package com.alipay.mychain.sdk.crypto.signer;

import com.alipay.mychain.sdk.crypto.AlgoIdEnum;
import com.alipay.mychain.sdk.crypto.CryptoUtils;
import com.alipay.mychain.sdk.crypto.keypair.KeyTypeEnum;
import com.alipay.mychain.sdk.crypto.keypair.Keypair;
import com.alipay.mychain.sdk.errorcode.ErrorCode;
import com.alipay.mychain.sdk.exception.MychainSdkException;
import com.alipay.mychain.sdk.utils.NumericUtils;
import java.math.BigInteger;
import java.util.Arrays;
import org.apache.commons.lang3.ArrayUtils;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.asn1.x9.X9IntegerConverter;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
import org.bouncycastle.math.ec.ECAlgorithms;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.custom.sec.SecP256K1Curve;

/* loaded from: input_file:com/alipay/mychain/sdk/crypto/signer/EccK1KeypairV0.class */
public class EccK1KeypairV0 implements SignerBase {
    private static final X9ECParameters CURVE_PARAMS = CustomNamedCurves.getByName("secp256k1");
    private static final ECDomainParameters CURVE = new ECDomainParameters(CURVE_PARAMS.getCurve(), CURVE_PARAMS.getG(), CURVE_PARAMS.getN(), CURVE_PARAMS.getH());
    private static final BigInteger HALF_CURVE_ORDER = CURVE_PARAMS.getN().shiftRight(1);
    private byte[] privateKey;
    private byte[] publicKey;

    public EccK1KeypairV0() {
    }

    public EccK1KeypairV0(Keypair keypair) {
        if (keypair == null) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "keypair is null!");
        }
        if (keypair.getType() != KeyTypeEnum.KEY_ECCK1_PKCS8) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid key type!");
        }
        byte[] pubkeyId = keypair.getPubkeyId();
        byte[] privkeyId = keypair.getPrivkeyId();
        if (!ArrayUtils.isEmpty(pubkeyId)) {
            this.publicKey = getPubkeyFromId(pubkeyId);
        }
        if (ArrayUtils.isEmpty(privkeyId)) {
            return;
        }
        if (privkeyId.length != 32) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "need private key size 32 but " + privkeyId.length);
        }
        this.privateKey = ArrayUtils.clone(privkeyId);
        if (ArrayUtils.isEmpty(pubkeyId)) {
            this.publicKey = getPubKeyByPrivkey(privkeyId);
        }
    }

    private static ECPoint decompressKey(BigInteger bigInteger, boolean z) {
        X9IntegerConverter x9IntegerConverter = new X9IntegerConverter();
        byte[] integerToBytes = x9IntegerConverter.integerToBytes(bigInteger, 1 + x9IntegerConverter.getByteLength(CURVE.getCurve()));
        integerToBytes[0] = (byte) (z ? 3 : 2);
        return CURVE.getCurve().decodePoint(integerToBytes);
    }

    private static BigInteger recoverPublicKey(int i, BigInteger bigInteger, BigInteger bigInteger2, byte[] bArr) {
        BigInteger n = CURVE.getN();
        BigInteger add = bigInteger.add(BigInteger.valueOf(i / 2).multiply(n));
        if (add.compareTo(SecP256K1Curve.q) >= 0) {
            return null;
        }
        ECPoint decompressKey = decompressKey(add, (i & 1) == 1);
        if (!decompressKey.multiply(n).isInfinity()) {
            return null;
        }
        BigInteger mod = BigInteger.ZERO.subtract(new BigInteger(1, bArr)).mod(n);
        BigInteger modInverse = bigInteger.modInverse(n);
        byte[] encoded = ECAlgorithms.sumOfTwoMultiplies(CURVE.getG(), modInverse.multiply(mod).mod(n), decompressKey, modInverse.multiply(bigInteger2).mod(n)).getEncoded(false);
        return new BigInteger(1, Arrays.copyOfRange(encoded, 1, encoded.length));
    }

    @Override // com.alipay.mychain.sdk.crypto.signer.SignerBase
    public AlgoIdEnum getAlgo() {
        return AlgoIdEnum.SIGNER_ECCK1_LOCAL_V0;
    }

    @Override // com.alipay.mychain.sdk.crypto.signer.SignerBase
    public boolean isSigner() {
        return !ArrayUtils.isEmpty(this.privateKey);
    }

    @Override // com.alipay.mychain.sdk.crypto.signer.SignerBase
    public boolean isVerifier() {
        return (ArrayUtils.isEmpty(this.publicKey) && ArrayUtils.isEmpty(this.privateKey)) ? false : true;
    }

