package org.hyperledger.fabric.sdk.security;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.security.auth.x500.X500Principal;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.io.FileUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequenceGenerator;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.hyperledger.fabric.sdk.exception.CryptoException;
import org.hyperledger.fabric.sdk.exception.InvalidArgumentException;
import org.hyperledger.fabric.sdk.helper.Config;
import org.hyperledger.fabric.sdk.helper.DiagnosticFileDumper;
import org.hyperledger.fabric.sdk.helper.Utils;
import org.hyperledger.fabric_ca.sdk.HFCAClient;

/* loaded from: input_file:org/hyperledger/fabric/sdk/security/CryptoPrimitives.class */
public class CryptoPrimitives implements CryptoSuite {
    private static final Log logger = LogFactory.getLog(CryptoPrimitives.class);
    private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new BouncyCastleProvider();
    private static final Config config = Config.getConfig();
    private static final boolean IS_TRACE_LEVEL = logger.isTraceEnabled();
    private static final DiagnosticFileDumper diagnosticFileDumper;
    private String curveName;
    private CertificateFactory cf;
    private static final long X509_RECHECK_MILLIS;
    private String hashAlgorithm = config.getHashAlgorithm();
    private int securityLevel = config.getSecurityLevel();
    private String CERTIFICATE_FORMAT = config.getCertificateFormat();
    private String DEFAULT_SIGNATURE_ALGORITHM = config.getSignatureAlgorithm();
    private Map<Integer, String> securityCurveMapping = config.getSecurityCurveMapping();
    private KeyStore trustStore = null;
    final Set<String> certificateSet = ConcurrentHashMap.newKeySet();
    private final AtomicBoolean inited = new AtomicBoolean(false);
    private final LoadingCache<CertKey, CertValue> x509Cache = CacheBuilder.newBuilder().maximumSize(1000).build(new CacheLoader<CertKey, CertValue>() { // from class: org.hyperledger.fabric.sdk.security.CryptoPrimitives.1
        public CertValue load(CertKey certKey) {
            return new CertValue(certKey);
        }
    });
    private Provider SECURITY_PROVIDER = setUpExplicitProvider(config.getSecurityProviderClassName());

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/hyperledger/fabric/sdk/security/CryptoPrimitives$CertKey.class */
    public static class CertKey {
        final int hashCode;
        final byte[] pemData;

        CertKey(byte[] bArr) {
            this.pemData = (byte[]) bArr.clone();
            this.hashCode = Arrays.hashCode(bArr);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof CertKey)) {
                return false;
            }
            CertKey certKey = (CertKey) obj;
            return this.hashCode == certKey.hashCode && Arrays.equals(this.pemData, certKey.pemData);
        }

        public int hashCode() {
            return this.hashCode;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/hyperledger/fabric/sdk/security/CryptoPrimitives$CertValue.class */
    public class CertValue {
        final CertKey key;
        X509Certificate x509 = null;
        boolean isValid = false;
        long nextCheckTime = Long.MIN_VALUE;

        CertValue(CertKey certKey) {
            this.key = certKey;
        }

        public synchronized X509Certificate getValid() throws CryptoException {
            if (isValid()) {
                return getX509();
            }
            return null;
        }

        public synchronized X509Certificate getX509() throws CryptoException {
            if (this.x509 == null) {
                try {
                    this.x509 = CryptoPrimitives.this.getX509CertificateInternal(this.key.pemData);
                } catch (CryptoException e) {
                    this.isValid = false;
                    this.nextCheckTime = System.currentTimeMillis() + CryptoPrimitives.X509_RECHECK_MILLIS;
                    CryptoPrimitives.logger.error("Unable to recover X.509 certificate from provided binary data", e);
                    throw e;
                }
            }
            return this.x509;
        }

        public synchronized boolean isValid() throws CryptoException {
            long currentTimeMillis = System.currentTimeMillis();
            if (this.nextCheckTime >= currentTimeMillis) {
                return this.isValid;
            }
            this.nextCheckTime = currentTimeMillis + CryptoPrimitives.X509_RECHECK_MILLIS;
            this.isValid = CryptoPrimitives.this.validateCertificate(getX509());
            return this.isValid;
        }
    }

