package com.g42cloud.sdk.core.auth;

import com.g42cloud.sdk.core.Constants;
import com.g42cloud.sdk.core.exception.SdkException;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.Security;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECParameterSpec;

/* loaded from: input_file:com/g42cloud/sdk/core/auth/P256SHA256Signer.class */
public class P256SHA256Signer extends AKSKSigner {
    private static volatile P256SHA256Signer instance;
    protected ECNamedCurveParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("P-256");
    protected BigInteger nMinusTwo = this.ecSpec.getN().subtract(BigInteger.valueOf(2));

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/g42cloud/sdk/core/auth/P256SHA256Signer$P256SigningKey.class */
    public class P256SigningKey implements ISigningKey {
        protected final ECPrivateKeyParameters privateKeyParameters;
        protected final ECPublicKeyParameters publicKeyParameters;

        /* JADX INFO: Access modifiers changed from: package-private */
        public P256SigningKey(ECPrivateKeyParameters eCPrivateKeyParameters, ECPublicKeyParameters eCPublicKeyParameters) {
            this.privateKeyParameters = eCPrivateKeyParameters;
            this.publicKeyParameters = eCPublicKeyParameters;
        }

        @Override // com.g42cloud.sdk.core.auth.ISigningKey
        public byte[] sign(byte[] bArr) {
            ECDSASigner eCDSASigner = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
            eCDSASigner.init(true, this.privateKeyParameters);
            BigInteger[] generateSignature = eCDSASigner.generateSignature(P256SHA256Signer.this.hasher.hash(bArr));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new ASN1Integer(generateSignature[0]));
            aSN1EncodableVector.add(new ASN1Integer(generateSignature[1]));
            try {
                return new DERSequence(aSN1EncodableVector).getEncoded();
            } catch (IOException e) {
                throw new SdkException("failed to encode data to ASN.1-DER format", e);
            }
        }

        @Override // com.g42cloud.sdk.core.auth.ISigningKey
        public boolean verify(byte[] bArr, byte[] bArr2) {
            try {
                ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
                Throwable th = null;
                try {
                    try {
                        ASN1Sequence readObject = aSN1InputStream.readObject();
                        BigInteger value = readObject.getObjectAt(0).getValue();
                        BigInteger value2 = readObject.getObjectAt(1).getValue();
                        ECDSASigner eCDSASigner = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
                        eCDSASigner.init(false, this.publicKeyParameters);
                        boolean verifySignature = eCDSASigner.verifySignature(P256SHA256Signer.this.hasher.hash(bArr2), value, value2);
                        if (aSN1InputStream != null) {
                            if (0 != 0) {
                                try {
                                    aSN1InputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                aSN1InputStream.close();
                            }
                        }
                        return verifySignature;
                    } finally {
                    }
                } finally {
                }
            } catch (IOException | ClassCastException e) {
                return false;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public P256SHA256Signer() {
        this.algorithm = Constants.SDK_ECDSA_P256_SHA256;
    }

    public static P256SHA256Signer getInstance() {
        P256SHA256Signer p256SHA256Signer;
        if (Objects.nonNull(instance)) {
            return instance;
        }
        synchronized (P256SHA256Signer.class) {
            if (instance == null) {
                Security.addProvider(new BouncyCastleProvider());
                instance = new P256SHA256Signer();
            }
            p256SHA256Signer = instance;
        }
        return p256SHA256Signer;
    }

    @Override // com.g42cloud.sdk.core.auth.AKSKSigner
    public <T extends AbstractCredentials<T>> ISigningKey getSigningKey(T t) {
        return generateSigningKey(derivePrivateInt(t));
    }

    protected ISigningKey generateSigningKey(BigInteger bigInteger) {
        ECParameterSpec eCParameterSpec = new ECParameterSpec(this.ecSpec.getCurve(), this.ecSpec.getG(), this.ecSpec.getN(), this.ecSpec.getH(), this.ecSpec.getSeed());
        ECDomainParameters eCDomainParameters = new ECDomainParameters(eCParameterSpec.getCurve(), eCParameterSpec.getG(), eCParameterSpec.getN(), eCParameterSpec.getH());
        return initSigningKey(new ECPrivateKeyParameters(bigInteger, eCDomainParameters), new ECPublicKeyParameters(this.ecSpec.getCurve().getMultiplier().multiply(this.ecSpec.getG(), bigInteger), eCDomainParameters));
    }

    protected ISigningKey initSigningKey(ECPrivateKeyParameters eCPrivateKeyParameters, ECPublicKeyParameters eCPublicKeyParameters) {
        return new P256SigningKey(eCPrivateKeyParameters, eCPublicKeyParameters);
    }

    private <T extends AbstractCredentials<T>> BigInteger derivePrivateInt(T t) {
        ByteBuffer allocate = ByteBuffer.allocate(21);
        ByteBuffer allocate2 = ByteBuffer.allocate(this.algorithm.length() + 30);
        for (int i = 0; i <= 255; i++) {
            allocate.clear();
            allocate2.clear();
            allocate.put(t.getAk().getBytes(StandardCharsets.UTF_8));
            allocate.put((byte) i);
            allocate2.put(new byte[]{0, 0, 0, 1});
            allocate2.put(this.algorithm.getBytes(StandardCharsets.UTF_8));
            allocate2.put((byte) 0);
            allocate2.put(allocate.array(), 0, allocate.position());
            allocate2.put(new byte[]{0, 0, 1, 0});
            BigInteger bigInteger = new BigInteger(1, this.hasher.hmac(allocate2.array(), t.getSk().getBytes(StandardCharsets.UTF_8)));
            if (bigInteger.compareTo(this.nMinusTwo) <= 0) {
                return bigInteger.add(BigInteger.ONE);
            }
        }
        throw new SdkException("derive candidate failed, counter out of range");
    }
}
