package org.xrpl.xrpl4j.crypto.bc.signing;

import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.CaffeineSpec;
import com.github.benmanes.caffeine.cache.LoadingCache;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.Sets;
import com.google.common.hash.Hashing;
import java.util.Arrays;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.Ed25519Signer;
import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
import org.xrpl.xrpl4j.codec.addresses.UnsignedByteArray;
import org.xrpl.xrpl4j.codec.addresses.VersionType;
import org.xrpl.xrpl4j.codec.binary.XrplBinaryCodec;
import org.xrpl.xrpl4j.crypto.bc.BcAddressUtils;
import org.xrpl.xrpl4j.crypto.bc.keys.BcKeyUtils;
import org.xrpl.xrpl4j.crypto.bc.keys.Ed25519KeyPairService;
import org.xrpl.xrpl4j.crypto.bc.keys.Secp256k1KeyPairService;
import org.xrpl.xrpl4j.crypto.core.AddressUtils;
import org.xrpl.xrpl4j.crypto.core.KeyMetadata;
import org.xrpl.xrpl4j.crypto.core.ServerSecret;
import org.xrpl.xrpl4j.crypto.core.ServerSecretSupplier;
import org.xrpl.xrpl4j.crypto.core.keys.KeyPair;
import org.xrpl.xrpl4j.crypto.core.keys.Passphrase;
import org.xrpl.xrpl4j.crypto.core.keys.PrivateKey;
import org.xrpl.xrpl4j.crypto.core.keys.PublicKey;
import org.xrpl.xrpl4j.crypto.core.keys.Seed;
import org.xrpl.xrpl4j.crypto.core.signing.AbstractDelegatedSignatureService;
import org.xrpl.xrpl4j.crypto.core.signing.AbstractDelegatedTransactionSigner;
import org.xrpl.xrpl4j.crypto.core.signing.AbstractDelegatedTransactionVerifier;
import org.xrpl.xrpl4j.crypto.core.signing.DelegatedSignatureService;
import org.xrpl.xrpl4j.crypto.core.signing.Signature;
import org.xrpl.xrpl4j.crypto.core.signing.SignatureUtils;
import org.xrpl.xrpl4j.crypto.core.signing.SignatureWithKeyMetadata;
import org.xrpl.xrpl4j.crypto.core.signing.SingleSingedTransaction;
import org.xrpl.xrpl4j.model.client.channels.UnsignedClaim;
import org.xrpl.xrpl4j.model.jackson.ObjectMapperFactory;
import org.xrpl.xrpl4j.model.transactions.Transaction;

/* loaded from: input_file:org/xrpl/xrpl4j/crypto/bc/signing/DerivedKeyDelegatedSignatureService.class */
public class DerivedKeyDelegatedSignatureService implements DelegatedSignatureService {
    private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
    private final VersionType versionType;
    private final Ed25519KeyPairService ed25519KeyPairService;
    private final Secp256k1KeyPairService secp256k1KeyPairService;
    private final LoadingCache<KeyMetadata, SingleKeyDelegatedSignatureService> keyMetadataLoadingCache;
    private final ServerSecretSupplier serverSecretSupplier;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xrpl/xrpl4j/crypto/bc/signing/DerivedKeyDelegatedSignatureService$SingleKeyDelegatedSignatureService.class */
    public static class SingleKeyDelegatedSignatureService extends AbstractDelegatedSignatureService implements DelegatedSignatureService {

        /* loaded from: input_file:org/xrpl/xrpl4j/crypto/bc/signing/DerivedKeyDelegatedSignatureService$SingleKeyDelegatedSignatureService$SingleKeyDelegatedTransactionSigner.class */
        private static class SingleKeyDelegatedTransactionSigner extends AbstractDelegatedTransactionSigner {
            private final Ed25519Signer ed25519Signer;
            private final ECDSASigner ecdsaSigner;
            private final PrivateKey privateKey;
            private final BcSignatureService bcSignatureService;

            private SingleKeyDelegatedTransactionSigner(PrivateKey privateKey, SignatureUtils signatureUtils, AddressUtils addressUtils) {
                super(signatureUtils, addressUtils);
                this.ed25519Signer = new Ed25519Signer();
                this.ecdsaSigner = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
                this.privateKey = privateKey;
                this.bcSignatureService = new BcSignatureService(signatureUtils, addressUtils, this.ed25519Signer, this.ecdsaSigner);
            }

            protected synchronized Signature edDsaSign(KeyMetadata keyMetadata, UnsignedByteArray unsignedByteArray) {
                return this.bcSignatureService.edDsaSign(this.privateKey, unsignedByteArray);
            }

            protected synchronized Signature ecDsaSign(KeyMetadata keyMetadata, UnsignedByteArray unsignedByteArray) {
                return this.bcSignatureService.ecDsaSign(this.privateKey, unsignedByteArray);
            }

            public PublicKey getPublicKey(KeyMetadata keyMetadata) {
                Objects.requireNonNull(keyMetadata);
                return BcKeyUtils.toPublicKey(this.privateKey);
            }
        }

