package io.horizontalsystems.hdwalletkit;

import com.esaulpaugh.headlong.rlp.KeyValuePair;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Objects;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
import org.bouncycastle.math.ec.ECAlgorithms;
import org.bouncycastle.math.ec.ECFieldElement;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.custom.sec.SecP256K1Curve;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: classes7.dex */
public class ECKey {
    private static final String BITCOIN_SIGNED_MESSAGE_HEADER = "Bitcoin Signed Message:\n";
    private static final X9ECParameters CURVE_PARAMS = CustomNamedCurves.getByName(KeyValuePair.SECP256K1);
    public static final BigInteger HALF_CURVE_ORDER;
    public static final ECDomainParameters ecParams;
    private static final SecureRandom secureRandom;
    private long creationTime;
    private final BigInteger privKey;
    protected final LazyECPoint pub;
    private byte[] pubKeyHash;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes7.dex */
    public static class TaprootPubKey {
        public final ECPoint ecPoint;
        public final boolean negated;

        public TaprootPubKey(ECPoint eCPoint, boolean z) {
            this.ecPoint = eCPoint;
            this.negated = z;
        }
    }

    static {
        X9ECParameters byName = CustomNamedCurves.getByName(KeyValuePair.SECP256K1);
        ecParams = new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN(), byName.getH());
        HALF_CURVE_ORDER = byName.getN().shiftRight(1);
        secureRandom = new SecureRandom();
    }

    public ECKey() {
        ECKeyPairGenerator eCKeyPairGenerator = new ECKeyPairGenerator();
        eCKeyPairGenerator.init(new ECKeyGenerationParameters(ecParams, secureRandom));
        AsymmetricCipherKeyPair generateKeyPair = eCKeyPairGenerator.generateKeyPair();
        ECPrivateKeyParameters eCPrivateKeyParameters = (ECPrivateKeyParameters) generateKeyPair.getPrivate();
        ECPublicKeyParameters eCPublicKeyParameters = (ECPublicKeyParameters) generateKeyPair.getPublic();
        this.privKey = eCPrivateKeyParameters.getD();
        this.pub = new LazyECPoint(eCPublicKeyParameters.getQ(), true);
        this.creationTime = System.currentTimeMillis() / 1000;
    }

    protected ECKey(BigInteger bigInteger, LazyECPoint lazyECPoint) {
        if (bigInteger != null && (bigInteger.equals(BigInteger.ZERO) || bigInteger.equals(BigInteger.ONE))) {
            throw new IllegalArgumentException("Private key is illegal: " + bigInteger);
        }
        if (lazyECPoint == null) {
            throw new IllegalArgumentException("Public key cannot be null");
        }
        this.privKey = bigInteger;
        this.pub = lazyECPoint;
    }

    protected ECKey(BigInteger bigInteger, ECPoint eCPoint, boolean z) {
        this(bigInteger, new LazyECPoint(eCPoint, z));
    }

    public ECKey(BigInteger bigInteger, boolean z) {
        this((byte[]) null, bigInteger, z);
    }

    public ECKey(byte[] bArr) {
        this((BigInteger) null, new LazyECPoint(ecParams.getCurve(), bArr));
    }

    public ECKey(byte[] bArr, BigInteger bigInteger, boolean z) {
        this.privKey = bigInteger;
        if (bArr != null) {
            this.pub = new LazyECPoint(ecParams.getCurve(), bArr);
        } else {
            if (bigInteger == null) {
                throw new IllegalArgumentException("You must provide at least a private key or a public key");
            }
            this.pub = new LazyECPoint(ecParams.getCurve(), pubKeyFromPrivKey(bigInteger, z));
        }
        this.creationTime = System.currentTimeMillis() / 1000;
    }

