package net.corda.core.crypto;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.TypeCastException;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.JvmOverloads;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.ranges.RangesKt;
import net.corda.core.Utils;
import net.i2p.crypto.eddsa.EdDSAEngine;
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.crypto.eddsa.EdDSASecurityProvider;
import net.i2p.crypto.eddsa.math.GroupElement;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
import org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey;
import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.math.ec.ECConstants;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.FixedPointCombMultiplier;
import org.bouncycastle.math.ec.WNafUtil;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
import org.bouncycastle.pqc.jcajce.provider.sphincs.BCSphincs256PrivateKey;
import org.bouncycastle.pqc.jcajce.provider.sphincs.BCSphincs256PublicKey;
import org.bouncycastle.pqc.jcajce.spec.SPHINCS256KeyGenParameterSpec;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import sun.security.pkcs.PKCS8Key;
import sun.security.util.DerValue;
import sun.security.x509.X509Key;

/* compiled from: Crypto.kt */
@Metadata(mv = {1, 1, 5}, bv = {1, 0, 1}, k = 1, d1 = {"��¼\u0001\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\r\n\u0002\u0010$\n\u0002\u0010\u000e\n\u0002\u0010 \n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0005\bÆ\u0002\u0018��2\u00020\u0001:\u0001`B\u0007\b\u0002¢\u0006\u0002\u0010\u0002JN\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010 \u001a\u00020!2\u0006\u0010\"\u001a\u00020\u001f2\u0006\u0010#\u001a\u00020$2\u0012\u0010%\u001a\u000e\u0012\u0004\u0012\u00020'\u0012\u0004\u0012\u00020'0&2\n\b\u0002\u0010(\u001a\u0004\u0018\u00010)JF\u0010\u001a\u001a\u00020*2\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010\"\u001a\u00020\u001f2\u0006\u0010#\u001a\u00020$2\u0012\u0010%\u001a\u000e\u0012\u0004\u0012\u00020'\u0012\u0004\u0012\u00020'0&2\n\b\u0002\u0010(\u001a\u0004\u0018\u00010)JN\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010+\u001a\u00020,2\u0006\u0010\"\u001a\u00020\u001f2\u0006\u0010#\u001a\u00020$2\u0012\u0010%\u001a\u000e\u0012\u0004\u0012\u00020'\u0012\u0004\u0012\u00020'0&2\n\b\u0002\u0010(\u001a\u0004\u0018\u00010)J\u001e\u0010-\u001a\u00020.2\u0006\u0010\"\u001a\u00020\u001f2\u0006\u0010/\u001a\u00020!2\u0006\u00100\u001a\u00020\u0004J\u0010\u00101\u001a\u0002022\u0006\u00103\u001a\u000204H\u0007J\u0018\u00101\u001a\u0002022\u0006\u00105\u001a\u00020\u00132\u0006\u00103\u001a\u000204H\u0007J\u0018\u00101\u001a\u0002022\u0006\u00100\u001a\u00020\u00042\u0006\u00103\u001a\u000204H\u0007J\u0010\u00106\u001a\u00020$2\u0006\u00103\u001a\u000204H\u0007J\u0018\u00106\u001a\u00020$2\u0006\u00105\u001a\u00020\u00132\u0006\u00103\u001a\u000204H\u0007J\u0018\u00106\u001a\u00020$2\u0006\u00100\u001a\u00020\u00042\u0006\u00103\u001a\u000204H\u0007J\u0010\u00107\u001a\u00020!2\u0006\u00108\u001a\u000209H\u0002J\u0018\u0010:\u001a\u0002042\u0006\u0010;\u001a\u0002022\u0006\u0010<\u001a\u000204H\u0002J\u0016\u0010=\u001a\u00020!2\u0006\u0010;\u001a\u0002022\u0006\u0010<\u001a\u000204J\u001e\u0010=\u001a\u00020!2\u0006\u00100\u001a\u00020\u00042\u0006\u0010;\u001a\u0002022\u0006\u0010<\u001a\u000204J \u0010>\u001a\u00020!2\u0006\u0010?\u001a\u00020@2\u0006\u0010;\u001a\u0002022\u0006\u0010<\u001a\u000204H\u0002J\u0018\u0010A\u001a\u00020!2\u0006\u0010;\u001a\u0002022\u0006\u0010<\u001a\u000204H\u0002J\u000e\u0010B\u001a\u00020!2\u0006\u00108\u001a\u000209J\u0016\u0010B\u001a\u00020!2\u0006\u00100\u001a\u00020\u00042\u0006\u00108\u001a\u000209J\u0018\u0010C\u001a\u0002042\u0006\u0010;\u001a\u0002022\u0006\u0010D\u001a\u000204H\u0007J\u0018\u0010C\u001a\u00020E2\u0006\u0010;\u001a\u0002022\u0006\u0010F\u001a\u00020GH\u0007J \u0010C\u001a\u0002042\u0006\u00105\u001a\u00020\u00132\u0006\u0010;\u001a\u0002022\u0006\u0010D\u001a\u000204H\u0007J \u0010C\u001a\u0002042\u0006\u00100\u001a\u00020\u00042\u0006\u0010;\u001a\u0002022\u0006\u0010D\u001a\u000204H\u0007J \u0010H\u001a\u00020I2\u0006\u0010J\u001a\u00020$2\u0006\u0010K\u001a\u0002042\u0006\u0010D\u001a\u000204H\u0007J\u0018\u0010H\u001a\u00020I2\u0006\u0010J\u001a\u00020$2\u0006\u0010L\u001a\u00020EH\u0007J(\u0010H\u001a\u00020I2\u0006\u00105\u001a\u00020\u00132\u0006\u0010J\u001a\u00020$2\u0006\u0010K\u001a\u0002042\u0006\u0010D\u001a\u000204H\u0007J(\u0010H\u001a\u00020I2\u0006\u00100\u001a\u00020\u00042\u0006\u0010J\u001a\u00020$2\u0006\u0010K\u001a\u0002042\u0006\u0010D\u001a\u000204H\u0007J\u000e\u0010M\u001a\u00020\u00042\u0006\u0010N\u001a\u00020OJ\u000e\u0010M\u001a\u00020\u00042\u0006\u00105\u001a\u00020\u0013J\u0010\u0010P\u001a\u00020!2\u0006\u00105\u001a\u00020\u0013H\u0007J\u0012\u0010P\u001a\u00020!2\b\b\u0002\u00100\u001a\u00020\u0004H\u0007J\b\u0010Q\u001a\u00020RH\u0002J\u0010\u0010S\u001a\u00020I2\u0006\u0010J\u001a\u00020TH\u0002J\u000e\u0010U\u001a\u00020I2\u0006\u00100\u001a\u00020\u0004J \u0010V\u001a\u00020I2\u0006\u0010J\u001a\u00020$2\u0006\u0010K\u001a\u0002042\u0006\u0010D\u001a\u000204H\u0007J(\u0010V\u001a\u00020I2\u0006\u00100\u001a\u00020\u00042\u0006\u0010J\u001a\u00020$2\u0006\u0010K\u001a\u0002042\u0006\u0010D\u001a\u000204H\u0007J\u0010\u0010W\u001a\u00020\u00132\u0006\u0010X\u001a\u00020\u0013H\u0002J\u0018\u0010Y\u001a\u00020I2\u0006\u00100\u001a\u00020\u00042\u0006\u0010J\u001a\u00020$H\u0007J\u000e\u0010Z\u001a\u0002022\u0006\u0010N\u001a\u000202J\u000e\u0010[\u001a\u00020$2\u0006\u0010N\u001a\u00020$J\u000e\u0010[\u001a\u00020$2\u0006\u0010N\u001a\u00020\\J\u0018\u0010]\u001a\u00020I2\u0006\u00100\u001a\u00020\u00042\u0006\u0010N\u001a\u00020OH\u0002J\u0018\u0010^\u001a\u00020I2\u0006\u00100\u001a\u00020\u00042\u0006\u0010N\u001a\u000202H\u0002J\u0018\u0010_\u001a\u00020I2\u0006\u00100\u001a\u00020\u00042\u0006\u0010N\u001a\u00020$H\u0002R\u0011\u0010\u0003\u001a\u00020\u0004¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006R\u0011\u0010\u0007\u001a\u00020\u0004¢\u0006\b\n��\u001a\u0004\b\b\u0010\u0006R\u0011\u0010\t\u001a\u00020\u0004¢\u0006\b\n��\u001a\u0004\b\n\u0010\u0006R\u0011\u0010\u000b\u001a\u00020\u0004¢\u0006\b\n��\u001a\u0004\b\f\u0010\u0006R\u0011\u0010\r\u001a\u00020\u0004¢\u0006\b\n��\u001a\u0004\b\u000e\u0010\u0006R\u0011\u0010\u000f\u001a\u00020\u0004¢\u0006\b\n��\u001a\u0004\b\u0010\u0010\u0006R \u0010\u0011\u001a\u0014\u0012\u0004\u0012\u00020\u0013\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00040\u00140\u0012X\u0082\u0004¢\u0006\u0002\n��R\u001a\u0010\u0015\u001a\u000e\u0012\u0004\u0012\u00020\u0013\u0012\u0004\u0012\u00020\u00160\u0012X\u0082\u0004¢\u0006\u0002\n��R\u001d\u0010\u0017\u001a\u000e\u0012\u0004\u0012\u00020\u0013\u0012\u0004\u0012\u00020\u00040\u0012¢\u0006\b\n��\u001a\u0004\b\u0018\u0010\u0019¨\u0006a"}, d2 = {"Lnet/corda/core/crypto/Crypto;", "", "()V", "DEFAULT_SIGNATURE_SCHEME", "Lnet/corda/core/crypto/SignatureScheme;", "getDEFAULT_SIGNATURE_SCHEME", "()Lnet/corda/core/crypto/SignatureScheme;", "ECDSA_SECP256K1_SHA256", "getECDSA_SECP256K1_SHA256", "ECDSA_SECP256R1_SHA256", "getECDSA_SECP256R1_SHA256", "EDDSA_ED25519_SHA512", "getEDDSA_ED25519_SHA512", "RSA_SHA256", "getRSA_SHA256", "SPHINCS256_SHA256", "getSPHINCS256_SHA256", "algorithmGroups", "", "", "", "providerMap", "Ljava/security/Provider;", "supportedSignatureSchemes", "getSupportedSignatureSchemes", "()Ljava/util/Map;", "createCertificate", "Lorg/bouncycastle/cert/X509CertificateHolder;", "certificateType", "Lnet/corda/core/crypto/CertificateType;", "issuer", "Lorg/bouncycastle/asn1/x500/X500Name;", "issuerKeyPair", "Ljava/security/KeyPair;", "subject", "subjectPublicKey", "Ljava/security/PublicKey;", "validityWindow", "Lkotlin/Pair;", "Ljava/util/Date;", "nameConstraints", "Lorg/bouncycastle/asn1/x509/NameConstraints;", "Lorg/bouncycastle/cert/X509v3CertificateBuilder;", "issuerSigner", "Lorg/bouncycastle/operator/ContentSigner;", "createCertificateSigningRequest", "Lorg/bouncycastle/pkcs/PKCS10CertificationRequest;", "keyPair", "signatureScheme", "decodePrivateKey", "Ljava/security/PrivateKey;", "encodedKey", "", "schemeCodeName", "decodePublicKey", "deriveEdDSAKeyPairFromEntropy", "entropy", "Ljava/math/BigInteger;", "deriveHMAC", "privateKey", "seed", "deriveKeyPair", "deriveKeyPairECDSA", "parameterSpec", "Lorg/bouncycastle/jce/spec/ECParameterSpec;", "deriveKeyPairEdDSA", "deriveKeyPairFromEntropy", "doSign", "clearData", "Lnet/corda/core/crypto/TransactionSignature;", "metaData", "Lnet/corda/core/crypto/MetaData;", "doVerify", "", "publicKey", "signatureData", "transactionSignature", "findSignatureScheme", DefaultSensitiveStringCodec.BLOWFISH_KEY, "Ljava/security/Key;", "generateKeyPair", "getBouncyCastleProvider", "Lorg/bouncycastle/jce/provider/BouncyCastleProvider;", "isEdDSAPointAtInfinity", "Lnet/i2p/crypto/eddsa/EdDSAPublicKey;", "isSupportedSignatureScheme", "isValid", "matchingAlgorithmName", DefaultSensitiveStringCodec.ALGORITHM, "publicKeyOnCurve", "toSupportedPrivateKey", "toSupportedPublicKey", "Lorg/bouncycastle/asn1/x509/SubjectPublicKeyInfo;", "validateKey", "validatePrivateKey", "validatePublicKey", "KeyInfoConverter", "core_main"})
/* loaded from: input_file:corda-core-0.13.0.jar:net/corda/core/crypto/Crypto.class */
public final class Crypto {

