package org.bouncycastle.crypto.signers;

import _COROUTINE.CoroutineDebuggingKt$$ExternalSyntheticOutline0;
import com.alipay.sdk.m.m.b$$ExternalSyntheticOutline1;
import java.math.BigInteger;
import java.security.SecureRandom;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.digests.GeneralDigest;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithID;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.math.ec.ECAlgorithms;
import org.bouncycastle.math.ec.ECConstants;
import org.bouncycastle.math.ec.ECFieldElement;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.FixedPointCombMultiplier;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: classes9.dex */
public class SM2Signer implements Signer, ECConstants {
    public final Digest digest;
    public ECKeyParameters ecKey;
    public ECDomainParameters ecParams;
    public final DSAEncoding encoding;
    public final RandomDSAKCalculator kCalculator;
    public ECPoint pubPoint;
    public byte[] z;

    public SM2Signer() {
        this(StandardDSAEncoding.INSTANCE, new SM3Digest());
    }

    public SM2Signer(StandardDSAEncoding standardDSAEncoding, GeneralDigest generalDigest) {
        this.kCalculator = new RandomDSAKCalculator();
        this.encoding = standardDSAEncoding;
        this.digest = generalDigest;
    }

    public static void addFieldElement(Digest digest, ECFieldElement eCFieldElement) {
        byte[] encoded = eCFieldElement.getEncoded();
        digest.update(encoded, 0, encoded.length);
    }

    public final byte[] digestDoFinal() {
        byte[] bArr = new byte[this.digest.getDigestSize()];
        this.digest.doFinal(0, bArr);
        this.digest.reset();
        byte[] bArr2 = this.z;
        if (bArr2 != null) {
            this.digest.update(bArr2, 0, bArr2.length);
        }
        return bArr;
    }

    @Override // org.bouncycastle.crypto.Signer
    public final byte[] generateSignature() throws CryptoException {
        byte[] digestDoFinal = digestDoFinal();
        BigInteger bigInteger = this.ecParams.n;
        BigInteger bigInteger2 = new BigInteger(1, digestDoFinal);
        BigInteger bigInteger3 = ((ECPrivateKeyParameters) this.ecKey).d;
        FixedPointCombMultiplier fixedPointCombMultiplier = new FixedPointCombMultiplier();
        while (true) {
            BigInteger nextK = this.kCalculator.nextK();
            ECPoint normalize = fixedPointCombMultiplier.multiply(this.ecParams.G, nextK).normalize();
            normalize.checkNormalized();
            BigInteger mod = bigInteger2.add(normalize.x.toBigInteger()).mod(bigInteger);
            BigInteger bigInteger4 = ECConstants.ZERO;
            if (!mod.equals(bigInteger4) && !mod.add(nextK).equals(bigInteger)) {
                BigInteger mod2 = BigIntegers.modOddInverse(bigInteger, bigInteger3.add(ECConstants.ONE)).multiply(nextK.subtract(mod.multiply(bigInteger3)).mod(bigInteger)).mod(bigInteger);
                if (!mod2.equals(bigInteger4)) {
                    try {
                        return this.encoding.encode(this.ecParams.n, mod, mod2);
                    } catch (Exception e) {
                        throw new CryptoException(b$$ExternalSyntheticOutline1.m(e, CoroutineDebuggingKt$$ExternalSyntheticOutline0.m("unable to encode signature: ")), e);
                    }
                }
            }
        }
    }

