package ECDH;

import Random_Compile.ExternRandom;
import Signature.PublicKeyUtils;
import StandardLibraryInternal.InternalResult;
import Wrappers_Compile.Result;
import dafny.Array;
import dafny.DafnySequence;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.interfaces.ECPrivateKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.math.ec.ECCurve;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.bouncycastle.util.io.pem.PemWriter;
import software.amazon.cryptography.primitives.ToDafny;
import software.amazon.cryptography.primitives.internaldafny.types.ECCPrivateKey;
import software.amazon.cryptography.primitives.internaldafny.types.ECDHCurveSpec;
import software.amazon.cryptography.primitives.internaldafny.types.Error;
import software.amazon.cryptography.primitives.model.AwsCryptographicPrimitivesError;
import software.amazon.smithy.dafny.conversion.ToDafny;

/* loaded from: input_file:ECDH/ECCUtils.class */
public class ECCUtils extends _ExternBase___default {
    private static final Map<String, Integer> CURVE_TO_ECC_SECRET_LENGTH_MAP = (Map) Stream.of(new Object[]{"P256", 32}, new Object[]{"P384", 48}, new Object[]{"P521", 66}).collect(Collectors.toMap(objArr -> {
        return (String) objArr[0];
    }, objArr2 -> {
        return (Integer) objArr2[1];
    }));

    public static Result<DafnySequence<? extends Byte>, Error> GetPublicKey(ECDHCurveSpec eCDHCurveSpec, ECCPrivateKey eCCPrivateKey) {
        checkBCProvider();
        InternalResult<ECCAlgorithm, Error> eccAlgorithm = ECCAlgorithm.eccAlgorithm(eCDHCurveSpec);
        if (eccAlgorithm.isFailure()) {
            return CreateExternGetPublicKeyFromPrivateError(eccAlgorithm.error());
        }
        if (eccAlgorithm.value().curve.equals("SM2")) {
            return CreateExternGetPublicKeyFromPrivateError(ToDafny.Error(new RuntimeException("SM2 Not yet Supported.")));
        }
        try {
            ECPrivateKey eCPrivateKey = (ECPrivateKey) parsePrivateKeyEccPemBytesToPrivateKey(dafnyArrayUnWrapper(eCCPrivateKey._pem));
            ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(eccAlgorithm.value().curve);
            if (eCPrivateKey.getParams().getOrder().compareTo(parameterSpec.getG().getCurve().getOrder()) != 0) {
                return CreateExternGetPublicKeyFromPrivateError(ToDafny.Error(AwsCryptographicPrimitivesError.builder().message("Private Key NOT on configured curve spec.").build()));
            }
            return CreateExternGetPublicKeyFromPrivateSuccess(DafnySequence.fromBytes(new X509EncodedKeySpec(KeyFactory.getInstance("EC", "BC").generatePublic(new ECPublicKeySpec(parameterSpec.getG().multiply(eCPrivateKey.getS()), parameterSpec)).getEncoded()).getEncoded()));
        } catch (Exception e) {
            return CreateExternGetPublicKeyFromPrivateError(ToDafny.Error(AwsCryptographicPrimitivesError.builder().cause(e).message(e.getMessage()).build()));
        }
    }

    public static PrivateKey parsePrivateKeyEccPemBytesToPrivateKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
        return KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(parsePrivateKeyPemBytes(bArr)));
    }

    public static Result<Boolean, Error> ValidatePublicKey(ECDHCurveSpec eCDHCurveSpec, DafnySequence<? extends Byte> dafnySequence) {
        checkBCProvider();
        byte[] dafnyArrayUnWrapper = dafnyArrayUnWrapper(dafnySequence);
        InternalResult<ECCAlgorithm, Error> eccAlgorithm = ECCAlgorithm.eccAlgorithm(eCDHCurveSpec);
        if (eccAlgorithm.isFailure()) {
            return CreateExternValidatePublicKeyError(eccAlgorithm.error());
        }
        if (eccAlgorithm.value().curve.equals("SM2")) {
            return CreateExternValidatePublicKeyError(ToDafny.Error(new RuntimeException("SM2 Not yet Supported.")));
        }
        try {
            return CreateExternValidatePublicKeySuccess(NistPublicKeyValidationCriteria(dafnyArrayUnWrapper, eccAlgorithm.value()));
        } catch (Exception e) {
            return CreateExternValidatePublicKeyError(ToDafny.Error(AwsCryptographicPrimitivesError.builder().cause(e).message(e.getMessage()).build()));
        }
    }

