package org.cryptimeleon.craco.sig.sps.akot15.pos;

import java.util.Arrays;
import java.util.Objects;
import java.util.stream.IntStream;
import org.cryptimeleon.craco.common.plaintexts.GroupElementPlainText;
import org.cryptimeleon.craco.common.plaintexts.MessageBlock;
import org.cryptimeleon.craco.common.plaintexts.PlainText;
import org.cryptimeleon.craco.sig.MultiMessageStructurePreservingSignatureScheme;
import org.cryptimeleon.craco.sig.Signature;
import org.cryptimeleon.craco.sig.SignatureKeyPair;
import org.cryptimeleon.craco.sig.SigningKey;
import org.cryptimeleon.craco.sig.VerificationKey;
import org.cryptimeleon.craco.sig.sps.SPSMessageSpaceVerifier;
import org.cryptimeleon.craco.sig.sps.akot15.AKOT15SharedPublicParameters;
import org.cryptimeleon.math.serialization.Representation;
import org.cryptimeleon.math.serialization.annotations.ReprUtil;
import org.cryptimeleon.math.serialization.annotations.Represented;
import org.cryptimeleon.math.structures.groups.GroupElement;
import org.cryptimeleon.math.structures.groups.elliptic.BilinearMap;
import org.cryptimeleon.math.structures.rings.zn.Zp;

/* loaded from: input_file:org/cryptimeleon/craco/sig/sps/akot15/pos/SPSPOSSignatureScheme.class */
public class SPSPOSSignatureScheme implements MultiMessageStructurePreservingSignatureScheme, SPSMessageSpaceVerifier {

    @Represented
    private AKOT15SharedPublicParameters pp;

    public SPSPOSSignatureScheme(AKOT15SharedPublicParameters aKOT15SharedPublicParameters) {
        this.pp = aKOT15SharedPublicParameters;
    }

    public SPSPOSSignatureScheme(Representation representation) {
        new ReprUtil(this).deserialize(representation);
    }

    @Override // org.cryptimeleon.craco.sig.StandardMultiMessageSignatureScheme
    public SignatureKeyPair<SPSPOSVerificationKey, SPSPOSSigningKey> generateKeyPair(int i) {
        if (i != this.pp.getMessageLength().intValue()) {
            throw new IllegalArgumentException(String.format("The expected the message length %d, but was %d", Integer.valueOf(i), this.pp.getMessageLength()));
        }
        Zp.ZpElement uniformlyRandomNonzeroElement = this.pp.getZp().getUniformlyRandomNonzeroElement();
        Zp.ZpElement[] zpElementArr = (Zp.ZpElement[]) IntStream.range(0, i).mapToObj(i2 -> {
            return this.pp.getZp().getUniformlyRandomNonzeroElement();
        }).toArray(i3 -> {
            return new Zp.ZpElement[i3];
        });
        GroupElement compute = this.pp.getG1GroupGenerator().pow(uniformlyRandomNonzeroElement).compute();
        SignatureKeyPair<SPSPOSVerificationKey, SPSPOSSigningKey> signatureKeyPair = new SignatureKeyPair<>(new SPSPOSVerificationKey((GroupElement[]) Arrays.stream(zpElementArr).map(zpElement -> {
            return this.pp.getG1GroupGenerator().pow(zpElement).compute();
        }).toArray(i4 -> {
            return new GroupElement[i4];
        }), compute), new SPSPOSSigningKey(zpElementArr, uniformlyRandomNonzeroElement));
        updateOneTimeKey(signatureKeyPair);
        return signatureKeyPair;
    }

    public void updateOneTimeKey(SignatureKeyPair<SPSPOSVerificationKey, SPSPOSSigningKey> signatureKeyPair) {
        Zp.ZpElement uniformlyRandomElement = this.pp.getZp().getUniformlyRandomElement();
        GroupElement compute = this.pp.getG1GroupGenerator().pow(uniformlyRandomElement).compute();
        signatureKeyPair.getSigningKey().setOneTimeKey(uniformlyRandomElement);
        signatureKeyPair.getVerificationKey().setOneTimeKey(compute);
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public SPSPOSSignature sign(PlainText plainText, SigningKey signingKey) {
        if (!(signingKey instanceof SPSPOSSigningKey)) {
            throw new IllegalArgumentException("Not a valid signing key for this scheme");
        }
        SPSPOSSigningKey sPSPOSSigningKey = (SPSPOSSigningKey) signingKey;
        return sign(plainText, sPSPOSSigningKey, sPSPOSSigningKey.getOneTimeKey());
    }

