package org.tokenscript.attestation.core;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.jcajce.provider.digest.Keccak;
import org.bouncycastle.jcajce.provider.digest.SHA256;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.math.ec.ECCurve;
import org.bouncycastle.math.ec.ECPoint;
import org.tokenscript.attestation.FullProofOfExponent;
import org.tokenscript.attestation.IdentifierAttestation;
import org.tokenscript.attestation.ProofOfExponent;
import org.tokenscript.attestation.UsageProofOfExponent;

/* loaded from: input_file:org/tokenscript/attestation/core/AttestationCrypto.class */
public class AttestationCrypto {
    public static final int BYTES_IN_DIGEST = 32;
    public static final int curveOrderBitLength = 254;
    private final SecureRandom rand;
    private static final Logger logger = LogManager.getLogger(AttestationCrypto.class);
    public static final BigInteger fieldSize = new BigInteger("21888242871839275222246405745257275088696311157297823662689037894645226208583");
    public static final BigInteger curveOrder = new BigInteger("21888242871839275222246405745257275088548364400416034343698204186575808495617");
    public static final BigInteger cofactor = new BigInteger("1");
    public static final ECCurve curve = new ECCurve.Fp(fieldSize, BigInteger.ZERO, new BigInteger("3"), curveOrder, cofactor);
    public static final ECPoint G = curve.createPoint(new BigInteger("21282764439311451829394129092047993080259557426320933158672611067687630484067"), new BigInteger("3813889942691430704369624600187664845713336792511424430006907067499686345744"));
    public static final ECPoint H = curve.createPoint(new BigInteger("10844896013696871595893151490650636250667003995871483372134187278207473369077"), new BigInteger("9393217696329481319187854592386054938412168121447413803797200472841959383227"));

    public AttestationCrypto(SecureRandom secureRandom) {
        Security.addProvider(new BouncyCastleProvider());
        this.rand = secureRandom;
        if (!verifyCurveOrder(curveOrder)) {
            throw new RuntimeException("Static values do not work with current implementation");
        }
    }

    private boolean verifyCurveOrder(BigInteger bigInteger) {
        if (bigInteger.compareTo(BigInteger.ONE.shiftLeft(253)) >= 0 && bigInteger.shiftRight(curveOrderBitLength).compareTo(BigInteger.ZERO) <= 0) {
            return true;
        }
        logger.error("Curve order is not 254 bits which is required by the current implementation");
        return false;
    }

    public static byte[] hashWithKeccak(byte[] bArr) {
        Keccak.Digest256 digest256 = new Keccak.Digest256();
        digest256.reset();
        digest256.update(bArr);
        return digest256.digest();
    }

    public static byte[] hashWithSHA256(byte[] bArr) {
        SHA256.Digest digest = new SHA256.Digest();
        digest.reset();
        digest.update(bArr);
        return digest.digest();
    }

    public static byte[] makeCommitment(String str, IdentifierAttestation.AttestationType attestationType, BigInteger bigInteger) {
        return G.multiply(mapToCurveMultiplier(attestationType, str)).add(H.multiply(bigInteger)).getEncoded(false);
    }

    public static byte[] makeCommitment(String str, IdentifierAttestation.AttestationType attestationType, ECPoint eCPoint) {
        return G.multiply(mapToCurveMultiplier(attestationType, str)).add(eCPoint).getEncoded(false);
    }

    public FullProofOfExponent computeAttestationProof(BigInteger bigInteger, byte[] bArr) {
        ECPoint multiply = H.multiply(bigInteger);
        return constructSchnorrPOK(multiply, bigInteger, Arrays.asList(H, multiply), bArr);
    }

    public FullProofOfExponent computeAttestationProof(BigInteger bigInteger) {
        return computeAttestationProof(bigInteger, new byte[0]);
    }

    public UsageProofOfExponent computeEqualityProof(byte[] bArr, byte[] bArr2, BigInteger bigInteger, BigInteger bigInteger2, byte[] bArr3) {
        ECPoint decodePoint = decodePoint(bArr);
        ECPoint decodePoint2 = decodePoint(bArr2);
        return constructSchnorrPOK(decodePoint.subtract(decodePoint2), bigInteger.subtract(bigInteger2).mod(curveOrder), Arrays.asList(H, decodePoint, decodePoint2), bArr3).getUsageProofOfExponent();
    }

