package org.xipki.security.bc;

import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.util.Arrays;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.crmf.DhSigStatic;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.crypto.RuntimeCryptoException;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.xipki.security.DHSigStaticKeyCertPair;
import org.xipki.security.EdECConstants;
import org.xipki.security.HashAlgo;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/security-5.3.3.jar:org/xipki/security/bc/XiXDHContentVerifierProvider.class */
public class XiXDHContentVerifierProvider implements ContentVerifierProvider {
    private final SecretKey hmacKey;
    private final String hmacAlgoithm;
    private final ASN1ObjectIdentifier sigAlgOid;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/security-5.3.3.jar:org/xipki/security/bc/XiXDHContentVerifierProvider$XDHContentVerifier.class */
    public static class XDHContentVerifier implements ContentVerifier {
        private final AlgorithmIdentifier algId;
        private final HmacOutputStream outputStream;
        private final Mac hmac;
        private final SecretKey macKey;

        /* loaded from: input_file:WEB-INF/lib/security-5.3.3.jar:org/xipki/security/bc/XiXDHContentVerifierProvider$XDHContentVerifier$HmacOutputStream.class */
        private class HmacOutputStream extends OutputStream {
            private HmacOutputStream() {
            }

            @Override // java.io.OutputStream
            public void write(int i) throws IOException {
                XDHContentVerifier.this.hmac.update((byte) i);
            }

            @Override // java.io.OutputStream
            public void write(byte[] bArr) throws IOException {
                XDHContentVerifier.this.hmac.update(bArr, 0, bArr.length);
            }

            @Override // java.io.OutputStream
            public void write(byte[] bArr, int i, int i2) throws IOException {
                XDHContentVerifier.this.hmac.update(bArr, i, i2);
            }
        }

        private XDHContentVerifier(AlgorithmIdentifier algorithmIdentifier, Mac mac, SecretKey secretKey) {
            this.algId = algorithmIdentifier;
            this.hmac = mac;
            this.macKey = secretKey;
            this.outputStream = new HmacOutputStream();
        }

        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return this.algId;
        }

        public OutputStream getOutputStream() {
            try {
                this.hmac.init(this.macKey);
                return this.outputStream;
            } catch (InvalidKeyException e) {
                throw new RuntimeCryptoException("could not init MAC: " + e.getMessage());
            }
        }

        public boolean verify(byte[] bArr) {
            return Arrays.equals(DhSigStatic.getInstance(bArr).getHashValue(), this.hmac.doFinal());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v16, types: [byte[], byte[][]] */
    public XiXDHContentVerifierProvider(PublicKey publicKey, DHSigStaticKeyCertPair dHSigStaticKeyCertPair) throws InvalidKeyException {
        HashAlgo hashAlgo;
        Args.notNull(publicKey, "verifyKey");
        Args.notNull(dHSigStaticKeyCertPair, "ownerKeyAndCert");
        String algorithm = publicKey.getAlgorithm();
        if (EdECConstants.X25519.equalsIgnoreCase(algorithm)) {
            this.sigAlgOid = ObjectIdentifiers.Xipki.id_alg_dhPop_x25519_sha256;
            this.hmacAlgoithm = "HMAC-SHA256";
            hashAlgo = HashAlgo.SHA256;
        } else {
            if (!EdECConstants.X448.equalsIgnoreCase(algorithm)) {
                throw new InvalidKeyException("unsupported verifyKey.getAlgorithm(): " + algorithm);
            }
            this.sigAlgOid = ObjectIdentifiers.Xipki.id_alg_dhPop_x448_sha512;
            this.hmacAlgoithm = "HMAC-SHA512";
            hashAlgo = HashAlgo.SHA512;
        }
        if (!algorithm.equals(dHSigStaticKeyCertPair.getPrivateKey().getAlgorithm())) {
            throw new InvalidKeyException("verifyKey and ownerKeyAndCert does not match");
        }
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance(algorithm, "BC");
            keyAgreement.init(dHSigStaticKeyCertPair.getPrivateKey());
            keyAgreement.doPhase(publicKey, true);
            this.hmacKey = new SecretKeySpec(hashAlgo.hash(new byte[]{dHSigStaticKeyCertPair.getEncodedSubject(), keyAgreement.generateSecret(), dHSigStaticKeyCertPair.getEncodedIssuer()}), this.hmacAlgoithm);
        } catch (IllegalStateException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new InvalidKeyException("KeyChange error", e);
        }
    }

    public boolean hasAssociatedCertificate() {
        return false;
    }

    public X509CertificateHolder getAssociatedCertificate() {
        return null;
    }

    public ContentVerifier get(AlgorithmIdentifier algorithmIdentifier) throws OperatorCreationException {
        ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
        if (!this.sigAlgOid.equals(algorithm)) {
            throw new OperatorCreationException("given public key is not suitable for the alogithm " + algorithm.getId());
        }
        try {
            return new XDHContentVerifier(algorithmIdentifier, Mac.getInstance(this.hmacAlgoithm), this.hmacKey);
        } catch (NoSuchAlgorithmException e) {
            throw new OperatorCreationException(e.getMessage());
        }
    }
}