    @NotNull
    private static final SignatureScheme RSA_SHA256 = null;

    @NotNull
    private static final SignatureScheme ECDSA_SECP256K1_SHA256 = null;

    @NotNull
    private static final SignatureScheme ECDSA_SECP256R1_SHA256 = null;

    @NotNull
    private static final SignatureScheme EDDSA_ED25519_SHA512 = null;

    @NotNull
    private static final SignatureScheme SPHINCS256_SHA256 = null;

    @NotNull
    private static final SignatureScheme DEFAULT_SIGNATURE_SCHEME = null;

    @NotNull
    private static final Map<String, SignatureScheme> supportedSignatureSchemes = null;
    private static final Map<String, List<SignatureScheme>> algorithmGroups = null;
    private static final Map<String, Provider> providerMap = null;
    public static final Crypto INSTANCE = null;

    /* compiled from: Crypto.kt */
    @Metadata(mv = {1, 1, 5}, bv = {1, 0, 1}, k = 1, d1 = {"��(\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\b\u0002\u0018��2\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0014\u0010\u0007\u001a\u0004\u0018\u00010\b2\b\u0010\t\u001a\u0004\u0018\u00010\nH\u0016J\u0014\u0010\u000b\u001a\u0004\u0018\u00010\f2\b\u0010\t\u001a\u0004\u0018\u00010\rH\u0016R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006¨\u0006\u000e"}, d2 = {"Lnet/corda/core/crypto/Crypto$KeyInfoConverter;", "Lorg/bouncycastle/jcajce/provider/util/AsymmetricKeyInfoConverter;", "signatureScheme", "Lnet/corda/core/crypto/SignatureScheme;", "(Lnet/corda/core/crypto/SignatureScheme;)V", "getSignatureScheme", "()Lnet/corda/core/crypto/SignatureScheme;", "generatePrivate", "Ljava/security/PrivateKey;", "keyInfo", "Lorg/bouncycastle/asn1/pkcs/PrivateKeyInfo;", "generatePublic", "Ljava/security/PublicKey;", "Lorg/bouncycastle/asn1/x509/SubjectPublicKeyInfo;", "core_main"})
    /* loaded from: input_file:corda-core-0.13.0.jar:net/corda/core/crypto/Crypto$KeyInfoConverter.class */
    public static final class KeyInfoConverter implements AsymmetricKeyInfoConverter {