        /* loaded from: input_file:org/xrpl/xrpl4j/crypto/bc/signing/DerivedKeyDelegatedSignatureService$SingleKeyDelegatedSignatureService$SingleKeyDelegatedTransactionVerifier.class */
        private static class SingleKeyDelegatedTransactionVerifier extends AbstractDelegatedTransactionVerifier {
            private final Ed25519Signer ed25519Signer;
            private final ECDSASigner ecdsaSigner;
            private final PrivateKey privateKey;
            private final BcSignatureService bcSignatureService;

            public SingleKeyDelegatedTransactionVerifier(PrivateKey privateKey, SignatureUtils signatureUtils, AddressUtils addressUtils) {
                super(signatureUtils, addressUtils);
                this.ed25519Signer = new Ed25519Signer();
                this.ecdsaSigner = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
                this.privateKey = privateKey;
                this.bcSignatureService = new BcSignatureService(signatureUtils, addressUtils, this.ed25519Signer, this.ecdsaSigner);
            }

            protected synchronized boolean edDsaVerify(KeyMetadata keyMetadata, UnsignedByteArray unsignedByteArray, Signature signature) {
                return this.bcSignatureService.edDsaVerify(getPublicKey(keyMetadata), unsignedByteArray, signature);
            }

            protected synchronized boolean ecDsaVerify(KeyMetadata keyMetadata, UnsignedByteArray unsignedByteArray, Signature signature) {
                return this.bcSignatureService.ecDsaVerify(getPublicKey(keyMetadata), unsignedByteArray, signature);
            }

            public PublicKey getPublicKey(KeyMetadata keyMetadata) {
                Objects.requireNonNull(keyMetadata);
                return BcKeyUtils.toPublicKey(this.privateKey);
            }
        }

        private SingleKeyDelegatedSignatureService(PrivateKey privateKey, SignatureUtils signatureUtils, AddressUtils addressUtils) {
            super(new SingleKeyDelegatedTransactionSigner(privateKey, signatureUtils, addressUtils), new SingleKeyDelegatedTransactionVerifier(privateKey, signatureUtils, addressUtils));
        }

        private SingleKeyDelegatedSignatureService(PrivateKey privateKey) {
            this(privateKey, new SignatureUtils(ObjectMapperFactory.create(), new XrplBinaryCodec()), BcAddressUtils.getInstance());
        }
    }

    public DerivedKeyDelegatedSignatureService(ServerSecretSupplier serverSecretSupplier, VersionType versionType) {
        this(serverSecretSupplier, versionType, Ed25519KeyPairService.getInstance(), Secp256k1KeyPairService.getInstance());
    }

    public DerivedKeyDelegatedSignatureService(ServerSecretSupplier serverSecretSupplier, VersionType versionType, Ed25519KeyPairService ed25519KeyPairService, Secp256k1KeyPairService secp256k1KeyPairService) {
        this(serverSecretSupplier, versionType, ed25519KeyPairService, secp256k1KeyPairService, CaffeineSpec.parse("maximumSize=10000,expireAfterWrite=30s"));
    }

    public DerivedKeyDelegatedSignatureService(ServerSecretSupplier serverSecretSupplier, VersionType versionType, Ed25519KeyPairService ed25519KeyPairService, Secp256k1KeyPairService secp256k1KeyPairService, CaffeineSpec caffeineSpec) {
        this.serverSecretSupplier = (ServerSecretSupplier) Objects.requireNonNull(serverSecretSupplier);
        this.versionType = (VersionType) Objects.requireNonNull(versionType);
        this.ed25519KeyPairService = (Ed25519KeyPairService) Objects.requireNonNull(ed25519KeyPairService);
        this.secp256k1KeyPairService = (Secp256k1KeyPairService) Objects.requireNonNull(secp256k1KeyPairService);
        this.keyMetadataLoadingCache = Caffeine.from((CaffeineSpec) Objects.requireNonNull(caffeineSpec)).build(this::constructSignatureService);
    }

    public <T extends Transaction> SingleSingedTransaction<T> sign(KeyMetadata keyMetadata, T t) {
        Objects.requireNonNull(keyMetadata);
        Objects.requireNonNull(t);
        return getSignatureServiceSafe(keyMetadata).sign(keyMetadata, t);
    }

    public Signature sign(KeyMetadata keyMetadata, UnsignedClaim unsignedClaim) {
        return getSignatureServiceSafe(keyMetadata).sign(keyMetadata, unsignedClaim);
    }

