package org.bouncycastle.crypto.signers;

import java.math.BigInteger;
import java.security.SecureRandom;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DSA;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithID;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.math.ec.ECConstants;
import org.bouncycastle.math.ec.ECFieldElement;
import org.bouncycastle.math.ec.ECMultiplier;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.FixedPointCombMultiplier;
import org.bouncycastle.util.BigIntegers;

/* compiled from: TbsSdkJava */
/* loaded from: classes2.dex */
public class SM2Signer implements DSA, ECConstants {
    private final DSAKCalculator a = new RandomDSAKCalculator();
    private byte[] b;
    private int c;
    private ECDomainParameters d;
    private ECPoint e;
    private ECKeyParameters f;

    private void a(Digest digest, ECFieldElement eCFieldElement) {
        byte[] a = BigIntegers.a(this.c, eCFieldElement.l());
        digest.update(a, 0, a.length);
    }

    private void a(Digest digest, byte[] bArr) {
        int length = bArr.length * 8;
        digest.a((byte) ((length >> 8) & 255));
        digest.a((byte) (length & 255));
        digest.update(bArr, 0, bArr.length);
    }

    private byte[] a(Digest digest) {
        a(digest, this.b);
        a(digest, this.d.a().d());
        a(digest, this.d.a().e());
        a(digest, this.d.b().c());
        a(digest, this.d.b().d());
        a(digest, this.e.c());
        a(digest, this.e.d());
        byte[] bArr = new byte[digest.b()];
        digest.a(bArr, 0);
        return bArr;
    }

    protected ECMultiplier a() {
        return new FixedPointCombMultiplier();
    }

    @Override // org.bouncycastle.crypto.DSA
    public void a(boolean z, CipherParameters cipherParameters) {
        ECPoint c;
        if (cipherParameters instanceof ParametersWithID) {
            ParametersWithID parametersWithID = (ParametersWithID) cipherParameters;
            CipherParameters b = parametersWithID.b();
            this.b = parametersWithID.a();
            cipherParameters = b;
        } else {
            this.b = new byte[0];
        }
        if (z) {
            if (cipherParameters instanceof ParametersWithRandom) {
                ParametersWithRandom parametersWithRandom = (ParametersWithRandom) cipherParameters;
                this.f = (ECKeyParameters) parametersWithRandom.a();
                this.d = this.f.b();
                this.a.a(this.d.d(), parametersWithRandom.b());
            } else {
                this.f = (ECKeyParameters) cipherParameters;
                this.d = this.f.b();
                this.a.a(this.d.d(), new SecureRandom());
            }
            c = this.d.b().a(((ECPrivateKeyParameters) this.f).c()).r();
        } else {
            this.f = (ECKeyParameters) cipherParameters;
            this.d = this.f.b();
            c = ((ECPublicKeyParameters) this.f).c();
        }
        this.e = c;
        this.c = (this.d.a().j() + 7) / 8;
    }

    @Override // org.bouncycastle.crypto.DSA
    public boolean a(byte[] bArr, BigInteger bigInteger, BigInteger bigInteger2) {
        BigInteger d = this.d.d();
        if (bigInteger.compareTo(ECConstants.b) < 0 || bigInteger.compareTo(d) > 0 || bigInteger2.compareTo(ECConstants.b) < 0 || bigInteger2.compareTo(d) > 0) {
            return false;
        }
        ECPoint c = ((ECPublicKeyParameters) this.f).c();
        SM3Digest sM3Digest = new SM3Digest();
        byte[] a = a(sM3Digest);
        sM3Digest.update(a, 0, a.length);
        sM3Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[sM3Digest.b()];
        sM3Digest.a(bArr2, 0);
        BigInteger b = b(bArr2);
        BigInteger mod = bigInteger.add(bigInteger2).mod(d);
        if (mod.equals(ECConstants.a)) {
            return false;
        }
        return bigInteger.equals(b.add(this.d.b().a(bigInteger2).a(c.a(mod)).r().c().l()).mod(d));
    }

    @Override // org.bouncycastle.crypto.DSA
    public BigInteger[] a(byte[] bArr) {
        SM3Digest sM3Digest = new SM3Digest();
        byte[] a = a(sM3Digest);
        sM3Digest.update(a, 0, a.length);
        sM3Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[sM3Digest.b()];
        sM3Digest.a(bArr2, 0);
        BigInteger d = this.d.d();
        BigInteger b = b(bArr2);
        BigInteger c = ((ECPrivateKeyParameters) this.f).c();
        ECMultiplier a2 = a();
        while (true) {
            BigInteger a3 = this.a.a();
            BigInteger mod = b.add(a2.a(this.d.b(), a3).r().c().l()).mod(d);
            if (!mod.equals(ECConstants.a) && !mod.add(a3).equals(d)) {
                BigInteger mod2 = c.add(ECConstants.b).modInverse(d).multiply(a3.subtract(mod.multiply(c)).mod(d)).mod(d);
                if (!mod2.equals(ECConstants.a)) {
                    return new BigInteger[]{mod, mod2};
                }
            }
        }
    }

    protected BigInteger b(byte[] bArr) {
        return new BigInteger(1, bArr);
    }
}
