package com.tencent.kona.sun.security.ec;

import com.tencent.kona.crypto.CryptoInsts;
import com.tencent.kona.crypto.spec.RFC5915EncodedKeySpec;
import com.tencent.kona.jdk.internal.misc.SharedSecretsUtil;
import com.tencent.kona.sun.security.util.ArrayUtil;
import com.tencent.kona.sun.security.util.CurveDB;
import com.tencent.kona.sun.security.util.DerOutputStream;
import com.tencent.kona.sun.security.util.DerValue;
import com.tencent.kona.sun.security.util.ECParameters;
import com.tencent.kona.sun.security.util.ECUtil;
import com.tencent.kona.sun.security.util.Oid;
import com.tencent.kona.sun.security.x509.AlgorithmId;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectStreamException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyRep;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;

/* loaded from: input_file:com/tencent/kona/sun/security/ec/RFC5915Key.class */
public final class RFC5915Key implements ECPrivateKey {
    private AlgorithmId algid;
    private byte[] key;
    private byte[] encodedKey;
    private static final int V1 = 1;
    private BigInteger s;
    private byte[] arrayS;
    private ECParameterSpec params;
    private ECPoint pubPoint;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RFC5915Key(byte[] bArr) throws InvalidKeyException {
        decode(new ByteArrayInputStream(bArr));
        parseKeyBits();
    }

    private void decode(InputStream inputStream) throws InvalidKeyException {
        DerValue derValue = null;
        try {
            try {
                DerValue derValue2 = new DerValue(inputStream);
                if (derValue2.tag != 48) {
                    throw new InvalidKeyException("invalid key format");
                }
                int integer = derValue2.data.getInteger();
                if (integer != 1) {
                    throw new InvalidKeyException("unknown version: " + integer);
                }
                this.key = derValue2.data.getOctetString();
                if (derValue2.data.available() == 0) {
                    if (derValue2 != null) {
                        derValue2.clear();
                        return;
                    }
                    return;
                }
                DerValue derValue3 = derValue2.data.getDerValue();
                if (derValue3.isContextSpecific((byte) 0)) {
                    this.algid = new AlgorithmId(AlgorithmId.EC_oid, derValue3.data.getDerValue());
                    AlgorithmParameters parameters = this.algid.getParameters();
                    if (parameters == null) {
                        throw new InvalidKeyException("EC domain parameters must be encoded in the algorithm identifier");
                    }
                    try {
                        this.params = (ECParameterSpec) parameters.getParameterSpec(ECParameterSpec.class);
                        if (derValue2.data.available() == 0) {
                            if (derValue2 != null) {
                                derValue2.clear();
                                return;
                            }
                            return;
                        }
                        derValue3 = derValue2.data.getDerValue();
                    } catch (InvalidParameterSpecException e) {
                        throw new InvalidKeyException("Invalid EC private key", e);
                    }
                }
                if (derValue3.isContextSpecific((byte) 1)) {
                    this.pubPoint = ECUtil.decodePoint(derValue3.data.getUnalignedBitString().toByteArray(), this.params.getCurve());
                    if (derValue2.data.available() == 0) {
                        if (derValue2 != null) {
                            derValue2.clear();
                            return;
                        }
                        return;
                    }
                }
                throw new InvalidKeyException("Extra bytes");
            } catch (IOException e2) {
                throw new InvalidKeyException("IOException : " + e2.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                derValue.clear();
            }
            throw th;
        }
    }

    RFC5915Key(BigInteger bigInteger, ECPoint eCPoint, ECParameterSpec eCParameterSpec) throws InvalidKeyException {
        this.s = bigInteger;
        this.params = eCParameterSpec;
        this.pubPoint = eCPoint;
        makeEncoding(bigInteger);
    }

    private void makeEncoding(BigInteger bigInteger) throws InvalidKeyException {
        this.algid = new AlgorithmId(AlgorithmId.EC_oid, ECParameters.getAlgorithmParameters(this.params));
        byte[] byteArray = bigInteger.toByteArray();
        this.key = new byte[(this.params.getOrder().bitLength() + 7) / 8];
        System.arraycopy(byteArray, Math.max(byteArray.length - this.key.length, 0), this.key, Math.max(this.key.length - byteArray.length, 0), Math.min(byteArray.length, this.key.length));
        Arrays.fill(byteArray, (byte) 0);
    }

