package io.getlime.security.powerauth.crypto.lib.util;

import io.getlime.security.powerauth.crypto.lib.config.DecimalSignatureConfiguration;
import io.getlime.security.powerauth.crypto.lib.config.PowerAuthConfiguration;
import io.getlime.security.powerauth.crypto.lib.config.SignatureConfiguration;
import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException;
import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import javax.crypto.SecretKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/getlime/security/powerauth/crypto/lib/util/SignatureUtils.class */
public class SignatureUtils {
    private static final Logger logger = LoggerFactory.getLogger(SignatureUtils.class);

    public byte[] computeECDSASignature(byte[] bArr, PrivateKey privateKey) throws InvalidKeyException, GenericCryptoException, CryptoProviderException {
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA", PowerAuthConfiguration.CRYPTO_PROVIDER_NAME);
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            logger.warn("Calculating signature failed due to cryptographic provider issue: {}", e.getMessage());
            logger.debug("Exception detail: ", e);
            throw new CryptoProviderException(e.getMessage(), e);
        } catch (SignatureException e2) {
            logger.warn("Calculating signature failed due to configuration issue: {}", e2.getMessage());
            logger.debug("Exception detail: ", e2);
            throw new GenericCryptoException(e2.getMessage(), e2);
        }
    }

    public byte[] computeECDSASignature(byte[] bArr, PrivateKey privateKey, SecureRandom secureRandom) throws InvalidKeyException, GenericCryptoException, CryptoProviderException {
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA", PowerAuthConfiguration.CRYPTO_PROVIDER_NAME);
            signature.initSign(privateKey, secureRandom);
            signature.update(bArr);
            return signature.sign();
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            logger.warn("Calculating signature failed due to cryptographic provider issue: {}", e.getMessage());
            logger.debug("Exception detail: ", e);
            throw new CryptoProviderException(e.getMessage(), e);
        } catch (SignatureException e2) {
            logger.warn("Calculating signature failed due to configuration issue: {}", e2.getMessage());
            logger.debug("Exception detail: ", e2);
            throw new GenericCryptoException(e2.getMessage(), e2);
        }
    }

    public boolean validateECDSASignature(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws InvalidKeyException, GenericCryptoException, CryptoProviderException {
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA", PowerAuthConfiguration.CRYPTO_PROVIDER_NAME);
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            logger.warn("Verifying signature failed due to cryptographic provider issue: {}", e.getMessage());
            logger.debug("Exception detail: ", e);
            throw new CryptoProviderException(e.getMessage(), e);
        } catch (SignatureException e2) {
            logger.warn("Verifying signature failed due to configuration issue: {}", e2.getMessage());
            logger.debug("Exception detail: ", e2);
            throw new GenericCryptoException(e2.getMessage(), e2);
        }
    }

    private String computePowerAuthDecimalSignature(byte[] bArr, List<SecretKey> list, byte[] bArr2, Integer num) throws GenericCryptoException, CryptoProviderException {
        int i;
        if (num == null) {
            i = 8;
        } else {
            if (num.intValue() < 4) {
                throw new CryptoProviderException("Length must be at least 4, provided: " + num);
            }
            if (num.intValue() > 8) {
                throw new CryptoProviderException("Length must be less or equal to 8, provided: " + num);
            }
            i = num.intValue();
        }
        String[] strArr = new String[list.size()];
        List<byte[]> computePowerAuthSignatureComponents = computePowerAuthSignatureComponents(bArr, list, bArr2);
        for (int i2 = 0; i2 < computePowerAuthSignatureComponents.size(); i2++) {
            byte[] bArr3 = computePowerAuthSignatureComponents.get(i2);
            strArr[i2] = String.format("%0" + i + "d", Integer.valueOf((ByteBuffer.wrap(bArr3).getInt(bArr3.length - 4) & Integer.MAX_VALUE) % ((int) Math.pow(10.0d, i))));
        }
        return String.join("-", strArr);
    }

    private String computePowerAuthBase64Signature(byte[] bArr, List<SecretKey> list, byte[] bArr2) throws GenericCryptoException, CryptoProviderException {
        byte[] bArr3 = new byte[list.size() * 16];
        List<byte[]> computePowerAuthSignatureComponents = computePowerAuthSignatureComponents(bArr, list, bArr2);
        for (int i = 0; i < computePowerAuthSignatureComponents.size(); i++) {
            byte[] bArr4 = computePowerAuthSignatureComponents.get(i);
            System.arraycopy(bArr4, bArr4.length - 16, bArr3, i * 16, 16);
        }
        return Base64.getEncoder().encodeToString(bArr3);
    }

    private List<byte[]> computePowerAuthSignatureComponents(byte[] bArr, List<SecretKey> list, byte[] bArr2) throws GenericCryptoException, CryptoProviderException {
        HMACHashUtilities hMACHashUtilities = new HMACHashUtilities();
        ArrayList arrayList = new ArrayList();
        KeyConvertor keyConvertor = new KeyConvertor();
        for (int i = 0; i < list.size(); i++) {
            byte[] hash = hMACHashUtilities.hash(keyConvertor.convertSharedSecretKeyToBytes(list.get(i)), bArr2);
            for (int i2 = 0; i2 < i; i2++) {
                hash = hMACHashUtilities.hash(hMACHashUtilities.hash(keyConvertor.convertSharedSecretKeyToBytes(list.get(i2 + 1)), bArr2), hash);
            }
            byte[] hash2 = hMACHashUtilities.hash(hash, bArr);
            if (hash2.length < 16) {
                throw new IndexOutOfBoundsException();
            }
            arrayList.add(hash2);
        }
        return arrayList;
    }

    public String computePowerAuthSignature(byte[] bArr, List<SecretKey> list, byte[] bArr2, SignatureConfiguration signatureConfiguration) throws GenericCryptoException, CryptoProviderException {
        if (list == null) {
            throw new GenericCryptoException("Missing signatureKeys parameter");
        }
        if (bArr2 == null) {
            throw new GenericCryptoException("Missing ctrData parameter");
        }
        if (list.isEmpty() || list.size() > 3) {
            throw new GenericCryptoException("Wrong number of signature keys");
        }
        if (bArr2.length != 16) {
            throw new GenericCryptoException("Invalid length of signature counter");
        }
        switch (signatureConfiguration.getSignatureFormat()) {
            case BASE64:
                return computePowerAuthBase64Signature(bArr, list, bArr2);
            case DECIMAL:
                return computePowerAuthDecimalSignature(bArr, list, bArr2, ((DecimalSignatureConfiguration) signatureConfiguration).getLength());
            default:
                throw new GenericCryptoException("Unsupported format of PowerAuth signature.");
        }
    }

    public boolean validatePowerAuthSignature(byte[] bArr, String str, List<SecretKey> list, byte[] bArr2, SignatureConfiguration signatureConfiguration) throws GenericCryptoException, CryptoProviderException {
        return str.equals(computePowerAuthSignature(bArr, list, bArr2, signatureConfiguration));
    }
}
