package freenet.crypt;

import freenet.node.FSParseException;
import freenet.node.NodeInitException;
import freenet.support.Base64;
import freenet.support.Logger;
import freenet.support.SimpleFieldSet;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;

/* loaded from: input_file:freenet/crypt/ECDSA.class */
public class ECDSA {
    public final Curves curve;
    private final KeyPair key;

    /* loaded from: input_file:freenet/crypt/ECDSA$Curves.class */
    public enum Curves {
        P256("secp256r1", "SHA256withECDSA", 91, 72),
        P384("secp384r1", "SHA384withECDSA", 120, 104),
        P521("secp521r1", "SHA512withECDSA", 158, 139);

        public final ECGenParameterSpec spec;
        private final KeyPairGenerator keygen;
        public final String defaultHashAlgorithm;
        public final int modulusSize;
        public final int maxSigSize;
        protected final Provider kgProvider;
        protected final Provider kfProvider;
        protected final Provider sigProvider;

        private static KeyPair selftest(KeyPairGenerator keyPairGenerator, KeyFactory keyFactory, int i) throws InvalidKeySpecException {
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            PublicKey publicKey = generateKeyPair.getPublic();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            byte[] encoded = publicKey.getEncoded();
            byte[] encoded2 = privateKey.getEncoded();
            if (encoded.length > i || encoded.length == 0) {
                throw new Error("Unexpected pubkey length: " + encoded.length + "!=" + i);
            }
            if (!Arrays.equals(keyFactory.generatePublic(new X509EncodedKeySpec(encoded)).getEncoded(), encoded)) {
                throw new Error("Pubkey encoding mismatch");
            }
            keyFactory.generatePrivate(new PKCS8EncodedKeySpec(encoded2));
            return generateKeyPair;
        }

        private static void selftest_sign(KeyPair keyPair, Signature signature) throws SignatureException, InvalidKeyException {
            signature.initSign(keyPair.getPrivate());
            byte[] sign = signature.sign();
            signature.initVerify(keyPair.getPublic());
            if (!signature.verify(sign)) {
                throw new Error("Verification failed");
            }
        }

        Curves(String str, String str2, int i, int i2) {
            KeyPair selftest;
            this.spec = new ECGenParameterSpec(str);
            Signature signature = null;
            KeyFactory keyFactory = null;
            KeyPairGenerator keyPairGenerator = null;
            JceLoader.BouncyCastle.toString();
            try {
                try {
                    keyPairGenerator = KeyPairGenerator.getInstance("EC");
                    keyFactory = KeyFactory.getInstance("EC");
                    keyPairGenerator.initialize(this.spec);
                    selftest = selftest(keyPairGenerator, keyFactory, i);
                } catch (Throwable th) {
                    Logger.warning(this, "default KeyPairGenerator provider (" + (keyPairGenerator != null ? keyPairGenerator.getProvider() : null) + ") is broken, falling back to BouncyCastle", th);
                    keyPairGenerator = KeyPairGenerator.getInstance("EC", JceLoader.BouncyCastle);
                    keyFactory = KeyFactory.getInstance("EC", JceLoader.BouncyCastle);
                    keyPairGenerator.initialize(this.spec);
                    selftest = selftest(keyPairGenerator, keyFactory, i);
                }
                try {
                    signature = Signature.getInstance(str2);
                    selftest_sign(selftest, signature);
                } catch (Throwable th2) {
                    Logger.warning(this, "default Signature provider (" + (signature != null ? signature.getProvider() : null) + ") is broken or incompatible with KeyPairGenerator, falling back to BouncyCastle", th2);
                    keyPairGenerator = KeyPairGenerator.getInstance("EC", JceLoader.BouncyCastle);
                    keyFactory = KeyFactory.getInstance("EC", JceLoader.BouncyCastle);
                    keyPairGenerator.initialize(this.spec);
                    KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                    signature = Signature.getInstance(str2, JceLoader.BouncyCastle);
                    selftest_sign(generateKeyPair, signature);
                }
            } catch (InvalidAlgorithmParameterException e) {
                Logger.error((Class<?>) ECDSA.class, "InvalidAlgorithmParameterException : " + e.getMessage(), (Throwable) e);
                e.printStackTrace();
            } catch (InvalidKeyException e2) {
                throw new Error(e2);
            } catch (NoSuchAlgorithmException e3) {
                Logger.error((Class<?>) ECDSA.class, "NoSuchAlgorithmException : " + e3.getMessage(), (Throwable) e3);
                e3.printStackTrace();
            } catch (SignatureException e4) {
                throw new Error(e4);
            } catch (InvalidKeySpecException e5) {
                throw new Error(e5);
            }
            this.kgProvider = keyPairGenerator.getProvider();
            this.kfProvider = keyFactory.getProvider();
            this.sigProvider = signature.getProvider();
            this.keygen = keyPairGenerator;
            this.defaultHashAlgorithm = str2;
            this.modulusSize = i;
            this.maxSigSize = i2;
            Logger.normal(this, str + ": using " + this.kgProvider + " for KeyPairGenerator(EC)");
            Logger.normal(this, str + ": using " + this.kfProvider + " for KeyFactory(EC)");
            Logger.normal(this, str + ": using " + this.sigProvider + " for Signature(" + str2 + ")");
        }