    @Override // org.bouncycastle.crypto.Signer
    public final void init(boolean z, CipherParameters cipherParameters) {
        byte[] decodeStrict;
        ECPoint eCPoint;
        if (cipherParameters instanceof ParametersWithID) {
            ParametersWithID parametersWithID = (ParametersWithID) cipherParameters;
            CipherParameters cipherParameters2 = parametersWithID.parameters;
            byte[] bArr = parametersWithID.id;
            if (bArr.length >= 8192) {
                throw new IllegalArgumentException("SM2 user ID must be less than 2^16 bits long");
            }
            decodeStrict = bArr;
            cipherParameters = cipherParameters2;
        } else {
            decodeStrict = Hex.decodeStrict("31323334353637383132333435363738");
        }
        if (z) {
            if (cipherParameters instanceof ParametersWithRandom) {
                ParametersWithRandom parametersWithRandom = (ParametersWithRandom) cipherParameters;
                ECKeyParameters eCKeyParameters = (ECKeyParameters) parametersWithRandom.parameters;
                this.ecKey = eCKeyParameters;
                ECDomainParameters eCDomainParameters = eCKeyParameters.parameters;
                this.ecParams = eCDomainParameters;
                RandomDSAKCalculator randomDSAKCalculator = this.kCalculator;
                BigInteger bigInteger = eCDomainParameters.n;
                SecureRandom secureRandom = parametersWithRandom.random;
                randomDSAKCalculator.q = bigInteger;
                randomDSAKCalculator.random = secureRandom;
            } else {
                ECKeyParameters eCKeyParameters2 = (ECKeyParameters) cipherParameters;
                this.ecKey = eCKeyParameters2;
                ECDomainParameters eCDomainParameters2 = eCKeyParameters2.parameters;
                this.ecParams = eCDomainParameters2;
                RandomDSAKCalculator randomDSAKCalculator2 = this.kCalculator;
                BigInteger bigInteger2 = eCDomainParameters2.n;
                SecureRandom secureRandom2 = CryptoServicesRegistrar.getSecureRandom();
                randomDSAKCalculator2.q = bigInteger2;
                randomDSAKCalculator2.random = secureRandom2;
            }
            eCPoint = new FixedPointCombMultiplier().multiply(this.ecParams.G, ((ECPrivateKeyParameters) this.ecKey).d).normalize();
        } else {
            ECKeyParameters eCKeyParameters3 = (ECKeyParameters) cipherParameters;
            this.ecKey = eCKeyParameters3;
            this.ecParams = eCKeyParameters3.parameters;
            eCPoint = ((ECPublicKeyParameters) eCKeyParameters3).q;
        }
        this.pubPoint = eCPoint;
        CryptoServicesRegistrar.checkConstraints(Utils.getDefaultProperties("ECNR", this.ecKey, z));
        this.digest.reset();
        Digest digest = this.digest;
        int length = decodeStrict.length * 8;
        digest.update((byte) ((length >> 8) & 255));
        digest.update((byte) (length & 255));
        digest.update(decodeStrict, 0, decodeStrict.length);
        addFieldElement(this.digest, this.ecParams.curve.f1628a);
        addFieldElement(this.digest, this.ecParams.curve.b);
        Digest digest2 = this.digest;
        ECPoint eCPoint2 = this.ecParams.G;
        eCPoint2.checkNormalized();
        addFieldElement(digest2, eCPoint2.x);
        addFieldElement(this.digest, this.ecParams.G.getAffineYCoord());
        Digest digest3 = this.digest;
        ECPoint eCPoint3 = this.pubPoint;
        eCPoint3.checkNormalized();
        addFieldElement(digest3, eCPoint3.x);
        addFieldElement(this.digest, this.pubPoint.getAffineYCoord());
        int digestSize = this.digest.getDigestSize();
        byte[] bArr2 = new byte[digestSize];
        this.digest.doFinal(0, bArr2);
        this.z = bArr2;
        this.digest.update(bArr2, 0, digestSize);
    }

    @Override // org.bouncycastle.crypto.Signer
    public final void update(byte b) {
        this.digest.update(b);
    }

    @Override // org.bouncycastle.crypto.Signer
    public final void update(byte[] bArr, int i, int i2) {
        this.digest.update(bArr, i, i2);
    }

    public final boolean verifySignature(BigInteger bigInteger, BigInteger bigInteger2) {
        BigInteger bigInteger3 = this.ecParams.n;
        BigInteger bigInteger4 = ECConstants.ONE;
        if (bigInteger.compareTo(bigInteger4) < 0 || bigInteger.compareTo(bigInteger3) >= 0 || bigInteger2.compareTo(bigInteger4) < 0 || bigInteger2.compareTo(bigInteger3) >= 0) {
            return false;
        }
        BigInteger bigInteger5 = new BigInteger(1, digestDoFinal());
        BigInteger mod = bigInteger.add(bigInteger2).mod(bigInteger3);
        if (mod.equals(ECConstants.ZERO)) {
            return false;
        }
        ECPoint normalize = ECAlgorithms.sumOfTwoMultiplies(this.ecParams.G, bigInteger2, ((ECPublicKeyParameters) this.ecKey).q, mod).normalize();
        if (normalize.isInfinity()) {
            return false;
        }
        normalize.checkNormalized();
        return bigInteger5.add(normalize.x.toBigInteger()).mod(bigInteger3).equals(bigInteger);
    }

    @Override // org.bouncycastle.crypto.Signer
    public final boolean verifySignature(byte[] bArr) {
        try {
            BigInteger[] decode = this.encoding.decode(this.ecParams.n, bArr);
            return verifySignature(decode[0], decode[1]);
        } catch (Exception unused) {
            return false;
        }
    }
}