    private static ECPoint decompressKey(BigInteger bigInteger, boolean z) {
        SecP256K1Curve secP256K1Curve = (SecP256K1Curve) ecParams.getCurve();
        ECFieldElement fromBigInteger = secP256K1Curve.fromBigInteger(bigInteger);
        ECFieldElement sqrt = fromBigInteger.multiply(fromBigInteger.square().add(secP256K1Curve.getA())).add(secP256K1Curve.getB()).sqrt();
        if (sqrt == null) {
            throw new IllegalArgumentException("Invalid point compression");
        }
        BigInteger bigInteger2 = sqrt.toBigInteger();
        if (bigInteger2.testBit(0) == z) {
            return secP256K1Curve.createPoint(fromBigInteger.toBigInteger(), bigInteger2);
        }
        return secP256K1Curve.createPoint(fromBigInteger.toBigInteger(), secP256K1Curve.fromBigInteger(secP256K1Curve.getQ().subtract(bigInteger2)).toBigInteger());
    }

    public static ECKey fromPrivate(BigInteger bigInteger) {
        return fromPrivate(bigInteger, true);
    }

    public static ECKey fromPrivate(BigInteger bigInteger, boolean z) {
        return new ECKey(bigInteger, new LazyECPoint(pubKeyPointFromPrivKey(bigInteger), z));
    }

    public static ECKey fromPrivate(byte[] bArr) {
        return fromPrivate(new BigInteger(1, bArr), true);
    }

    public static ECKey fromPublicOnly(ECPoint eCPoint, boolean z) {
        return new ECKey((BigInteger) null, eCPoint, z);
    }

    public static ECKey fromPublicOnly(byte[] bArr) {
        return new ECKey((BigInteger) null, new LazyECPoint(ecParams.getCurve(), bArr));
    }

    public static boolean isPubKeyCanonical(byte[] bArr) {
        if (bArr.length < 33) {
            return false;
        }
        byte b = bArr[0];
        return b == 4 ? bArr.length == 65 : (b == 2 || b == 3) && bArr.length == 33;
    }

    public static boolean isPubKeyCompressed(byte[] bArr) {
        byte b;
        if (bArr.length == 32) {
            return true;
        }
        if (bArr.length == 33 && ((b = bArr[0]) == 2 || b == 3)) {
            return true;
        }
        if (bArr.length == 65 && bArr[0] == 4) {
            return false;
        }
        throw new IllegalArgumentException(Hex.toHexString(bArr));
    }

    public static boolean isSignatureCanonical(byte[] bArr) {
        int i;
        int i2;
        int i3;
        int i4;
        if (bArr.length < 2 || bArr[0] != 48) {
            return false;
        }
        byte b = bArr[1];
        if ((b & 128) != 0 || 4 > (i = (b & Byte.MAX_VALUE) + 2) || bArr[2] != 2) {
            return false;
        }
        byte b2 = bArr[3];
        if ((b2 & 128) != 0 || (i3 = (i2 = b2 & Byte.MAX_VALUE) + 4) > i) {
            return false;
        }
        if ((bArr[4] == 0 && (bArr[5] & 128) == 0) || (i4 = i2 + 6) > i || bArr[i3] != 2) {
            return false;
        }
        byte b3 = bArr[i2 + 5];
        if ((b3 & 128) != 0) {
            return false;
        }
        int i5 = b3 & Byte.MAX_VALUE;
        if (i3 + i5 + 2 > i) {
            return false;
        }
        return !(bArr[i4] == 0 && (bArr[i2 + 7] & 128) == 0) && i3 + (i5 + 2) == bArr.length - 1;
    }

    private static TaprootPubKey liftX(byte[] bArr) {
        SecP256K1Curve secP256K1Curve = (SecP256K1Curve) CURVE_PARAMS.getCurve();
        BigInteger bigInteger = new BigInteger(1, bArr);
        BigInteger q = secP256K1Curve.getQ();
        if (bigInteger.compareTo(q) > -1) {
            throw new IllegalArgumentException("Provided bytes must be less than secp256k1 field size");
        }
        BigInteger mod = bigInteger.modPow(BigInteger.valueOf(3L), q).add(BigInteger.valueOf(7L)).mod(q);
        BigInteger modPow = mod.modPow(q.add(BigInteger.valueOf(1L)).divide(BigInteger.valueOf(4L)), q);
        if (modPow.modPow(BigInteger.valueOf(2L), q).equals(mod)) {
            return modPow.and(BigInteger.ONE).equals(BigInteger.ZERO) ? new TaprootPubKey(secP256K1Curve.createPoint(bigInteger, modPow), false) : new TaprootPubKey(secP256K1Curve.createPoint(bigInteger, q.subtract(modPow)), true);
        }
        throw new IllegalStateException("Calculated invalid y_sq when solving for y co-ordinate");
    }