        @NotNull
        private final SignatureScheme signatureScheme;

        @Override // org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter
        @Nullable
        public PublicKey generatePublic(@Nullable SubjectPublicKeyInfo subjectPublicKeyInfo) {
            if (subjectPublicKeyInfo == null) {
                return null;
            }
            Crypto crypto = Crypto.INSTANCE;
            SignatureScheme signatureScheme = this.signatureScheme;
            byte[] encoded = subjectPublicKeyInfo.getEncoded();
            Intrinsics.checkExpressionValueIsNotNull(encoded, "it.encoded");
            return crypto.decodePublicKey(signatureScheme, encoded);
        }

        @Override // org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter
        @Nullable
        public PrivateKey generatePrivate(@Nullable PrivateKeyInfo privateKeyInfo) {
            if (privateKeyInfo == null) {
                return null;
            }
            Crypto crypto = Crypto.INSTANCE;
            SignatureScheme signatureScheme = this.signatureScheme;
            byte[] encoded = privateKeyInfo.getEncoded();
            Intrinsics.checkExpressionValueIsNotNull(encoded, "it.encoded");
            return crypto.decodePrivateKey(signatureScheme, encoded);
        }

        @NotNull
        public final SignatureScheme getSignatureScheme() {
            return this.signatureScheme;
        }

        public KeyInfoConverter(@NotNull SignatureScheme signatureScheme) {
            Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
            this.signatureScheme = signatureScheme;
        }
    }

    @NotNull
    public final SignatureScheme getRSA_SHA256() {
        return RSA_SHA256;
    }

    @NotNull
    public final SignatureScheme getECDSA_SECP256K1_SHA256() {
        return ECDSA_SECP256K1_SHA256;
    }

    @NotNull
    public final SignatureScheme getECDSA_SECP256R1_SHA256() {
        return ECDSA_SECP256R1_SHA256;
    }

    @NotNull
    public final SignatureScheme getEDDSA_ED25519_SHA512() {
        return EDDSA_ED25519_SHA512;
    }

    @NotNull
    public final SignatureScheme getSPHINCS256_SHA256() {
        return SPHINCS256_SHA256;
    }

    @NotNull
    public final SignatureScheme getDEFAULT_SIGNATURE_SCHEME() {
        return DEFAULT_SIGNATURE_SCHEME;
    }

    @NotNull
    public final Map<String, SignatureScheme> getSupportedSignatureSchemes() {
        return supportedSignatureSchemes;
    }

    private final BouncyCastleProvider getBouncyCastleProvider() {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        BouncyCastleProvider bouncyCastleProvider2 = bouncyCastleProvider;
        bouncyCastleProvider2.putAll(new EdDSASecurityProvider());
        bouncyCastleProvider2.addKeyInfoConverter(EDDSA_ED25519_SHA512.getSignatureOID(), new KeyInfoConverter(EDDSA_ED25519_SHA512));
        return bouncyCastleProvider;
    }

    @NotNull
    public final SignatureScheme findSignatureScheme(@NotNull String schemeCodeName) {
        Intrinsics.checkParameterIsNotNull(schemeCodeName, "schemeCodeName");
        SignatureScheme signatureScheme = supportedSignatureSchemes.get(schemeCodeName);
        if (signatureScheme != null) {
            return signatureScheme;
        }
        throw new IllegalArgumentException("Unsupported key/algorithm for schemeCodeName: " + schemeCodeName);
    }

    @NotNull
    public final SignatureScheme findSignatureScheme(@NotNull Key key) {
        Intrinsics.checkParameterIsNotNull(key, "key");
        String algorithm = key.getAlgorithm();
        Intrinsics.checkExpressionValueIsNotNull(algorithm, "key.algorithm");
        List<SignatureScheme> list = algorithmGroups.get(matchingAlgorithmName(algorithm));
        if (list != null) {
            List<SignatureScheme> list2 = list;
            ArrayList arrayList = new ArrayList();
            for (Object obj : list2) {
                if (INSTANCE.validateKey((SignatureScheme) obj, key)) {
                    arrayList.add(obj);
                }
            }
            Iterator it = arrayList.iterator();
            if (it.hasNext()) {
                return (SignatureScheme) it.next();
            }
        }
        throw new IllegalArgumentException("Unsupported key algorithm: " + key.getAlgorithm() + " or invalid key format");
    }

    @NotNull
    public final PrivateKey decodePrivateKey(@NotNull byte[] encodedKey) throws IllegalArgumentException {
        Intrinsics.checkParameterIsNotNull(encodedKey, "encodedKey");
        String algorithm = PKCS8Key.parseKey(new DerValue(encodedKey)).getAlgorithm();
        Intrinsics.checkExpressionValueIsNotNull(algorithm, "PKCS8Key.parseKey(DerValue(encodedKey)).algorithm");
        List<SignatureScheme> list = algorithmGroups.get(matchingAlgorithmName(algorithm));
        if (list == null) {
            Intrinsics.throwNpe();
        }
        for (SignatureScheme signatureScheme : list) {
            try {
                PrivateKey generatePrivate = KeyFactory.getInstance(signatureScheme.getAlgorithmName(), providerMap.get(signatureScheme.getProviderName())).generatePrivate(new PKCS8EncodedKeySpec(encodedKey));
                Intrinsics.checkExpressionValueIsNotNull(generatePrivate, "KeyFactory.getInstance(s…codedKeySpec(encodedKey))");
                return generatePrivate;
            } catch (InvalidKeySpecException e) {
            }
        }
        throw new IllegalArgumentException("This private key cannot be decoded, please ensure it is PKCS8 encoded and the signature scheme is supported.");
    }

    @NotNull
    public final PrivateKey decodePrivateKey(@NotNull String schemeCodeName, @NotNull byte[] encodedKey) throws IllegalArgumentException, InvalidKeySpecException {
        Intrinsics.checkParameterIsNotNull(schemeCodeName, "schemeCodeName");
        Intrinsics.checkParameterIsNotNull(encodedKey, "encodedKey");
        return decodePrivateKey(findSignatureScheme(schemeCodeName), encodedKey);
    }

    @NotNull
    public final PrivateKey decodePrivateKey(@NotNull SignatureScheme signatureScheme, @NotNull byte[] encodedKey) throws IllegalArgumentException, InvalidKeySpecException {
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        Intrinsics.checkParameterIsNotNull(encodedKey, "encodedKey");
        if (!isSupportedSignatureScheme(signatureScheme)) {
            throw new IllegalArgumentException(("Unsupported key/algorithm for schemeCodeName: " + signatureScheme.getSchemeCodeName()).toString());
        }
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance(signatureScheme.getAlgorithmName(), providerMap.get(signatureScheme.getProviderName())).generatePrivate(new PKCS8EncodedKeySpec(encodedKey));
            Intrinsics.checkExpressionValueIsNotNull(generatePrivate, "KeyFactory.getInstance(s…codedKeySpec(encodedKey))");
            return generatePrivate;
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeySpecException("This private key cannot be decoded, please ensure it is PKCS8 encoded and that it corresponds to the input scheme's code name.", e);
        }
    }