    @Override // com.alipay.mychain.sdk.crypto.signer.SignerBase
    public byte[] sign(byte[] bArr) {
        if (ArrayUtils.isEmpty(bArr) || bArr.length != 32) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "need hash size 32 but " + (ArrayUtils.isEmpty(bArr) ? 0 : bArr.length));
        }
        if (!isSigner()) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PRIVATE_KEY, "no private key");
        }
        ECDSASigner eCDSASigner = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
        eCDSASigner.init(true, new ECPrivateKeyParameters(new BigInteger(1, this.privateKey), CURVE));
        BigInteger[] generateSignature = eCDSASigner.generateSignature(bArr);
        generateSignature[1] = toCanonicalised(generateSignature[1]);
        int i = -1;
        BigInteger bigInteger = new BigInteger(1, this.publicKey);
        int i2 = 0;
        while (true) {
            if (i2 < 4) {
                BigInteger recoverPublicKey = recoverPublicKey(i2, generateSignature[0], generateSignature[1], bArr);
                if (recoverPublicKey != null && recoverPublicKey.equals(bigInteger)) {
                    i = i2;
                    break;
                }
                i2++;
            } else {
                break;
            }
        }
        if (i == -1) {
            throw new RuntimeException("Could not construct a recoverable key. This should never happen.");
        }
        byte[] bytesPadded = NumericUtils.toBytesPadded(generateSignature[0], 32);
        byte[] bytesPadded2 = NumericUtils.toBytesPadded(generateSignature[1], 32);
        byte[] bArr2 = new byte[65];
        System.arraycopy(bytesPadded, 0, bArr2, 0, 32);
        System.arraycopy(bytesPadded2, 0, bArr2, 32, 32);
        bArr2[64] = (byte) i;
        return bArr2;
    }

    @Override // com.alipay.mychain.sdk.crypto.signer.SignerBase
    public boolean verify(byte[] bArr, byte[] bArr2) {
        if (ArrayUtils.isEmpty(bArr) || bArr.length < 64) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "need signature size 64 but " + (ArrayUtils.isEmpty(bArr) ? 0 : bArr.length));
        }
        if (ArrayUtils.isEmpty(bArr2) || bArr2.length != 32) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "need hash size 32 but " + (ArrayUtils.isEmpty(bArr2) ? 0 : bArr2.length));
        }
        if (!isVerifier()) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PUBLIC_KEY, "no public key");
        }
        byte[] bArr3 = this.publicKey;
        ECPoint createPoint = CURVE.getCurve().createPoint(new BigInteger(1, Arrays.copyOfRange(bArr3, 0, 32)), new BigInteger(1, Arrays.copyOfRange(bArr3, 32, 64)));
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 32);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 32, 64);
        ECDSASigner eCDSASigner = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
        eCDSASigner.init(false, new ECPublicKeyParameters(createPoint, CURVE));
        return eCDSASigner.verifySignature(bArr2, new BigInteger(1, copyOfRange), new BigInteger(1, copyOfRange2));
    }

    @Override // com.alipay.mychain.sdk.crypto.signer.SignerBase
    public byte[] recover(byte[] bArr, byte[] bArr2) {
        if (ArrayUtils.isEmpty(bArr) || bArr.length != 65) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "need signature size 65 but " + (ArrayUtils.isEmpty(bArr) ? 0 : bArr.length));
        }
        if (ArrayUtils.isEmpty(bArr2) || bArr2.length != 32) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "need hash size 32 but " + (ArrayUtils.isEmpty(bArr2) ? 0 : bArr2.length));
        }
        return NumericUtils.toBytesPadded(recoverPublicKey(bArr[64], new BigInteger(1, Arrays.copyOfRange(bArr, 0, 32)), new BigInteger(1, Arrays.copyOfRange(bArr, 32, 64)), bArr2), 64);
    }

    private boolean isCanonical(BigInteger bigInteger) {
        return bigInteger.compareTo(HALF_CURVE_ORDER) <= 0;
    }

    private BigInteger toCanonicalised(BigInteger bigInteger) {
        if (!isCanonical(bigInteger)) {
            bigInteger = CURVE.getN().subtract(bigInteger);
        }
        return bigInteger;
    }

    private byte[] getPubkeyFromId(byte[] bArr) {
        if (bArr.length != 64 && bArr.length != 65) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "need public key size 64 or 65 but " + bArr.length);
        }
        if (bArr.length == 64) {
            return ArrayUtils.clone(bArr);
        }
        if (bArr[0] != 4) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "65 bytes public key need start by 04");
        }
        return Arrays.copyOfRange(bArr, 1, 65);
    }

    private byte[] getPubKeyByPrivkey(byte[] bArr) {
        byte[] encoded = CryptoUtils.publicPointFromPrivate(CURVE, new BigInteger(1, bArr)).getEncoded(false);
        return Arrays.copyOfRange(encoded, 1, encoded.length);
    }
}
