package org.hyperledger.fabric.sdk.idemix;

import com.google.common.primitives.Ints;
import com.google.protobuf.ByteString;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import org.apache.milagro.amcl.FP256BN.BIG;
import org.apache.milagro.amcl.FP256BN.ECP;
import org.apache.milagro.amcl.FP256BN.FP12;
import org.apache.milagro.amcl.FP256BN.PAIR;
import org.apache.milagro.amcl.RAND;
import org.hyperledger.fabric.protos.idemix.Idemix;
import org.hyperledger.fabric.sdk.exception.CryptoException;

/* loaded from: input_file:BOOT-INF/lib/fabric-sdk-java-1.4.0.jar:org/hyperledger/fabric/sdk/idemix/IdemixSignature.class */
public class IdemixSignature {
    private final ECP aPrime;
    private final ECP aBar;
    private final ECP bPrime;
    private final BIG proofC;
    private final BIG proofSSk;
    private final BIG proofSE;
    private final BIG proofSR2;
    private final BIG proofSR3;
    private final BIG proofSSPrime;
    private final BIG[] proofSAttrs;
    private final BIG nonce;
    private final ECP nym;
    private final BIG proofSRNym;
    private Idemix.ECP2 revocationPk;
    private byte[] revocationPKSig;
    private long epoch;
    private Idemix.NonRevocationProof nonRevocationProof;
    private static final String SIGN_LABEL = "sign";

