package com.tencent.kona.crypto.provider;

import com.tencent.kona.crypto.CryptoUtils;
import com.tencent.kona.crypto.spec.SM2ParameterSpec;
import com.tencent.kona.crypto.spec.SM2SignatureParameterSpec;
import com.tencent.kona.crypto.util.Constants;
import com.tencent.kona.sun.security.ec.ECOperations;
import com.tencent.kona.sun.security.ec.point.MutablePoint;
import com.tencent.kona.sun.security.jca.JCAUtil;
import com.tencent.kona.sun.security.util.ArrayUtil;
import com.tencent.kona.sun.security.util.DerInputStream;
import com.tencent.kona.sun.security.util.DerOutputStream;
import com.tencent.kona.sun.security.util.DerValue;
import com.tencent.kona.sun.security.util.ECUtil;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import java.util.Arrays;
import java.util.Objects;

/* loaded from: classes3.dex */
public class SM2Signature extends SignatureSpi {
    private static final byte[] A;
    private static final byte[] B;
    private static final byte[] GEN_X;
    private static final byte[] GEN_Y;
    private static final String PARAM_ID = "id";
    private static final String PARAM_PUBLIC_KEY = "publicKey";
    private byte[] id;
    private SM2PrivateKey privateKey;
    private SM2PublicKey publicKey;
    private SecureRandom random;
    private final MessageDigest sm3MD = new SM3MessageDigest();

    /* renamed from: z, reason: collision with root package name */
    private byte[] f30594z;

    static {
        EllipticCurve ellipticCurve = SM2ParameterSpec.CURVE;
        A = CryptoUtils.bigIntToBytes32(ellipticCurve.getA());
        B = CryptoUtils.bigIntToBytes32(ellipticCurve.getB());
        ECPoint eCPoint = SM2ParameterSpec.GENERATOR;
        GEN_X = CryptoUtils.bigIntToBytes32(eCPoint.getAffineX());
        GEN_Y = CryptoUtils.bigIntToBytes32(eCPoint.getAffineY());
    }

    private BigInteger[] decodeSignature(byte[] bArr) {
        try {
            DerInputStream derInputStream = new DerInputStream(bArr, 0, bArr.length, false);
            DerValue[] sequence = derInputStream.getSequence(2);
            if (sequence.length == 2 && derInputStream.available() == 0) {
                return new BigInteger[]{sequence[0].getPositiveBigInteger(), sequence[1].getPositiveBigInteger()};
            }
            throw new IOException("Invalid encoding for signature");
        } catch (Exception e8) {
            throw new SignatureException("Could not decode signature", e8);
        }
    }

    private byte[] encodeSignature(BigInteger bigInteger, BigInteger bigInteger2) {
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            derOutputStream.putInteger(bigInteger);
            derOutputStream.putInteger(bigInteger2);
            return new DerValue((byte) 48, derOutputStream.toByteArray()).toByteArray();
        } catch (Exception e8) {
            throw new SignatureException("Could not encode signature", e8);
        }
    }

    private byte[] getDigestValue() {
        byte[] digest = this.sm3MD.digest();
        resetDigest();
        return digest;
    }

    private static boolean isParamId(String str) {
        return "id".equalsIgnoreCase(str);
    }

    private static boolean isParamPublicKey(String str) {
        return PARAM_PUBLIC_KEY.equalsIgnoreCase(str);
    }

    private byte[] nextK() {
        return ECOperations.SM2OPS.generatePrivateScalar(this.random);
    }

    private void resetDigest() {
        this.sm3MD.reset();
        if (this.f30594z == null) {
            this.f30594z = z();
        }
        this.sm3MD.update(this.f30594z);
    }

    private byte[] z() {
        SM3MessageDigest sM3MessageDigest = new SM3MessageDigest();
        byte[] bArr = this.id;
        if (bArr == null) {
            bArr = Constants.defaultId();
        }
        int length = bArr.length << 3;
        sM3MessageDigest.update((byte) (length >>> 8));
        sM3MessageDigest.update((byte) length);
        sM3MessageDigest.update(bArr);
        sM3MessageDigest.update(A);
        sM3MessageDigest.update(B);
        sM3MessageDigest.update(GEN_X);
        sM3MessageDigest.update(GEN_Y);
        ECPoint w8 = this.publicKey.getW();
        sM3MessageDigest.update(CryptoUtils.bigIntToBytes32(w8.getAffineX()));
        sM3MessageDigest.update(CryptoUtils.bigIntToBytes32(w8.getAffineY()));
        return sM3MessageDigest.digest();
    }

