package io.nats.nkey;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.Arrays;
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.signers.Ed25519Signer;

/* loaded from: input_file:io/nats/nkey/NKey.class */
public class NKey {
    private final char[] privateKeyAsSeed;
    private final char[] publicKey;
    private final NKeyType type;

    private static boolean notValidPublicPrefixByte(int i) {
        switch (i) {
            case NKeyConstants.PREFIX_BYTE_ACCOUNT /* 0 */:
            case NKeyConstants.PREFIX_BYTE_CLUSTER /* 16 */:
            case NKeyConstants.PREFIX_BYTE_SERVER /* 104 */:
            case NKeyConstants.PREFIX_BYTE_OPERATOR /* 112 */:
            case NKeyConstants.PREFIX_BYTE_USER /* 160 */:
                return false;
            default:
                return true;
        }
    }

    static char[] removePaddingAndClear(char[] cArr) {
        int length = cArr.length - 1;
        while (length >= 0 && cArr[length] == '=') {
            length--;
        }
        char[] cArr2 = new char[length + 1];
        System.arraycopy(cArr, 0, cArr2, 0, cArr2.length);
        Arrays.fill(cArr, (char) 0);
        return cArr2;
    }

    static char[] encode(NKeyType nKeyType, byte[] bArr) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(nKeyType.prefix);
        byteArrayOutputStream.write(bArr);
        byteArrayOutputStream.write(ByteBuffer.allocate(2).order(ByteOrder.LITTLE_ENDIAN).putShort((short) NKeyUtils.crc16(byteArrayOutputStream.toByteArray())).array());
        return removePaddingAndClear(NKeyUtils.base32Encode(byteArrayOutputStream.toByteArray()));
    }

    static char[] encodeSeed(NKeyType nKeyType, byte[] bArr) throws IOException {
        if (bArr.length != 64 && bArr.length != 32) {
            throw new IllegalArgumentException("Source is not the correct size for an ED25519 seed");
        }
        int i = 144 | (nKeyType.prefix >> 5);
        int i2 = (nKeyType.prefix & 31) << 3;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(i);
        byteArrayOutputStream.write(i2);
        byteArrayOutputStream.write(bArr);
        byteArrayOutputStream.write(ByteBuffer.allocate(2).order(ByteOrder.LITTLE_ENDIAN).putShort((short) NKeyUtils.crc16(byteArrayOutputStream.toByteArray())).array());
        return removePaddingAndClear(NKeyUtils.base32Encode(byteArrayOutputStream.toByteArray()));
    }

    static byte[] decode(char[] cArr) {
        byte[] base32Decode = NKeyUtils.base32Decode(cArr);
        if (base32Decode.length < 4) {
            throw new IllegalArgumentException("Invalid encoding for source string");
        }
        byte[] copyOfRange = Arrays.copyOfRange(base32Decode, base32Decode.length - 2, base32Decode.length);
        byte[] copyOfRange2 = Arrays.copyOfRange(base32Decode, 0, base32Decode.length - 2);
        if (NKeyUtils.crc16(copyOfRange2) != (ByteBuffer.wrap(copyOfRange).order(ByteOrder.LITTLE_ENDIAN).getShort() & 65535)) {
            throw new IllegalArgumentException("CRC is invalid");
        }
        return copyOfRange2;
    }

    static byte[] decode(NKeyType nKeyType, char[] cArr) {
        byte[] decode = decode(cArr);
        byte[] copyOfRange = Arrays.copyOfRange(decode, 1, decode.length);
        if (NKeyType.fromPrefix(decode[0] & 255) != nKeyType) {
            return null;
        }
        return copyOfRange;
    }

    static NKeyDecodedSeed decodeSeed(char[] cArr) {
        byte[] decode = decode(cArr);
        int i = decode[0] & 248;
        int i2 = ((decode[0] & 7) << 5) | ((decode[1] & 248) >> 3);
        if (i != 144) {
            throw new IllegalArgumentException("Invalid encoding");
        }
        if (notValidPublicPrefixByte(i2)) {
            throw new IllegalArgumentException("Invalid encoded prefix byte");
        }
        return new NKeyDecodedSeed(i2, Arrays.copyOfRange(decode, 2, decode.length));
    }