    public IdemixSignature(IdemixCredential idemixCredential, BIG big, IdemixPseudonym idemixPseudonym, IdemixIssuerPublicKey idemixIssuerPublicKey, boolean[] zArr, byte[] bArr, int i, Idemix.CredentialRevocationInformation credentialRevocationInformation) {
        if (idemixCredential == null || big == null || idemixPseudonym == null || idemixPseudonym.getNym() == null || idemixPseudonym.getRandNym() == null || idemixIssuerPublicKey == null || zArr == null || bArr == null || credentialRevocationInformation == null) {
            throw new IllegalArgumentException("Cannot construct idemix signature from null input");
        }
        if (zArr.length != idemixCredential.getAttrs().length) {
            throw new IllegalArgumentException("Disclosure length must be the same as the number of attributes");
        }
        if (credentialRevocationInformation.getRevocationAlg() >= RevocationAlgorithm.values().length) {
            throw new IllegalArgumentException("CRI specifies unknown revocation algorithm");
        }
        if (credentialRevocationInformation.getRevocationAlg() != RevocationAlgorithm.ALG_NO_REVOCATION.ordinal() && zArr[i]) {
            throw new IllegalArgumentException("Attribute " + i + " is disclosed but also used a revocation handle attribute, which should remain hidden");
        }
        RevocationAlgorithm revocationAlgorithm = RevocationAlgorithm.values()[credentialRevocationInformation.getRevocationAlg()];
        int[] hiddenIndices = hiddenIndices(zArr);
        RAND rand = IdemixUtils.getRand();
        BIG randModOrder = IdemixUtils.randModOrder(rand);
        BIG randModOrder2 = IdemixUtils.randModOrder(rand);
        BIG big2 = new BIG(randModOrder);
        big2.invmodp(IdemixUtils.GROUP_ORDER);
        this.nonce = IdemixUtils.randModOrder(rand);
        this.aPrime = PAIR.G1mul(idemixCredential.getA(), randModOrder);
        this.aBar = PAIR.G1mul(idemixCredential.getB(), randModOrder);
        this.aBar.sub(PAIR.G1mul(this.aPrime, idemixCredential.getE()));
        this.bPrime = PAIR.G1mul(idemixCredential.getB(), randModOrder);
        this.bPrime.sub(PAIR.G1mul(idemixIssuerPublicKey.getHRand(), randModOrder2));
        BIG big3 = new BIG(idemixCredential.getS());
        big3.add(BIG.modneg(BIG.modmul(randModOrder2, big2, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER));
        big3.mod(IdemixUtils.GROUP_ORDER);
        BIG randModOrder3 = IdemixUtils.randModOrder(rand);
        BIG randModOrder4 = IdemixUtils.randModOrder(rand);
        BIG randModOrder5 = IdemixUtils.randModOrder(rand);
        BIG randModOrder6 = IdemixUtils.randModOrder(rand);
        BIG randModOrder7 = IdemixUtils.randModOrder(rand);
        BIG randModOrder8 = IdemixUtils.randModOrder(rand);
        BIG[] bigArr = new BIG[hiddenIndices.length];
        for (int i2 = 0; i2 < hiddenIndices.length; i2++) {
            bigArr[i2] = IdemixUtils.randModOrder(rand);
        }
        NonRevocationProver nonRevocationProver = NonRevocationProver.getNonRevocationProver(revocationAlgorithm);
        int indexOf = Ints.indexOf(hiddenIndices, i);
        if (nonRevocationProver.getFSContribution(BIG.fromBytes(idemixCredential.getAttrs()[i]), bigArr[indexOf < 0 ? hiddenIndices.length : indexOf], credentialRevocationInformation) == null) {
            throw new RuntimeException("Failed to compute non-revoked proof");
        }
        ECP mul2 = this.aPrime.mul2(randModOrder4, idemixIssuerPublicKey.getHRand(), randModOrder5);
        ECP G1mul = PAIR.G1mul(idemixIssuerPublicKey.getHRand(), randModOrder7);
        G1mul.add(this.bPrime.mul2(randModOrder6, idemixIssuerPublicKey.getHsk(), randModOrder3));
        for (int i3 = 0; i3 < hiddenIndices.length / 2; i3++) {
            G1mul.add(idemixIssuerPublicKey.getHAttrs()[hiddenIndices[2 * i3]].mul2(bigArr[2 * i3], idemixIssuerPublicKey.getHAttrs()[hiddenIndices[(2 * i3) + 1]], bigArr[(2 * i3) + 1]));
        }
        if (hiddenIndices.length % 2 != 0) {
            G1mul.add(PAIR.G1mul(idemixIssuerPublicKey.getHAttrs()[hiddenIndices[hiddenIndices.length - 1]], bigArr[hiddenIndices.length - 1]));
        }
        this.proofC = IdemixUtils.hashModOrder(IdemixUtils.append(IdemixUtils.append(new byte[0], IdemixUtils.bigToBytes(IdemixUtils.hashModOrder(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(new byte[0], SIGN_LABEL.getBytes()), IdemixUtils.ecpToBytes(mul2)), IdemixUtils.ecpToBytes(G1mul)), IdemixUtils.ecpToBytes(idemixIssuerPublicKey.getHsk().mul2(randModOrder3, idemixIssuerPublicKey.getHRand(), randModOrder8))), IdemixUtils.ecpToBytes(this.aPrime)), IdemixUtils.ecpToBytes(this.aBar)), IdemixUtils.ecpToBytes(this.bPrime)), IdemixUtils.ecpToBytes(idemixPseudonym.getNym())), idemixIssuerPublicKey.getHash()), zArr), bArr)))), IdemixUtils.bigToBytes(this.nonce)));
        this.proofSSk = IdemixUtils.modAdd(randModOrder3, BIG.modmul(this.proofC, big, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
        this.proofSE = IdemixUtils.modSub(randModOrder4, BIG.modmul(this.proofC, idemixCredential.getE(), IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
        this.proofSR2 = IdemixUtils.modAdd(randModOrder5, BIG.modmul(this.proofC, randModOrder2, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
        this.proofSR3 = IdemixUtils.modSub(randModOrder6, BIG.modmul(this.proofC, big2, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
        this.proofSSPrime = IdemixUtils.modAdd(randModOrder7, BIG.modmul(this.proofC, big3, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
        this.proofSRNym = IdemixUtils.modAdd(randModOrder8, BIG.modmul(this.proofC, idemixPseudonym.getRandNym(), IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
        this.nym = new ECP();
        this.nym.copy(idemixPseudonym.getNym());
        this.proofSAttrs = new BIG[hiddenIndices.length];
        for (int i4 = 0; i4 < hiddenIndices.length; i4++) {
            this.proofSAttrs[i4] = new BIG(bigArr[i4]);
            this.proofSAttrs[i4].add(BIG.modmul(this.proofC, BIG.fromBytes(idemixCredential.getAttrs()[hiddenIndices[i4]]), IdemixUtils.GROUP_ORDER));
            this.proofSAttrs[i4].mod(IdemixUtils.GROUP_ORDER);
        }
        this.revocationPk = credentialRevocationInformation.getEpochPk();
        this.revocationPKSig = credentialRevocationInformation.getEpochPkSig().toByteArray();
        this.epoch = credentialRevocationInformation.getEpoch();
        this.nonRevocationProof = nonRevocationProver.getNonRevocationProof(this.proofC);
    }