    @Override // java.security.SignatureSpi
    public Object engineGetParameter(String str) {
        if (isParamId(str)) {
            byte[] bArr = this.id;
            return bArr == null ? Constants.defaultId() : bArr.clone();
        }
        if (isParamPublicKey(str)) {
            return this.publicKey;
        }
        throw new InvalidParameterException("Only support id and publicKey: " + str);
    }

    @Override // java.security.SignatureSpi
    public void engineInitSign(PrivateKey privateKey) {
        engineInitSign(privateKey, null);
    }

    @Override // java.security.SignatureSpi
    public void engineInitSign(PrivateKey privateKey, SecureRandom secureRandom) {
        this.privateKey = null;
        this.f30594z = null;
        if (!(privateKey instanceof ECPrivateKey)) {
            throw new InvalidKeyException("Only ECPrivateKey accepted!");
        }
        ECPrivateKey eCPrivateKey = (ECPrivateKey) privateKey;
        BigInteger s8 = eCPrivateKey.getS();
        if (s8.compareTo(BigInteger.ZERO) <= 0 || s8.compareTo(SM2ParameterSpec.ORDER.subtract(BigInteger.ONE)) >= 0) {
            throw new InvalidKeyException("The private key must be within the range [1, n - 2]");
        }
        this.privateKey = new SM2PrivateKey(eCPrivateKey);
        if (secureRandom == null) {
            secureRandom = JCAUtil.getSecureRandom();
        }
        this.random = secureRandom;
        if (this.publicKey == null) {
            this.publicKey = new SM2PublicKey(ECOperations.toECPoint(ECOperations.SM2OPS.multiply(SM2ParameterSpec.GENERATOR, CryptoUtils.toByteArrayLE(eCPrivateKey.getS()))));
        }
        resetDigest();
    }

    @Override // java.security.SignatureSpi
    public void engineInitVerify(PublicKey publicKey) {
        this.privateKey = null;
        this.publicKey = null;
        this.f30594z = null;
        if (!(publicKey instanceof ECPublicKey)) {
            throw new InvalidKeyException("Only ECPublicKey accepted!");
        }
        this.publicKey = new SM2PublicKey((ECPublicKey) publicKey);
        resetDigest();
    }

    @Override // java.security.SignatureSpi
    public void engineSetParameter(String str, Object obj) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(obj);
        if (isParamId(str)) {
            this.id = (byte[]) ((byte[]) obj).clone();
            return;
        }
        if (!isParamPublicKey(str)) {
            throw new InvalidParameterException("unsupported parameter: " + str);
        }
        byte[] encoded = new SM2PublicKey((ECPublicKey) obj).getEncoded();
        if (encoded.length == 0) {
            throw new InvalidParameterException("Invalid public key of parameter");
        }
        SM2PublicKey sM2PublicKey = this.publicKey;
        if (sM2PublicKey != null && !Arrays.equals(sM2PublicKey.getEncoded(), encoded)) {
            throw new InvalidParameterException("public key of parameter is not match");
        }
    }

    @Override // java.security.SignatureSpi
    public void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) {
        if (!(algorithmParameterSpec instanceof SM2SignatureParameterSpec)) {
            throw new InvalidAlgorithmParameterException("Only accept SM2SignatureParameterSpec");
        }
        SM2SignatureParameterSpec sM2SignatureParameterSpec = (SM2SignatureParameterSpec) algorithmParameterSpec;
        this.publicKey = new SM2PublicKey(sM2SignatureParameterSpec.getPublicKey());
        this.id = sM2SignatureParameterSpec.getId();
    }