    @NotNull
    public final PublicKey decodePublicKey(@NotNull byte[] encodedKey) throws IllegalArgumentException {
        Intrinsics.checkParameterIsNotNull(encodedKey, "encodedKey");
        String algorithm = X509Key.parse(new DerValue(encodedKey)).getAlgorithm();
        Intrinsics.checkExpressionValueIsNotNull(algorithm, "X509Key.parse(DerValue(encodedKey)).algorithm");
        List<SignatureScheme> list = algorithmGroups.get(matchingAlgorithmName(algorithm));
        if (list == null) {
            Intrinsics.throwNpe();
        }
        for (SignatureScheme signatureScheme : list) {
            try {
                PublicKey generatePublic = KeyFactory.getInstance(signatureScheme.getAlgorithmName(), providerMap.get(signatureScheme.getProviderName())).generatePublic(new X509EncodedKeySpec(encodedKey));
                Intrinsics.checkExpressionValueIsNotNull(generatePublic, "KeyFactory.getInstance(s…codedKeySpec(encodedKey))");
                return generatePublic;
            } catch (InvalidKeySpecException e) {
            }
        }
        throw new IllegalArgumentException("This public key cannot be decoded, please ensure it is X509 encoded and the signature scheme is supported.");
    }

    @NotNull
    public final PublicKey decodePublicKey(@NotNull String schemeCodeName, @NotNull byte[] encodedKey) throws IllegalArgumentException, InvalidKeySpecException {
        Intrinsics.checkParameterIsNotNull(schemeCodeName, "schemeCodeName");
        Intrinsics.checkParameterIsNotNull(encodedKey, "encodedKey");
        return decodePublicKey(findSignatureScheme(schemeCodeName), encodedKey);
    }

    @NotNull
    public final PublicKey decodePublicKey(@NotNull SignatureScheme signatureScheme, @NotNull byte[] encodedKey) throws IllegalArgumentException, InvalidKeySpecException {
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        Intrinsics.checkParameterIsNotNull(encodedKey, "encodedKey");
        if (!isSupportedSignatureScheme(signatureScheme)) {
            throw new IllegalArgumentException(("Unsupported key/algorithm for schemeCodeName: " + signatureScheme.getSchemeCodeName()).toString());
        }
        try {
            PublicKey generatePublic = KeyFactory.getInstance(signatureScheme.getAlgorithmName(), providerMap.get(signatureScheme.getProviderName())).generatePublic(new X509EncodedKeySpec(encodedKey));
            Intrinsics.checkExpressionValueIsNotNull(generatePublic, "KeyFactory.getInstance(s…codedKeySpec(encodedKey))");
            return generatePublic;
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeySpecException("This public key cannot be decoded, please ensure it is X509 encoded and that it corresponds to the input scheme's code name.", e);
        }
    }

    @NotNull
    public final byte[] doSign(@NotNull PrivateKey privateKey, @NotNull byte[] clearData) throws IllegalArgumentException, InvalidKeyException, SignatureException {
        Intrinsics.checkParameterIsNotNull(privateKey, "privateKey");
        Intrinsics.checkParameterIsNotNull(clearData, "clearData");
        return doSign(findSignatureScheme(privateKey), privateKey, clearData);
    }

    @NotNull
    public final byte[] doSign(@NotNull String schemeCodeName, @NotNull PrivateKey privateKey, @NotNull byte[] clearData) throws IllegalArgumentException, InvalidKeyException, SignatureException {
        Intrinsics.checkParameterIsNotNull(schemeCodeName, "schemeCodeName");
        Intrinsics.checkParameterIsNotNull(privateKey, "privateKey");
        Intrinsics.checkParameterIsNotNull(clearData, "clearData");
        return doSign(findSignatureScheme(schemeCodeName), privateKey, clearData);
    }

    @NotNull
    public final byte[] doSign(@NotNull SignatureScheme signatureScheme, @NotNull PrivateKey privateKey, @NotNull byte[] clearData) throws IllegalArgumentException, InvalidKeyException, SignatureException {
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        Intrinsics.checkParameterIsNotNull(privateKey, "privateKey");
        Intrinsics.checkParameterIsNotNull(clearData, "clearData");
        if (!isSupportedSignatureScheme(signatureScheme)) {
            throw new IllegalArgumentException(("Unsupported key/algorithm for schemeCodeName: " + signatureScheme.getSchemeCodeName()).toString());
        }
        Signature signature = Signature.getInstance(signatureScheme.getSignatureName(), providerMap.get(signatureScheme.getProviderName()));
        if (clearData.length == 0) {
            throw new Exception("Signing of an empty array is not permitted!");
        }
        signature.initSign(privateKey);
        signature.update(clearData);
        byte[] sign = signature.sign();
        Intrinsics.checkExpressionValueIsNotNull(sign, "signature.sign()");
        return sign;
    }

    @NotNull
    public final TransactionSignature doSign(@NotNull PrivateKey privateKey, @NotNull MetaData metaData) throws IllegalArgumentException, InvalidKeyException, SignatureException {
        Intrinsics.checkParameterIsNotNull(privateKey, "privateKey");
        Intrinsics.checkParameterIsNotNull(metaData, "metaData");
        SignatureScheme findSignatureScheme = findSignatureScheme(privateKey);
        if (!Intrinsics.areEqual(findSignatureScheme, findSignatureScheme(metaData.getSchemeCodeName()))) {
            throw new IllegalArgumentException("Metadata schemeCodeName: " + metaData.getSchemeCodeName() + " is not aligned with the key type.");
        }
        return new TransactionSignature(doSign(findSignatureScheme.getSchemeCodeName(), privateKey, metaData.bytes()), metaData);
    }

    public final boolean doVerify(@NotNull String schemeCodeName, @NotNull PublicKey publicKey, @NotNull byte[] signatureData, @NotNull byte[] clearData) throws InvalidKeyException, SignatureException, IllegalArgumentException {
        Intrinsics.checkParameterIsNotNull(schemeCodeName, "schemeCodeName");
        Intrinsics.checkParameterIsNotNull(publicKey, "publicKey");
        Intrinsics.checkParameterIsNotNull(signatureData, "signatureData");
        Intrinsics.checkParameterIsNotNull(clearData, "clearData");
        return doVerify(findSignatureScheme(schemeCodeName), publicKey, signatureData, clearData);
    }

    public final boolean doVerify(@NotNull PublicKey publicKey, @NotNull byte[] signatureData, @NotNull byte[] clearData) throws InvalidKeyException, SignatureException, IllegalArgumentException {
        Intrinsics.checkParameterIsNotNull(publicKey, "publicKey");
        Intrinsics.checkParameterIsNotNull(signatureData, "signatureData");
        Intrinsics.checkParameterIsNotNull(clearData, "clearData");
        return doVerify(findSignatureScheme(publicKey), publicKey, signatureData, clearData);
    }