    Provider setUpExplicitProvider(String str) throws InstantiationException, ClassNotFoundException, IllegalAccessException {
        if (null == str) {
            throw new InstantiationException(String.format("Security provider class name property (%s) set to null  ", Config.SECURITY_PROVIDER_CLASS_NAME));
        }
        if (CryptoSuiteFactory.DEFAULT_JDK_PROVIDER.equals(str)) {
            return null;
        }
        Class<?> cls = Class.forName(str);
        if (Provider.class.isAssignableFrom(cls)) {
            return (Provider) cls.newInstance();
        }
        throw new InstantiationException(String.format("Class for security provider %s is not a Java security provider", cls.getName()));
    }

    @Override // org.hyperledger.fabric.sdk.security.CryptoSuite
    public Certificate bytesToCertificate(byte[] bArr) throws CryptoException {
        if (bArr == null || bArr.length == 0) {
            throw new CryptoException("bytesToCertificate: input null or zero length");
        }
        return getX509Certificate(bArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public X509Certificate getX509CertificateInternal(byte[] bArr) throws CryptoException {
        X509Certificate x509Certificate = null;
        CryptoException cryptoException = null;
        LinkedList linkedList = new LinkedList(Arrays.asList(Security.getProviders()));
        if (this.SECURITY_PROVIDER != null) {
            linkedList.add(this.SECURITY_PROVIDER);
        }
        linkedList.add(BOUNCY_CASTLE_PROVIDER);
        Iterator it = linkedList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Provider provider = (Provider) it.next();
            if (null != provider) {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance(this.CERTIFICATE_FORMAT, provider);
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                    try {
                        Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
                        if (generateCertificate instanceof X509Certificate) {
                            x509Certificate = (X509Certificate) generateCertificate;
                            cryptoException = null;
                            byteArrayInputStream.close();
                            break;
                        }
                        byteArrayInputStream.close();
                    } finally {
                        try {
                            break;
                        } catch (Throwable th) {
                        }
                    }
                } catch (Exception e) {
                    cryptoException = new CryptoException(e.getMessage(), e);
                }
            }
        }
        if (null != cryptoException) {
            throw cryptoException;
        }
        if (x509Certificate == null) {
            logger.error("Could not convert pem bytes");
        }
        return x509Certificate;
    }

    private X509Certificate getX509Certificate(byte[] bArr) throws CryptoException {
        return getCertificateValue(bArr).getX509();
    }

    public PrivateKey bytesToPrivateKey(byte[] bArr) throws CryptoException {
        PrivateKey privateKey;
        try {
            PemObject readPemObject = new PemReader(new StringReader(new String(bArr))).readPemObject();
            PEMParser pEMParser = new PEMParser(new StringReader(new String(bArr)));
            if (readPemObject.getType().equals("PRIVATE KEY")) {
                privateKey = new JcaPEMKeyConverter().getPrivateKey((PrivateKeyInfo) pEMParser.readObject());
            } else {
                logger.trace("Found private key with type " + readPemObject.getType());
                privateKey = new JcaPEMKeyConverter().getPrivateKey(((PEMKeyPair) pEMParser.readObject()).getPrivateKeyInfo());
            }
            return privateKey;
        } catch (Exception e) {
            throw new CryptoException("Failed to convert private key bytes", e);
        }
    }

