package net.i2p.crypto;

import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.DSAKey;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import net.i2p.I2PAppContext;
import net.i2p.crypto.eddsa.EdDSAEngine;
import net.i2p.crypto.eddsa.EdDSAKey;
import net.i2p.data.Hash;
import net.i2p.data.Signature;
import net.i2p.data.SigningPrivateKey;
import net.i2p.data.SigningPublicKey;
import net.i2p.data.SimpleDataStructure;
import net.i2p.util.Log;
import net.i2p.util.NativeBigInteger;

/* loaded from: input_file:net/i2p/crypto/DSAEngine.class */
public final class DSAEngine {
    private final Log _log;
    private final I2PAppContext _context;
    private static final boolean _useJavaLibs = false;

    public DSAEngine(I2PAppContext i2PAppContext) {
        this._log = i2PAppContext.logManager().getLog(DSAEngine.class);
        this._context = i2PAppContext;
    }

    public static DSAEngine getInstance() {
        return I2PAppContext.getGlobalContext().dsa();
    }

    public boolean verifySignature(Signature signature, byte[] bArr, SigningPublicKey signingPublicKey) {
        return verifySignature(signature, bArr, 0, bArr.length, signingPublicKey);
    }

    public boolean verifySignature(Signature signature, byte[] bArr, int i, int i2, SigningPublicKey signingPublicKey) {
        SigType type = signature.getType();
        if (type != signingPublicKey.getType()) {
            throw new IllegalArgumentException("type mismatch sig=" + signature.getType() + " key=" + signingPublicKey.getType());
        }
        if (type == SigType.DSA_SHA1) {
            boolean verifySignature = verifySignature(signature, calculateHash(bArr, i, i2), signingPublicKey);
            if (!verifySignature && this._log.shouldLog(30)) {
                this._log.warn("TheCrypto DSA Sig Verify Fail");
            }
            return verifySignature;
        }
        try {
            boolean altVerifySig = altVerifySig(signature, bArr, i, i2, signingPublicKey);
            if (!altVerifySig && this._log.shouldLog(30)) {
                this._log.warn(type + " Sig Verify Fail");
            }
            return altVerifySig;
        } catch (GeneralSecurityException e) {
            if (!this._log.shouldLog(30)) {
                return false;
            }
            this._log.warn(type + " Sig Verify Fail", e);
            return false;
        }
    }

    public boolean verifySignature(Signature signature, InputStream inputStream, SigningPublicKey signingPublicKey) {
        return verifySignature(signature, calculateHash(inputStream), signingPublicKey);
    }

    public boolean verifySignature(Signature signature, SHA1Hash sHA1Hash, SigningPublicKey signingPublicKey) {
        return verifySig(signature, sHA1Hash, signingPublicKey);
    }

    public boolean verifySignature(Signature signature, Hash hash, SigningPublicKey signingPublicKey) {
        return verifySig(signature, hash, signingPublicKey);
    }

    public boolean verifySignature(Signature signature, SimpleDataStructure simpleDataStructure, SigningPublicKey signingPublicKey) {
        SigType type = signature.getType();
        if (type != signingPublicKey.getType()) {
            throw new IllegalArgumentException("type mismatch sig=" + type + " key=" + signingPublicKey.getType());
        }
        if (simpleDataStructure.length() != type.getHashLen()) {
            throw new IllegalArgumentException("type mismatch hash=" + simpleDataStructure.getClass() + " sig=" + type);
        }
        if (type == SigType.DSA_SHA1) {
            return verifySig(signature, simpleDataStructure, signingPublicKey);
        }
        try {
            return altVerifySigRaw(signature, simpleDataStructure, signingPublicKey);
        } catch (GeneralSecurityException e) {
            if (!this._log.shouldLog(30)) {
                return false;
            }
            this._log.warn(type + " Sig Verify Fail", e);
            return false;
        }
    }