    public final boolean doVerify(@NotNull SignatureScheme signatureScheme, @NotNull PublicKey publicKey, @NotNull byte[] signatureData, @NotNull byte[] clearData) throws InvalidKeyException, SignatureException, IllegalArgumentException {
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        Intrinsics.checkParameterIsNotNull(publicKey, "publicKey");
        Intrinsics.checkParameterIsNotNull(signatureData, "signatureData");
        Intrinsics.checkParameterIsNotNull(clearData, "clearData");
        if (!isSupportedSignatureScheme(signatureScheme)) {
            throw new IllegalArgumentException(("Unsupported key/algorithm for schemeCodeName: " + signatureScheme.getSchemeCodeName()).toString());
        }
        if (signatureData.length == 0) {
            throw new IllegalArgumentException("Signature data is empty!");
        }
        if (clearData.length == 0) {
            throw new IllegalArgumentException("Clear data is empty, nothing to verify!");
        }
        if (isValid(signatureScheme, publicKey, signatureData, clearData)) {
            return true;
        }
        throw new SignatureException("Signature Verification failed!");
    }

    public final boolean doVerify(@NotNull PublicKey publicKey, @NotNull TransactionSignature transactionSignature) throws InvalidKeyException, SignatureException, IllegalArgumentException {
        Intrinsics.checkParameterIsNotNull(publicKey, "publicKey");
        Intrinsics.checkParameterIsNotNull(transactionSignature, "transactionSignature");
        if (!Intrinsics.areEqual(publicKey, transactionSignature.getMetaData().getPublicKey())) {
            new IllegalArgumentException("MetaData's publicKey: " + CryptoUtils.toStringShort(transactionSignature.getMetaData().getPublicKey()) + " does not match");
        }
        return INSTANCE.doVerify(publicKey, transactionSignature.getSignatureData(), transactionSignature.getMetaData().bytes());
    }

    public final boolean isValid(@NotNull PublicKey publicKey, @NotNull byte[] signatureData, @NotNull byte[] clearData) throws SignatureException {
        Intrinsics.checkParameterIsNotNull(publicKey, "publicKey");
        Intrinsics.checkParameterIsNotNull(signatureData, "signatureData");
        Intrinsics.checkParameterIsNotNull(clearData, "clearData");
        return isValid(findSignatureScheme(publicKey), publicKey, signatureData, clearData);
    }

    public final boolean isValid(@NotNull SignatureScheme signatureScheme, @NotNull PublicKey publicKey, @NotNull byte[] signatureData, @NotNull byte[] clearData) throws SignatureException, IllegalArgumentException {
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        Intrinsics.checkParameterIsNotNull(publicKey, "publicKey");
        Intrinsics.checkParameterIsNotNull(signatureData, "signatureData");
        Intrinsics.checkParameterIsNotNull(clearData, "clearData");
        if (!isSupportedSignatureScheme(signatureScheme)) {
            throw new IllegalArgumentException(("Unsupported key/algorithm for schemeCodeName: " + signatureScheme.getSchemeCodeName()).toString());
        }
        Signature signature = Signature.getInstance(signatureScheme.getSignatureName(), providerMap.get(signatureScheme.getProviderName()));
        signature.initVerify(publicKey);
        signature.update(clearData);
        return signature.verify(signatureData);
    }

    @NotNull
    public final KeyPair generateKeyPair(@NotNull String schemeCodeName) throws IllegalArgumentException {
        Intrinsics.checkParameterIsNotNull(schemeCodeName, "schemeCodeName");
        return generateKeyPair(findSignatureScheme(schemeCodeName));
    }

    @JvmOverloads
    @NotNull
    public final KeyPair generateKeyPair(@NotNull SignatureScheme signatureScheme) throws IllegalArgumentException {
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        if (!isSupportedSignatureScheme(signatureScheme)) {
            throw new IllegalArgumentException(("Unsupported key/algorithm for schemeCodeName: " + signatureScheme.getSchemeCodeName()).toString());
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(signatureScheme.getAlgorithmName(), providerMap.get(signatureScheme.getProviderName()));
        if (signatureScheme.getAlgSpec() != null) {
            keyPairGenerator.initialize(signatureScheme.getAlgSpec(), CryptoUtils.newSecureRandom());
        } else {
            keyPairGenerator.initialize(signatureScheme.getKeySize(), CryptoUtils.newSecureRandom());
        }
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Intrinsics.checkExpressionValueIsNotNull(generateKeyPair, "keyPairGenerator.generateKeyPair()");
        return generateKeyPair;
    }

    @JvmOverloads
    @NotNull
    public static /* bridge */ /* synthetic */ KeyPair generateKeyPair$default(Crypto crypto, SignatureScheme signatureScheme, int i, Object obj) throws IllegalArgumentException {
        if ((i & 1) != 0) {
            signatureScheme = DEFAULT_SIGNATURE_SCHEME;
        }
        return crypto.generateKeyPair(signatureScheme);
    }

    @JvmOverloads
    @NotNull
    public final KeyPair generateKeyPair() throws IllegalArgumentException {
        return generateKeyPair$default(this, null, 1, null);
    }

    @NotNull
    public final KeyPair deriveKeyPair(@NotNull SignatureScheme signatureScheme, @NotNull PrivateKey privateKey, @NotNull byte[] seed) {
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        Intrinsics.checkParameterIsNotNull(privateKey, "privateKey");
        Intrinsics.checkParameterIsNotNull(seed, "seed");
        if (!isSupportedSignatureScheme(signatureScheme)) {
            throw new IllegalArgumentException(("Unsupported key/algorithm for schemeCodeName: " + signatureScheme.getSchemeCodeName()).toString());
        }
        if (!Intrinsics.areEqual(signatureScheme, ECDSA_SECP256R1_SHA256) && !Intrinsics.areEqual(signatureScheme, ECDSA_SECP256K1_SHA256)) {
            if (Intrinsics.areEqual(signatureScheme, EDDSA_ED25519_SHA512)) {
                return deriveKeyPairEdDSA(privateKey, seed);
            }
            throw new UnsupportedOperationException("Although supported for signing, deterministic key derivation is not currently implemented for " + signatureScheme.getSchemeCodeName());
        }
        AlgorithmParameterSpec algSpec = signatureScheme.getAlgSpec();
        if (algSpec == null) {
            throw new TypeCastException("null cannot be cast to non-null type org.bouncycastle.jce.spec.ECParameterSpec");
        }
        return deriveKeyPairECDSA((ECParameterSpec) algSpec, privateKey, seed);
    }

    @NotNull
    public final KeyPair deriveKeyPair(@NotNull PrivateKey privateKey, @NotNull byte[] seed) {
        Intrinsics.checkParameterIsNotNull(privateKey, "privateKey");
        Intrinsics.checkParameterIsNotNull(seed, "seed");
        return deriveKeyPair(findSignatureScheme(privateKey), privateKey, seed);
    }

    private final KeyPair deriveKeyPairECDSA(ECParameterSpec eCParameterSpec, PrivateKey privateKey, byte[] bArr) {
        byte[] copyOf = Arrays.copyOf(deriveHMAC(privateKey, bArr), eCParameterSpec.getCurve().getFieldSize() / 8);
        Intrinsics.checkExpressionValueIsNotNull(copyOf, "java.util.Arrays.copyOf(this, newSize)");
        BigInteger bigInteger = new BigInteger(1, copyOf);
        if (bigInteger.compareTo(ECConstants.TWO) < 0 || WNafUtil.getNafWeight(bigInteger) < (eCParameterSpec.getN().bitLength() >>> 2) || bigInteger.compareTo(eCParameterSpec.getN()) >= 0) {
            return deriveKeyPairECDSA(eCParameterSpec, privateKey, SecureHashKt.sha256(bArr).getBytes());
        }
        BCECPrivateKey bCECPrivateKey = new BCECPrivateKey(privateKey.getAlgorithm(), new ECPrivateKeySpec(bigInteger, eCParameterSpec), BouncyCastleProvider.CONFIGURATION);
        ECPoint multiply = new FixedPointCombMultiplier().multiply(eCParameterSpec.getG(), bigInteger);
        if (multiply.isInfinity()) {
            return deriveKeyPairECDSA(eCParameterSpec, privateKey, SecureHashKt.sha256(bArr).getBytes());
        }
        return new KeyPair(new BCECPublicKey(privateKey.getAlgorithm(), new ECPublicKeySpec(multiply, eCParameterSpec), BouncyCastleProvider.CONFIGURATION), bCECPrivateKey);
    }

