package link.luyu.protocol.algorithm.ecdsa.secp256r1;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.spec.ECGenParameterSpec;
import java.util.AbstractMap;
import java.util.Arrays;
import java.util.Map;
import link.luyu.protocol.algorithm.SignatureAlgorithm;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequenceGenerator;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;

/* loaded from: input_file:link/luyu/protocol/algorithm/ecdsa/secp256r1/EcdsaSecp256r1WithSHA256.class */
public class EcdsaSecp256r1WithSHA256 implements SignatureAlgorithm {
    public static final String TYPE = "ECDSA_SECP256R1_WITH_SHA256";
    public static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA256WithECDSA";
    public static final String PURE_SIGNATURE_ALGORITHM = "ECDSA";
    public static final String PROVIDER_NAME = "BC";
    public static final String CURVE_NAME = "secp256r1";
    private static final ECNamedCurveParameterSpec CURVE_PARAM_SPEC = ECNamedCurveTable.getParameterSpec(CURVE_NAME);
    public static final BigInteger curveN = CURVE_PARAM_SPEC.getN();
    public static final SecureRandom SECURE_RANDOM = new SecureRandom();

    public EcdsaSecp256r1WithSHA256() {
        Security.addProvider(new BouncyCastleProvider());
    }

    private Signature getSigner() throws Exception {
        return Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM);
    }

    private PrivateKey parseSecKeyBytes(byte[] bArr) throws Exception {
        return KeyFactory.getInstance(PURE_SIGNATURE_ALGORITHM, PROVIDER_NAME).generatePrivate(new ECPrivateKeySpec(new BigInteger(1, bArr), CURVE_PARAM_SPEC));
    }

    private PublicKey parsePubKeyBytes(byte[] bArr) throws Exception {
        return KeyFactory.getInstance(PURE_SIGNATURE_ALGORITHM, PROVIDER_NAME).generatePublic(new ECPublicKeySpec(CURVE_PARAM_SPEC.getCurve().decodePoint(bArr), CURVE_PARAM_SPEC));
    }

    @Override // link.luyu.protocol.algorithm.SignatureAlgorithm
    public String getType() {
        return TYPE;
    }

    @Override // link.luyu.protocol.algorithm.SignatureAlgorithm
    public byte[] sign(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null) {
            throw new RuntimeException("Data that to be signed is null.");
        }
        if (bArr2.length == 0) {
            throw new RuntimeException("Data to be signed was empty.");
        }
        try {
            PrivateKey parseSecKeyBytes = parseSecKeyBytes(bArr);
            Signature signer = getSigner();
            signer.initSign(parseSecKeyBytes);
            signer.update(bArr2);
            BigInteger[] preventMalleability = preventMalleability(decodeECDSASignature(signer.sign()), curveN);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Throwable th = null;
            try {
                try {
                    DERSequenceGenerator dERSequenceGenerator = new DERSequenceGenerator(byteArrayOutputStream);
                    dERSequenceGenerator.addObject(new ASN1Integer(preventMalleability[0]));
                    dERSequenceGenerator.addObject(new ASN1Integer(preventMalleability[1]));
                    dERSequenceGenerator.close();
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    if (byteArrayOutputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            byteArrayOutputStream.close();
                        }
                    }
                    return byteArray;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException("Could not sign the message using private key", e);
        }
    }

    @Override // link.luyu.protocol.algorithm.SignatureAlgorithm
    public boolean verify(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (bArr == null || bArr2 == null || bArr3 == null) {
            return false;
        }
        try {
            PublicKey parsePubKeyBytes = parsePubKeyBytes(bArr);
            Signature signer = getSigner();
            signer.initVerify(parsePubKeyBytes);
            signer.update(bArr3);
            return signer.verify(bArr2);
        } catch (Exception e) {
            throw new RuntimeException("Could not verify the message using public key", e);
        }
    }

    @Override // link.luyu.protocol.algorithm.SignatureAlgorithm
    public Map.Entry<byte[], byte[]> generateKeyPair() {
        try {
            KeyPair createSecp256r1KeyPair = createSecp256r1KeyPair();
            return new AbstractMap.SimpleEntry(createSecp256r1KeyPair.getPublic().getQ().getEncoded(false), createSecp256r1KeyPair.getPrivate().getD().toByteArray());
        } catch (Exception e) {
            throw new RuntimeException("generate ECDSA_SECP256R1_WITH_SHA256 key pair failed, " + e);
        }
    }

    public static KeyPair createSecp256r1KeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(PURE_SIGNATURE_ALGORITHM, PROVIDER_NAME);
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(CURVE_NAME);
        if (SECURE_RANDOM != null) {
            keyPairGenerator.initialize(eCGenParameterSpec, SECURE_RANDOM);
        } else {
            keyPairGenerator.initialize(eCGenParameterSpec);
        }
        return keyPairGenerator.generateKeyPair();
    }

    private static BigInteger[] decodeECDSASignature(byte[] bArr) throws Exception {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Throwable th = null;
        try {
            ASN1Sequence readObject = new ASN1InputStream(byteArrayInputStream).readObject();
            BigInteger[] bigIntegerArr = new BigInteger[2];
            int i = 0;
            if (readObject instanceof ASN1Sequence) {
                for (ASN1Encodable aSN1Encodable : readObject.toArray()) {
                    ASN1Integer aSN1Primitive = aSN1Encodable.toASN1Primitive();
                    if (aSN1Primitive instanceof ASN1Integer) {
                        BigInteger value = aSN1Primitive.getValue();
                        if (i < 2) {
                            bigIntegerArr[i] = value;
                        }
                        i++;
                    }
                }
            }
            if (i != 2) {
                throw new CryptoException(String.format("Invalid ECDSA signature. Expected count of 2 but got: %d. Signature is: %s", Integer.valueOf(i), Arrays.toString(bArr)));
            }
            return bigIntegerArr;
        } finally {
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
        }
    }

    private static BigInteger[] preventMalleability(BigInteger[] bigIntegerArr, BigInteger bigInteger) {
        BigInteger divide = bigInteger.divide(BigInteger.valueOf(2L));
        BigInteger bigInteger2 = bigIntegerArr[1];
        if (bigInteger2.compareTo(divide) == 1) {
            bigIntegerArr[1] = bigInteger.subtract(bigInteger2);
        }
        return bigIntegerArr;
    }
}
