package com.webauthn4j.data.attestation.authenticator;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier;
import com.webauthn4j.data.attestation.statement.COSEKeyOperation;
import com.webauthn4j.data.attestation.statement.COSEKeyType;
import com.webauthn4j.util.ArrayUtil;
import com.webauthn4j.util.AssertUtil;
import com.webauthn4j.util.exception.UnexpectedCheckedException;
import com.webauthn4j.validator.exception.ConstraintViolationException;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.EdECPrivateKey;
import java.security.interfaces.EdECPublicKey;
import java.security.spec.EdECPoint;
import java.security.spec.EdECPrivateKeySpec;
import java.security.spec.EdECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.NamedParameterSpec;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;

/* loaded from: input_file:com/webauthn4j/data/attestation/authenticator/EdDSACOSEKey.class */
public class EdDSACOSEKey extends AbstractCOSEKey implements Serializable {
    private static final String CURVE_NULL_CHECK_MESSAGE = "curve must not be null";
    private static final String ALG_VALUE_CHECK_MESSAGE = "alg must be EdDSA";

    @JsonProperty("-1")
    private final Curve curve;

    @JsonProperty("-2")
    private byte[] x;

    @JsonProperty("-4")
    private byte[] d;

    @JsonCreator
    public EdDSACOSEKey(@JsonProperty("2") byte[] bArr, @JsonProperty("3") COSEAlgorithmIdentifier cOSEAlgorithmIdentifier, @JsonProperty("4") List<COSEKeyOperation> list, @JsonProperty("-1") Curve curve, @JsonProperty("-2") byte[] bArr2, @JsonProperty("-4") byte[] bArr3) {
        super(bArr, cOSEAlgorithmIdentifier, list, null);
        this.curve = curve;
        this.x = bArr2;
        this.d = bArr3;
    }

    public static EdDSACOSEKey create(EdECPrivateKey edECPrivateKey, COSEAlgorithmIdentifier cOSEAlgorithmIdentifier) {
        AssertUtil.isTrue(cOSEAlgorithmIdentifier == COSEAlgorithmIdentifier.EdDSA, ALG_VALUE_CHECK_MESSAGE);
        return new EdDSACOSEKey(null, cOSEAlgorithmIdentifier, null, getCurve(edECPrivateKey.getParams()), null, edECPrivateKey.getBytes().orElseThrow(() -> {
            return new IllegalArgumentException("privateKey must not be null");
        }));
    }

    public static EdDSACOSEKey create(EdECPublicKey edECPublicKey, COSEAlgorithmIdentifier cOSEAlgorithmIdentifier) {
        AssertUtil.isTrue(cOSEAlgorithmIdentifier == COSEAlgorithmIdentifier.EdDSA, ALG_VALUE_CHECK_MESSAGE);
        return new EdDSACOSEKey(null, cOSEAlgorithmIdentifier, null, getCurve(edECPublicKey.getParams()), calcCOSEXParam(edECPublicKey), null);
    }

    public static EdDSACOSEKey create(KeyPair keyPair, COSEAlgorithmIdentifier cOSEAlgorithmIdentifier) {
        AssertUtil.isTrue(cOSEAlgorithmIdentifier == COSEAlgorithmIdentifier.EdDSA, ALG_VALUE_CHECK_MESSAGE);
        EdECPublicKey edECPublicKey = (EdECPublicKey) keyPair.getPublic();
        return new EdDSACOSEKey(null, cOSEAlgorithmIdentifier, null, getCurve(edECPublicKey.getParams()), calcCOSEXParam(edECPublicKey), ((EdECPrivateKey) keyPair.getPrivate()).getBytes().orElseThrow(() -> {
            return new IllegalArgumentException("privateKey must not be null");
        }));
    }

    public static EdDSACOSEKey create(EdECPrivateKey edECPrivateKey) {
        return create(edECPrivateKey, COSEAlgorithmIdentifier.EdDSA);
    }

    public static EdDSACOSEKey create(EdECPublicKey edECPublicKey) {
        return create(edECPublicKey, COSEAlgorithmIdentifier.EdDSA);
    }

    public static EdDSACOSEKey create(KeyPair keyPair) {
        return create(keyPair, COSEAlgorithmIdentifier.EdDSA);
    }

    @Override // com.webauthn4j.data.attestation.authenticator.COSEKey
    public boolean hasPublicKey() {
        return this.x != null;
    }

    @Override // com.webauthn4j.data.attestation.authenticator.COSEKey
    public boolean hasPrivateKey() {
        return this.d != null;
    }