    public static byte[] pubKeyFromPrivKey(BigInteger bigInteger, boolean z) {
        return pubKeyPointFromPrivKey(bigInteger).getEncoded(z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ECPoint pubKeyPointFromPrivKey(BigInteger bigInteger) {
        int bitLength = bigInteger.bitLength();
        ECDomainParameters eCDomainParameters = ecParams;
        if (bitLength > eCDomainParameters.getN().bitLength()) {
            bigInteger = bigInteger.mod(eCDomainParameters.getN());
        }
        return eCDomainParameters.getG().multiply(bigInteger);
    }

    private static ECKey recoverFromSignature(int i, ECDSASignature eCDSASignature, BigInteger bigInteger, boolean z) {
        ECDomainParameters eCDomainParameters = ecParams;
        BigInteger n = eCDomainParameters.getN();
        BigInteger add = eCDSASignature.getR().add(BigInteger.valueOf(i / 2).multiply(n));
        if (add.compareTo(((SecP256K1Curve) eCDomainParameters.getCurve()).getQ()) >= 0) {
            return null;
        }
        ECPoint decompressKey = decompressKey(add, (i & 1) == 1);
        if (!decompressKey.multiply(n).isInfinity()) {
            return null;
        }
        BigInteger mod = BigInteger.ZERO.subtract(bigInteger).mod(n);
        BigInteger modInverse = eCDSASignature.getR().modInverse(n);
        return new ECKey(ECAlgorithms.sumOfTwoMultiplies(eCDomainParameters.getG(), modInverse.multiply(mod).mod(n), decompressKey, modInverse.multiply(eCDSASignature.getS()).mod(n)).getEncoded(z));
    }

    public ECDSASignature createECDSASignature(byte[] bArr) throws ECException {
        if (this.privKey == null) {
            throw new IllegalStateException("No private key available");
        }
        byte[] doubleDigest = Utils.doubleDigest(bArr);
        try {
            ECDSASigner eCDSASigner = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
            BigInteger bigInteger = this.privKey;
            ECDomainParameters eCDomainParameters = ecParams;
            eCDSASigner.init(true, new ECPrivateKeyParameters(bigInteger, eCDomainParameters));
            BigInteger[] generateSignature = eCDSASigner.generateSignature(doubleDigest);
            if (generateSignature[1].compareTo(HALF_CURVE_ORDER) > 0) {
                generateSignature[1] = eCDomainParameters.getN().subtract(generateSignature[1]);
            }
            return new ECDSASignature(generateSignature[0], generateSignature[1]);
        } catch (RuntimeException e) {
            throw new ECException("Exception while creating signature", e);
        }
    }

    public byte[] createSignature(byte[] bArr) throws ECException {
        return createECDSASignature(bArr).encodeToDER();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof ECKey)) {
            return false;
        }
        ECKey eCKey = (ECKey) obj;
        return Objects.equals(this.privKey, eCKey.privKey) && Objects.equals(this.pub, eCKey.pub);
    }

    public long getCreationTime() {
        return this.creationTime;
    }

    public BigInteger getPrivKey() {
        return this.privKey;
    }

    public byte[] getPrivKeyBytes() {
        BigInteger bigInteger = this.privKey;
        if (bigInteger != null) {
            return bigInteger.toByteArray();
        }
        return null;
    }

    public byte[] getPubKey() {
        return this.pub.getEncoded();
    }

    public byte[] getPubKeyHash() {
        if (this.pubKeyHash == null) {
            this.pubKeyHash = Utils.sha256Hash160(this.pub.getEncoded(true));
        }
        return this.pubKeyHash;
    }

    public ECPoint getPubKeyPoint() {
        return this.pub.get();
    }

    public byte[] getPubKeyXCoord() {
        return this.pub.getEncodedXCoord();
    }