        public synchronized KeyPair generateKeyPair() {
            return this.keygen.generateKeyPair();
        }

        public SimpleFieldSet getSFS(ECPublicKey eCPublicKey) {
            SimpleFieldSet simpleFieldSet = new SimpleFieldSet(true);
            SimpleFieldSet simpleFieldSet2 = new SimpleFieldSet(true);
            simpleFieldSet2.putSingle("pub", Base64.encode(eCPublicKey.getEncoded()));
            simpleFieldSet.put(name(), simpleFieldSet2);
            return simpleFieldSet;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.spec.getName();
        }
    }

    public ECDSA(Curves curves) {
        this.curve = curves;
        this.key = curves.keygen.generateKeyPair();
    }

    public ECDSA(SimpleFieldSet simpleFieldSet, Curves curves) throws FSParseException {
        try {
            byte[] decode = Base64.decode(simpleFieldSet.get("pub"));
            if (decode.length > curves.modulusSize) {
                throw new InvalidKeyException();
            }
            this.key = new KeyPair(getPublicKey(decode, curves), (ECPrivateKey) KeyFactory.getInstance("EC", curves.kfProvider).generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(simpleFieldSet.get("pri")))));
            this.curve = curves;
        } catch (Exception e) {
            throw new FSParseException(e);
        }
    }

    public byte[] sign(byte[]... bArr) {
        byte[] bArr2 = null;
        while (true) {
            try {
                Signature signature = Signature.getInstance(this.curve.defaultHashAlgorithm.replace("ECDSA", "ECDDSA"), JceLoader.BouncyCastle);
                signature.initSign(this.key.getPrivate());
                for (byte[] bArr3 : bArr) {
                    signature.update(bArr3);
                }
                bArr2 = signature.sign();
                if (bArr2.length <= this.curve.maxSigSize) {
                    break;
                }
                Logger.error(this, "DER encoded signature used " + bArr2.length + " bytes, more than expected " + this.curve.maxSigSize + " - re-signing...");
            } catch (InvalidKeyException e) {
                Logger.error(this, "InvalidKeyException : " + e.getMessage(), e);
                e.printStackTrace();
            } catch (NoSuchAlgorithmException e2) {
                Logger.error(this, "NoSuchAlgorithmException : " + e2.getMessage(), e2);
                e2.printStackTrace();
            } catch (SignatureException e3) {
                Logger.error(this, "SignatureException : " + e3.getMessage(), e3);
                e3.printStackTrace();
            }
        }
        return bArr2;
    }

    public byte[] signToNetworkFormat(byte[]... bArr) {
        byte[] sign = sign(bArr);
        int i = this.curve.maxSigSize;
        if (sign.length != i) {
            byte[] bArr2 = new byte[i];
            if (sign.length >= i) {
                throw new IllegalStateException("Too long!");
            }
            System.arraycopy(sign, 0, bArr2, 0, sign.length);
            sign = bArr2;
        }
        return sign;
    }

    public boolean verify(byte[] bArr, byte[]... bArr2) {
        return verify(this.curve, getPublicKey(), bArr, bArr2);
    }

