage(bArr), bArr2);
    }

    public static ECPublicKeyParameters recoverEthPublicKeyFromSignature(byte[] bArr, byte[] bArr2) {
        BigInteger bigInteger = new BigInteger(1, Arrays.copyOfRange(bArr2, 0, 32));
        BigInteger bigInteger2 = new BigInteger(1, Arrays.copyOfRange(bArr2, 32, 64));
        if (bigInteger2.compareTo(ECDSA_DOMAIN.getN().shiftRight(1)) > 0) {
            throw ((IllegalArgumentException) ExceptionUtil.throwException(logger, new IllegalArgumentException("The s value is not normalized and thus is not allowed by Ethereum EIP2")));
        }
        return computePublicKeyFromSignature(new BigInteger[]{bigInteger, bigInteger2}, (byte) (1 - (bArr2[64] % 2)), bArr);
    }

    private static ECPublicKeyParameters computePublicKeyFromSignature(BigInteger[] bigIntegerArr, byte b, byte[] bArr) {
        BigInteger bigInteger = new BigInteger(1, AttestationCrypto.hashWithKeccak(bArr));
        ECPoint computeY = computeY(bigIntegerArr[0], b, ECDSA_DOMAIN);
        BigInteger modInverse = bigIntegerArr[0].modInverse(ECDSA_DOMAIN.getN());
        return new ECPublicKeyParameters(computeY.multiply(bigIntegerArr[1].multiply(modInverse).mod(ECDSA_DOMAIN.getN())).subtract(ECDSA_DOMAIN.getG().multiply(bigInteger.multiply(modInverse).mod(ECDSA_DOMAIN.getN()))).normalize(), ECDSA_DOMAIN);
    }

    private static ECPoint computeY(BigInteger bigInteger, byte b, ECDomainParameters eCDomainParameters) {
        BigInteger characteristic = eCDomainParameters.getCurve().getField().getCharacteristic();
        BigInteger bigInteger2 = eCDomainParameters.getCurve().getA().toBigInteger();
        BigInteger modPow = bigInteger.modPow(new BigInteger("3"), characteristic).add(bigInteger2.multiply(bigInteger)).add(eCDomainParameters.getCurve().getB().toBigInteger()).mod(characteristic).modPow(characteristic.add(BigInteger.ONE).shiftRight(2), characteristic);
        if (modPow.mod(new BigInteger("2")).byteValueExact() != b) {
            modPow = characteristic.subtract(modPow);
        }
        return eCDomainParameters.getCurve().createPoint(bigInteger, modPow);
    }

    private static BigInteger normalizeS(BigInteger bigInteger, ECDomainParameters eCDomainParameters) {
        if (bigInteger.compareTo(eCDomainParameters.getN().shiftRight(1)) <= 0) {
            return bigInteger;
        }
        logger.info("Inverting s value");
        return eCDomainParameters.getN().subtract(bigInteger);
    }
}