    @Override // org.hyperledger.fabric.sdk.security.CryptoSuite
    public boolean verify(byte[] bArr, String str, byte[] bArr2, byte[] bArr3) throws CryptoException {
        boolean z = false;
        if (bArr3 == null || bArr2 == null || bArr == null) {
            return false;
        }
        if (config.extraLogLevel(10) && null != diagnosticFileDumper) {
            logger.trace("verify :  " + diagnosticFileDumper.createDiagnosticFile("plaintext in hex: " + DatatypeConverter.printHexBinary(bArr3) + "\nsignature in hex: " + DatatypeConverter.printHexBinary(bArr2) + "\nPEM cert in hex: " + DatatypeConverter.printHexBinary(bArr)));
        }
        X509Certificate validCertificate = getValidCertificate(bArr);
        if (validCertificate != null) {
            try {
                Signature signature = Signature.getInstance(str);
                signature.initVerify(validCertificate);
                signature.update(bArr3);
                z = signature.verify(bArr2);
            } catch (InvalidKeyException e) {
                CryptoException cryptoException = new CryptoException("Cannot verify signature. Error is: " + e.getMessage() + "\r\nCertificate: " + DatatypeConverter.printHexBinary(bArr), e);
                logger.error(cryptoException.getMessage(), cryptoException);
                throw cryptoException;
            } catch (NoSuchAlgorithmException | SignatureException e2) {
                CryptoException cryptoException2 = new CryptoException("Cannot verify. Signature algorithm is invalid. Error is: " + e2.getMessage(), e2);
                logger.error(cryptoException2.getMessage(), cryptoException2);
                throw cryptoException2;
            }
        }
        return z;
    }

    private void createTrustStore() throws CryptoException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            setTrustStore(keyStore);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException | InvalidArgumentException e) {
            throw new CryptoException("Cannot create trust store. Error: " + e.getMessage(), e);
        }
    }

    private void setTrustStore(KeyStore keyStore) throws InvalidArgumentException {
        if (keyStore == null) {
            throw new InvalidArgumentException("Need to specify a java.security.KeyStore input parameter");
        }
        this.trustStore = keyStore;
    }

    public KeyStore getTrustStore() throws CryptoException {
        if (this.trustStore == null) {
            createTrustStore();
        }
        return this.trustStore;
    }

    public void addCACertificateToTrustStore(File file, String str) throws CryptoException, InvalidArgumentException {
        if (file == null) {
            throw new InvalidArgumentException("The certificate cannot be null");
        }
        if (str == null || str.isEmpty()) {
            throw new InvalidArgumentException("You must assign an alias to a certificate when adding to the trust store");
        }
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(FileUtils.readFileToByteArray(file)));
            try {
                addCACertificateToTrustStore(this.cf.generateCertificate(bufferedInputStream), str);
                bufferedInputStream.close();
            } finally {
            }
        } catch (IOException | CertificateException e) {
            throw new CryptoException("Unable to add CA certificate to trust store. Error: " + e.getMessage(), e);
        }
    }

    public void addCACertificatesToTrustStore(BufferedInputStream bufferedInputStream) throws CryptoException, InvalidArgumentException {
        if (bufferedInputStream == null) {
            throw new InvalidArgumentException("The certificate stream bis cannot be null");
        }
        try {
            Iterator<? extends Certificate> it = this.cf.generateCertificates(bufferedInputStream).iterator();
            while (it.hasNext()) {
                addCACertificateToTrustStore(it.next());
            }
        } catch (CertificateException e) {
            throw new CryptoException("Unable to add CA certificate to trust store. Error: " + e.getMessage(), e);
        }
    }

    private void addCACertificateToTrustStore(Certificate certificate) throws InvalidArgumentException, CryptoException {
        addCACertificateToTrustStore(certificate, certificate instanceof X509Certificate ? ((X509Certificate) certificate).getSerialNumber().toString() : Integer.toString(certificate.hashCode()));
    }