    @Override // java.security.SignatureSpi
    public byte[] engineSign() {
        SM2PrivateKey sM2PrivateKey = this.privateKey;
        if (sM2PrivateKey == null) {
            throw new SignatureException("Private Key not initialized");
        }
        BigInteger s8 = sM2PrivateKey.getS();
        BigInteger bigInteger = new BigInteger(1, getDigestValue());
        while (true) {
            byte[] nextK = nextK();
            MutablePoint multiply = ECOperations.SM2OPS.multiply(SM2ParameterSpec.GENERATOR, nextK);
            ArrayUtil.reverse(nextK);
            BigInteger bigInteger2 = new BigInteger(1, nextK);
            BigInteger add = bigInteger.add(multiply.asAffine().toECPoint().getAffineX());
            BigInteger bigInteger3 = SM2ParameterSpec.ORDER;
            BigInteger mod = add.mod(bigInteger3);
            BigInteger bigInteger4 = BigInteger.ZERO;
            if (!mod.equals(bigInteger4) && !mod.add(bigInteger2).equals(bigInteger3)) {
                BigInteger mod2 = s8.add(BigInteger.ONE).modInverse(bigInteger3).multiply(bigInteger2.subtract(mod.multiply(s8)).mod(bigInteger3)).mod(bigInteger3);
                if (!mod2.equals(bigInteger4)) {
                    return encodeSignature(mod, mod2);
                }
            }
        }
    }

    @Override // java.security.SignatureSpi
    public void engineUpdate(byte b9) {
        this.sm3MD.update(b9);
    }

    @Override // java.security.SignatureSpi
    public void engineUpdate(ByteBuffer byteBuffer) {
        if (byteBuffer.remaining() <= 0) {
            return;
        }
        this.sm3MD.update(byteBuffer);
    }

    @Override // java.security.SignatureSpi
    public void engineUpdate(byte[] bArr, int i8, int i9) {
        this.sm3MD.update(bArr, i8, i9);
    }

    @Override // java.security.SignatureSpi
    public boolean engineVerify(byte[] bArr) {
        SM2PublicKey sM2PublicKey = this.publicKey;
        if (sM2PublicKey == null) {
            throw new SignatureException("Public Key not initialized");
        }
        ECPoint w8 = sM2PublicKey.getW();
        try {
            ECUtil.validatePublicKey(w8, SM2ParameterSpec.instance());
            BigInteger[] decodeSignature = decodeSignature(bArr);
            BigInteger bigInteger = decodeSignature[0];
            BigInteger bigInteger2 = decodeSignature[1];
            BigInteger bigInteger3 = BigInteger.ONE;
            if (bigInteger.compareTo(bigInteger3) >= 0) {
                BigInteger bigInteger4 = SM2ParameterSpec.ORDER;
                if (bigInteger.compareTo(bigInteger4) < 0 && bigInteger2.compareTo(bigInteger3) >= 0 && bigInteger2.compareTo(bigInteger4) < 0) {
                    BigInteger bigInteger5 = new BigInteger(1, getDigestValue());
                    BigInteger mod = bigInteger.add(bigInteger2).mod(bigInteger4);
                    if (mod.equals(BigInteger.ZERO)) {
                        return false;
                    }
                    ECOperations eCOperations = ECOperations.SM2OPS;
                    MutablePoint multiply = eCOperations.multiply(SM2ParameterSpec.GENERATOR, CryptoUtils.toByteArrayLE(bigInteger2));
                    eCOperations.setSum(multiply, eCOperations.multiply(w8, CryptoUtils.toByteArrayLE(mod)).asAffine());
                    ECPoint eCPoint = ECOperations.toECPoint(multiply);
                    if (eCPoint.equals(ECOperations.INFINITY)) {
                        return false;
                    }
                    return bigInteger5.add(eCPoint.getAffineX()).mod(bigInteger4).equals(bigInteger);
                }
            }
        } catch (InvalidKeyException unused) {
        }
        return false;
    }
}
