package com.authlete.cose;

import com.authlete.cose.constants.COSEAlgorithms;
import com.authlete.cose.constants.COSEEllipticCurves;
import groovyjarjarantlr4.runtime.debug.DebugEventListener;
import groovyjarjarantlr4.runtime.debug.Profiler;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import org.apache.commons.lang3.SystemProperties;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:BOOT-INF/lib/cbor-1.18.jar:com/authlete/cose/ECDSA.class */
class ECDSA {
    private static final BigInteger TWO = new BigInteger(DebugEventListener.PROTOCOL_VERSION);
    private static final BigInteger THREE = new BigInteger(Profiler.Version);
    private static final boolean beforeJre9 = System.getProperty(SystemProperties.JAVA_VERSION).matches("^1\\.[0-8](\\..*)?$");
    private static boolean isBouncyCastleProviderLoaded;
    private static Method sSqrtAndRemainder;

    ECDSA() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ECPrivateKey createPrivateKey(Object obj, byte[] bArr) throws COSEException {
        if (bArr == null) {
            throw new COSEException("The 'd' parameter is missing.");
        }
        try {
            return (ECPrivateKey) getKeyFactory().generatePrivate(createPrivateKeySpec(obj, bArr));
        } catch (InvalidKeySpecException e) {
            throw new COSEException(String.format("The key spec is invalid: %s", e.getMessage()), e);
        }
    }

    private static ECPrivateKeySpec createPrivateKeySpec(Object obj, byte[] bArr) throws COSEException {
        return new ECPrivateKeySpec(new BigInteger(bArr), getParameterSpec(obj));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ECPublicKey createPublicKey(Object obj, byte[] bArr, Object obj2) throws COSEException {
        if (bArr == null) {
            throw new COSEException("The 'x' parameter is missing.");
        }
        if (obj2 == null) {
            throw new COSEException("The 'y' parameter is missing.");
        }
        try {
            return (ECPublicKey) getKeyFactory().generatePublic(createPublicKeySpec(obj, bArr, obj2));
        } catch (InvalidKeySpecException e) {
            throw new COSEException(String.format("The key spec is invalid: %s", e.getMessage()), e);
        }
    }

    private static ECPublicKeySpec createPublicKeySpec(Object obj, byte[] bArr, Object obj2) throws COSEException {
        ECParameterSpec parameterSpec = getParameterSpec(obj);
        BigInteger bigInteger = new BigInteger(1, bArr);
        return new ECPublicKeySpec(new ECPoint(bigInteger, obj2 instanceof byte[] ? new BigInteger(1, (byte[]) obj2) : uncompressY(parameterSpec, bigInteger, ((Boolean) obj2).booleanValue())), parameterSpec);
    }

    private static ECParameterSpec getParameterSpec(Object obj) throws COSEException {
        switch (getCurveIdentifier(obj)) {
            case 1:
                return ECDSAConstants.PARAMETER_SPEC_P256;
            case 2:
                return ECDSAConstants.PARAMETER_SPEC_P384;
            case 3:
                return ECDSAConstants.PARAMETER_SPEC_P521;
            default:
                throw new COSEException(String.format("The curve '%s' is not supported.", obj));
        }
    }

    private static int getCurveIdentifier(Object obj) throws COSEException {
        if (obj == null) {
            throw new COSEException("The 'crv' parameter is missing.");
        }
        if (obj instanceof Integer) {
            return ((Integer) obj).intValue();
        }
        if (obj instanceof String) {
            return COSEEllipticCurves.getValueByName((String) obj);
        }
        return 0;
    }

    private static BigInteger uncompressY(ECParameterSpec eCParameterSpec, BigInteger bigInteger, boolean z) throws COSEException {
        BigInteger p = ((ECFieldFp) eCParameterSpec.getCurve().getField()).getP();
        try {
            BigInteger[] sqrtAndRemainder = sqrtAndRemainder(bigInteger.pow(3).mod(p).subtract(THREE.multiply(bigInteger).mod(p)).add(eCParameterSpec.getCurve().getB()).mod(p));
            BigInteger mod = sqrtAndRemainder[0].mod(p);
            if (!BigInteger.ZERO.equals(sqrtAndRemainder[1])) {
                throw new COSEException("The compressed elliptic curve point is invalid.");
            }
            if (mod.mod(TWO).equals(BigInteger.ONE) != z) {
                mod = p.subtract(mod);
            }
            return mod;
        } catch (ArithmeticException e) {
            throw new COSEException("The compressed elliptic curve point is invalid.");
        }
    }

    private static BigInteger[] sqrtAndRemainder(BigInteger bigInteger) throws COSEException {
        if (sSqrtAndRemainder == null) {
            try {
                sSqrtAndRemainder = BigInteger.class.getMethod("sqrtAndRemainder", new Class[0]);
            } catch (Exception e) {
                throw new COSEException(String.format("Cannot compute the value of the compressed elliptic curve point: %s", e.getMessage()), e);
            }
        }
        try {
            return (BigInteger[]) sSqrtAndRemainder.invoke(bigInteger, new Object[0]);
        } catch (ArithmeticException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new COSEException(String.format("Cannot compute the value of the compressed elliptic curve point: %s", e3.getMessage()), e3);
        }
    }

