package com.amazonaws.encryptionsdk.internal;

import com.amazonaws.encryptionsdk.CryptoAlgorithm;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import org.apache.commons.lang3.Validate;

/* loaded from: input_file:com/amazonaws/encryptionsdk/internal/TrailingSignatureAlgorithm.class */
public abstract class TrailingSignatureAlgorithm {
    private static final String SEC_PRIME_FIELD_PREFIX = "secp";
    private static final ECDSASignatureAlgorithm SHA256_ECDSA_P256 = new ECDSASignatureAlgorithm(new ECGenParameterSpec("secp256r1"), "SHA-256", "SHA256withECDSA");
    private static final ECDSASignatureAlgorithm SHA384_ECDSA_P384 = new ECDSASignatureAlgorithm(new ECGenParameterSpec("secp384r1"), "SHA-384", "SHA384withECDSA");

    /* loaded from: input_file:com/amazonaws/encryptionsdk/internal/TrailingSignatureAlgorithm$ECDSASignatureAlgorithm.class */
    private static final class ECDSASignatureAlgorithm extends TrailingSignatureAlgorithm {
        private final ECGenParameterSpec ecSpec;
        private final ECParameterSpec ecParameterSpec;
        private final String messageDigestAlgorithm;
        private final String hashAndSignAlgorithm;
        private static final String ELLIPTIC_CURVE_ALGORITHM = "EC";
        private static final BigInteger TWO = BigInteger.valueOf(2);
        private static final BigInteger THREE = BigInteger.valueOf(3);
        private static final BigInteger FOUR = BigInteger.valueOf(4);

        private ECDSASignatureAlgorithm(ECGenParameterSpec eCGenParameterSpec, String str, String str2) {
            super();
            if (!eCGenParameterSpec.getName().startsWith(TrailingSignatureAlgorithm.SEC_PRIME_FIELD_PREFIX)) {
                throw new IllegalStateException("Non-prime curves are not supported at this time");
            }
            this.ecSpec = eCGenParameterSpec;
            this.messageDigestAlgorithm = str;
            this.hashAndSignAlgorithm = str2;
            try {
                AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(ELLIPTIC_CURVE_ALGORITHM);
                algorithmParameters.init(eCGenParameterSpec);
                this.ecParameterSpec = (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class);
            } catch (NoSuchAlgorithmException | InvalidParameterSpecException e) {
                throw new IllegalStateException("Invalid algorithm", e);
            }
        }

        public String toString() {
            return "ECDSASignatureAlgorithm(curve=" + this.ecSpec.getName() + ")";
        }

        @Override // com.amazonaws.encryptionsdk.internal.TrailingSignatureAlgorithm
        public String getMessageDigestAlgorithm() {
            return this.messageDigestAlgorithm;
        }

        @Override // com.amazonaws.encryptionsdk.internal.TrailingSignatureAlgorithm
        public String getRawSignatureAlgorithm() {
            return "NONEwithECDSA";
        }

        @Override // com.amazonaws.encryptionsdk.internal.TrailingSignatureAlgorithm
        public String getHashAndSignAlgorithm() {
            return this.hashAndSignAlgorithm;
        }

        @Override // com.amazonaws.encryptionsdk.internal.TrailingSignatureAlgorithm
        public PublicKey deserializePublicKey(String str) {
            BigInteger bigInteger;
            Validate.notNull(str, "keyString is required", new Object[0]);
            byte[] decodeBase64String = Utils.decodeBase64String(str);
            BigInteger bigInteger2 = new BigInteger(1, Arrays.copyOfRange(decodeBase64String, 1, decodeBase64String.length));
            byte b = decodeBase64String[0];
            if (b == TWO.byteValue()) {
                bigInteger = BigInteger.ZERO;
            } else {
                if (b != THREE.byteValue()) {
                    throw new IllegalArgumentException("Compressed y value was invalid");
                }
                bigInteger = BigInteger.ONE;
            }
            BigInteger p = ((ECFieldFp) this.ecParameterSpec.getCurve().getField()).getP();
            BigInteger mod = bigInteger2.modPow(THREE, p).add(this.ecParameterSpec.getCurve().getA().multiply(bigInteger2).mod(p)).add(this.ecParameterSpec.getCurve().getB()).mod(p);
            if (!p.mod(FOUR).equals(THREE)) {
                throw new IllegalArgumentException("Curve not supported at this time");
            }
            BigInteger modPow = mod.modPow(p.add(BigInteger.ONE).divide(FOUR), p);
            BigInteger subtract = modPow.mod(TWO).equals(bigInteger) ? modPow : p.subtract(modPow);
            if (!mod.equals(subtract.modPow(TWO, p))) {
                throw new IllegalArgumentException("Y was invalid");
            }
            try {
                return KeyFactory.getInstance(ELLIPTIC_CURVE_ALGORITHM).generatePublic(new ECPublicKeySpec(new ECPoint(bigInteger2, subtract), this.ecParameterSpec));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                throw new IllegalStateException("Invalid algorithm", e);
            }
        }

        @Override // com.amazonaws.encryptionsdk.internal.TrailingSignatureAlgorithm
        public String serializePublicKey(PublicKey publicKey) {
            Validate.notNull(publicKey, "key is required", new Object[0]);
            Validate.isInstanceOf(ECPublicKey.class, publicKey, "key must be an instance of ECPublicKey", new Object[0]);
            BigInteger affineX = ((ECPublicKey) publicKey).getW().getAffineX();
            BigInteger bigInteger = ((ECPublicKey) publicKey).getW().getAffineY().mod(TWO).equals(BigInteger.ZERO) ? TWO : THREE;
            byte[] bigIntegerToByteArray = Utils.bigIntegerToByteArray(affineX, this.ecParameterSpec.getCurve().getField().getFieldSize() / 8);
            byte[] bArr = new byte[bigIntegerToByteArray.length + 1];
            System.arraycopy(bigIntegerToByteArray, 0, bArr, 1, bigIntegerToByteArray.length);
            bArr[0] = bigInteger.byteValue();
            return Utils.encodeBase64String(bArr);
        }

        @Override // com.amazonaws.encryptionsdk.internal.TrailingSignatureAlgorithm
        public KeyPair generateKey() throws GeneralSecurityException {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ELLIPTIC_CURVE_ALGORITHM);
            keyPairGenerator.initialize(this.ecSpec, Utils.getSecureRandom());
            return keyPairGenerator.generateKeyPair();
        }
    }

    private TrailingSignatureAlgorithm() {
    }

    public abstract String getMessageDigestAlgorithm();

    public abstract String getRawSignatureAlgorithm();

    public abstract String getHashAndSignAlgorithm();

    public abstract PublicKey deserializePublicKey(String str);

    public abstract String serializePublicKey(PublicKey publicKey);

    public abstract KeyPair generateKey() throws GeneralSecurityException;

    public static TrailingSignatureAlgorithm forCryptoAlgorithm(CryptoAlgorithm cryptoAlgorithm) {
        switch (cryptoAlgorithm) {
            case ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256:
                return SHA256_ECDSA_P256;
            case ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384:
            case ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384:
            case ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384:
                return SHA384_ECDSA_P384;
            default:
                throw new IllegalStateException("Algorithm does not support trailing signature");
        }
    }
}