    RFC5915Key(byte[] bArr, ECPoint eCPoint, ECParameterSpec eCParameterSpec) throws InvalidKeyException {
        this.arrayS = (byte[]) bArr.clone();
        this.params = eCParameterSpec;
        this.pubPoint = eCPoint;
        makeEncoding(bArr);
    }

    private void makeEncoding(byte[] bArr) throws InvalidKeyException {
        this.algid = new AlgorithmId(AlgorithmId.EC_oid, ECParameters.getAlgorithmParameters(this.params));
        this.key = (byte[]) bArr.clone();
        ArrayUtil.reverse(this.key);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17, types: [java.security.PrivateKey] */
    static PrivateKey parseKey(byte[] bArr) throws IOException {
        try {
            RFC5915Key rFC5915Key = new RFC5915Key(bArr);
            RFC5915EncodedKeySpec rFC5915EncodedKeySpec = new RFC5915EncodedKeySpec(rFC5915Key.getEncodedInternal());
            RFC5915Key rFC5915Key2 = null;
            try {
                rFC5915Key2 = CryptoInsts.getKeyFactory("EC").generatePrivate(rFC5915EncodedKeySpec);
                if (rFC5915Key2 != rFC5915Key) {
                    rFC5915Key.clear();
                }
                SharedSecretsUtil.secSpecClearEncodedKeySpec(rFC5915EncodedKeySpec);
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                rFC5915Key2 = rFC5915Key;
                if (rFC5915Key2 != rFC5915Key) {
                    rFC5915Key.clear();
                }
                SharedSecretsUtil.secSpecClearEncodedKeySpec(rFC5915EncodedKeySpec);
            } catch (Throwable th) {
                if (rFC5915Key2 != rFC5915Key) {
                    rFC5915Key.clear();
                }
                SharedSecretsUtil.secSpecClearEncodedKeySpec(rFC5915EncodedKeySpec);
                throw th;
            }
            return rFC5915Key2;
        } catch (InvalidKeyException e2) {
            throw new IOException("corrupt private key", e2);
        }
    }

    @Override // java.security.Key
    public String getAlgorithm() {
        return "EC";
    }

    @Override // java.security.Key
    public byte[] getEncoded() {
        return (byte[]) getEncodedInternal().clone();
    }

    @Override // java.security.Key
    public String getFormat() {
        return "RFC5915";
    }

    private void parseKeyBits() throws InvalidKeyException {
        byte[] bArr = (byte[]) this.key.clone();
        ArrayUtil.reverse(bArr);
        this.arrayS = bArr;
    }

    @Override // java.security.interfaces.ECPrivateKey
    public BigInteger getS() {
        if (this.s == null) {
            byte[] bArr = (byte[]) this.arrayS.clone();
            ArrayUtil.reverse(bArr);
            this.s = new BigInteger(1, bArr);
            Arrays.fill(bArr, (byte) 0);
        }
        return this.s;
    }

    public byte[] getArrayS() {
        if (this.arrayS == null) {
            this.arrayS = ECUtil.sArray(getS(), this.params);
        }
        return (byte[]) this.arrayS.clone();
    }

    @Override // java.security.interfaces.ECKey
    public ECParameterSpec getParams() {
        return this.params;
    }

    private synchronized byte[] getEncodedInternal() {
        if (this.encodedKey == null) {
            DerOutputStream derOutputStream = new DerOutputStream();
            derOutputStream.putInteger(1);
            derOutputStream.putOctetString(this.key);
            if (this.algid != null) {
                DerOutputStream derOutputStream2 = new DerOutputStream();
                derOutputStream2.putOID(Oid.of(CurveDB.lookup(this.params).getObjectId()));
                derOutputStream.write(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream2);
            }
            if (this.pubPoint != null) {
                DerOutputStream derOutputStream3 = new DerOutputStream();
                derOutputStream3.putBitString(ECUtil.encodePoint(this.pubPoint, this.params.getCurve()));
                derOutputStream.write(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 1), derOutputStream3);
            }
            DerValue wrap = DerValue.wrap((byte) 48, derOutputStream);
            this.encodedKey = wrap.toByteArray();
            wrap.clear();
        }
        return this.encodedKey;
    }

    private Object writeReplace() throws ObjectStreamException {
        return new KeyRep(KeyRep.Type.PRIVATE, getAlgorithm(), getFormat(), getEncodedInternal());
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException {
        try {
            decode(objectInputStream);
        } catch (InvalidKeyException e) {
            throw new IOException("deserialized key is invalid: " + e.getMessage());
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj instanceof RFC5915Key) {
            return MessageDigest.isEqual(getEncodedInternal(), ((RFC5915Key) obj).getEncodedInternal());
        }
        if (!(obj instanceof Key)) {
            return false;
        }
        byte[] encoded = ((Key) obj).getEncoded();
        try {
            boolean isEqual = MessageDigest.isEqual(getEncodedInternal(), encoded);
            if (encoded != null) {
                Arrays.fill(encoded, (byte) 0);
            }
            return isEqual;
        } catch (Throwable th) {
            if (encoded != null) {
                Arrays.fill(encoded, (byte) 0);
            }
            throw th;
        }
    }

    public int hashCode() {
        return Arrays.hashCode(getEncodedInternal());
    }

    public void clear() {
        if (this.encodedKey != null) {
            Arrays.fill(this.encodedKey, (byte) 0);
        }
        Arrays.fill(this.key, (byte) 0);
    }
}