    private static KeyFactory getKeyFactory() throws COSEException {
        try {
            return KeyFactory.getInstance("EC");
        } catch (NoSuchAlgorithmException e) {
            throw new COSEException("The key factory for EC is not available.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] sign(Key key, int i, byte[] bArr) throws COSEException {
        ECPrivateKey castByPrivateKey = castByPrivateKey(key, i);
        Signature signatureInstance = getSignatureInstance(i);
        initializeForSigning(signatureInstance, castByPrivateKey);
        supplyData(signatureInstance, bArr);
        return generateSignature(signatureInstance);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean verify(Key key, int i, byte[] bArr, byte[] bArr2) throws COSEException {
        ECPublicKey castByPublicKey = castByPublicKey(key, i);
        Signature signatureInstance = getSignatureInstance(i);
        initializeForVerification(signatureInstance, castByPublicKey);
        supplyData(signatureInstance, bArr);
        return verifySignature(signatureInstance, bArr2);
    }

    private static ECPrivateKey castByPrivateKey(Key key, int i) throws COSEException {
        if (key instanceof ECPrivateKey) {
            return (ECPrivateKey) key;
        }
        throw new COSEException(String.format("A key to sign data with the algorithm '%s' must implement the ECPrivateKey interface.", COSEAlgorithms.getNameByValue(i)));
    }

    private static ECPublicKey castByPublicKey(Key key, int i) throws COSEException {
        if (key instanceof ECPublicKey) {
            return (ECPublicKey) key;
        }
        throw new COSEException(String.format("A key to verify a signature signed with the algorithm '%s' must implement the ECPublicKey interface.", COSEAlgorithms.getNameByValue(i)));
    }

    private static Signature getSignatureInstance(int i) throws COSEException {
        String determineAlgorithmName = determineAlgorithmName(i);
        ensureProvider();
        try {
            return Signature.getInstance(determineAlgorithmName);
        } catch (NoSuchAlgorithmException e) {
            throw new COSEException(String.format("Failed to get a Signature instance for the algorithm '%s'.", determineAlgorithmName));
        }
    }

    private static String determineAlgorithmName(int i) throws COSEException {
        switch (i) {
            case COSEAlgorithms.ES512 /* -36 */:
                return beforeJre9 ? "SHA512withPLAIN-ECDSA" : "SHA512withECDSAinP1363Format";
            case COSEAlgorithms.ES384 /* -35 */:
                return beforeJre9 ? "SHA384withPLAIN-ECDSA" : "SHA384withECDSAinP1363Format";
            case -7:
                return beforeJre9 ? "SHA256withPLAIN-ECDSA" : "SHA256withECDSAinP1363Format";
            default:
                throw new COSEException(String.format("The ECDSA algorithm '%d' is not supported.", Integer.valueOf(i)));
        }
    }

    private static void ensureProvider() {
        if (beforeJre9 && !isBouncyCastleProviderLoaded) {
            for (Provider provider : Security.getProviders()) {
                if (provider instanceof BouncyCastleProvider) {
                    isBouncyCastleProviderLoaded = true;
                    return;
                }
            }
            Security.addProvider(new BouncyCastleProvider());
            isBouncyCastleProviderLoaded = true;
        }
    }

    private static void initializeForSigning(Signature signature, PrivateKey privateKey) throws COSEException {
        try {
            signature.initSign(privateKey);
        } catch (InvalidKeyException e) {
            throw new COSEException(String.format("Failed to initialize the Signature instance for signing: %s", e.getMessage()), e);
        }
    }

    private static void initializeForVerification(Signature signature, PublicKey publicKey) throws COSEException {
        try {
            signature.initVerify(publicKey);
        } catch (InvalidKeyException e) {
            throw new COSEException(String.format("Failed to initialize the Signature instance for verification: %s", e.getMessage()), e);
        }
    }

    private static void supplyData(Signature signature, byte[] bArr) throws COSEException {
        try {
            signature.update(bArr);
        } catch (SignatureException e) {
            throw new COSEException(String.format("Failed to supply the Signature instance with the data: %s", e.getMessage()), e);
        }
    }

    private static byte[] generateSignature(Signature signature) throws COSEException {
        try {
            return signature.sign();
        } catch (SignatureException e) {
            throw new COSEException(String.format("Failed to generate a signature: %s", e.getMessage()), e);
        }
    }

    private static boolean verifySignature(Signature signature, byte[] bArr) throws COSEException {
        try {
            return signature.verify(bArr);
        } catch (SignatureException e) {
            throw new COSEException(String.format("Failed to verify the signature: %s", e.getMessage()), e);
        }
    }
}