    void addCACertificateToTrustStore(Certificate certificate, String str) throws InvalidArgumentException, CryptoException {
        if (str == null || str.isEmpty()) {
            throw new InvalidArgumentException("You must assign an alias to a certificate when adding to the trust store.");
        }
        if (certificate == null) {
            throw new InvalidArgumentException("Certificate cannot be null.");
        }
        try {
            if (config.extraLogLevel(10) && null != diagnosticFileDumper) {
                logger.trace(String.format("Adding cert to trust store. alias: %s. certificate:", str) + diagnosticFileDumper.createDiagnosticFile(str + "cert: " + certificate.toString()));
            }
            synchronized (this.certificateSet) {
                if (this.certificateSet.contains(str)) {
                    return;
                }
                getTrustStore().setCertificateEntry(str, certificate);
                this.certificateSet.add(str);
            }
        } catch (KeyStoreException e) {
            String str2 = "Unable to add CA certificate to trust store. Error: " + e.getMessage();
            logger.error(str2, e);
            throw new CryptoException(str2, e);
        }
    }

    @Override // org.hyperledger.fabric.sdk.security.CryptoSuite
    public void loadCACertificates(Collection<Certificate> collection) throws CryptoException {
        if (collection == null || collection.size() == 0) {
            throw new CryptoException("Unable to load CA certificates. List is empty");
        }
        try {
            Iterator<Certificate> it = collection.iterator();
            while (it.hasNext()) {
                addCACertificateToTrustStore(it.next());
            }
        } catch (InvalidArgumentException e) {
            throw new CryptoException("Unable to add certificate to trust store. Error: " + e.getMessage(), e);
        }
    }

    @Override // org.hyperledger.fabric.sdk.security.CryptoSuite
    public void loadCACertificatesAsBytes(Collection<byte[]> collection) throws CryptoException {
        if (collection == null || collection.size() == 0) {
            throw new CryptoException("List of CA certificates is empty. Nothing to load.");
        }
        ArrayList arrayList = new ArrayList();
        Iterator<byte[]> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(bytesToCertificate(it.next()));
        }
        loadCACertificates(arrayList);
    }

    public void addClientCACertificateToTrustStore(byte[] bArr, byte[] bArr2, String str) throws CryptoException, IllegalArgumentException {
        if (bArr == null) {
            throw new IllegalArgumentException("Client key byte input stream is required.");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("Client certificate byte input stream is required.");
        }
        try {
            Certificate bytesToCertificate = bytesToCertificate(bArr2);
            getTrustStore().setKeyEntry(bytesToCertificate instanceof X509Certificate ? ((X509Certificate) bytesToCertificate).getSerialNumber().toString() : Integer.toString(bytesToCertificate.hashCode()), bytesToPrivateKey(bArr), str == null ? new char[0] : str.toCharArray(), new Certificate[]{bytesToCertificate});
        } catch (KeyStoreException e) {
            throw new CryptoException("Unable to add client CA certificate to trust store.", e);
        }
    }

    boolean validateCertificate(byte[] bArr) {
        if (bArr == null) {
            return false;
        }
        try {
            return ((CertValue) this.x509Cache.get(new CertKey(bArr))).isValid();
        } catch (ExecutionException | CryptoException e) {
            logger.error("Cannot validate certificate. Error is: " + e.getMessage() + "\r\nCertificate (PEM, hex): " + DatatypeConverter.printHexBinary(bArr));
            return false;
        }
    }

    boolean validateCertificate(Certificate certificate) {
        boolean z;
        if (certificate == null) {
            return false;
        }
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(getTrustStore());
            pKIXParameters.setRevocationEnabled(false);
            CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
            ArrayList arrayList = new ArrayList();
            arrayList.add(certificate);
            certPathValidator.validate(CertificateFactory.getInstance(this.CERTIFICATE_FORMAT).generateCertPath(arrayList), pKIXParameters);
            z = true;
        } catch (InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | CertPathValidatorException | CertificateException | CryptoException e) {
            logger.error("Cannot validate certificate. Error is: " + e.getMessage() + "\r\nCertificate" + certificate.toString());
            z = false;
        }
        return z;
    }

