package org.opensaml.security.crypto.ec;

import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.KeyAgreement;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotLive;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.security.crypto.JCAConstants;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.security.crypto.ec.curves.BasicNamedCurve;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/opensaml-security-api-4.1.1.jar:org/opensaml/security/crypto/ec/ECSupport.class */
public final class ECSupport {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ECSupport.class);

    private ECSupport() {
    }

    @Nonnull
    public static byte[] performKeyAgreement(@Nonnull ECPublicKey eCPublicKey, @Nonnull ECPrivateKey eCPrivateKey, @Nullable String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
        Constraint.isNotNull(eCPublicKey, "ECPublicKey was null");
        Constraint.isNotNull(eCPrivateKey, "ECPrivateKey was null");
        KeyAgreement keyAgreement = str != null ? KeyAgreement.getInstance(JCAConstants.KEY_AGREEMENT_ECDH, str) : KeyAgreement.getInstance(JCAConstants.KEY_AGREEMENT_ECDH);
        keyAgreement.init(eCPrivateKey);
        keyAgreement.doPhase(eCPublicKey, true);
        return keyAgreement.generateSecret();
    }

    @Nonnull
    public static KeyPair generateCompatibleKeyPair(@Nonnull ECPublicKey eCPublicKey, @Nullable String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        Constraint.isNotNull(eCPublicKey, "ECPublicKey was null");
        return KeySupport.generateKeyPair(JCAConstants.KEY_ALGO_EC, eCPublicKey.getParams(), str);
    }

    @Nullable
    public static NamedCurveRegistry getGlobalNamedCurveRegistry() {
        return (NamedCurveRegistry) ConfigurationService.get(NamedCurveRegistry.class);
    }

    @Nullable
    public static NamedCurve getNamedCurve(@Nonnull ECPublicKey eCPublicKey) {
        Constraint.isNotNull(eCPublicKey, "ECPublicKey was null");
        NamedCurveRegistry globalNamedCurveRegistry = getGlobalNamedCurveRegistry();
        if (globalNamedCurveRegistry != null) {
            return globalNamedCurveRegistry.getByParameterSpec(eCPublicKey.getParams());
        }
        LOG.warn("No NamedCurveRegistry is configured");
        return null;
    }

    @Nullable
    public static NamedCurve getNamedCurve(@Nonnull String str) {
        Constraint.isNotNull(str, "NamedCurve URI was null");
        NamedCurveRegistry globalNamedCurveRegistry = getGlobalNamedCurveRegistry();
        if (globalNamedCurveRegistry != null) {
            return globalNamedCurveRegistry.getByURI(str);
        }
        LOG.warn("No NamedCurveRegistry is configured");
        return null;
    }

    @Nullable
    public static String getNamedCurveURI(@Nonnull ECPublicKey eCPublicKey) {
        Constraint.isNotNull(eCPublicKey, "ECPublicKey was null");
        NamedCurve namedCurve = getNamedCurve(eCPublicKey);
        if (namedCurve != null) {
            return namedCurve.getURI();
        }
        LOG.warn("Could not resolve NamedCurve for ECPublicKey");
        return null;
    }

    @Nullable
    public static ECParameterSpec getParameterSpecForURI(@Nonnull String str) {
        Constraint.isNotNull(str, "NamedCurve URI was null");
        NamedCurve namedCurve = getNamedCurve(str);
        if (namedCurve != null) {
            return namedCurve.getParameterSpec();
        }
        LOG.warn("Could not resolve NamedCurve for URI: {}", str);
        return null;
    }

    @Nonnull
    public static ECPoint decodeECPoint(@Nonnull byte[] bArr, @Nonnull EllipticCurve ellipticCurve) throws KeyException {
        Constraint.isNotNull(bArr, "ECPoint byte array was null");
        Constraint.isNotNull(ellipticCurve, "EllipticCurve was null");
        if (bArr.length == 0 || bArr[0] != 4) {
            throw new KeyException("Only uncompressed point format supported");
        }
        int length = (bArr.length - 1) / 2;
        if (length != ((ellipticCurve.getField().getFieldSize() + 7) >> 3)) {
            throw new KeyException("Point does not match field size");
        }
        return new ECPoint(new BigInteger(1, Arrays.copyOfRange(bArr, 1, 1 + length)), new BigInteger(1, Arrays.copyOfRange(bArr, length + 1, length + 1 + length)));
    }

    @Nonnull
    public static byte[] encodeECPointUncompressed(@Nonnull ECPoint eCPoint, @Nonnull EllipticCurve ellipticCurve) {
        Constraint.isNotNull(eCPoint, "ECPoint was null");
        Constraint.isNotNull(ellipticCurve, "EllipticCurve was null");
        int fieldSize = (ellipticCurve.getField().getFieldSize() + 7) >> 3;
        byte[] trimZeroes = trimZeroes(eCPoint.getAffineX().toByteArray());
        byte[] trimZeroes2 = trimZeroes(eCPoint.getAffineY().toByteArray());
        if (trimZeroes.length > fieldSize || trimZeroes2.length > fieldSize) {
            throw new IllegalArgumentException("Point coordinates do not match field size");
        }
        byte[] bArr = new byte[1 + (fieldSize << 1)];
        bArr[0] = 4;
        System.arraycopy(trimZeroes, 0, bArr, (fieldSize - trimZeroes.length) + 1, trimZeroes.length);
        System.arraycopy(trimZeroes2, 0, bArr, bArr.length - trimZeroes2.length, trimZeroes2.length);
        return bArr;
    }

    @Nonnull
    private static byte[] trimZeroes(@Nonnull byte[] bArr) {
        Constraint.isNotNull(bArr, "byte[] data was null");
        int i = 0;
        while (i < bArr.length - 1 && bArr[i] == 0) {
            i++;
        }
        return i == 0 ? bArr : Arrays.copyOfRange(bArr, i, bArr.length);
    }

    @Nullable
    public static ECParameterSpec convert(@Nullable ECNamedCurveParameterSpec eCNamedCurveParameterSpec) {
        if (eCNamedCurveParameterSpec == null) {
            return null;
        }
        return new ECParameterSpec(EC5Util.convertCurve(eCNamedCurveParameterSpec.getCurve(), eCNamedCurveParameterSpec.getSeed()), EC5Util.convertPoint(eCNamedCurveParameterSpec.getG()), eCNamedCurveParameterSpec.getN(), eCNamedCurveParameterSpec.getH().intValue());
    }

    @NonnullElements
    @Nonnull
    @NotLive
    public static Set<NamedCurve> getCurvesFromBouncyCastle() {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Enumeration names = ECNamedCurveTable.getNames();
        while (names.hasMoreElements()) {
            String str = (String) names.nextElement();
            String id = ECNamedCurveTable.getOID(str).getId();
            if (!hashSet2.contains(id)) {
                hashSet.add(new BasicNamedCurve(id, str, EC5Util.convertToSpec(ECNamedCurveTable.getByName(str))));
                hashSet2.add(id);
            }
        }
        Enumeration names2 = CustomNamedCurves.getNames();
        while (names2.hasMoreElements()) {
            String str2 = (String) names2.nextElement();
            String id2 = CustomNamedCurves.getOID(str2).getId();
            if (!hashSet2.contains(id2)) {
                hashSet.add(new BasicNamedCurve(id2, str2, EC5Util.convertToSpec(CustomNamedCurves.getByName(str2))));
                hashSet2.add(id2);
            }
        }
        return hashSet;
    }
}
