package im.status.keycard.applet;

import java.math.BigInteger;
import java.util.Arrays;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.asn1.x9.X9IntegerConverter;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.math.ec.ECAlgorithms;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.FixedPointUtil;
import org.bouncycastle.math.ec.custom.sec.SecP256K1Curve;

/* loaded from: classes.dex */
public class RecoverableSignature {
    static final ECDomainParameters CURVE;
    private static final X9ECParameters CURVE_PARAMS;
    private boolean compressed;
    private byte[] publicKey;
    private byte[] r;
    private int recId;
    private byte[] s;

    static {
        X9ECParameters byName = CustomNamedCurves.getByName("secp256k1");
        CURVE_PARAMS = byName;
        FixedPointUtil.precompute(byName.getG());
        CURVE = new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN(), byName.getH());
    }

    public RecoverableSignature(byte[] bArr, boolean z, byte[] bArr2, byte[] bArr3, int i) {
        this.publicKey = bArr;
        this.r = bArr2;
        this.s = bArr3;
        this.compressed = z;
        this.recId = i;
    }

    public RecoverableSignature(byte[] bArr, byte[] bArr2) {
        TinyBERTLV tinyBERTLV = new TinyBERTLV(bArr2);
        int readTag = tinyBERTLV.readTag();
        tinyBERTLV.unreadLastTag();
        if (readTag == -128) {
            initFromRawSignature(bArr, tinyBERTLV.readPrimitive(readTag));
        } else {
            if (readTag != -96) {
                throw new IllegalArgumentException("invalid tlv");
            }
            initFromLegacy(bArr, tinyBERTLV);
        }
    }

    private static ECPoint decompressKey(BigInteger bigInteger, boolean z) {
        X9IntegerConverter x9IntegerConverter = new X9IntegerConverter();
        ECDomainParameters eCDomainParameters = CURVE;
        byte[] integerToBytes = x9IntegerConverter.integerToBytes(bigInteger, x9IntegerConverter.getByteLength(eCDomainParameters.getCurve()) + 1);
        integerToBytes[0] = (byte) (z ? 3 : 2);
        return eCDomainParameters.getCurve().decodePoint(integerToBytes);
    }

    private void initFromLegacy(byte[] bArr, TinyBERTLV tinyBERTLV) {
        tinyBERTLV.enterConstructed(-96);
        this.publicKey = tinyBERTLV.readPrimitive(-128);
        tinyBERTLV.enterConstructed(48);
        this.r = toUInt(tinyBERTLV.readPrimitive(2));
        this.s = toUInt(tinyBERTLV.readPrimitive(2));
        this.compressed = false;
        calculateRecID(bArr);
    }

    private void initFromRawSignature(byte[] bArr, byte[] bArr2) {
        this.r = Arrays.copyOfRange(bArr2, 0, 32);
        byte[] copyOfRange = Arrays.copyOfRange(bArr2, 32, 64);
        this.s = copyOfRange;
        byte b = bArr2[64];
        this.recId = b;
        this.compressed = false;
        this.publicKey = recoverFromSignature((int) b, bArr, this.r, copyOfRange, false);
    }

    static byte[] recoverFromSignature(int i, BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3, boolean z) {
        ECDomainParameters eCDomainParameters = CURVE;
        BigInteger n = eCDomainParameters.getN();
        BigInteger add = bigInteger2.add(BigInteger.valueOf(i / 2).multiply(n));
        if (add.compareTo(SecP256K1Curve.q) >= 0) {
            return null;
        }
        ECPoint decompressKey = decompressKey(add, (i & 1) == 1);
        if (!decompressKey.multiply(n).isInfinity()) {
            return null;
        }
        BigInteger mod = BigInteger.ZERO.subtract(bigInteger).mod(n);
        BigInteger modInverse = bigInteger2.modInverse(n);
        return ECAlgorithms.sumOfTwoMultiplies(eCDomainParameters.getG(), modInverse.multiply(mod).mod(n), decompressKey, modInverse.multiply(bigInteger3).mod(n)).getEncoded(z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] recoverFromSignature(int i, byte[] bArr, byte[] bArr2, byte[] bArr3, boolean z) {
        return recoverFromSignature(i, new BigInteger(1, bArr), new BigInteger(1, bArr2), new BigInteger(1, bArr3), z);
    }

    static byte[] toUInt(byte[] bArr) {
        return bArr[0] == 0 ? Arrays.copyOfRange(bArr, 1, bArr.length) : bArr;
    }

    void calculateRecID(byte[] bArr) {
        this.recId = -1;
        int i = 0;
        while (true) {
            if (i >= 4) {
                break;
            }
            if (Arrays.equals(recoverFromSignature(i, bArr, this.r, this.s, this.compressed), this.publicKey)) {
                this.recId = i;
                break;
            }
            i++;
        }
        if (this.recId == -1) {
            throw new IllegalArgumentException("Unrecoverable signature, cannot find recId");
        }
    }

    public byte[] getPublicKey() {
        return this.publicKey;
    }

    public byte[] getR() {
        return this.r;
    }

    public int getRecId() {
        return this.recId;
    }

    public byte[] getS() {
        return this.s;
    }
}