    void setSecurityLevel(int i) throws InvalidArgumentException {
        logger.trace(String.format("setSecurityLevel to %d", Integer.valueOf(i)));
        if (this.securityCurveMapping.isEmpty()) {
            throw new InvalidArgumentException("Security curve mapping has no entries.");
        }
        if (!this.securityCurveMapping.containsKey(Integer.valueOf(i))) {
            StringBuilder sb = new StringBuilder();
            String str = HFCAClient.DEFAULT_PROFILE_NAME;
            Iterator<Integer> it = this.securityCurveMapping.keySet().iterator();
            while (it.hasNext()) {
                sb.append(str).append(it.next().intValue());
                str = ", ";
            }
            throw new InvalidArgumentException(String.format("Illegal security level: %d. Valid values are: %s", Integer.valueOf(i), sb.toString()));
        }
        String str2 = this.securityCurveMapping.get(Integer.valueOf(i));
        logger.debug(String.format("Mapped curve strength %d to %s", Integer.valueOf(i), str2));
        if (ECNamedCurveTable.getByName(str2) == null) {
            InvalidArgumentException invalidArgumentException = new InvalidArgumentException(String.format("Curve %s defined for security strength %d was not found.", this.curveName, Integer.valueOf(i)));
            logger.error(invalidArgumentException);
            throw invalidArgumentException;
        }
        this.curveName = str2;
        this.securityLevel = i;
    }

    void setHashAlgorithm(String str) throws InvalidArgumentException {
        if (Utils.isNullOrEmpty(str) || !("SHA2".equals(str) || "SHA3".equals(str))) {
            throw new InvalidArgumentException("Illegal Hash function family: " + str + " - must be either SHA2 or SHA3");
        }
        this.hashAlgorithm = str;
    }

    @Override // org.hyperledger.fabric.sdk.security.CryptoSuite
    public KeyPair keyGen() throws CryptoException {
        return ecdsaKeyGen();
    }

    private KeyPair ecdsaKeyGen() throws CryptoException {
        return generateKey("EC", this.curveName);
    }

    private KeyPair generateKey(String str, String str2) throws CryptoException {
        try {
            ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(str2);
            KeyPairGenerator keyPairGenerator = this.SECURITY_PROVIDER == null ? KeyPairGenerator.getInstance(str) : KeyPairGenerator.getInstance(str, this.SECURITY_PROVIDER);
            keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            throw new CryptoException("Unable to generate key pair", e);
        }
    }

    private static BigInteger[] decodeECDSASignature(byte[] bArr) throws Exception {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            ASN1Sequence readObject = new ASN1InputStream(byteArrayInputStream).readObject();
            BigInteger[] bigIntegerArr = new BigInteger[2];
            int i = 0;
            if (readObject instanceof ASN1Sequence) {
                for (ASN1Encodable aSN1Encodable : readObject.toArray()) {
                    ASN1Integer aSN1Primitive = aSN1Encodable.toASN1Primitive();
                    if (aSN1Primitive instanceof ASN1Integer) {
                        BigInteger value = aSN1Primitive.getValue();
                        if (i < 2) {
                            bigIntegerArr[i] = value;
                        }
                        i++;
                    }
                }
            }
            if (i != 2) {
                throw new CryptoException(String.format("Invalid ECDSA signature. Expected count of 2 but got: %d. Signature is: %s", Integer.valueOf(i), DatatypeConverter.printHexBinary(bArr)));
            }
            byteArrayInputStream.close();
            return bigIntegerArr;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private byte[] ecdsaSignToBytes(ECPrivateKey eCPrivateKey, byte[] bArr) throws CryptoException {
        if (bArr == null) {
            throw new CryptoException("Data that to be signed is null.");
        }
        if (bArr.length == 0) {
            throw new CryptoException("Data to be signed was empty.");
        }
        try {
            BigInteger n = ECNamedCurveTable.getByName(this.curveName).getN();
            Signature signature = this.SECURITY_PROVIDER == null ? Signature.getInstance(this.DEFAULT_SIGNATURE_ALGORITHM) : Signature.getInstance(this.DEFAULT_SIGNATURE_ALGORITHM, this.SECURITY_PROVIDER);
            signature.initSign(eCPrivateKey);
            signature.update(bArr);
            BigInteger[] preventMalleability = preventMalleability(decodeECDSASignature(signature.sign()), n);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                DERSequenceGenerator dERSequenceGenerator = new DERSequenceGenerator(byteArrayOutputStream);
                dERSequenceGenerator.addObject(new ASN1Integer(preventMalleability[0]));
                dERSequenceGenerator.addObject(new ASN1Integer(preventMalleability[1]));
                dERSequenceGenerator.close();
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                return byteArray;
            } finally {
            }
        } catch (Exception e) {
            throw new CryptoException("Could not sign the message using private key", e);
        }
    }