    private final KeyPair deriveKeyPairEdDSA(PrivateKey privateKey, byte[] bArr) {
        byte[] deriveHMAC = deriveHMAC(privateKey, bArr);
        AlgorithmParameterSpec algSpec = EDDSA_ED25519_SHA512.getAlgSpec();
        if (algSpec == null) {
            throw new TypeCastException("null cannot be cast to non-null type net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec");
        }
        EdDSANamedCurveSpec edDSANamedCurveSpec = (EdDSANamedCurveSpec) algSpec;
        byte[] copyOf = Arrays.copyOf(deriveHMAC, edDSANamedCurveSpec.getCurve().getField().getb() / 8);
        Intrinsics.checkExpressionValueIsNotNull(copyOf, "java.util.Arrays.copyOf(this, newSize)");
        EdDSAPrivateKeySpec edDSAPrivateKeySpec = new EdDSAPrivateKeySpec(copyOf, edDSANamedCurveSpec);
        return new KeyPair(new EdDSAPublicKey(new EdDSAPublicKeySpec(edDSAPrivateKeySpec.getA(), edDSANamedCurveSpec)), new EdDSAPrivateKey(edDSAPrivateKeySpec));
    }

    @NotNull
    public final KeyPair deriveKeyPairFromEntropy(@NotNull SignatureScheme signatureScheme, @NotNull BigInteger entropy) {
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        Intrinsics.checkParameterIsNotNull(entropy, "entropy");
        if (Intrinsics.areEqual(signatureScheme, EDDSA_ED25519_SHA512)) {
            return deriveEdDSAKeyPairFromEntropy(entropy);
        }
        throw new IllegalArgumentException("Unsupported signature scheme for fixed entropy-based key pair generation: " + signatureScheme.getSchemeCodeName());
    }

    @NotNull
    public final KeyPair deriveKeyPairFromEntropy(@NotNull BigInteger entropy) {
        Intrinsics.checkParameterIsNotNull(entropy, "entropy");
        return deriveKeyPairFromEntropy(DEFAULT_SIGNATURE_SCHEME, entropy);
    }

    private final KeyPair deriveEdDSAKeyPairFromEntropy(BigInteger bigInteger) {
        AlgorithmParameterSpec algSpec = EDDSA_ED25519_SHA512.getAlgSpec();
        if (algSpec == null) {
            throw new TypeCastException("null cannot be cast to non-null type net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec");
        }
        EdDSANamedCurveSpec edDSANamedCurveSpec = (EdDSANamedCurveSpec) algSpec;
        byte[] copyOf = Arrays.copyOf(bigInteger.toByteArray(), edDSANamedCurveSpec.getCurve().getField().getb() / 8);
        Intrinsics.checkExpressionValueIsNotNull(copyOf, "java.util.Arrays.copyOf(this, newSize)");
        EdDSAPrivateKeySpec edDSAPrivateKeySpec = new EdDSAPrivateKeySpec(copyOf, edDSANamedCurveSpec);
        return new KeyPair(new EdDSAPublicKey(new EdDSAPublicKeySpec(edDSAPrivateKeySpec.getA(), edDSANamedCurveSpec)), new EdDSAPrivateKey(edDSAPrivateKeySpec));
    }

    private final byte[] deriveHMAC(PrivateKey privateKey, byte[] bArr) {
        byte[] aVar;
        Mac mac = Mac.getInstance("HmacSHA512", providerMap.get(BouncyCastleProvider.PROVIDER_NAME));
        if (privateKey instanceof BCECPrivateKey) {
            aVar = ((BCECPrivateKey) privateKey).getD().toByteArray();
        } else {
            if (!(privateKey instanceof EdDSAPrivateKey)) {
                throw new InvalidKeyException("Key type " + privateKey.getAlgorithm() + " is not supported for deterministic key derivation");
            }
            aVar = ((EdDSAPrivateKey) privateKey).geta();
        }
        mac.init(new SecretKeySpec(aVar, "HmacSHA512"));
        byte[] doFinal = mac.doFinal(bArr);
        Intrinsics.checkExpressionValueIsNotNull(doFinal, "mac.doFinal(seed)");
        return doFinal;
    }

    @NotNull
    public final X509v3CertificateBuilder createCertificate(@NotNull CertificateType certificateType, @NotNull X500Name issuer, @NotNull X500Name subject, @NotNull PublicKey subjectPublicKey, @NotNull Pair<? extends Date, ? extends Date> validityWindow, @Nullable NameConstraints nameConstraints) {
        Intrinsics.checkParameterIsNotNull(certificateType, "certificateType");
        Intrinsics.checkParameterIsNotNull(issuer, "issuer");
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(subjectPublicKey, "subjectPublicKey");
        Intrinsics.checkParameterIsNotNull(validityWindow, "validityWindow");
        BigInteger valueOf = BigInteger.valueOf(Utils.random63BitValue());
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector2 = aSN1EncodableVector;
        for (KeyPurposeId keyPurposeId : certificateType.getPurposes()) {
            aSN1EncodableVector2.add(keyPurposeId);
        }
        X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, valueOf, validityWindow.getFirst(), validityWindow.getSecond(), subject, subjectPublicKey).addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(subjectPublicKey.getEncoded())))).addExtension(Extension.basicConstraints, certificateType.isCA(), new BasicConstraints(certificateType.isCA())).addExtension(Extension.keyUsage, false, (ASN1Encodable) certificateType.getKeyUsage()).addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
        if (nameConstraints != null) {
            builder.addExtension(Extension.nameConstraints, true, (ASN1Encodable) nameConstraints);
        }
        Intrinsics.checkExpressionValueIsNotNull(builder, "builder");
        return builder;
    }

    @NotNull
    public static /* bridge */ /* synthetic */ X509v3CertificateBuilder createCertificate$default(Crypto crypto, CertificateType certificateType, X500Name x500Name, X500Name x500Name2, PublicKey publicKey, Pair pair, NameConstraints nameConstraints, int i, Object obj) {
        if ((i & 32) != 0) {
            nameConstraints = (NameConstraints) null;
        }
        return crypto.createCertificate(certificateType, x500Name, x500Name2, publicKey, pair, nameConstraints);
    }