    public ECKey getTweakedOutputKey() {
        ECPoint eCPoint = liftX(getPubKeyXCoord()).ecPoint;
        ECKey fromPrivate = fromPrivate(Utils.taggedHash("TapTweak", eCPoint.getXCoord().getEncoded()));
        ECPoint add = eCPoint.add(fromPrivate.getPubKeyPoint());
        if (!hasPrivKey()) {
            return fromPublicOnly(add, true);
        }
        BigInteger add2 = this.privKey.add(fromPrivate.getPrivKey());
        X9ECParameters x9ECParameters = CURVE_PARAMS;
        BigInteger mod = add2.mod(x9ECParameters.getCurve().getOrder());
        if (!fromPrivate(mod).getPubKeyPoint().equals(add)) {
            mod = x9ECParameters.getCurve().getOrder().subtract(this.privKey).add(fromPrivate.getPrivKey()).mod(x9ECParameters.getCurve().getOrder());
        }
        return new ECKey(mod, add, true);
    }

    public boolean hasPrivKey() {
        return this.privKey != null;
    }

    public int hashCode() {
        return Objects.hash(this.privKey, this.pub);
    }

    public boolean isCompressed() {
        return this.pub.isCompressed();
    }

    public void setCreationTime(long j) {
        this.creationTime = j;
    }

    public String signMessage(String str) throws ECException {
        int i;
        if (this.privKey == null) {
            throw new IllegalStateException("No private key available");
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(str.length() * 2);
            try {
                byte[] bytes = BITCOIN_SIGNED_MESSAGE_HEADER.getBytes(StandardCharsets.UTF_8);
                byteArrayOutputStream.write(Utils.encode(bytes.length));
                byteArrayOutputStream.write(bytes);
                byte[] bytes2 = str.getBytes(StandardCharsets.UTF_8);
                byteArrayOutputStream.write(Utils.encode(bytes2.length));
                byteArrayOutputStream.write(bytes2);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                ECDSASignature createECDSASignature = createECDSASignature(byteArray);
                BigInteger bigInteger = new BigInteger(1, Utils.doubleDigest(byteArray));
                int i2 = 0;
                while (true) {
                    i = 4;
                    if (i2 >= 4) {
                        i2 = -1;
                        break;
                    }
                    ECKey recoverFromSignature = recoverFromSignature(i2, createECDSASignature, bigInteger, isCompressed());
                    if (recoverFromSignature != null && Arrays.equals(recoverFromSignature.getPubKey(), getPubKey())) {
                        break;
                    }
                    i2++;
                }
                if (i2 == -1) {
                    throw new ECException("Unable to recover public key from signature");
                }
                int i3 = i2 + 27;
                if (!isCompressed()) {
                    i = 0;
                }
                byte[] bArr = new byte[65];
                bArr[0] = (byte) (i3 + i);
                System.arraycopy(Utils.bigIntegerToBytes(createECDSASignature.getR(), 32), 0, bArr, 1, 32);
                System.arraycopy(Utils.bigIntegerToBytes(createECDSASignature.getS(), 32), 0, bArr, 33, 32);
                return new String(Base64.encode(bArr), StandardCharsets.UTF_8);
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalStateException("Unexpected IOException", e);
        }
    }

    public String toString() {
        return this.pub.toString();
    }

    public boolean verifySignature(byte[] bArr, byte[] bArr2) throws ECException {
        byte[] bArr3;
        ECDSASignature eCDSASignature = new ECDSASignature(bArr2);
        if (bArr != null) {
            bArr3 = Utils.doubleDigest(bArr);
        } else {
            bArr3 = new byte[32];
            bArr3[0] = 1;
        }
        try {
            ECDSASigner eCDSASigner = new ECDSASigner();
            ECDomainParameters eCDomainParameters = ecParams;
            eCDSASigner.init(false, new ECPublicKeyParameters(eCDomainParameters.getCurve().decodePoint(getPubKey()), eCDomainParameters));
            return eCDSASigner.verifySignature(bArr3, eCDSASignature.getR(), eCDSASignature.getS());
        } catch (RuntimeException e) {
            throw new ECException("Exception while verifying signature: " + e.getMessage());
        }
    }
}