    public boolean verifySignature(Signature signature, SimpleDataStructure simpleDataStructure, PublicKey publicKey) {
        try {
            return altVerifySigRaw(signature, simpleDataStructure, publicKey);
        } catch (GeneralSecurityException e) {
            if (!this._log.shouldLog(30)) {
                return false;
            }
            this._log.warn(signature.getType() + " Sig Verify Fail", e);
            return false;
        }
    }

    private boolean verifySig(Signature signature, SimpleDataStructure simpleDataStructure, SigningPublicKey signingPublicKey) {
        if (signature.getType() != SigType.DSA_SHA1) {
            throw new IllegalArgumentException("Bad sig type " + signature.getType());
        }
        if (signingPublicKey.getType() != SigType.DSA_SHA1) {
            throw new IllegalArgumentException("Bad key type " + signingPublicKey.getType());
        }
        long now = this._context.clock().now();
        try {
            byte[] data = signature.getData();
            byte[] bArr = new byte[20];
            byte[] bArr2 = new byte[20];
            for (int i = 0; i < 40; i++) {
                if (i < 20) {
                    bArr[i] = data[i];
                } else {
                    bArr2[i - 20] = data[i];
                }
            }
            NativeBigInteger nativeBigInteger = new NativeBigInteger(1, bArr2);
            NativeBigInteger nativeBigInteger2 = new NativeBigInteger(1, bArr);
            NativeBigInteger nativeBigInteger3 = new NativeBigInteger(1, signingPublicKey.getData());
            try {
                BigInteger modInverse = nativeBigInteger.modInverse(CryptoConstants.dsaq);
                boolean z = CryptoConstants.dsag.modPow(new NativeBigInteger(1, simpleDataStructure.getData()).multiply(modInverse).mod(CryptoConstants.dsaq), CryptoConstants.dsap).multiply(nativeBigInteger3.modPow(nativeBigInteger2.multiply(modInverse).mod(CryptoConstants.dsaq), CryptoConstants.dsap)).mod(CryptoConstants.dsap).mod(CryptoConstants.dsaq).compareTo((BigInteger) nativeBigInteger2) == 0;
                long now2 = this._context.clock().now() - now;
                if (now2 > 1000 && this._log.shouldLog(30)) {
                    this._log.warn("Took too long to verify the signature (" + now2 + "ms)");
                }
                return z;
            } catch (ArithmeticException e) {
                this._log.warn("modInverse() error", e);
                return false;
            }
        } catch (RuntimeException e2) {
            this._log.log(50, "Error verifying the signature", e2);
            return false;
        }
    }

    public Signature sign(byte[] bArr, SigningPrivateKey signingPrivateKey) {
        return sign(bArr, 0, bArr.length, signingPrivateKey);
    }

    public Signature sign(byte[] bArr, int i, int i2, SigningPrivateKey signingPrivateKey) {
        if (signingPrivateKey == null || bArr == null || bArr.length <= 0) {
            return null;
        }
        SigType type = signingPrivateKey.getType();
        if (type == SigType.DSA_SHA1) {
            return sign(calculateHash(bArr, i, i2), signingPrivateKey);
        }
        try {
            return altSign(bArr, i, i2, signingPrivateKey);
        } catch (GeneralSecurityException e) {
            if (!this._log.shouldLog(40)) {
                return null;
            }
            this._log.error(type + " Sign Fail", e);
            return null;
        }
    }

    public Signature sign(InputStream inputStream, SigningPrivateKey signingPrivateKey) {
        if (signingPrivateKey == null || inputStream == null) {
            return null;
        }
        return sign(calculateHash(inputStream), signingPrivateKey);
    }

    public Signature sign(SHA1Hash sHA1Hash, SigningPrivateKey signingPrivateKey) {
        return signIt(sHA1Hash, signingPrivateKey);
    }

    public Signature sign(Hash hash, SigningPrivateKey signingPrivateKey) {
        return signIt(hash, signingPrivateKey);
    }