    @Override // org.hyperledger.fabric.sdk.security.CryptoSuite
    public byte[] sign(PrivateKey privateKey, byte[] bArr) throws CryptoException {
        return ecdsaSignToBytes((ECPrivateKey) privateKey, bArr);
    }

    private BigInteger[] preventMalleability(BigInteger[] bigIntegerArr, BigInteger bigInteger) {
        BigInteger divide = bigInteger.divide(BigInteger.valueOf(2L));
        BigInteger bigInteger2 = bigIntegerArr[1];
        if (bigInteger2.compareTo(divide) > 0) {
            bigIntegerArr[1] = bigInteger.subtract(bigInteger2);
        }
        return bigIntegerArr;
    }

    @Override // org.hyperledger.fabric.sdk.security.CryptoSuite
    public String generateCertificationRequest(String str, KeyPair keyPair) throws InvalidArgumentException {
        try {
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal("CN=" + str), keyPair.getPublic());
            JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder("SHA256withECDSA");
            if (null != this.SECURITY_PROVIDER) {
                jcaContentSignerBuilder.setProvider(this.SECURITY_PROVIDER);
            }
            return certificationRequestToPEM(jcaPKCS10CertificationRequestBuilder.build(jcaContentSignerBuilder.build(keyPair.getPrivate())));
        } catch (Exception e) {
            logger.error(e);
            throw new InvalidArgumentException(e);
        }
    }

    private String certificationRequestToPEM(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        PemObject pemObject = new PemObject("CERTIFICATE REQUEST", pKCS10CertificationRequest.getEncoded());
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        jcaPEMWriter.writeObject(pemObject);
        jcaPEMWriter.close();
        stringWriter.close();
        return stringWriter.toString();
    }

    @Override // org.hyperledger.fabric.sdk.security.CryptoSuite
    public byte[] hash(byte[] bArr) {
        Digest hashDigest = getHashDigest();
        byte[] bArr2 = new byte[hashDigest.getDigestSize()];
        hashDigest.update(bArr, 0, bArr.length);
        hashDigest.doFinal(bArr2, 0);
        return bArr2;
    }

    @Override // org.hyperledger.fabric.sdk.security.CryptoSuite
    public CryptoSuiteFactory getCryptoSuiteFactory() {
        return HLSDKJCryptoSuiteFactory.instance();
    }

    public void init() throws CryptoException, InvalidArgumentException {
        if (this.inited.getAndSet(true)) {
            throw new InvalidArgumentException("Crypto suite already initialized");
        }
        resetConfiguration();
    }

    private Digest getHashDigest() {
        return "SHA3".equals(this.hashAlgorithm) ? new SHA3Digest() : new SHA256Digest();
    }