    static boolean NistPublicKeyValidationCriteria(byte[] bArr, ECCAlgorithm eCCAlgorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException, IllegalArgumentException {
        ECPublicKey generatePublic = KeyFactory.getInstance("EC", "BC").generatePublic(new X509EncodedKeySpec(bArr));
        ECCurve curve = ECNamedCurveTable.getParameterSpec(eCCAlgorithm.curve).getCurve();
        ECPoint q = generatePublic.getQ();
        return ValidatePublicKeyIsNotInfinity(curve.validatePoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger())) && CoordinateBetween0AndP(q.getAffineXCoord().toBigInteger(), curve) && CoordinateBetween0AndP(q.getAffineYCoord().toBigInteger(), curve);
    }

    private static boolean ValidatePublicKeyIsNotInfinity(ECPoint eCPoint) {
        return !eCPoint.isInfinity();
    }

    private static boolean CoordinateBetween0AndP(BigInteger bigInteger, ECCurve eCCurve) {
        return bigInteger.compareTo(BigInteger.ZERO) > 0 && bigInteger.compareTo(eCCurve.getField().getCharacteristic()) < 0;
    }

    public static Result<DafnySequence<? extends Byte>, Error> CompressPublicKey(DafnySequence<? extends Byte> dafnySequence, ECDHCurveSpec eCDHCurveSpec) {
        try {
            checkBCProvider();
            return CreateExternCompressPublicKeySuccess(DafnySequence.fromBytes(KeyFactory.getInstance("EC", "BC").generatePublic(new X509EncodedKeySpec(dafnyArrayUnWrapper(dafnySequence))).getQ().getEncoded(true)));
        } catch (Exception e) {
            return CreateExternCompressPublicKeyError(ToDafny.Error(AwsCryptographicPrimitivesError.builder().message(e.getMessage()).build()));
        }
    }

    public static Result<DafnySequence<? extends Byte>, Error> DecompressPublicKey(DafnySequence<? extends Byte> dafnySequence, ECDHCurveSpec eCDHCurveSpec) {
        try {
            checkBCProvider();
            InternalResult<ECCAlgorithm, Error> eccAlgorithm = ECCAlgorithm.eccAlgorithm(eCDHCurveSpec);
            if (eccAlgorithm.isFailure()) {
                return CreateExternDecompressPublicKeyError(eccAlgorithm.error());
            }
            ECParameterSpec ecParameterSpec = ecParameterSpec(eccAlgorithm.value());
            return CreateExternDecompressPublicKeySuccess(DafnySequence.fromBytes(((java.security.interfaces.ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new java.security.spec.ECPublicKeySpec(PublicKeyUtils.byteArrayToECPoint(dafnyArrayUnWrapper(dafnySequence), ecParameterSpec), ecParameterSpec))).getEncoded()));
        } catch (Exception e) {
            return CreateExternDecompressPublicKeyError(ToDafny.Error(AwsCryptographicPrimitivesError.builder().message(e.getMessage()).build()));
        }
    }

    public static Result<DafnySequence<? extends Byte>, Error> ParsePublicKey(DafnySequence<? extends Byte> dafnySequence) {
        try {
            checkBCProvider();
            return CreateExternParsePublicKeySuccess(DafnySequence.fromBytes(KeyFactory.getInstance("EC", "BC").generatePublic(new X509EncodedKeySpec(SubjectPublicKeyInfo.getInstance(dafnyArrayUnWrapper(dafnySequence)).getEncoded())).getEncoded()));
        } catch (Exception e) {
            return CreateExternParsePublicKeyError(ToDafny.Error(AwsCryptographicPrimitivesError.builder().message(e.getMessage()).build()));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DafnySequence<Byte> encodePrivateKey(PrivateKey privateKey) throws IOException {
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(privateKey.getEncoded());
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        pemWriter.writeObject(new PemObject("PRIVATE KEY", pKCS8EncodedKeySpec.getEncoded()));
        pemWriter.close();
        ByteBuffer encode = StandardCharsets.UTF_8.encode(stringWriter.toString());
        return ToDafny.Simple.ByteSequence(encode, 0, encode.limit());
    }