    @Override // com.webauthn4j.data.attestation.authenticator.COSEKey
    public PublicKey getPublicKey() {
        if (!hasPublicKey()) {
            return null;
        }
        try {
            return KeyFactory.getInstance("EdDSA").generatePublic(new EdECPublicKeySpec((NamedParameterSpec) this.curve.getParameterSpec(), toEdECPoint(this.x)));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new UnexpectedCheckedException(e);
        }
    }

    @Override // com.webauthn4j.data.attestation.authenticator.COSEKey
    public PrivateKey getPrivateKey() {
        if (!hasPrivateKey()) {
            return null;
        }
        try {
            return KeyFactory.getInstance("EdDSA").generatePrivate(new EdECPrivateKeySpec((NamedParameterSpec) this.curve.getParameterSpec(), this.d));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new UnexpectedCheckedException(e);
        }
    }

    @Override // com.webauthn4j.data.attestation.authenticator.AbstractCOSEKey, com.webauthn4j.data.attestation.authenticator.COSEKey
    public COSEKeyType getKeyType() {
        return COSEKeyType.OKP;
    }

    public Curve getCurve() {
        return this.curve;
    }

    public byte[] getX() {
        return ArrayUtil.clone(this.x);
    }

    public byte[] getD() {
        return ArrayUtil.clone(this.d);
    }

    @Override // com.webauthn4j.data.attestation.authenticator.COSEKey
    public void validate() {
        if (this.curve == null) {
            throw new ConstraintViolationException(CURVE_NULL_CHECK_MESSAGE);
        }
        if (this.curve != Curve.ED25519) {
            throw new ConstraintViolationException("curve must be Ed25519");
        }
        COSEAlgorithmIdentifier algorithm = getAlgorithm();
        if (algorithm != null && !Objects.equals(algorithm, COSEAlgorithmIdentifier.EdDSA)) {
            throw new ConstraintViolationException("algorithm must be EdDSA if present");
        }
        if (!hasPublicKey() && !hasPrivateKey()) {
            throw new ConstraintViolationException("x or d must be present");
        }
        if (this.x == null) {
            throw new ConstraintViolationException("x must not be null");
        }
    }

    static Curve getCurve(NamedParameterSpec namedParameterSpec) {
        if (Objects.equals(namedParameterSpec.getName(), NamedParameterSpec.ED25519.getName())) {
            return Curve.ED25519;
        }
        throw new IllegalArgumentException(String.format("%s is not supported. Ed25519 is the only supported curve.", namedParameterSpec.getName()));
    }

    private static byte[] calcCOSEXParam(EdECPublicKey edECPublicKey) {
        Curve curve = getCurve(edECPublicKey.getParams());
        byte[] convertToFixedByteArray = ArrayUtil.convertToFixedByteArray(curve.getSize(), edECPublicKey.getPoint().getY());
        reverse(convertToFixedByteArray);
        if (edECPublicKey.getPoint().isXOdd()) {
            int length = convertToFixedByteArray.length - 1;
            convertToFixedByteArray[length] = (byte) (convertToFixedByteArray[length] | Byte.MIN_VALUE);
        }
        return convertToFixedByteArray;
    }

    private static EdECPoint toEdECPoint(byte[] bArr) {
        byte[] bArr2 = (byte[]) bArr.clone();
        boolean z = (bArr2[bArr.length - 1] & 128) != 0;
        int length = bArr.length - 1;
        bArr2[length] = (byte) (bArr2[length] & Byte.MAX_VALUE);
        reverse(bArr2);
        return new EdECPoint(z, new BigInteger(1, bArr2));
    }

    private static void reverse(byte[] bArr) {
        int i = 0;
        for (int length = bArr.length - 1; i < length; length--) {
            byte b = bArr[i];
            bArr[i] = bArr[length];
            bArr[length] = b;
            i++;
        }
    }

    @Override // com.webauthn4j.data.attestation.authenticator.AbstractCOSEKey
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass() || !super.equals(obj)) {
            return false;
        }
        EdDSACOSEKey edDSACOSEKey = (EdDSACOSEKey) obj;
        return this.curve == edDSACOSEKey.curve && Arrays.equals(this.x, edDSACOSEKey.x) && Arrays.equals(this.d, edDSACOSEKey.d);
    }

    @Override // com.webauthn4j.data.attestation.authenticator.AbstractCOSEKey
    public int hashCode() {
        return (31 * ((31 * Objects.hash(Integer.valueOf(super.hashCode()), this.curve)) + Arrays.hashCode(this.x))) + Arrays.hashCode(this.d);
    }

    public String toString() {
        return "EdDSACOSEKey(keyId=" + ArrayUtil.toHexString(getKeyId()) + ", alg=" + getAlgorithm() + ", curve=" + this.curve + ", x=" + ArrayUtil.toHexString(this.x) + ", d=" + ArrayUtil.toHexString(this.d) + ')';
    }
}