    private static NKey createPair(NKeyType nKeyType, SecureRandom secureRandom) throws IOException, NoSuchProviderException, NoSuchAlgorithmException {
        byte[] bArr = new byte[32];
        if (secureRandom == null) {
            NKeyUtils.SRAND.nextBytes(bArr);
        } else {
            secureRandom.nextBytes(bArr);
        }
        return createPair(nKeyType, bArr);
    }

    private static NKey createPair(NKeyType nKeyType, byte[] bArr) throws IOException {
        byte[] encoded = new Ed25519PrivateKeyParameters(bArr).generatePublicKey().getEncoded();
        byte[] bArr2 = new byte[encoded.length + bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(encoded, 0, bArr2, bArr.length, encoded.length);
        return new NKey(nKeyType, null, encodeSeed(nKeyType, bArr2));
    }

    public static NKey createAccount(SecureRandom secureRandom) throws IOException, NoSuchProviderException, NoSuchAlgorithmException {
        return createPair(NKeyType.ACCOUNT, secureRandom);
    }

    public static NKey createCluster(SecureRandom secureRandom) throws IOException, NoSuchProviderException, NoSuchAlgorithmException {
        return createPair(NKeyType.CLUSTER, secureRandom);
    }

    public static NKey createOperator(SecureRandom secureRandom) throws IOException, NoSuchProviderException, NoSuchAlgorithmException {
        return createPair(NKeyType.OPERATOR, secureRandom);
    }

    public static NKey createServer(SecureRandom secureRandom) throws IOException, NoSuchProviderException, NoSuchAlgorithmException {
        return createPair(NKeyType.SERVER, secureRandom);
    }

    public static NKey createUser(SecureRandom secureRandom) throws IOException, NoSuchProviderException, NoSuchAlgorithmException {
        return createPair(NKeyType.USER, secureRandom);
    }

    public static NKey fromPublicKey(char[] cArr) {
        int i = decode(cArr)[0] & 255;
        if (notValidPublicPrefixByte(i)) {
            throw new IllegalArgumentException("Not a valid public NKey");
        }
        return new NKey(NKeyType.fromPrefix(i), cArr, null);
    }

    public static NKey fromSeed(char[] cArr) {
        NKeyDecodedSeed decodeSeed = decodeSeed(cArr);
        if (decodeSeed.bytes.length == 64) {
            return new NKey(NKeyType.fromPrefix(decodeSeed.prefix), null, cArr);
        }
        try {
            return createPair(NKeyType.fromPrefix(decodeSeed.prefix), decodeSeed.bytes);
        } catch (Exception e) {
            throw new IllegalArgumentException("Bad seed value", e);
        }
    }

    public static boolean isValidPublicAccountKey(char[] cArr) {
        return decode(NKeyType.ACCOUNT, cArr) != null;
    }

    public static boolean isValidPublicClusterKey(char[] cArr) {
        return decode(NKeyType.CLUSTER, cArr) != null;
    }

    public static boolean isValidPublicOperatorKey(char[] cArr) {
        return decode(NKeyType.OPERATOR, cArr) != null;
    }

    public static boolean isValidPublicServerKey(char[] cArr) {
        return decode(NKeyType.SERVER, cArr) != null;
    }

    public static boolean isValidPublicUserKey(char[] cArr) {
        return decode(NKeyType.USER, cArr) != null;
    }

    private NKey(NKeyType nKeyType, char[] cArr, char[] cArr2) {
        this.type = nKeyType;
        this.privateKeyAsSeed = cArr2;
        this.publicKey = cArr;
    }

    public void clear() {
        if (this.privateKeyAsSeed != null) {
            for (int i = 0; i < this.privateKeyAsSeed.length; i++) {
                this.privateKeyAsSeed[i] = (char) (NKeyUtils.PRAND.nextInt(26) + 97);
            }
            Arrays.fill(this.privateKeyAsSeed, (char) 0);
        }
        if (this.publicKey != null) {
            for (int i2 = 0; i2 < this.publicKey.length; i2++) {
                this.publicKey[i2] = (char) (NKeyUtils.PRAND.nextInt(26) + 97);
            }
            Arrays.fill(this.publicKey, (char) 0);
        }
    }