    private static byte[] parsePrivateKeyPemBytes(byte[] bArr) throws IOException {
        return new PemReader(new InputStreamReader(new ByteArrayInputStream(bArr))).readPemObject().getContent();
    }

    public static byte[] dafnyArrayUnWrapper(DafnySequence<? extends Byte> dafnySequence) {
        return (byte[]) Array.unwrap(dafnySequence.toArray());
    }

    public static void checkBCProvider() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public static ECParameterSpec ecParameterSpec(ECCAlgorithm eCCAlgorithm) throws NoSuchAlgorithmException, InvalidParameterSpecException {
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(eCCAlgorithm.curve);
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
        algorithmParameters.init(eCGenParameterSpec);
        return (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class);
    }

    public static Result<DafnySequence<? extends Byte>, Error> GetInfinityPublicKey(ECDHCurveSpec eCDHCurveSpec) {
        InternalResult<ECCAlgorithm, Error> eccAlgorithm = ECCAlgorithm.eccAlgorithm(eCDHCurveSpec);
        if (eccAlgorithm.isFailure()) {
            return CreateGetInfinityPublicKeyError(software.amazon.cryptography.primitives.ToDafny.Error(AwsCryptographicPrimitivesError.builder().message(eccAlgorithm.error().dtor_message().toString()).build()));
        }
        try {
            SecureRandom secureRandom = ExternRandom.getSecureRandom();
            ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(eccAlgorithm.value().curve);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC");
            keyPairGenerator.initialize(eCGenParameterSpec, secureRandom);
            return CreateGetInfinityPublicKeySuccess(DafnySequence.fromBytes(new DERSequence(new ASN1Encodable[]{ASN1Sequence.getInstance(keyPairGenerator.generateKeyPair().getPublic().getEncoded()).getObjectAt(0), new DERBitString(new byte[1])}).getEncoded("DER")));
        } catch (Exception e) {
            return CreateGetInfinityPublicKeyError(software.amazon.cryptography.primitives.ToDafny.Error(AwsCryptographicPrimitivesError.builder().message(e.getMessage()).build()));
        }
    }

    public static Result<DafnySequence<? extends Byte>, Error> GetOutOfBoundsPublicKey(ECDHCurveSpec eCDHCurveSpec) {
        InternalResult<ECCAlgorithm, Error> eccAlgorithm = ECCAlgorithm.eccAlgorithm(eCDHCurveSpec);
        if (eccAlgorithm.isFailure()) {
            return CreateGetInfinityPublicKeyError(software.amazon.cryptography.primitives.ToDafny.Error(AwsCryptographicPrimitivesError.builder().message(eccAlgorithm.error().dtor_message().toString()).build()));
        }
        try {
            SecureRandom secureRandom = ExternRandom.getSecureRandom();
            ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(eccAlgorithm.value().curve);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC");
            keyPairGenerator.initialize(eCGenParameterSpec, secureRandom);
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(keyPairGenerator.generateKeyPair().getPublic().getEncoded());
            byte[] bArr = new byte[1 + (2 * CURVE_TO_ECC_SECRET_LENGTH_MAP.get(eccAlgorithm.value().name()).intValue())];
            Arrays.fill(bArr, (byte) -1);
            bArr[0] = 4;
            return CreateGetOutOfBoundsPublicKeySuccess(DafnySequence.fromBytes(new DERSequence(new ASN1Encodable[]{aSN1Sequence.getObjectAt(0), new DERBitString(bArr)}).getEncoded("DER")));
        } catch (Exception e) {
            return CreateGetOutOfBoundsPublicKeyError(software.amazon.cryptography.primitives.ToDafny.Error(AwsCryptographicPrimitivesError.builder().message(e.getMessage()).build()));
        }
    }
}