    public SPSPOSSignature sign(PlainText plainText, SigningKey signingKey, Zp.ZpElement zpElement) {
        if (plainText instanceof GroupElementPlainText) {
            plainText = new MessageBlock(plainText);
        }
        doMessageChecks(plainText, this.pp.getMessageLength().intValue(), this.pp.getG2GroupGenerator().getStructure());
        if (!(signingKey instanceof SPSPOSSigningKey)) {
            throw new IllegalArgumentException("Not a valid signing key for this scheme");
        }
        MessageBlock messageBlock = (MessageBlock) plainText;
        SPSPOSSigningKey sPSPOSSigningKey = (SPSPOSSigningKey) signingKey;
        Zp.ZpElement uniformlyRandomNonzeroElement = this.pp.getZp().getUniformlyRandomNonzeroElement();
        GroupElement compute = this.pp.getG2GroupGenerator().pow(uniformlyRandomNonzeroElement).compute();
        GroupElement pow = this.pp.getG2GroupGenerator().pow(zpElement.sub(uniformlyRandomNonzeroElement.mul(sPSPOSSigningKey.getExponentW())));
        for (int i = 0; i < messageBlock.length(); i++) {
            pow = pow.op(((GroupElementPlainText) messageBlock.get(i)).get().pow(sPSPOSSigningKey.getExponentsChi()[i].neg()));
        }
        pow.compute();
        return new SPSPOSSignature(compute, pow);
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public Boolean verify(PlainText plainText, Signature signature, VerificationKey verificationKey) {
        if (verificationKey instanceof SPSPOSVerificationKey) {
            return verify(plainText, signature, verificationKey, ((SPSPOSVerificationKey) verificationKey).getOneTimeKey());
        }
        throw new IllegalArgumentException("Not a valid signing key for this scheme");
    }

    public Boolean verify(PlainText plainText, Signature signature, VerificationKey verificationKey, GroupElement groupElement) {
        if (plainText instanceof GroupElementPlainText) {
            plainText = new MessageBlock(plainText);
        }
        doMessageChecks(plainText, this.pp.getMessageLength().intValue(), this.pp.getG2GroupGenerator().getStructure());
        if (!(verificationKey instanceof SPSPOSVerificationKey)) {
            throw new IllegalArgumentException("Not a valid signing key for this scheme");
        }
        if (!(signature instanceof SPSPOSSignature)) {
            throw new IllegalArgumentException("Not a valid signing key for this scheme");
        }
        MessageBlock messageBlock = (MessageBlock) plainText;
        SPSPOSVerificationKey sPSPOSVerificationKey = (SPSPOSVerificationKey) verificationKey;
        SPSPOSSignature sPSPOSSignature = (SPSPOSSignature) signature;
        BilinearMap bilinearMap = this.pp.getBilinearMap();
        GroupElement compute = bilinearMap.apply(groupElement, this.pp.getG2GroupGenerator()).compute();
        GroupElement op = bilinearMap.apply(sPSPOSVerificationKey.getGroup1ElementW(), sPSPOSSignature.getGroup2ElementZ()).op(bilinearMap.apply(this.pp.getG1GroupGenerator(), sPSPOSSignature.getGroup2ElementR()));
        for (int i = 0; i < messageBlock.length(); i++) {
            op = op.op(bilinearMap.apply(sPSPOSVerificationKey.getGroup1ElementsChi()[i], ((GroupElementPlainText) messageBlock.get(i)).get()));
        }
        op.compute();
        return Boolean.valueOf(compute.equals(op));
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public PlainText restorePlainText(Representation representation) {
        return new MessageBlock(representation, representation2 -> {
            return new GroupElementPlainText(representation2, this.pp.getG2GroupGenerator().getStructure());
        });
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public Signature restoreSignature(Representation representation) {
        return new SPSPOSSignature(representation, this.pp.getG2GroupGenerator().getStructure());
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public SigningKey restoreSigningKey(Representation representation) {
        return new SPSPOSSigningKey(representation, this.pp.getZp());
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public VerificationKey restoreVerificationKey(Representation representation) {
        return new SPSPOSVerificationKey(representation, this.pp.getG1GroupGenerator().getStructure());
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public PlainText mapToPlaintext(byte[] bArr, VerificationKey verificationKey) {
        if (this.pp == null) {
            throw new NullPointerException("Number of messages is stored in public parameters but they are not set");
        }
        return mapToPlainText(bArr, this.pp.getMessageLength().intValue());
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public PlainText mapToPlaintext(byte[] bArr, SigningKey signingKey) {
        if (this.pp == null) {
            throw new NullPointerException("Number of messages is stored in public parameters but they are not set");
        }
        return mapToPlainText(bArr, this.pp.getMessageLength().intValue());
    }

    private MessageBlock mapToPlainText(byte[] bArr, int i) {
        GroupElementPlainText[] groupElementPlainTextArr = new GroupElementPlainText[i];
        groupElementPlainTextArr[0] = new GroupElementPlainText(this.pp.getG2GroupGenerator().pow(this.pp.getZp().injectiveValueOf(bArr)));
        for (int i2 = 1; i2 < i; i2++) {
            groupElementPlainTextArr[i2] = new GroupElementPlainText(this.pp.getG2GroupGenerator());
        }
        return new MessageBlock(groupElementPlainTextArr);
    }

    @Override // org.cryptimeleon.craco.sig.SignatureScheme
    public int getMaxNumberOfBytesForMapToPlaintext() {
        return (this.pp.getG2GroupGenerator().getStructure().size().bitLength() - 1) / 8;
    }

    public Representation getRepresentation() {
        return ReprUtil.serialize(this);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return Objects.equals(this.pp, ((SPSPOSSignatureScheme) obj).pp);
    }

    public int hashCode() {
        return Objects.hash(this.pp);
    }
}
