package org.bouncycastle.crypto.signers;

import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.SecureRandom;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.params.ECCSIPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECCSIPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.BigIntegers;

/* loaded from: input_file:META-INF/jarjar/bcprov-jdk18on-1.81.jar:org/bouncycastle/crypto/signers/ECCSISigner.class */
public class ECCSISigner implements Signer {
    private final BigInteger q;
    private final ECPoint G;
    private final Digest digest;
    private BigInteger j;
    private BigInteger r;
    private ECPoint Y;
    private final ECPoint kpak;
    private final byte[] id;
    private CipherParameters param;
    private ByteArrayOutputStream stream;
    private boolean forSigning;
    private final int N;

    public ECCSISigner(ECPoint eCPoint, X9ECParameters x9ECParameters, Digest digest, byte[] bArr) {
        this.kpak = eCPoint;
        this.id = bArr;
        this.q = x9ECParameters.getCurve().getOrder();
        this.G = x9ECParameters.getG();
        this.digest = digest;
        this.digest.reset();
        this.N = (x9ECParameters.getCurve().getOrder().bitLength() + 7) >> 3;
    }

    @Override // org.bouncycastle.crypto.Signer
    public void init(boolean z, CipherParameters cipherParameters) {
        this.forSigning = z;
        this.param = cipherParameters;
        reset();
    }

    @Override // org.bouncycastle.crypto.Signer
    public void update(byte b) {
        if (this.forSigning) {
            this.digest.update(b);
        } else {
            this.stream.write(b);
        }
    }

    @Override // org.bouncycastle.crypto.Signer
    public void update(byte[] bArr, int i, int i2) {
        if (this.forSigning) {
            this.digest.update(bArr, i, i2);
        } else {
            this.stream.write(bArr, i, i2);
        }
    }

    @Override // org.bouncycastle.crypto.Signer
    public byte[] generateSignature() throws CryptoException, DataLengthException {
        byte[] bArr = new byte[this.digest.getDigestSize()];
        this.digest.doFinal(bArr, 0);
        ECCSIPrivateKeyParameters eCCSIPrivateKeyParameters = (ECCSIPrivateKeyParameters) ((ParametersWithRandom) this.param).getParameters();
        BigInteger mod = new BigInteger(1, bArr).add(this.r.multiply(eCCSIPrivateKeyParameters.getSSK())).mod(this.q);
        if (mod.equals(BigInteger.ZERO)) {
            throw new IllegalArgumentException("Invalid j, retry");
        }
        return Arrays.concatenate(BigIntegers.asUnsignedByteArray(this.N, this.r), BigIntegers.asUnsignedByteArray(this.N, mod.modInverse(this.q).multiply(this.j).mod(this.q)), eCCSIPrivateKeyParameters.getPublicKeyParameters().getPVT().getEncoded(false));
    }

    @Override // org.bouncycastle.crypto.Signer
    public boolean verifySignature(byte[] bArr) {
        byte[] copyOf = Arrays.copyOf(bArr, this.N);
        BigInteger bigInteger = new BigInteger(1, Arrays.copyOfRange(bArr, this.N, this.N << 1));
        this.r = new BigInteger(1, copyOf).mod(this.q);
        this.digest.update(copyOf, 0, this.N);
        byte[] byteArray = this.stream.toByteArray();
        this.digest.update(byteArray, 0, byteArray.length);
        byte[] bArr2 = new byte[this.digest.getDigestSize()];
        this.digest.doFinal(bArr2, 0);
        return this.G.multiply(new BigInteger(1, bArr2).mod(this.q)).normalize().add(this.Y.multiply(this.r).normalize()).normalize().multiply(bigInteger).normalize().getAffineXCoord().toBigInteger().mod(this.q).equals(this.r.mod(this.q));
    }

    @Override // org.bouncycastle.crypto.Signer
    public void reset() {
        ECPoint pvt;
        this.digest.reset();
        CipherParameters cipherParameters = this.param;
        SecureRandom secureRandom = null;
        if (cipherParameters instanceof ParametersWithRandom) {
            secureRandom = ((ParametersWithRandom) cipherParameters).getRandom();
            cipherParameters = ((ParametersWithRandom) cipherParameters).getParameters();
        }
        ECPoint eCPoint = null;
        if (this.forSigning) {
            ECCSIPrivateKeyParameters eCCSIPrivateKeyParameters = (ECCSIPrivateKeyParameters) cipherParameters;
            pvt = eCCSIPrivateKeyParameters.getPublicKeyParameters().getPVT();
            this.j = BigIntegers.createRandomBigInteger(this.q.bitLength(), secureRandom);
            this.r = this.G.multiply(this.j).normalize().getAffineXCoord().toBigInteger().mod(this.q);
            eCPoint = this.G.multiply(eCCSIPrivateKeyParameters.getSSK());
        } else {
            pvt = ((ECCSIPublicKeyParameters) cipherParameters).getPVT();
            this.stream = new ByteArrayOutputStream();
        }
        byte[] encoded = this.G.getEncoded(false);
        this.digest.update(encoded, 0, encoded.length);
        byte[] encoded2 = this.kpak.getEncoded(false);
        this.digest.update(encoded2, 0, encoded2.length);
        this.digest.update(this.id, 0, this.id.length);
        byte[] encoded3 = pvt.getEncoded(false);
        this.digest.update(encoded3, 0, encoded3.length);
        byte[] bArr = new byte[this.digest.getDigestSize()];
        this.digest.doFinal(bArr, 0);
        BigInteger mod = new BigInteger(1, bArr).mod(this.q);
        this.digest.update(bArr, 0, bArr.length);
        if (!this.forSigning) {
            this.Y = pvt.multiply(mod).add(this.kpak).normalize();
        } else {
            if (!eCPoint.subtract(pvt.multiply(mod)).normalize().equals(this.kpak)) {
                throw new IllegalArgumentException("Invalid KPAK");
            }
            byte[] asUnsignedByteArray = BigIntegers.asUnsignedByteArray(this.N, this.r);
            this.digest.update(asUnsignedByteArray, 0, asUnsignedByteArray.length);
        }
    }
}
