package org.exploit.crypto.curve;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import java.util.Arrays;
import org.bouncycastle.asn1.sec.SECNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.asn1.x9.X9IntegerConverter;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.math.ec.ECAlgorithms;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.FixedPointCombMultiplier;
import org.bouncycastle.math.ec.custom.sec.SecP256K1Curve;
import org.exploit.crypto.constant.SupportedCurve;
import org.exploit.crypto.key.ECKeyPair;
import org.exploit.crypto.key.ECPrivateKey;
import org.exploit.crypto.key.ECPublicKey;
import org.exploit.crypto.key.secp256k1.Secp256k1KeyPair;
import org.exploit.crypto.key.secp256k1.Secp256k1PrivateKey;
import org.exploit.crypto.key.secp256k1.Secp256k1PublicKey;
import org.exploit.crypto.schnorr.TaprootSchnorrSigner;
import org.exploit.crypto.signature.ECDSASignature;
import org.exploit.crypto.signature.Signature;

/* loaded from: input_file:org/exploit/crypto/curve/Secp256k1Provider.class */
public class Secp256k1Provider implements CurveProvider {
    private static final KeyPairGenerator KEY_PAIR_GENERATOR;
    public static final ECDomainParameters CURVE;
    private static final BigInteger CURVE_ORDER;
    private static final BigInteger HALF_CURVE_ORDER;
    private static final String ALGORITHM = "ECDSA";
    private static final String CURVE_NAME = "secp256k1";
    private static final String PROVIDER = "BC";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/exploit/crypto/curve/Secp256k1Provider$SingletonHelper.class */
    public static class SingletonHelper {
        private static final Secp256k1Provider INSTANCE = new Secp256k1Provider();

        private SingletonHelper() {
        }
    }

    private Secp256k1Provider() {
    }

    public static Secp256k1Provider getInstance() {
        return SingletonHelper.INSTANCE;
    }

    @Override // org.exploit.crypto.curve.CurveProvider
    public boolean isValidPublicKey(byte[] bArr) {
        try {
            ECPoint decodePoint = CURVE.getCurve().decodePoint(bArr);
            if (!decodePoint.isInfinity()) {
                if (decodePoint.isValid()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.exploit.crypto.curve.CurveProvider
    public boolean isValidKeyPair(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey) {
        return getPublicKey(eCPrivateKey).hex().equalsIgnoreCase(eCPublicKey.hex());
    }

    @Override // org.exploit.crypto.curve.CurveProvider
    public TaprootSchnorrSigner schnorr() {
        return new TaprootSchnorrSigner();
    }

    @Override // org.exploit.crypto.curve.CurveProvider
    public Secp256k1KeyPair generateKeyPair() {
        KeyPair generateKeyPair = KEY_PAIR_GENERATOR.generateKeyPair();
        BCECPrivateKey bCECPrivateKey = (BCECPrivateKey) generateKeyPair.getPrivate();
        BCECPublicKey bCECPublicKey = (BCECPublicKey) generateKeyPair.getPublic();
        BigInteger d = bCECPrivateKey.getD();
        byte[] encoded = bCECPublicKey.getQ().getEncoded(false);
        return new Secp256k1KeyPair(Secp256k1PrivateKey.create(d), Secp256k1PublicKey.create(new BigInteger(1, Arrays.copyOfRange(encoded, 1, encoded.length))));
    }

    @Override // org.exploit.crypto.curve.CurveProvider
    public ECDSASignature sign(byte[] bArr, ECKeyPair eCKeyPair) {
        ECDSASigner eCDSASigner = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
        eCDSASigner.init(true, new ECPrivateKeyParameters(eCKeyPair.privateKey().toBigInt(), CURVE));
        BigInteger[] generateSignature = eCDSASigner.generateSignature(bArr);
        return normaliseSignature(generateSignature[0], generateSignature[1], eCKeyPair.publicKey(), bArr);
    }

    @Override // org.exploit.crypto.curve.CurveProvider
    public boolean verify(byte[] bArr, Signature signature, ECPublicKey eCPublicKey) {
        if (!(signature instanceof ECDSASignature)) {
            throw new IllegalArgumentException("Not ECDSA signature");
        }
        ECDSASignature eCDSASignature = (ECDSASignature) signature;
        ECDSASigner eCDSASigner = new ECDSASigner();
        byte[] bArr2 = {4};
        byte[] encoded = eCPublicKey.encoded();
        byte[] bArr3 = new byte[bArr2.length + encoded.length];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        System.arraycopy(encoded, 0, bArr3, bArr2.length, encoded.length);
        eCDSASigner.init(false, new ECPublicKeyParameters(CURVE.getCurve().decodePoint(bArr3), CURVE));
        try {
            return eCDSASigner.verifySignature(bArr, eCDSASignature.getR(), eCDSASignature.getS());
        } catch (NullPointerException e) {
            return false;
        }
    }