    @NotNull
    public final X509CertificateHolder createCertificate(@NotNull CertificateType certificateType, @NotNull X500Name issuer, @NotNull ContentSigner issuerSigner, @NotNull X500Name subject, @NotNull PublicKey subjectPublicKey, @NotNull Pair<? extends Date, ? extends Date> validityWindow, @Nullable NameConstraints nameConstraints) {
        Intrinsics.checkParameterIsNotNull(certificateType, "certificateType");
        Intrinsics.checkParameterIsNotNull(issuer, "issuer");
        Intrinsics.checkParameterIsNotNull(issuerSigner, "issuerSigner");
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(subjectPublicKey, "subjectPublicKey");
        Intrinsics.checkParameterIsNotNull(validityWindow, "validityWindow");
        X509CertificateHolder build = createCertificate(certificateType, issuer, subject, subjectPublicKey, validityWindow, nameConstraints).build(issuerSigner);
        if (!build.isValidOn(new Date())) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        Intrinsics.checkExpressionValueIsNotNull(build, "builder.build(issuerSign…alidOn(Date()))\n        }");
        return build;
    }

    @NotNull
    public static /* bridge */ /* synthetic */ X509CertificateHolder createCertificate$default(Crypto crypto, CertificateType certificateType, X500Name x500Name, ContentSigner contentSigner, X500Name x500Name2, PublicKey publicKey, Pair pair, NameConstraints nameConstraints, int i, Object obj) {
        if ((i & 64) != 0) {
            nameConstraints = (NameConstraints) null;
        }
        return crypto.createCertificate(certificateType, x500Name, contentSigner, x500Name2, publicKey, (Pair<? extends Date, ? extends Date>) pair, nameConstraints);
    }

    @NotNull
    public final X509CertificateHolder createCertificate(@NotNull CertificateType certificateType, @NotNull X500Name issuer, @NotNull KeyPair issuerKeyPair, @NotNull X500Name subject, @NotNull PublicKey subjectPublicKey, @NotNull Pair<? extends Date, ? extends Date> validityWindow, @Nullable NameConstraints nameConstraints) {
        Intrinsics.checkParameterIsNotNull(certificateType, "certificateType");
        Intrinsics.checkParameterIsNotNull(issuer, "issuer");
        Intrinsics.checkParameterIsNotNull(issuerKeyPair, "issuerKeyPair");
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(subjectPublicKey, "subjectPublicKey");
        Intrinsics.checkParameterIsNotNull(validityWindow, "validityWindow");
        PrivateKey privateKey = issuerKeyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "issuerKeyPair.private");
        SignatureScheme findSignatureScheme = findSignatureScheme(privateKey);
        Provider provider = providerMap.get(findSignatureScheme.getProviderName());
        X509v3CertificateBuilder createCertificate = createCertificate(certificateType, issuer, subject, subjectPublicKey, validityWindow, nameConstraints);
        ContentSignerBuilder contentSignerBuilder = ContentSignerBuilder.INSTANCE;
        PrivateKey privateKey2 = issuerKeyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey2, "issuerKeyPair.private");
        X509CertificateHolder build = createCertificate.build(ContentSignerBuilder.build$default(contentSignerBuilder, findSignatureScheme, privateKey2, provider, null, 8, null));
        X509CertificateHolder x509CertificateHolder = build;
        if (!x509CertificateHolder.isValidOn(new Date())) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        if (!x509CertificateHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().build(issuerKeyPair.getPublic()))) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        Intrinsics.checkExpressionValueIsNotNull(build, "builder.build(signer).ap…yPair.public)))\n        }");
        return build;
    }

    @NotNull
    public static /* bridge */ /* synthetic */ X509CertificateHolder createCertificate$default(Crypto crypto, CertificateType certificateType, X500Name x500Name, KeyPair keyPair, X500Name x500Name2, PublicKey publicKey, Pair pair, NameConstraints nameConstraints, int i, Object obj) {
        if ((i & 64) != 0) {
            nameConstraints = (NameConstraints) null;
        }
        return crypto.createCertificate(certificateType, x500Name, keyPair, x500Name2, publicKey, (Pair<? extends Date, ? extends Date>) pair, nameConstraints);
    }

    @NotNull
    public final PKCS10CertificationRequest createCertificateSigningRequest(@NotNull X500Name subject, @NotNull KeyPair keyPair, @NotNull SignatureScheme signatureScheme) {
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        ContentSignerBuilder contentSignerBuilder = ContentSignerBuilder.INSTANCE;
        PrivateKey privateKey = keyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "keyPair.private");
        PKCS10CertificationRequest build = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic()).build(ContentSignerBuilder.build$default(contentSignerBuilder, signatureScheme, privateKey, providerMap.get(signatureScheme.getProviderName()), null, 8, null));
        Intrinsics.checkExpressionValueIsNotNull(build, "JcaPKCS10CertificationRe…air.public).build(signer)");
        return build;
    }

    public final boolean publicKeyOnCurve(@NotNull SignatureScheme signatureScheme, @NotNull PublicKey publicKey) throws IllegalArgumentException {
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        Intrinsics.checkParameterIsNotNull(publicKey, "publicKey");
        if (!isSupportedSignatureScheme(signatureScheme)) {
            throw new IllegalArgumentException(("Unsupported key/algorithm for schemeCodeName: " + signatureScheme.getSchemeCodeName()).toString());
        }
        if (publicKey instanceof BCECPublicKey) {
            return Intrinsics.areEqual(((BCECPublicKey) publicKey).getParameters(), signatureScheme.getAlgSpec()) && !((BCECPublicKey) publicKey).getQ().isInfinity() && ((BCECPublicKey) publicKey).getQ().isValid();
        }
        if (publicKey instanceof EdDSAPublicKey) {
            return Intrinsics.areEqual(((EdDSAPublicKey) publicKey).getParams(), signatureScheme.getAlgSpec()) && !isEdDSAPointAtInfinity((EdDSAPublicKey) publicKey) && ((EdDSAPublicKey) publicKey).getA().isOnCurve();
        }
        throw new IllegalArgumentException("Unsupported key type: " + Reflection.getOrCreateKotlinClass(publicKey.getClass()));
    }

    private final boolean isEdDSAPointAtInfinity(EdDSAPublicKey edDSAPublicKey) {
        GroupElement p3 = edDSAPublicKey.getA().toP3();
        AlgorithmParameterSpec algSpec = EDDSA_ED25519_SHA512.getAlgSpec();
        if (algSpec == null) {
            throw new TypeCastException("null cannot be cast to non-null type net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec");
        }
        return Intrinsics.areEqual(p3, ((EdDSANamedCurveSpec) algSpec).getCurve().getZero(GroupElement.Representation.P3));
    }

    public final boolean isSupportedSignatureScheme(@NotNull SignatureScheme signatureScheme) {
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        return supportedSignatureSchemes.get(signatureScheme.getSchemeCodeName()) == signatureScheme;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0006. Please report as an issue. */
    private final String matchingAlgorithmName(String str) {
        switch (str.hashCode()) {
            case -2068846746:
                if (str.equals("SPHINCS-256")) {
                    return "SPHINCS256";
                }
                return str;
            case 2206:
                if (str.equals("EC")) {
                    return "ECDSA";
                }
                return str;
            case 1917809847:
                if (str.equals("1.3.6.1.4.1.22554.2.1")) {
                    return "SPHINCS256";
                }
                return str;
            default:
                return str;
        }
    }

    private final boolean validateKey(SignatureScheme signatureScheme, Key key) {
        if (key instanceof PublicKey) {
            return validatePublicKey(signatureScheme, (PublicKey) key);
        }
        if (key instanceof PrivateKey) {
            return validatePrivateKey(signatureScheme, (PrivateKey) key);
        }
        throw new IllegalArgumentException("Unsupported key type: " + Reflection.getOrCreateKotlinClass(key.getClass()));
    }