    public boolean verify(byte[] bArr, int i, int i2, byte[]... bArr2) {
        return verify(this.curve, getPublicKey(), bArr, i, i2, bArr2);
    }

    public static boolean verify(Curves curves, ECPublicKey eCPublicKey, byte[] bArr, byte[]... bArr2) {
        return verify(curves, eCPublicKey, bArr, 0, bArr.length, bArr2);
    }

    private static int actualSignatureLength(byte[] bArr, int i, int i2) throws SignatureException {
        if (i2 < 2 || bArr[i] != 48) {
            throw new SignatureException("Not a sequence");
        }
        int i3 = bArr[1 + i] & NodeInitException.EXIT_CRAPPY_JVM;
        if (i3 == 128) {
            throw new SignatureException("Indefinite length");
        }
        if (i3 <= 127) {
            return i3 + 2;
        }
        int i4 = i3 & 127;
        if (i4 > 4) {
            throw new SignatureException("Header too big");
        }
        if (i2 < i4 + 2) {
            throw new SignatureException("Header out of bounds");
        }
        int i5 = 0;
        for (int i6 = 0; i6 < i4; i6++) {
            i5 = (i5 << 8) + (bArr[i6 + i + 2] & NodeInitException.EXIT_CRAPPY_JVM);
        }
        if (i5 < 0) {
            throw new SignatureException("Negative sequence length");
        }
        if (i5 > (i2 - 2) - i4) {
            throw new SignatureException("Sequence out of bounds");
        }
        return i5 + 2 + i4;
    }

    public static boolean verify(Curves curves, ECPublicKey eCPublicKey, byte[] bArr, int i, int i2, byte[]... bArr2) {
        if (eCPublicKey == null || curves == null || bArr == null || bArr2 == null) {
            return false;
        }
        boolean z = false;
        try {
            Signature signature = Signature.getInstance(curves.defaultHashAlgorithm, curves.sigProvider);
            signature.initVerify(eCPublicKey);
            for (byte[] bArr3 : bArr2) {
                signature.update(bArr3);
            }
            z = signature.verify(bArr, i, actualSignatureLength(bArr, i, i2));
        } catch (InvalidKeyException e) {
            Logger.error((Class<?>) ECDSA.class, "InvalidKeyException : " + e.getMessage(), (Throwable) e);
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            Logger.error((Class<?>) ECDSA.class, "NoSuchAlgorithmException : " + e2.getMessage(), (Throwable) e2);
            e2.printStackTrace();
        } catch (SignatureException e3) {
            Logger.error((Class<?>) ECDSA.class, "SignatureException : " + e3.getMessage(), (Throwable) e3);
            e3.printStackTrace();
        }
        return z;
    }

    public ECPublicKey getPublicKey() {
        return (ECPublicKey) this.key.getPublic();
    }

    public static ECPublicKey getPublicKey(byte[] bArr, Curves curves) {
        ECPublicKey eCPublicKey = null;
        try {
            eCPublicKey = (ECPublicKey) KeyFactory.getInstance("EC", curves.kfProvider).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException e) {
            Logger.error((Class<?>) ECDSA.class, "NoSuchAlgorithmException : " + e.getMessage(), (Throwable) e);
            e.printStackTrace();
        } catch (InvalidKeySpecException e2) {
            Logger.error((Class<?>) ECDSA.class, "InvalidKeySpecException : " + e2.getMessage(), (Throwable) e2);
            e2.printStackTrace();
        }
        return eCPublicKey;
    }

    public SimpleFieldSet asFieldSet(boolean z) {
        SimpleFieldSet simpleFieldSet = new SimpleFieldSet(true);
        SimpleFieldSet simpleFieldSet2 = new SimpleFieldSet(true);
        simpleFieldSet2.putSingle("pub", Base64.encode(this.key.getPublic().getEncoded()));
        if (z) {
            simpleFieldSet2.putSingle("pri", Base64.encode(this.key.getPrivate().getEncoded()));
        }
        simpleFieldSet.put(this.curve.name(), simpleFieldSet2);
        return simpleFieldSet;
    }
}
