package org.bouncycastle.pqc.crypto.xmss;

import java.util.Objects;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.pqc.crypto.ExhaustedPrivateKeyException;
import org.bouncycastle.pqc.crypto.StateAwareMessageSigner;
import org.bouncycastle.pqc.crypto.xmss.OTSHashAddress;
import org.bouncycastle.pqc.crypto.xmss.XMSSReducedSignature;
import org.bouncycastle.pqc.crypto.xmss.XMSSSignature;
import org.bouncycastle.util.Arrays;

/* loaded from: classes17.dex */
public class XMSSSigner implements StateAwareMessageSigner {
    public boolean hasGenerated;
    public boolean initSign;
    public KeyedHashFunctions khf;
    public XMSSParameters params;
    public XMSSPrivateKeyParameters privateKey;
    public XMSSPublicKeyParameters publicKey;
    public WOTSPlus wotsPlus;

    @Override // org.bouncycastle.pqc.crypto.MessageSigner
    public byte[] generateSignature(byte[] bArr) {
        byte[] byteArray;
        Objects.requireNonNull(bArr, "message == null");
        if (!this.initSign) {
            throw new IllegalStateException("signer not initialized for signature generation");
        }
        XMSSPrivateKeyParameters xMSSPrivateKeyParameters = this.privateKey;
        if (xMSSPrivateKeyParameters == null) {
            throw new IllegalStateException("signing key no longer usable");
        }
        synchronized (xMSSPrivateKeyParameters) {
            if (this.privateKey.getUsagesRemaining() <= 0) {
                throw new ExhaustedPrivateKeyException("no usages of private key remaining");
            }
            XMSSPrivateKeyParameters xMSSPrivateKeyParameters2 = this.privateKey;
            Objects.requireNonNull(xMSSPrivateKeyParameters2);
            if (xMSSPrivateKeyParameters2.bdsState.getAuthenticationPath().isEmpty()) {
                throw new IllegalStateException("not initialized");
            }
            try {
                int index = this.privateKey.getIndex();
                this.hasGenerated = true;
                long j = index;
                byte[] PRF = this.khf.PRF(this.privateKey.getSecretKeyPRF(), XMSSUtil.toBytesBigEndian(j, 32));
                byte[] root = this.privateKey.getRoot();
                XMSSParameters xMSSParameters = this.params;
                Objects.requireNonNull(xMSSParameters);
                byte[] HMsg = this.khf.HMsg(Arrays.concatenate(PRF, root, XMSSUtil.toBytesBigEndian(j, xMSSParameters.treeDigestSize)), bArr);
                OTSHashAddress.Builder builder = new OTSHashAddress.Builder();
                builder.otsAddress = index;
                WOTSPlusSignature wotsSign = wotsSign(HMsg, new OTSHashAddress(builder));
                XMSSSignature.Builder builder2 = new XMSSSignature.Builder(this.params);
                builder2.index = index;
                XMSSReducedSignature.Builder withWOTSPlusSignature = builder2.withRandom(PRF).withWOTSPlusSignature(wotsSign);
                XMSSPrivateKeyParameters xMSSPrivateKeyParameters3 = this.privateKey;
                Objects.requireNonNull(xMSSPrivateKeyParameters3);
                byteArray = withWOTSPlusSignature.withAuthPath(xMSSPrivateKeyParameters3.bdsState.getAuthenticationPath()).build().toByteArray();
            } finally {
                XMSSPrivateKeyParameters xMSSPrivateKeyParameters4 = this.privateKey;
                Objects.requireNonNull(xMSSPrivateKeyParameters4);
                BDS bds = xMSSPrivateKeyParameters4.bdsState;
                Objects.requireNonNull(bds);
                bds.used = true;
                this.privateKey.rollKey();
            }
        }
        return byteArray;
    }

