package io.hotmoka.crypto.internal;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.OptionalInt;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.pqc.crypto.qtesla.QTESLASigner;
import org.bouncycastle.pqc.crypto.util.PrivateKeyFactory;
import org.bouncycastle.pqc.crypto.util.PublicKeyFactory;
import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
import org.bouncycastle.pqc.jcajce.spec.QTESLAParameterSpec;

/* loaded from: input_file:io/hotmoka/crypto/internal/QTESLA3.class */
public class QTESLA3 extends AbstractSignatureAlgorithmImpl {
    private final KeyPairGenerator keyPairGenerator;
    private final KeyFactory keyFactory;
    private final QTESLASigner signer;

    public QTESLA3() throws NoSuchAlgorithmException {
        try {
            ensureProvider();
            this.keyPairGenerator = mkKeyPairGenerator(CryptoServicesRegistrar.getSecureRandom());
            this.signer = new QTESLASigner();
            this.keyFactory = KeyFactory.getInstance("qTESLA", "BCPQC");
        } catch (InvalidAlgorithmParameterException | NoSuchProviderException e) {
            throw new NoSuchAlgorithmException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw e2;
        }
    }

    @Override // io.hotmoka.crypto.internal.AbstractSignatureAlgorithmImpl
    protected KeyPairGenerator mkKeyPairGenerator(SecureRandom secureRandom) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("qTESLA", "BCPQC");
        keyPairGenerator.initialize((AlgorithmParameterSpec) new QTESLAParameterSpec(QTESLAParameterSpec.PROVABLY_SECURE_III), secureRandom);
        return keyPairGenerator;
    }

    public KeyPair getKeyPair() {
        return this.keyPairGenerator.generateKeyPair();
    }

    @Override // io.hotmoka.crypto.internal.AbstractSignatureAlgorithmImpl
    protected byte[] sign(byte[] bArr, PrivateKey privateKey) throws SignatureException {
        byte[] generateSignature;
        synchronized (this.signer) {
            try {
                this.signer.init(true, PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(new PKCS8EncodedKeySpec(encodingOf(privateKey)).getEncoded()))));
                generateSignature = this.signer.generateSignature(bArr);
            } catch (Exception e) {
                throw new SignatureException("cannot generate signature", e);
            }
        }
        return generateSignature;
    }

    @Override // io.hotmoka.crypto.internal.AbstractSignatureAlgorithmImpl
    protected boolean verify(byte[] bArr, PublicKey publicKey, byte[] bArr2) throws InvalidKeyException, SignatureException {
        boolean verifySignature;
        synchronized (this.signer) {
            try {
                this.signer.init(false, PublicKeyFactory.createKey(SubjectPublicKeyInfo.getInstance(new X509EncodedKeySpec(encodingOf(publicKey)).getEncoded())));
                verifySignature = this.signer.verifySignature(bArr, bArr2);
            } catch (InvalidKeyException e) {
                throw e;
            } catch (Exception e2) {
                throw new SignatureException("cannot verify signature", e2);
            }
        }
        return verifySignature;
    }

    public PublicKey publicKeyFromEncoding(byte[] bArr) throws InvalidKeySpecException {
        return this.keyFactory.generatePublic(new X509EncodedKeySpec(bArr));
    }

    public PrivateKey privateKeyFromEncoding(byte[] bArr) throws InvalidKeySpecException {
        return this.keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    @Override // io.hotmoka.crypto.internal.AbstractSignatureAlgorithmImpl
    public String getName() {
        return "qtesla3";
    }

    public OptionalInt publicKeyLength() {
        return OptionalInt.of(38456);
    }

    public OptionalInt privateKeyLength() {
        return OptionalInt.of(12422);
    }

    public OptionalInt length() {
        return OptionalInt.of(5664);
    }

    private static void ensureProvider() {
        if (Security.getProvider(BouncyCastlePQCProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastlePQCProvider());
        }
    }
}