    public IdemixSignature(Idemix.Signature signature) {
        if (signature == null) {
            throw new IllegalArgumentException("Cannot construct idemix signature from null input");
        }
        this.aBar = IdemixUtils.transformFromProto(signature.getABar());
        this.aPrime = IdemixUtils.transformFromProto(signature.getAPrime());
        this.bPrime = IdemixUtils.transformFromProto(signature.getBPrime());
        this.nym = IdemixUtils.transformFromProto(signature.getNym());
        this.proofC = BIG.fromBytes(signature.getProofC().toByteArray());
        this.proofSSk = BIG.fromBytes(signature.getProofSSk().toByteArray());
        this.proofSE = BIG.fromBytes(signature.getProofSE().toByteArray());
        this.proofSR2 = BIG.fromBytes(signature.getProofSR2().toByteArray());
        this.proofSR3 = BIG.fromBytes(signature.getProofSR3().toByteArray());
        this.proofSSPrime = BIG.fromBytes(signature.getProofSSPrime().toByteArray());
        this.proofSRNym = BIG.fromBytes(signature.getProofSRNym().toByteArray());
        this.nonce = BIG.fromBytes(signature.getNonce().toByteArray());
        this.proofSAttrs = new BIG[signature.getProofSAttrsCount()];
        for (int i = 0; i < signature.getProofSAttrsCount(); i++) {
            this.proofSAttrs[i] = BIG.fromBytes(signature.getProofSAttrs(i).toByteArray());
        }
        this.revocationPk = signature.getRevocationEpochPk();
        this.revocationPKSig = signature.getRevocationPkSig().toByteArray();
        this.epoch = signature.getEpoch();
        this.nonRevocationProof = signature.getNonRevocationProof();
    }

    public boolean verify(boolean[] zArr, IdemixIssuerPublicKey idemixIssuerPublicKey, byte[] bArr, BIG[] bigArr, int i, PublicKey publicKey, int i2) throws CryptoException {
        if (zArr == null || idemixIssuerPublicKey == null || bArr == null || bigArr == null || bigArr.length != idemixIssuerPublicKey.getAttributeNames().length || zArr.length != idemixIssuerPublicKey.getAttributeNames().length) {
            return false;
        }
        for (int i3 = 0; i3 < idemixIssuerPublicKey.getAttributeNames().length; i3++) {
            if (zArr[i3] && bigArr[i3] == null) {
                return false;
            }
        }
        int[] hiddenIndices = hiddenIndices(zArr);
        if (this.proofSAttrs.length != hiddenIndices.length || this.aPrime.is_infinity()) {
            return false;
        }
        if (this.nonRevocationProof.getRevocationAlg() >= RevocationAlgorithm.values().length) {
            throw new IllegalArgumentException("CRI specifies unknown revocation algorithm");
        }
        RevocationAlgorithm revocationAlgorithm = RevocationAlgorithm.values()[this.nonRevocationProof.getRevocationAlg()];
        if (zArr[i]) {
            throw new IllegalArgumentException("Attribute " + i + " is disclosed but also used a revocation handle attribute, which should remain hidden");
        }
        if (!RevocationAuthority.verifyEpochPK(publicKey, this.revocationPk, this.revocationPKSig, i2, revocationAlgorithm)) {
            return false;
        }
        FP12 ate = PAIR.ate(idemixIssuerPublicKey.getW(), this.aPrime);
        FP12 ate2 = PAIR.ate(IdemixUtils.genG2, this.aBar);
        ate2.inverse();
        ate.mul(ate2);
        if (!PAIR.fexp(ate).isunity()) {
            return false;
        }
        ECP mul2 = this.aPrime.mul2(this.proofSE, idemixIssuerPublicKey.getHRand(), this.proofSR2);
        ECP ecp = new ECP();
        ecp.copy(this.aBar);
        ecp.sub(this.bPrime);
        mul2.sub(PAIR.G1mul(ecp, this.proofC));
        ECP G1mul = PAIR.G1mul(idemixIssuerPublicKey.getHRand(), this.proofSSPrime);
        G1mul.add(this.bPrime.mul2(this.proofSR3, idemixIssuerPublicKey.getHsk(), this.proofSSk));
        for (int i4 = 0; i4 < hiddenIndices.length / 2; i4++) {
            G1mul.add(idemixIssuerPublicKey.getHAttrs()[hiddenIndices[2 * i4]].mul2(this.proofSAttrs[2 * i4], idemixIssuerPublicKey.getHAttrs()[hiddenIndices[(2 * i4) + 1]], this.proofSAttrs[(2 * i4) + 1]));
        }
        if (hiddenIndices.length % 2 != 0) {
            G1mul.add(PAIR.G1mul(idemixIssuerPublicKey.getHAttrs()[hiddenIndices[hiddenIndices.length - 1]], this.proofSAttrs[hiddenIndices.length - 1]));
        }
        ECP ecp2 = new ECP();
        ecp2.copy(IdemixUtils.genG1);
        for (int i5 = 0; i5 < zArr.length; i5++) {
            if (zArr[i5]) {
                ecp2.add(PAIR.G1mul(idemixIssuerPublicKey.getHAttrs()[i5], bigArr[i5]));
            }
        }
        G1mul.add(PAIR.G1mul(ecp2, this.proofC));
        ECP mul22 = idemixIssuerPublicKey.getHsk().mul2(this.proofSSk, idemixIssuerPublicKey.getHRand(), this.proofSRNym);
        mul22.sub(this.nym.mul(this.proofC));
        NonRevocationVerifier nonRevocationVerifier = NonRevocationVerifier.getNonRevocationVerifier(revocationAlgorithm);
        int indexOf = Ints.indexOf(hiddenIndices, i);
        if (indexOf < 0) {
            indexOf = hiddenIndices.length;
        }
        if (nonRevocationVerifier.recomputeFSContribution(this.nonRevocationProof, this.proofC, IdemixUtils.transformFromProto(this.revocationPk), this.proofSAttrs[indexOf]) == null) {
            return false;
        }
        return Arrays.equals(IdemixUtils.bigToBytes(this.proofC), IdemixUtils.bigToBytes(IdemixUtils.hashModOrder(IdemixUtils.append(IdemixUtils.append(new byte[0], IdemixUtils.bigToBytes(IdemixUtils.hashModOrder(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(IdemixUtils.append(new byte[0], SIGN_LABEL.getBytes()), IdemixUtils.ecpToBytes(mul2)), IdemixUtils.ecpToBytes(G1mul)), IdemixUtils.ecpToBytes(mul22)), IdemixUtils.ecpToBytes(this.aPrime)), IdemixUtils.ecpToBytes(this.aBar)), IdemixUtils.ecpToBytes(this.bPrime)), IdemixUtils.ecpToBytes(this.nym)), idemixIssuerPublicKey.getHash()), zArr), bArr)))), IdemixUtils.bigToBytes(this.nonce)))));
    }