    @Override // org.bouncycastle.pqc.crypto.StateAwareMessageSigner
    public AsymmetricKeyParameter getUpdatedPrivateKey() {
        synchronized (this.privateKey) {
            if (this.hasGenerated) {
                XMSSPrivateKeyParameters xMSSPrivateKeyParameters = this.privateKey;
                this.privateKey = null;
                return xMSSPrivateKeyParameters;
            }
            XMSSPrivateKeyParameters xMSSPrivateKeyParameters2 = this.privateKey;
            if (xMSSPrivateKeyParameters2 != null) {
                this.privateKey = xMSSPrivateKeyParameters2.getNextKey();
            }
            return xMSSPrivateKeyParameters2;
        }
    }

    public long getUsagesRemaining() {
        return this.privateKey.getUsagesRemaining();
    }

    @Override // org.bouncycastle.pqc.crypto.MessageSigner
    public void init(boolean z, CipherParameters cipherParameters) {
        XMSSParameters xMSSParameters;
        if (z) {
            this.initSign = true;
            this.hasGenerated = false;
            XMSSPrivateKeyParameters xMSSPrivateKeyParameters = (XMSSPrivateKeyParameters) cipherParameters;
            this.privateKey = xMSSPrivateKeyParameters;
            Objects.requireNonNull(xMSSPrivateKeyParameters);
            xMSSParameters = xMSSPrivateKeyParameters.params;
        } else {
            this.initSign = false;
            XMSSPublicKeyParameters xMSSPublicKeyParameters = (XMSSPublicKeyParameters) cipherParameters;
            this.publicKey = xMSSPublicKeyParameters;
            Objects.requireNonNull(xMSSPublicKeyParameters);
            xMSSParameters = xMSSPublicKeyParameters.params;
        }
        this.params = xMSSParameters;
        WOTSPlus wOTSPlus = this.params.getWOTSPlus();
        this.wotsPlus = wOTSPlus;
        Objects.requireNonNull(wOTSPlus);
        this.khf = wOTSPlus.khf;
    }

    @Override // org.bouncycastle.pqc.crypto.MessageSigner
    public boolean verifySignature(byte[] bArr, byte[] bArr2) {
        XMSSSignature build = new XMSSSignature.Builder(this.params).withSignature(bArr2).build();
        Objects.requireNonNull(build);
        int i = build.index;
        WOTSPlus wOTSPlus = this.wotsPlus;
        XMSSParameters xMSSParameters = this.params;
        Objects.requireNonNull(xMSSParameters);
        wOTSPlus.importKeys(new byte[xMSSParameters.treeDigestSize], this.publicKey.getPublicSeed());
        byte[] random = build.getRandom();
        byte[] root = this.publicKey.getRoot();
        long j = i;
        XMSSParameters xMSSParameters2 = this.params;
        Objects.requireNonNull(xMSSParameters2);
        byte[] HMsg = this.khf.HMsg(Arrays.concatenate(random, root, XMSSUtil.toBytesBigEndian(j, xMSSParameters2.treeDigestSize)), bArr);
        XMSSParameters xMSSParameters3 = this.params;
        Objects.requireNonNull(xMSSParameters3);
        int i2 = xMSSParameters3.height;
        int leafIndex = XMSSUtil.getLeafIndex(j, i2);
        OTSHashAddress.Builder builder = new OTSHashAddress.Builder();
        builder.otsAddress = i;
        return Arrays.constantTimeAreEqual(XMSSVerifierUtil.getRootNodeFromSignature(this.wotsPlus, i2, HMsg, build, new OTSHashAddress(builder), leafIndex).getValue(), this.publicKey.getRoot());
    }

    public final WOTSPlusSignature wotsSign(byte[] bArr, OTSHashAddress oTSHashAddress) {
        int length = bArr.length;
        XMSSParameters xMSSParameters = this.params;
        Objects.requireNonNull(xMSSParameters);
        if (length != xMSSParameters.treeDigestSize) {
            throw new IllegalArgumentException("size of messageDigest needs to be equal to size of digest");
        }
        Objects.requireNonNull(oTSHashAddress, "otsHashAddress == null");
        WOTSPlus wOTSPlus = this.wotsPlus;
        wOTSPlus.importKeys(wOTSPlus.getWOTSPlusSecretKey(this.privateKey.getSecretKeySeed(), oTSHashAddress), this.privateKey.getPublicSeed());
        return this.wotsPlus.sign(bArr, oTSHashAddress);
    }
}