    public UsageProofOfExponent computeEqualityProof(byte[] bArr, byte[] bArr2, BigInteger bigInteger, BigInteger bigInteger2) {
        return computeEqualityProof(bArr, bArr2, bigInteger, bigInteger2, new byte[0]);
    }

    private FullProofOfExponent constructSchnorrPOK(ECPoint eCPoint, BigInteger bigInteger, List<ECPoint> list, byte[] bArr) {
        BigInteger makeSecret;
        ECPoint multiply;
        BigInteger computeChallenge;
        do {
            makeSecret = makeSecret();
            multiply = H.multiply(makeSecret);
            computeChallenge = computeChallenge(multiply, list, bArr);
        } while (computeChallenge.compareTo(curveOrder) >= 0);
        return new FullProofOfExponent(eCPoint.normalize(), multiply.normalize(), makeSecret.add(computeChallenge.multiply(bigInteger)).mod(curveOrder), bArr);
    }

    private static BigInteger computeChallenge(ECPoint eCPoint, List<ECPoint> list, byte[] bArr) {
        ArrayList arrayList = new ArrayList(list);
        arrayList.add(eCPoint);
        byte[] makeArray = makeArray(arrayList);
        byte[] bArr2 = new byte[makeArray.length + bArr.length];
        System.arraycopy(makeArray, 0, bArr2, 0, makeArray.length);
        System.arraycopy(bArr, 0, bArr2, makeArray.length, bArr.length);
        return mapToInteger(bArr2);
    }

    public static boolean verifyFullProof(FullProofOfExponent fullProofOfExponent) {
        return verifyPok(fullProofOfExponent, computeChallenge(fullProofOfExponent.getPoint(), Arrays.asList(H, fullProofOfExponent.getRiddle()), fullProofOfExponent.getNonce()));
    }

    public static boolean verifyEqualityProof(byte[] bArr, byte[] bArr2, ProofOfExponent proofOfExponent) {
        ECPoint decodePoint = decodePoint(bArr);
        ECPoint decodePoint2 = decodePoint(bArr2);
        return verifyPok(new FullProofOfExponent(decodePoint.subtract(decodePoint2), proofOfExponent.getPoint(), proofOfExponent.getChallenge(), proofOfExponent.getNonce()), computeChallenge(proofOfExponent.getPoint(), Arrays.asList(H, decodePoint, decodePoint2), proofOfExponent.getNonce()));
    }

    private static boolean verifyPok(FullProofOfExponent fullProofOfExponent, BigInteger bigInteger) {
        if (bigInteger.compareTo(curveOrder) < 0) {
            return H.multiply(fullProofOfExponent.getChallenge()).equals(fullProofOfExponent.getRiddle().multiply(bigInteger).add(fullProofOfExponent.getPoint()));
        }
        logger.error("Challenge is bigger than curve order");
        return false;
    }

    public BigInteger makeSecret() {
        return new BigInteger(384, this.rand).mod(curveOrder);
    }

    static byte[] makeArray(List<ECPoint> list) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Iterator<ECPoint> it = list.iterator();
            while (it.hasNext()) {
                byteArrayOutputStream.write(it.next().normalize().getEncoded(false));
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.close();
            return byteArray;
        } catch (IOException e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not encode EC points", e);
        }
    }

    static BigInteger mapToInteger(byte[] bArr) {
        try {
            return new BigInteger(1, hashWithKeccak(bArr)).shiftRight(2);
        } catch (Exception e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not map to integer", e);
        }
    }

    public static BigInteger mapToCurveMultiplier(IdentifierAttestation.AttestationType attestationType, String str) {
        byte[] bytes = str.trim().toLowerCase().getBytes(StandardCharsets.UTF_8);
        ByteBuffer allocate = ByteBuffer.allocate(4 + bytes.length);
        allocate.putInt(attestationType.ordinal());
        allocate.put(bytes);
        BigInteger bigInteger = new BigInteger(1, allocate.array());
        do {
            bigInteger = mapToInteger(bigInteger.toByteArray());
        } while (bigInteger.compareTo(curveOrder) >= 0);
        return bigInteger;
    }

    public static ECPoint decodePoint(byte[] bArr) {
        return curve.decodePoint(bArr).normalize();
    }
}