    public Signature sign(SimpleDataStructure simpleDataStructure, SigningPrivateKey signingPrivateKey) {
        SigType type = signingPrivateKey.getType();
        if (simpleDataStructure.length() != type.getHashLen()) {
            throw new IllegalArgumentException("type mismatch hash=" + simpleDataStructure.getClass() + " key=" + type);
        }
        if (type == SigType.DSA_SHA1) {
            return signIt(simpleDataStructure, signingPrivateKey);
        }
        try {
            return altSignRaw(simpleDataStructure, signingPrivateKey);
        } catch (GeneralSecurityException e) {
            if (!this._log.shouldLog(30)) {
                return null;
            }
            this._log.warn(type + " Sign Fail", e);
            return null;
        }
    }

    public Signature sign(SimpleDataStructure simpleDataStructure, PrivateKey privateKey, SigType sigType) {
        String rawAlgo = getRawAlgo(privateKey);
        if (!rawAlgo.equals(getRawAlgo(sigType))) {
            throw new IllegalArgumentException("type mismatch type=" + sigType + " key=" + privateKey.getClass().getSimpleName());
        }
        try {
            return altSignRaw(rawAlgo, simpleDataStructure, privateKey, sigType);
        } catch (GeneralSecurityException e) {
            if (!this._log.shouldLog(30)) {
                return null;
            }
            this._log.warn(sigType + " Sign Fail", e);
            return null;
        }
    }

    private Signature signIt(SimpleDataStructure simpleDataStructure, SigningPrivateKey signingPrivateKey) {
        NativeBigInteger nativeBigInteger;
        if (signingPrivateKey == null || simpleDataStructure == null) {
            return null;
        }
        if (signingPrivateKey.getType() != SigType.DSA_SHA1) {
            throw new IllegalArgumentException("Bad key type " + signingPrivateKey.getType());
        }
        long now = this._context.clock().now();
        do {
            nativeBigInteger = new NativeBigInteger(160, this._context.random());
        } while (!((nativeBigInteger.compareTo((BigInteger) CryptoConstants.dsaq) != 1) && !nativeBigInteger.equals(BigInteger.ZERO)));
        BigInteger mod = CryptoConstants.dsag.modPowCT(nativeBigInteger, CryptoConstants.dsap).mod(CryptoConstants.dsaq);
        BigInteger mod2 = nativeBigInteger.modInverse(CryptoConstants.dsaq).multiply(new NativeBigInteger(1, simpleDataStructure.getData()).add(new NativeBigInteger(1, signingPrivateKey.getData()).multiply(mod))).mod(CryptoConstants.dsaq);
        byte[] byteArray = mod.toByteArray();
        byte[] byteArray2 = mod2.toByteArray();
        byte[] bArr = new byte[40];
        this._context.random().harvester().feedEntropy("DSA.sign", byteArray, 0, byteArray.length);
        if (byteArray.length == 20) {
            for (int i = 0; i < 20; i++) {
                bArr[i] = byteArray[i];
            }
        } else if (byteArray.length == 21) {
            for (int i2 = 0; i2 < 20; i2++) {
                bArr[i2] = byteArray[i2 + 1];
            }
        } else {
            if (byteArray.length > 21) {
                this._log.error("Bad R length " + byteArray.length);
                return null;
            }
            for (int i3 = 0; i3 < byteArray.length; i3++) {
                bArr[(i3 + 20) - byteArray.length] = byteArray[i3];
            }
        }
        if (byteArray2.length == 20) {
            for (int i4 = 0; i4 < 20; i4++) {
                bArr[i4 + 20] = byteArray2[i4];
            }
        } else if (byteArray2.length == 21) {
            for (int i5 = 0; i5 < 20; i5++) {
                bArr[i5 + 20] = byteArray2[i5 + 1];
            }
        } else {
            if (byteArray2.length > 21) {
                this._log.error("Bad S length " + byteArray2.length);
                return null;
            }
            for (int i6 = 0; i6 < byteArray2.length; i6++) {
                bArr[((i6 + 20) + 20) - byteArray2.length] = byteArray2[i6];
            }
        }
        long now2 = this._context.clock().now() - now;
        if (now2 > 1000 && this._log.shouldLog(30)) {
            this._log.warn("Took too long to sign (" + now2 + "ms)");
        }
        return new Signature(bArr);
    }