    private void resetConfiguration() throws CryptoException, InvalidArgumentException {
        setSecurityLevel(this.securityLevel);
        setHashAlgorithm(this.hashAlgorithm);
        try {
            this.cf = CertificateFactory.getInstance(this.CERTIFICATE_FORMAT);
        } catch (CertificateException e) {
            CryptoException cryptoException = new CryptoException("Cannot initialize " + this.CERTIFICATE_FORMAT + " certificate factory. Error = " + e.getMessage(), e);
            logger.error(cryptoException.getMessage(), cryptoException);
            throw cryptoException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProperties(Properties properties) throws CryptoException, InvalidArgumentException {
        if (properties == null) {
            throw new InvalidArgumentException("properties must not be null");
        }
        this.hashAlgorithm = (String) Optional.ofNullable(properties.getProperty(Config.HASH_ALGORITHM)).orElse(this.hashAlgorithm);
        this.securityLevel = Integer.parseInt((String) Optional.ofNullable(properties.getProperty(Config.SECURITY_LEVEL)).orElse(Integer.toString(this.securityLevel)));
        if (properties.containsKey(Config.SECURITY_CURVE_MAPPING)) {
            this.securityCurveMapping = Config.parseSecurityCurveMappings(properties.getProperty(Config.SECURITY_CURVE_MAPPING));
        } else {
            this.securityCurveMapping = config.getSecurityCurveMapping();
        }
        String property = properties.containsKey(Config.SECURITY_PROVIDER_CLASS_NAME) ? properties.getProperty(Config.SECURITY_PROVIDER_CLASS_NAME) : config.getSecurityProviderClassName();
        try {
            this.SECURITY_PROVIDER = setUpExplicitProvider(property);
            this.CERTIFICATE_FORMAT = (String) Optional.ofNullable(properties.getProperty(Config.CERTIFICATE_FORMAT)).orElse(this.CERTIFICATE_FORMAT);
            this.DEFAULT_SIGNATURE_ALGORITHM = (String) Optional.ofNullable(properties.getProperty(Config.SIGNATURE_ALGORITHM)).orElse(this.DEFAULT_SIGNATURE_ALGORITHM);
            resetConfiguration();
        } catch (Exception e) {
            throw new InvalidArgumentException(String.format("Getting provider for class name: %s", property), e);
        }
    }

    @Override // org.hyperledger.fabric.sdk.security.CryptoSuite
    public Properties getProperties() {
        Properties properties = new Properties();
        properties.setProperty(Config.HASH_ALGORITHM, this.hashAlgorithm);
        properties.setProperty(Config.SECURITY_LEVEL, Integer.toString(this.securityLevel));
        properties.setProperty(Config.CERTIFICATE_FORMAT, this.CERTIFICATE_FORMAT);
        properties.setProperty(Config.SIGNATURE_ALGORITHM, this.DEFAULT_SIGNATURE_ALGORITHM);
        return properties;
    }

    public byte[] certificateToDER(String str) {
        byte[] bArr = null;
        try {
            PemReader pemReader = new PemReader(new StringReader(str));
            try {
                bArr = pemReader.readPemObject().getContent();
                pemReader.close();
            } finally {
            }
        } catch (IOException e) {
        }
        return bArr;
    }

    public void clearCertificateCache() {
        this.x509Cache.invalidateAll();
    }

    private CertValue getCertificateValue(byte[] bArr) throws CryptoException {
        try {
            return (CertValue) this.x509Cache.get(new CertKey(bArr));
        } catch (ExecutionException e) {
            Throwable cause = e.getCause();
            if (cause instanceof CryptoException) {
                throw ((CryptoException) cause);
            }
            if (cause instanceof Exception) {
                throw new CryptoException("Error whilst processing certificate", (Exception) cause);
            }
            throw new CryptoException("Error whilst processing certificate", e);
        }
    }

    private X509Certificate getValidCertificate(byte[] bArr) throws CryptoException {
        return getCertificateValue(bArr).getValid();
    }

    static {
        diagnosticFileDumper = IS_TRACE_LEVEL ? config.getDiagnosticFileDumper() : null;
        X509_RECHECK_MILLIS = TimeUnit.MINUTES.toMillis(30L);
    }
}