    public Idemix.Signature toProto() {
        Idemix.Signature.Builder nonRevocationProof = Idemix.Signature.newBuilder().setAPrime(IdemixUtils.transformToProto(this.aPrime)).setABar(IdemixUtils.transformToProto(this.aBar)).setBPrime(IdemixUtils.transformToProto(this.bPrime)).setNym(IdemixUtils.transformToProto(this.nym)).setProofC(ByteString.copyFrom(IdemixUtils.bigToBytes(this.proofC))).setProofSSk(ByteString.copyFrom(IdemixUtils.bigToBytes(this.proofSSk))).setProofSE(ByteString.copyFrom(IdemixUtils.bigToBytes(this.proofSE))).setProofSR2(ByteString.copyFrom(IdemixUtils.bigToBytes(this.proofSR2))).setProofSR3(ByteString.copyFrom(IdemixUtils.bigToBytes(this.proofSR3))).setProofSRNym(ByteString.copyFrom(IdemixUtils.bigToBytes(this.proofSRNym))).setProofSSPrime(ByteString.copyFrom(IdemixUtils.bigToBytes(this.proofSSPrime))).setNonce(ByteString.copyFrom(IdemixUtils.bigToBytes(this.nonce))).setRevocationEpochPk(this.revocationPk).setRevocationPkSig(ByteString.copyFrom(this.revocationPKSig)).setEpoch(this.epoch).setNonRevocationProof(this.nonRevocationProof);
        for (BIG big : this.proofSAttrs) {
            nonRevocationProof.addProofSAttrs(ByteString.copyFrom(IdemixUtils.bigToBytes(big)));
        }
        return nonRevocationProof.build();
    }

    private int[] hiddenIndices(boolean[] zArr) {
        if (zArr == null) {
            throw new IllegalArgumentException("cannot compute hidden indices of null disclosure");
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < zArr.length; i++) {
            if (!zArr[i]) {
                arrayList.add(Integer.valueOf(i));
            }
        }
        int[] iArr = new int[arrayList.size()];
        for (int i2 = 0; i2 < arrayList.size(); i2++) {
            iArr[i2] = ((Integer) arrayList.get(i2)).intValue();
        }
        return iArr;
    }
}