    public SHA1Hash calculateHash(InputStream inputStream) {
        MessageDigest sha1 = SHA1.getInstance();
        byte[] bArr = new byte[64];
        while (true) {
            try {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    return new SHA1Hash(sha1.digest());
                }
                sha1.update(bArr, 0, read);
            } catch (IOException e) {
                if (!this._log.shouldLog(30)) {
                    return null;
                }
                this._log.warn("Unable to hash the stream", e);
                return null;
            }
        }
    }

    public static SHA1Hash calculateHash(byte[] bArr, int i, int i2) {
        MessageDigest sha1 = SHA1.getInstance();
        sha1.update(bArr, i, i2);
        return new SHA1Hash(sha1.digest());
    }

    private boolean altVerifySig(Signature signature, byte[] bArr, int i, int i2, SigningPublicKey signingPublicKey) throws GeneralSecurityException {
        boolean verify;
        SigType type = signature.getType();
        if (type != signingPublicKey.getType()) {
            throw new IllegalArgumentException("type mismatch sig=" + type + " key=" + signingPublicKey.getType());
        }
        if (type == SigType.DSA_SHA1) {
            return altVerifySigSHA1(signature, bArr, i, i2, signingPublicKey);
        }
        PublicKey javaKey = SigUtil.toJavaKey(signingPublicKey);
        byte[] javaSig = SigUtil.toJavaSig(signature);
        if (type.getBaseAlgorithm() == SigAlgo.EdDSA) {
            EdDSAEngine edDSAEngine = new EdDSAEngine(type.getDigestInstance());
            edDSAEngine.initVerify(javaKey);
            verify = edDSAEngine.verifyOneShot(bArr, i, i2, javaSig);
        } else {
            java.security.Signature signature2 = java.security.Signature.getInstance(type.getAlgorithmName());
            signature2.initVerify(javaKey);
            signature2.update(bArr, i, i2);
            verify = signature2.verify(javaSig);
        }
        return verify;
    }

    private boolean altVerifySigRaw(Signature signature, SimpleDataStructure simpleDataStructure, SigningPublicKey signingPublicKey) throws GeneralSecurityException {
        SigType type = signature.getType();
        if (type != signingPublicKey.getType()) {
            throw new IllegalArgumentException("type mismatch sig=" + type + " key=" + signingPublicKey.getType());
        }
        return verifySignature(signature, simpleDataStructure, SigUtil.toJavaKey(signingPublicKey));
    }

    private boolean altVerifySigRaw(Signature signature, SimpleDataStructure simpleDataStructure, PublicKey publicKey) throws GeneralSecurityException {
        boolean verify;
        SigType type = signature.getType();
        if (type.getHashLen() != simpleDataStructure.length()) {
            throw new IllegalArgumentException("type mismatch hash=" + simpleDataStructure.getClass() + " key=" + type);
        }
        byte[] javaSig = SigUtil.toJavaSig(signature);
        if (type.getBaseAlgorithm() == SigAlgo.EdDSA) {
            EdDSAEngine edDSAEngine = new EdDSAEngine();
            edDSAEngine.initVerify(publicKey);
            verify = edDSAEngine.verifyOneShot(simpleDataStructure.getData(), javaSig);
        } else {
            java.security.Signature signature2 = java.security.Signature.getInstance(getRawAlgo(type));
            signature2.initVerify(publicKey);
            signature2.update(simpleDataStructure.getData());
            verify = signature2.verify(javaSig);
        }
        return verify;
    }

