package org.alephium.crypto;

import akka.util.ByteString;
import akka.util.ByteString$;
import java.math.BigInteger;
import org.alephium.util.AVector;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.asn1.x9.X9IntegerConverter;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
import org.bouncycastle.math.ec.ECAlgorithms;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.custom.sec.SecP256K1Curve;
import scala.Array;
import scala.Array$;
import scala.Array$UnapplySeqWrapper$;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.Tuple2;
import scala.reflect.ClassTag$;
import scala.util.control.NonFatal$;

/* compiled from: SecP256K1.scala */
/* loaded from: input_file:org/alephium/crypto/SecP256K1$.class */
public final class SecP256K1$ implements SignatureSchema<SecP256K1PrivateKey, SecP256K1PublicKey, SecP256K1Signature> {
    public static final SecP256K1$ MODULE$ = new SecP256K1$();
    private static final X9ECParameters params;
    private static final ECDomainParameters domain;
    private static final BigInteger halfCurveOrder;
    private static final SecP256K1Curve curve;

    static {
        SignatureSchema.$init$(MODULE$);
        params = CustomNamedCurves.getByName("secp256k1");
        curve = MODULE$.params().getCurve();
        domain = new ECDomainParameters(MODULE$.curve(), MODULE$.params().getG(), MODULE$.params().getN(), MODULE$.params().getH());
        halfCurveOrder = MODULE$.params().getN().shiftRight(1);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.alephium.crypto.Signature, org.alephium.crypto.SecP256K1Signature] */
    @Override // org.alephium.crypto.SignatureSchema
    public SecP256K1Signature sign(ByteString byteString, SecP256K1PrivateKey secP256K1PrivateKey) {
        ?? sign;
        sign = sign(byteString, (ByteString) secP256K1PrivateKey);
        return sign;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.alephium.crypto.Signature, org.alephium.crypto.SecP256K1Signature] */
    @Override // org.alephium.crypto.SignatureSchema
    public SecP256K1Signature sign(AVector aVector, SecP256K1PrivateKey secP256K1PrivateKey) {
        ?? sign;
        sign = sign((AVector<Object>) aVector, (AVector<Object>) ((AVector) secP256K1PrivateKey));
        return sign;
    }

    @Override // org.alephium.crypto.SignatureSchema
    public boolean verify(ByteString byteString, SecP256K1Signature secP256K1Signature, SecP256K1PublicKey secP256K1PublicKey) {
        boolean verify;
        verify = verify(byteString, (ByteString) secP256K1Signature, (ByteString) ((Signature) secP256K1PublicKey));
        return verify;
    }

    @Override // org.alephium.crypto.SignatureSchema
    public boolean verify(AVector aVector, SecP256K1Signature secP256K1Signature, SecP256K1PublicKey secP256K1PublicKey) {
        boolean verify;
        verify = verify((AVector<Object>) aVector, (AVector<Object>) ((AVector) secP256K1Signature), (AVector) ((Signature) secP256K1PublicKey));
        return verify;
    }

    public X9ECParameters params() {
        return params;
    }

    public SecP256K1Curve curve() {
        return curve;
    }

    public ECDomainParameters domain() {
        return domain;
    }

    public BigInteger halfCurveOrder() {
        return halfCurveOrder;
    }

    public ECPoint point(ByteString byteString) {
        return curve().decodePoint((byte[]) byteString.toArray(ClassTag$.MODULE$.Byte()));
    }

    @Override // org.alephium.crypto.SignatureSchema
    public Tuple2<SecP256K1PrivateKey, SecP256K1PublicKey> generatePriPub() {
        SecP256K1PrivateKey secP256K1PrivateKey = (SecP256K1PrivateKey) SecP256K1PrivateKey$.MODULE$.generate();
        return new Tuple2<>(secP256K1PrivateKey, secP256K1PrivateKey.publicKey());
    }

    @Override // org.alephium.crypto.SignatureSchema
    public Tuple2<SecP256K1PrivateKey, SecP256K1PublicKey> secureGeneratePriPub() {
        SecP256K1PrivateKey secP256K1PrivateKey = (SecP256K1PrivateKey) SecP256K1PrivateKey$.MODULE$.secureGenerate();
        return new Tuple2<>(secP256K1PrivateKey, secP256K1PrivateKey.publicKey());
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.alephium.crypto.SignatureSchema
    public SecP256K1Signature sign(byte[] bArr, byte[] bArr2) {
        ECDSASigner eCDSASigner = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
        eCDSASigner.init(true, new ECPrivateKeyParameters(new BigInteger(1, bArr2), domain()));
        BigInteger[] generateSignature = eCDSASigner.generateSignature(bArr);
        if (generateSignature != null) {
            Object unapplySeq = Array$.MODULE$.unapplySeq(generateSignature);
            if (!Array$UnapplySeqWrapper$.MODULE$.isEmpty$extension(unapplySeq) && new Array.UnapplySeqWrapper(Array$UnapplySeqWrapper$.MODULE$.get$extension(unapplySeq)) != null && Array$UnapplySeqWrapper$.MODULE$.lengthCompare$extension(Array$UnapplySeqWrapper$.MODULE$.get$extension(unapplySeq), 2) == 0) {
                Tuple2 tuple2 = new Tuple2((BigInteger) Array$UnapplySeqWrapper$.MODULE$.apply$extension(Array$UnapplySeqWrapper$.MODULE$.get$extension(unapplySeq), 0), (BigInteger) Array$UnapplySeqWrapper$.MODULE$.apply$extension(Array$UnapplySeqWrapper$.MODULE$.get$extension(unapplySeq), 1));
                return SecP256K1Signature$.MODULE$.from((BigInteger) tuple2._1(), canonicalize((BigInteger) tuple2._2()));
            }
        }
        throw new MatchError(generateSignature);
    }