    public char[] getSeed() {
        if (this.privateKeyAsSeed == null) {
            throw new IllegalStateException("Public-only NKey");
        }
        NKeyDecodedSeed decodeSeed = decodeSeed(this.privateKeyAsSeed);
        byte[] bArr = new byte[32];
        System.arraycopy(decodeSeed.bytes, 0, bArr, 0, bArr.length);
        try {
            return encodeSeed(NKeyType.fromPrefix(decodeSeed.prefix), bArr);
        } catch (Exception e) {
            throw new IllegalStateException("Unable to create seed.", e);
        }
    }

    public char[] getPublicKey() throws GeneralSecurityException, IOException {
        return this.publicKey != null ? this.publicKey : encode(this.type, getKeyPair().getPublic().getEncoded());
    }

    public char[] getPrivateKey() throws GeneralSecurityException, IOException {
        if (this.privateKeyAsSeed == null) {
            throw new IllegalStateException("Public-only NKey");
        }
        return encode(NKeyType.PRIVATE, decodeSeed(this.privateKeyAsSeed).bytes);
    }

    public KeyPair getKeyPair() throws GeneralSecurityException, IOException {
        if (this.privateKeyAsSeed == null) {
            throw new IllegalStateException("Public-only NKey");
        }
        NKeyDecodedSeed decodeSeed = decodeSeed(this.privateKeyAsSeed);
        byte[] bArr = new byte[32];
        byte[] bArr2 = new byte[32];
        System.arraycopy(decodeSeed.bytes, 0, bArr, 0, bArr.length);
        System.arraycopy(decodeSeed.bytes, bArr.length, bArr2, 0, bArr2.length);
        return new KeyPair(new PublicKeyWrapper(new Ed25519PublicKeyParameters(bArr2)), new PrivateKeyWrapper(new Ed25519PrivateKeyParameters(bArr)));
    }

    public NKeyType getType() {
        return this.type;
    }

    public byte[] sign(byte[] bArr) throws GeneralSecurityException, IOException {
        Ed25519PrivateKeyParameters ed25519PrivateKeyParameters = new Ed25519PrivateKeyParameters(getKeyPair().getPrivate().getEncoded());
        Ed25519Signer ed25519Signer = new Ed25519Signer();
        ed25519Signer.init(true, ed25519PrivateKeyParameters);
        ed25519Signer.update(bArr, 0, bArr.length);
        return ed25519Signer.generateSignature();
    }

    public boolean verify(byte[] bArr, byte[] bArr2) throws GeneralSecurityException, IOException {
        Ed25519PublicKeyParameters ed25519PublicKeyParameters;
        if (this.privateKeyAsSeed != null) {
            ed25519PublicKeyParameters = new Ed25519PublicKeyParameters(getKeyPair().getPublic().getEncoded());
        } else {
            ed25519PublicKeyParameters = new Ed25519PublicKeyParameters(decode(this.type, getPublicKey()));
        }
        Ed25519Signer ed25519Signer = new Ed25519Signer();
        ed25519Signer.init(false, ed25519PublicKeyParameters);
        ed25519Signer.update(bArr, 0, bArr.length);
        return ed25519Signer.verifySignature(bArr2);
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof NKey)) {
            return false;
        }
        NKey nKey = (NKey) obj;
        if (this.type != nKey.type) {
            return false;
        }
        return this.privateKeyAsSeed == null ? Arrays.equals(this.publicKey, nKey.publicKey) : Arrays.equals(this.privateKeyAsSeed, nKey.privateKeyAsSeed);
    }

    public int hashCode() {
        int i = (31 * 17) + this.type.prefix;
        return this.privateKeyAsSeed == null ? (31 * i) + Arrays.hashCode(this.publicKey) : (31 * i) + Arrays.hashCode(this.privateKeyAsSeed);
    }
}