    private final boolean validatePublicKey(SignatureScheme signatureScheme, PublicKey publicKey) {
        if ((publicKey instanceof BCECPublicKey) || (publicKey instanceof EdDSAPublicKey)) {
            return publicKeyOnCurve(signatureScheme, publicKey);
        }
        if ((publicKey instanceof BCRSAPublicKey) || (publicKey instanceof BCSphincs256PublicKey)) {
            return true;
        }
        throw new IllegalArgumentException("Unsupported key type: " + Reflection.getOrCreateKotlinClass(publicKey.getClass()));
    }

    private final boolean validatePrivateKey(SignatureScheme signatureScheme, PrivateKey privateKey) {
        if (privateKey instanceof BCECPrivateKey) {
            return Intrinsics.areEqual(((BCECPrivateKey) privateKey).getParameters(), signatureScheme.getAlgSpec());
        }
        if (privateKey instanceof EdDSAPrivateKey) {
            return Intrinsics.areEqual(((EdDSAPrivateKey) privateKey).getParams(), signatureScheme.getAlgSpec());
        }
        if ((privateKey instanceof BCRSAPrivateKey) || (privateKey instanceof BCSphincs256PrivateKey)) {
            return true;
        }
        throw new IllegalArgumentException("Unsupported key type: " + Reflection.getOrCreateKotlinClass(privateKey.getClass()));
    }

    @NotNull
    public final PublicKey toSupportedPublicKey(@NotNull SubjectPublicKeyInfo key) {
        Intrinsics.checkParameterIsNotNull(key, "key");
        Crypto crypto = INSTANCE;
        byte[] encoded = key.getEncoded();
        Intrinsics.checkExpressionValueIsNotNull(encoded, "key.encoded");
        return crypto.decodePublicKey(encoded);
    }

    @NotNull
    public final PublicKey toSupportedPublicKey(@NotNull PublicKey key) {
        Intrinsics.checkParameterIsNotNull(key, "key");
        Crypto crypto = INSTANCE;
        byte[] encoded = key.getEncoded();
        Intrinsics.checkExpressionValueIsNotNull(encoded, "key.encoded");
        return crypto.decodePublicKey(encoded);
    }

    @NotNull
    public final PrivateKey toSupportedPrivateKey(@NotNull PrivateKey key) {
        Intrinsics.checkParameterIsNotNull(key, "key");
        Crypto crypto = INSTANCE;
        byte[] encoded = key.getEncoded();
        Intrinsics.checkExpressionValueIsNotNull(encoded, "key.encoded");
        return crypto.decodePrivateKey(encoded);
    }

    private Crypto() {
        Object obj;
        INSTANCE = this;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = PKCSObjectIdentifiers.id_RSASSA_PSS;
        Intrinsics.checkExpressionValueIsNotNull(aSN1ObjectIdentifier, "PKCSObjectIdentifiers.id_RSASSA_PSS");
        RSA_SHA256 = new SignatureScheme(1, "RSA_SHA256", aSN1ObjectIdentifier, BouncyCastleProvider.PROVIDER_NAME, "RSA", "SHA256WITHRSAANDMGF1", null, 3072, "RSA_SHA256 signature scheme using SHA256 as hash algorithm and MGF1 (with SHA256) as mask generation function.");
        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = X9ObjectIdentifiers.ecdsa_with_SHA256;
        Intrinsics.checkExpressionValueIsNotNull(aSN1ObjectIdentifier2, "X9ObjectIdentifiers.ecdsa_with_SHA256");
        ECDSA_SECP256K1_SHA256 = new SignatureScheme(2, "ECDSA_SECP256K1_SHA256", aSN1ObjectIdentifier2, BouncyCastleProvider.PROVIDER_NAME, "ECDSA", "SHA256withECDSA", ECNamedCurveTable.getParameterSpec("secp256k1"), 256, "ECDSA signature scheme using the secp256k1 Koblitz curve.");
        ASN1ObjectIdentifier aSN1ObjectIdentifier3 = X9ObjectIdentifiers.ecdsa_with_SHA256;
        Intrinsics.checkExpressionValueIsNotNull(aSN1ObjectIdentifier3, "X9ObjectIdentifiers.ecdsa_with_SHA256");
        ECDSA_SECP256R1_SHA256 = new SignatureScheme(3, "ECDSA_SECP256R1_SHA256", aSN1ObjectIdentifier3, BouncyCastleProvider.PROVIDER_NAME, "ECDSA", "SHA256withECDSA", ECNamedCurveTable.getParameterSpec("secp256r1"), 256, "ECDSA signature scheme using the secp256r1 (NIST P-256) curve.");
        EDDSA_ED25519_SHA512 = new SignatureScheme(4, "EDDSA_ED25519_SHA512", new ASN1ObjectIdentifier("1.3.101.112"), BouncyCastleProvider.PROVIDER_NAME, "EdDSA", EdDSAEngine.SIGNATURE_ALGORITHM, EdDSANamedCurveTable.getByName("ED25519"), 256, "EdDSA signature scheme using the ed25519 twisted Edwards curve.");
        ASN1ObjectIdentifier aSN1ObjectIdentifier4 = BCObjectIdentifiers.sphincs256_with_SHA512;
        Intrinsics.checkExpressionValueIsNotNull(aSN1ObjectIdentifier4, "BCObjectIdentifiers.sphincs256_with_SHA512");
        SPHINCS256_SHA256 = new SignatureScheme(5, "SPHINCS-256_SHA512", aSN1ObjectIdentifier4, "BCPQC", "SPHINCS256", "SHA512WITHSPHINCS256", new SPHINCS256KeyGenParameterSpec(SPHINCS256KeyGenParameterSpec.SHA512_256), 256, "SPHINCS-256 hash-based signature scheme. It provides 128bit security against post-quantum attackers at the cost of larger key sizes and loss of compatibility.");
        DEFAULT_SIGNATURE_SCHEME = EDDSA_ED25519_SHA512;
        List listOf = CollectionsKt.listOf((Object[]) new SignatureScheme[]{RSA_SHA256, ECDSA_SECP256K1_SHA256, ECDSA_SECP256R1_SHA256, EDDSA_ED25519_SHA512, SPHINCS256_SHA256});
        LinkedHashMap linkedHashMap = new LinkedHashMap(RangesKt.coerceAtLeast(MapsKt.mapCapacity(CollectionsKt.collectionSizeOrDefault(listOf, 10)), 16));
        for (Object obj2 : listOf) {
            linkedHashMap.put(((SignatureScheme) obj2).getSchemeCodeName(), obj2);
        }
        supportedSignatureSchemes = linkedHashMap;
        Collection<SignatureScheme> values = supportedSignatureSchemes.values();
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        for (Object obj3 : values) {
            String algorithmName = ((SignatureScheme) obj3).getAlgorithmName();
            Object obj4 = linkedHashMap2.get(algorithmName);
            if (obj4 == null) {
                ArrayList arrayList = new ArrayList();
                linkedHashMap2.put(algorithmName, arrayList);
                obj = arrayList;
            } else {
                obj = obj4;
            }
            ((List) obj).add(obj3);
        }
        algorithmGroups = linkedHashMap2;
        providerMap = MapsKt.mapOf(TuplesKt.to(BouncyCastleProvider.PROVIDER_NAME, getBouncyCastleProvider()), TuplesKt.to("BCPQC", new BouncyCastlePQCProvider()));
        Security.addProvider(getBouncyCastleProvider());
    }

    static {
        new Crypto();
    }
}