    public boolean org$alephium$crypto$SecP256K1$$isCanonical(BigInteger bigInteger) {
        return bigInteger.compareTo(halfCurveOrder()) <= 0;
    }

    public BigInteger canonicalize(BigInteger bigInteger) {
        return org$alephium$crypto$SecP256K1$$isCanonical(bigInteger) ? bigInteger : params().getN().subtract(bigInteger);
    }

    @Override // org.alephium.crypto.SignatureSchema
    public boolean verify(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        boolean z;
        Tuple2<BigInteger, BigInteger> decode = SecP256K1Signature$.MODULE$.decode(bArr2);
        if (decode == null) {
            throw new MatchError(decode);
        }
        Tuple2 tuple2 = new Tuple2((BigInteger) decode._1(), (BigInteger) decode._2());
        BigInteger bigInteger = (BigInteger) tuple2._1();
        BigInteger bigInteger2 = (BigInteger) tuple2._2();
        if (org$alephium$crypto$SecP256K1$$isCanonical(bigInteger2)) {
            try {
                ECDSASigner eCDSASigner = new ECDSASigner();
                eCDSASigner.init(false, new ECPublicKeyParameters(curve().decodePoint(bArr3), domain()));
                z = eCDSASigner.verifySignature(bArr, bigInteger, bigInteger2);
            } catch (Throwable th) {
                if (th == null || NonFatal$.MODULE$.unapply(th).isEmpty()) {
                    throw th;
                }
                z = false;
            }
            if (z) {
                return true;
            }
        }
        return false;
    }

    public Option<ByteString> ethEcRecover(ByteString byteString, ByteString byteString2) {
        try {
            return new Some(ethEcRecoverUnsafe(byteString, byteString2));
        } catch (Throwable th) {
            if (th == null || NonFatal$.MODULE$.unapply(th).isEmpty()) {
                throw th;
            }
            return None$.MODULE$;
        }
    }

    public ByteString ethEcRecoverUnsafe(ByteString byteString, ByteString byteString2) {
        Predef$.MODULE$.require(byteString.length() == 32, () -> {
            return "Invalid message hash length";
        });
        Predef$.MODULE$.require(byteString2.length() == 65, () -> {
            return "Invalid sig data length";
        });
        int last = (byteString2.last() & 255) - 27;
        Predef$.MODULE$.require(last == 0 || last == 1, () -> {
            return "Invalid v, 27/28 expected";
        });
        BigInteger bigInteger = new BigInteger(1, (byte[]) byteString2.take(32).toArray(ClassTag$.MODULE$.Byte()));
        BigInteger bigInteger2 = new BigInteger(1, (byte[]) byteString2.slice(32, 64).toArray(ClassTag$.MODULE$.Byte()));
        BigInteger n = params().getN();
        Predef$.MODULE$.require(bigInteger.signum() == 1 && bigInteger.compareTo(n) < 0, () -> {
            return "Invalid r";
        });
        Predef$.MODULE$.require(bigInteger2.signum() == 1 && bigInteger2.compareTo(n) < 0, () -> {
            return "Invalid s";
        });
        BigInteger add = bigInteger.add(BigInteger.valueOf(last / 2).multiply(n));
        Predef$.MODULE$.require(add.compareTo(curve().getQ()) < 0, () -> {
            return "Cannot have point co-ordinates larger than this as everything takes place modulo Q.";
        });
        ECPoint decompressKey = decompressKey(add, (last & 1) == 1);
        Predef$.MODULE$.require(decompressKey.multiply(n).isInfinity(), () -> {
            return "point cannot be at infinity";
        });
        BigInteger mod = BigInteger.ZERO.subtract(new BigInteger(1, (byte[]) byteString.toArray(ClassTag$.MODULE$.Byte()))).mod(n);
        BigInteger modInverse = bigInteger.modInverse(n);
        byte[] encoded = ECAlgorithms.sumOfTwoMultiplies(params().getG(), modInverse.multiply(mod).mod(n), decompressKey, modInverse.multiply(bigInteger2).mod(n)).getEncoded(false);
        return Keccak256$.MODULE$.hash(ByteString$.MODULE$.fromArrayUnsafe(encoded, 1, encoded.length - 1)).bytes().drop(12);
    }

    private ECPoint decompressKey(BigInteger bigInteger, boolean z) {
        X9IntegerConverter x9IntegerConverter = new X9IntegerConverter();
        byte[] integerToBytes = x9IntegerConverter.integerToBytes(bigInteger, 1 + x9IntegerConverter.getByteLength(curve()));
        if (z) {
            integerToBytes[0] = 3;
        } else {
            integerToBytes[0] = 2;
        }
        return curve().decodePoint(integerToBytes);
    }

    private SecP256K1$() {
    }
}