    private boolean altVerifySigSHA1(Signature signature, byte[] bArr, int i, int i2, SigningPublicKey signingPublicKey) throws GeneralSecurityException {
        java.security.Signature signature2 = java.security.Signature.getInstance("SHA1withDSA");
        signature2.initVerify(SigUtil.toJavaDSAKey(signingPublicKey));
        signature2.update(bArr, i, i2);
        return signature2.verify(SigUtil.toJavaSig(signature));
    }

    private Signature altSign(byte[] bArr, int i, int i2, SigningPrivateKey signingPrivateKey) throws GeneralSecurityException {
        byte[] sign;
        SigType type = signingPrivateKey.getType();
        if (type == SigType.DSA_SHA1) {
            return altSignSHA1(bArr, i, i2, signingPrivateKey);
        }
        PrivateKey javaKey = SigUtil.toJavaKey(signingPrivateKey);
        if (type.getBaseAlgorithm() == SigAlgo.EdDSA) {
            EdDSAEngine edDSAEngine = new EdDSAEngine(type.getDigestInstance());
            edDSAEngine.initSign(javaKey);
            sign = edDSAEngine.signOneShot(bArr, i, i2);
        } else {
            java.security.Signature signature = java.security.Signature.getInstance(type.getAlgorithmName());
            signature.initSign(javaKey, this._context.random());
            signature.update(bArr, i, i2);
            sign = signature.sign();
        }
        return SigUtil.fromJavaSig(sign, type);
    }

    private Signature altSignRaw(SimpleDataStructure simpleDataStructure, SigningPrivateKey signingPrivateKey) throws GeneralSecurityException {
        SigType type = signingPrivateKey.getType();
        return altSignRaw(getRawAlgo(type), simpleDataStructure, SigUtil.toJavaKey(signingPrivateKey), type);
    }

    private Signature altSignRaw(String str, SimpleDataStructure simpleDataStructure, PrivateKey privateKey, SigType sigType) throws GeneralSecurityException {
        byte[] sign;
        if (sigType.getHashLen() != simpleDataStructure.length()) {
            throw new IllegalArgumentException("type mismatch hash=" + simpleDataStructure.getClass() + " key=" + sigType);
        }
        if (sigType.getBaseAlgorithm() == SigAlgo.EdDSA) {
            EdDSAEngine edDSAEngine = new EdDSAEngine();
            edDSAEngine.initSign(privateKey);
            sign = edDSAEngine.signOneShot(simpleDataStructure.getData());
        } else {
            java.security.Signature signature = java.security.Signature.getInstance(str);
            signature.initSign(privateKey, this._context.random());
            signature.update(simpleDataStructure.getData());
            sign = signature.sign();
        }
        return SigUtil.fromJavaSig(sign, sigType);
    }

    private Signature altSignSHA1(byte[] bArr, int i, int i2, SigningPrivateKey signingPrivateKey) throws GeneralSecurityException {
        java.security.Signature signature = java.security.Signature.getInstance("SHA1withDSA");
        signature.initSign(SigUtil.toJavaDSAKey(signingPrivateKey), this._context.random());
        signature.update(bArr, i, i2);
        return SigUtil.fromJavaSig(signature.sign(), SigType.DSA_SHA1);
    }

    private static String getRawAlgo(SigType sigType) {
        switch (sigType.getBaseAlgorithm()) {
            case DSA:
                return "NONEwithDSA";
            case EC:
                return "NONEwithECDSA";
            case EdDSA:
                return "NONEwithEdDSA";
            case RSA:
                return "NONEwithRSA";
            default:
                throw new UnsupportedOperationException("Raw signatures unsupported for " + sigType);
        }
    }

    private static String getRawAlgo(Key key) {
        if (key instanceof DSAKey) {
            return "NONEwithDSA";
        }
        if (key instanceof ECKey) {
            return "NONEwithECDSA";
        }
        if (key instanceof EdDSAKey) {
            return "NONEwithEdDSA";
        }
        if (key instanceof RSAKey) {
            return "NONEwithRSA";
        }
        throw new UnsupportedOperationException("Raw signatures unsupported for " + key.getClass().getName());
    }
}