    @Override // org.exploit.crypto.curve.CurveProvider
    public Secp256k1PublicKey getPublicKey(ECPrivateKey eCPrivateKey) {
        BigInteger bigInt = eCPrivateKey.toBigInt();
        if (bigInt.bitLength() > CURVE.getN().bitLength()) {
            bigInt = bigInt.mod(CURVE.getN());
        }
        return Secp256k1PublicKey.create(Arrays.copyOfRange(new FixedPointCombMultiplier().multiply(CURVE.getG(), bigInt).getEncoded(false), 1, 65));
    }

    @Override // org.exploit.crypto.curve.CurveProvider
    public SupportedCurve type() {
        return SupportedCurve.SECP256K1;
    }

    public static ECDSASignature normaliseSignature(BigInteger bigInteger, BigInteger bigInteger2, ECPublicKey eCPublicKey, byte[] bArr) {
        BigInteger bigInteger3 = bigInteger2;
        if (bigInteger3.compareTo(HALF_CURVE_ORDER) > 0) {
            bigInteger3 = CURVE.getN().subtract(bigInteger3);
        }
        int i = -1;
        BigInteger bigInt = eCPublicKey.toBigInt();
        int i2 = 0;
        while (true) {
            if (i2 < 4) {
                BigInteger recoverFromSignature = recoverFromSignature(i2, bigInteger, bigInteger3, bArr);
                if (recoverFromSignature != null && recoverFromSignature.equals(bigInt)) {
                    i = i2;
                    break;
                }
                i2++;
            } else {
                break;
            }
        }
        if (i == -1) {
            throw new IllegalStateException("Could not construct a recoverable key. This should never happen.");
        }
        return new ECDSASignature(bigInteger, bigInteger3, (byte) i);
    }

    private static BigInteger recoverFromSignature(int i, BigInteger bigInteger, BigInteger bigInteger2, byte[] bArr) {
        BigInteger n = CURVE.getN();
        BigInteger add = bigInteger.add(BigInteger.valueOf(i / 2).multiply(n));
        if (add.compareTo(SecP256K1Curve.q) >= 0) {
            return null;
        }
        ECPoint decompressKey = decompressKey(add, (i & 1) == 1);
        if (!decompressKey.multiply(n).isInfinity()) {
            return null;
        }
        BigInteger mod = BigInteger.ZERO.subtract(new BigInteger(1, bArr)).mod(n);
        BigInteger modInverse = bigInteger.modInverse(n);
        ECPoint sumOfTwoMultiplies = ECAlgorithms.sumOfTwoMultiplies(CURVE.getG(), modInverse.multiply(mod).mod(n), decompressKey, modInverse.multiply(bigInteger2).mod(n));
        if (sumOfTwoMultiplies.isInfinity()) {
            return null;
        }
        byte[] encoded = sumOfTwoMultiplies.getEncoded(false);
        return new BigInteger(1, Arrays.copyOfRange(encoded, 1, encoded.length));
    }

    private static ECPoint decompressKey(BigInteger bigInteger, boolean z) {
        X9IntegerConverter x9IntegerConverter = new X9IntegerConverter();
        byte[] integerToBytes = x9IntegerConverter.integerToBytes(bigInteger, 1 + x9IntegerConverter.getByteLength(CURVE.getCurve()));
        integerToBytes[0] = (byte) (z ? 3 : 2);
        return CURVE.getCurve().decodePoint(integerToBytes);
    }

    private static ECDomainParameters initializeCurve() {
        X9ECParameters byName = SECNamedCurves.getByName(CURVE_NAME);
        return new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN(), byName.getH());
    }

    private static KeyPairGenerator initializeKeyPairGenerator() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM, "BC");
            keyPairGenerator.initialize(new ECGenParameterSpec(CURVE_NAME));
            return keyPairGenerator;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static BigInteger getCurveOrder() {
        return CURVE_ORDER;
    }

    public static BigInteger getHalfCurveOrder() {
        return HALF_CURVE_ORDER;
    }

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        CURVE = initializeCurve();
        CURVE_ORDER = CURVE.getN();
        HALF_CURVE_ORDER = CURVE_ORDER.shiftRight(1);
        KEY_PAIR_GENERATOR = initializeKeyPairGenerator();
    }
}