    public <T extends Transaction> Signature multiSign(KeyMetadata keyMetadata, T t) {
        Objects.requireNonNull(keyMetadata);
        Objects.requireNonNull(t);
        return getSignatureServiceSafe(keyMetadata).multiSign(keyMetadata, t);
    }

    public PublicKey getPublicKey(KeyMetadata keyMetadata) {
        Objects.requireNonNull(keyMetadata);
        return getSignatureServiceSafe(keyMetadata).getPublicKey(keyMetadata);
    }

    public <T extends Transaction> boolean verifySingleSigned(SignatureWithKeyMetadata signatureWithKeyMetadata, T t) {
        Objects.requireNonNull(signatureWithKeyMetadata);
        Objects.requireNonNull(t);
        return getSignatureServiceSafe(signatureWithKeyMetadata.signingKeyMetadata()).verifySingleSigned(signatureWithKeyMetadata, t);
    }

    public <T extends Transaction> boolean verifyMultiSigned(Set<SignatureWithKeyMetadata> set, T t, int i) {
        Objects.requireNonNull(set);
        Objects.requireNonNull(t);
        Preconditions.checkArgument(i > 0, "Valid multisigned transactions must have at least 1 signer");
        return set.stream().map(signatureWithKeyMetadata -> {
            return Boolean.valueOf(getSignatureServiceSafe(signatureWithKeyMetadata.signingKeyMetadata()).verifyMultiSigned(Sets.newHashSet(new SignatureWithKeyMetadata[]{signatureWithKeyMetadata}), t, 1));
        }).filter(bool -> {
            return bool.booleanValue();
        }).count() >= ((long) i);
    }

    @VisibleForTesting
    protected SingleKeyDelegatedSignatureService constructSignatureService(KeyMetadata keyMetadata) {
        KeyPair deriveKeyPair;
        Objects.requireNonNull(keyMetadata);
        if (VersionType.ED25519 == getVersionType()) {
            deriveKeyPair = this.ed25519KeyPairService.deriveKeyPair(generateEd25519XrplSeed(keyMetadata.keyIdentifier()));
        } else {
            if (VersionType.SECP256K1 != getVersionType()) {
                throw new IllegalArgumentException("Invalid VersionType: " + getVersionType());
            }
            deriveKeyPair = this.secp256k1KeyPairService.deriveKeyPair(generateSecp256k1Seed(keyMetadata.keyIdentifier()));
        }
        return new SingleKeyDelegatedSignatureService(deriveKeyPair.privateKey());
    }

    @VisibleForTesting
    final Seed generateEd25519XrplSeed(String str) {
        Objects.requireNonNull(str);
        ServerSecret serverSecret = (ServerSecret) this.serverSecretSupplier.get();
        byte[] bArr = EMPTY_BYTE_ARRAY;
        try {
            bArr = Hashing.hmacSha512(serverSecret.value()).hashBytes(str.getBytes()).asBytes();
            Seed ed25519SeedFromPassphrase = Seed.ed25519SeedFromPassphrase(Passphrase.of(bArr));
            serverSecret.destroy();
            Arrays.fill(bArr, (byte) 0);
            return ed25519SeedFromPassphrase;
        } catch (Throwable th) {
            serverSecret.destroy();
            Arrays.fill(bArr, (byte) 0);
            throw th;
        }
    }

    @VisibleForTesting
    final Seed generateSecp256k1Seed(String str) {
        Objects.requireNonNull(str);
        ServerSecret serverSecret = (ServerSecret) this.serverSecretSupplier.get();
        byte[] bArr = EMPTY_BYTE_ARRAY;
        try {
            bArr = Hashing.hmacSha512(serverSecret.value()).hashBytes(str.getBytes()).asBytes();
            Seed secp256k1SeedFromPassphrase = Seed.secp256k1SeedFromPassphrase(Passphrase.of(bArr));
            serverSecret.destroy();
            Arrays.fill(bArr, (byte) 0);
            return secp256k1SeedFromPassphrase;
        } catch (Throwable th) {
            serverSecret.destroy();
            Arrays.fill(bArr, (byte) 0);
            throw th;
        }
    }

    public VersionType getVersionType() {
        return this.versionType;
    }

    private DelegatedSignatureService getSignatureServiceSafe(KeyMetadata keyMetadata) {
        Objects.requireNonNull(keyMetadata);
        return (DelegatedSignatureService) Optional.ofNullable((SingleKeyDelegatedSignatureService) this.keyMetadataLoadingCache.get(keyMetadata)).orElseThrow(() -> {
            return new RuntimeException("No KeyMetadata Found");
        });
    }
}
