package org.hyperledger.fabric.sdk.idemix;

import com.google.protobuf.ByteString;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.ECGenParameterSpec;
import org.apache.milagro.amcl.FP256BN.BIG;
import org.hyperledger.fabric.protos.idemix.Idemix;
import org.hyperledger.fabric.sdk.exception.CryptoException;
import org.hyperledger.fabric.sdk.idemix.WeakBB;

/* loaded from: input_file:org/hyperledger/fabric/sdk/idemix/RevocationAuthority.class */
public class RevocationAuthority {
    private RevocationAuthority() {
    }

    public static int getProofBytes(RevocationAlgorithm revocationAlgorithm) {
        if (revocationAlgorithm == null) {
            throw new IllegalArgumentException("Revocation algorithm cannot be null");
        }
        switch (revocationAlgorithm) {
            case ALG_NO_REVOCATION:
                return 0;
            default:
                throw new IllegalArgumentException("Unsupported RevocationAlgorithm: " + revocationAlgorithm.name());
        }
    }

    public static KeyPair generateLongTermRevocationKey() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec("secp384r1"), new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new RuntimeException("Error during the LTRevocation key. Invalid algorithm");
        }
    }

    public static Idemix.CredentialRevocationInformation createCRI(PrivateKey privateKey, BIG[] bigArr, int i, RevocationAlgorithm revocationAlgorithm) throws CryptoException {
        Idemix.CredentialRevocationInformation.Builder newBuilder = Idemix.CredentialRevocationInformation.newBuilder();
        newBuilder.setRevocationAlg(revocationAlgorithm.ordinal());
        newBuilder.setEpoch(i);
        WeakBB.KeyPair weakBBKeyGen = WeakBB.weakBBKeyGen();
        if (revocationAlgorithm == RevocationAlgorithm.ALG_NO_REVOCATION) {
            newBuilder.setEpochPk(IdemixUtils.transformToProto(IdemixUtils.genG2));
        } else {
            newBuilder.setEpochPk(IdemixUtils.transformToProto(weakBBKeyGen.getPk()));
        }
        try {
            Idemix.CredentialRevocationInformation m3090build = newBuilder.m3090build();
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(privateKey);
            signature.update(m3090build.toByteArray());
            newBuilder.setEpochPkSig(ByteString.copyFrom(signature.sign()));
            if (revocationAlgorithm == RevocationAlgorithm.ALG_NO_REVOCATION) {
                return newBuilder.m3090build();
            }
            throw new IllegalArgumentException("Algorithm " + revocationAlgorithm.name() + " not supported");
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new CryptoException("Error processing the signature");
        }
    }

    public static boolean verifyEpochPK(PublicKey publicKey, Idemix.ECP2 ecp2, byte[] bArr, long j, RevocationAlgorithm revocationAlgorithm) throws CryptoException {
        Idemix.CredentialRevocationInformation.Builder newBuilder = Idemix.CredentialRevocationInformation.newBuilder();
        newBuilder.setRevocationAlg(revocationAlgorithm.ordinal());
        newBuilder.setEpochPk(ecp2);
        newBuilder.setEpoch(j);
        byte[] byteArray = newBuilder.m3090build().toByteArray();
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initVerify(publicKey);
            signature.update(byteArray);
            return signature.verify(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new CryptoException("Error during the EpochPK verification", e);
        }
    }
}
