package org.tokenscript.attestation.core;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.time.Clock;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.tokenscript.eip712.Eip712Common;

/* loaded from: input_file:org/tokenscript/attestation/core/UNSignature.class */
public class UNSignature implements UnpredictableNumberTool {
    private static final Logger logger = LogManager.getLogger((Class<?>) UNSignature.class);
    private final SecureRandom random;
    private final String domain;
    private final long validityInMs;
    private final AsymmetricKeyParameter publicKey;
    private final AsymmetricKeyParameter privateKey;

    public UNSignature(AsymmetricCipherKeyPair asymmetricCipherKeyPair, String str) {
        this(new SecureRandom(), asymmetricCipherKeyPair, str);
    }

    public UNSignature(AsymmetricKeyParameter asymmetricKeyParameter, String str) {
        this(new SecureRandom(), asymmetricKeyParameter, str);
    }

    public UNSignature(SecureRandom secureRandom, AsymmetricCipherKeyPair asymmetricCipherKeyPair, String str) {
        this(secureRandom, asymmetricCipherKeyPair, str, 3600000L);
    }

    public UNSignature(SecureRandom secureRandom, AsymmetricKeyParameter asymmetricKeyParameter, String str) {
        this(secureRandom, asymmetricKeyParameter, str, 3600000L);
    }

    public UNSignature(SecureRandom secureRandom, AsymmetricKeyParameter asymmetricKeyParameter, String str, long j) {
        this(secureRandom, new AsymmetricCipherKeyPair(asymmetricKeyParameter, (AsymmetricKeyParameter) null), str, j);
    }

    public UNSignature(SecureRandom secureRandom, AsymmetricCipherKeyPair asymmetricCipherKeyPair, String str, long j) {
        this.random = secureRandom;
        this.domain = str;
        this.validityInMs = j;
        this.publicKey = asymmetricCipherKeyPair.getPublic();
        this.privateKey = asymmetricCipherKeyPair.getPrivate();
        if (!Eip712Common.isDomainValid(str)) {
            throw ((IllegalArgumentException) ExceptionUtil.throwException(logger, new IllegalArgumentException("Domain is not a valid domain")));
        }
    }

    @Override // org.tokenscript.attestation.core.UnpredictableNumberTool
    public String getDomain() {
        return this.domain;
    }

    @Override // org.tokenscript.attestation.core.UnpredictableNumberTool
    public UnpredictableNumberBundle getUnpredictableNumberBundle() {
        return getUnpredictableNumberBundle(null);
    }

    @Override // org.tokenscript.attestation.core.UnpredictableNumberTool
    public UnpredictableNumberBundle getUnpredictableNumberBundle(byte[] bArr) {
        long millis = Clock.systemUTC().millis() + this.validityInMs;
        byte[] bArr2 = new byte[32];
        this.random.nextBytes(bArr2);
        return new UnpredictableNumberBundle(getUnpredictableNumber(bArr2, millis, bArr), bArr2, this.domain, millis, bArr);
    }

    private String getUnpredictableNumber(byte[] bArr, long j, byte[] bArr2) {
        return URLUtility.encodeData(SignatureUtility.signWithEthereum(getRawUN(bArr, j, bArr2), this.privateKey));
    }

    private byte[] getRawUN(byte[] bArr, long j, byte[] bArr2) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(UnpredictableNumberTool.longToBytes(j));
            byteArrayOutputStream.write(bArr, 0, 32);
            if (bArr2 != null) {
                byteArrayOutputStream.write(UnpredictableNumberTool.hashContext(bArr2), 0, 32);
            }
            byteArrayOutputStream.write(this.domain.getBytes(StandardCharsets.UTF_8), 0, this.domain.getBytes(StandardCharsets.UTF_8).length);
            byteArrayOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not create UN message", e);
        }
    }

    @Override // org.tokenscript.attestation.core.UnpredictableNumberTool
    public boolean validateUnpredictableNumber(String str, byte[] bArr, long j) {
        return validateUnpredictableNumber(str, bArr, j, null);
    }

    @Override // org.tokenscript.attestation.core.UnpredictableNumberTool
    public boolean validateUnpredictableNumber(String str, byte[] bArr, long j, byte[] bArr2) {
        if (Clock.systemUTC().millis() > j) {
            logger.error("Unpredictable number has expired");
            return false;
        }
        if (SignatureUtility.verifyEthereumSignature(getRawUN(bArr, j, bArr2), URLUtility.decodeData(str), this.publicKey)) {
            return true;
        }
        logger.error("The unpredictable number is computed incorrectly. Either wrong key or wrong domain");
        return false;
    }
}
