package org.chainmaker.sdk.crypto;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.collections.CollectionUtils;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.ec.CurveDB;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;

/* loaded from: input_file:org/chainmaker/sdk/crypto/ChainmakerX509CryptoSuite.class */
public class ChainmakerX509CryptoSuite implements CryptoSuite {
    private static final String HASH_ALGORITHM = "SHA256";
    private static final String CERTIFICATE_FORMAT = "X.509";
    private static final String ALGORITHM_SM2_KEY = "SM3withSM2";
    private static final String ALGORITHM_RSA = "SHA256withRSA";
    private static String algorithm;
    private static final Logger logger = LoggerFactory.getLogger(ChainmakerX509CryptoSuite.class);
    private static final List<String> HASH_TYPE_SET;
    private static final String curveName = "secp384r1";
    private KeyStore trustStore = null;

    public static ChainmakerX509CryptoSuite newInstance() throws ChainMakerCryptoSuiteException {
        return new ChainmakerX509CryptoSuite();
    }

    private ChainmakerX509CryptoSuite() throws ChainMakerCryptoSuiteException {
        createTrustStore();
    }

    @Override // org.chainmaker.sdk.crypto.CryptoSuite
    public void loadCACertificates(Collection<Certificate> collection) throws ChainMakerCryptoSuiteException {
        if (CollectionUtils.isEmpty(collection)) {
            throw new ChainMakerCryptoSuiteException("Unable to load CA certificates. List is empty");
        }
        try {
            Iterator<Certificate> it = collection.iterator();
            while (it.hasNext()) {
                addCACertificateToTrustStore(it.next());
            }
        } catch (Exception e) {
            throw new ChainMakerCryptoSuiteException(e.toString());
        }
    }

    @Override // org.chainmaker.sdk.crypto.CryptoSuite
    public void loadCACertificatesAsBytes(Collection<byte[]> collection) throws ChainMakerCryptoSuiteException {
        if (CollectionUtils.isEmpty(collection)) {
            throw new ChainMakerCryptoSuiteException("List of CA certificates is empty. Nothing to load.");
        }
        ArrayList arrayList = new ArrayList();
        Iterator<byte[]> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(getCertificateFromBytes(it.next()));
        }
        loadCACertificates(arrayList);
    }

    private void addCACertificateToTrustStore(Certificate certificate) throws ChainMakerCryptoSuiteException {
        addCACertificateToTrustStore(certificate, certificate instanceof X509Certificate ? ((X509Certificate) certificate).getSerialNumber().toString() : Integer.toString(certificate.hashCode()));
    }

    private void addCACertificateToTrustStore(Certificate certificate, String str) throws ChainMakerCryptoSuiteException {
        if (str == null || str.isEmpty()) {
            throw new ChainMakerCryptoSuiteException("You must assign an alias to a certificate when adding to the trust store.");
        }
        if (certificate == null) {
            throw new ChainMakerCryptoSuiteException("Certificate cannot be null.");
        }
        try {
            if (this.trustStore.containsAlias(str)) {
                return;
            }
            this.trustStore.setCertificateEntry(str, certificate);
        } catch (KeyStoreException e) {
            throw new ChainMakerCryptoSuiteException(e.toString());
        }
    }

    private void createTrustStore() throws ChainMakerCryptoSuiteException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            this.trustStore = keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new ChainMakerCryptoSuiteException(e.toString());
        }
    }

    @Override // org.chainmaker.sdk.crypto.CryptoSuite
    public KeyPair keyGen() throws ChainMakerCryptoSuiteException {
        return ecdsaKeyGen();
    }

    private KeyPair ecdsaKeyGen() throws ChainMakerCryptoSuiteException {
        return generateKey("EC", curveName);
    }

    private KeyPair generateKey(String str, String str2) throws ChainMakerCryptoSuiteException {
        try {
            ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(str2);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
            keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            throw new ChainMakerCryptoSuiteException(e.toString());
        }
    }

    @Override // org.chainmaker.sdk.crypto.CryptoSuite
    public byte[] sign(PrivateKey privateKey, byte[] bArr) throws ChainMakerCryptoSuiteException {
        if (bArr == null || bArr.length == 0) {
            throw new ChainMakerCryptoSuiteException("Data that to be signed is null.");
        }
        try {
            Signature signature = Signature.getInstance(algorithm, "BC");
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            throw new ChainMakerCryptoSuiteException(e.toString());
        }
    }

    @Override // org.chainmaker.sdk.crypto.CryptoSuite
    public byte[] rsaSign(PrivateKey privateKey, byte[] bArr) throws ChainMakerCryptoSuiteException {
        if (bArr == null || bArr.length == 0) {
            throw new ChainMakerCryptoSuiteException("Data that to be signed is null.");
        }
        try {
            Signature signature = Signature.getInstance(ALGORITHM_RSA, "BC");
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            throw new ChainMakerCryptoSuiteException(e.toString());
        }
    }

    @Override // org.chainmaker.sdk.crypto.CryptoSuite
    public boolean verify(Certificate certificate, byte[] bArr, byte[] bArr2) throws ChainMakerCryptoSuiteException {
        try {
            Signature signature = Signature.getInstance(algorithm);
            signature.initVerify(certificate);
            signature.update(bArr2);
            return signature.verify(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            logger.error("verify fail : ", e);
            throw new ChainMakerCryptoSuiteException("verify fail fail : " + e.getMessage());
        }
    }

    @Override // org.chainmaker.sdk.crypto.CryptoSuite
    public byte[] hash(byte[] bArr) throws ChainMakerCryptoSuiteException {
        Digest hashDigest = getHashDigest();
        byte[] bArr2 = new byte[hashDigest.getDigestSize()];
        hashDigest.update(bArr, 0, bArr.length);
        hashDigest.doFinal(bArr2, 0);
        return bArr2;
    }

    private Digest getHashDigest() throws ChainMakerCryptoSuiteException {
        if (HASH_TYPE_SET.contains(HASH_ALGORITHM.toUpperCase())) {
            return new SHA256Digest();
        }
        throw new ChainMakerCryptoSuiteException("hash algorithm not support");
    }

    @Override // org.chainmaker.sdk.crypto.CryptoSuite
    public Certificate getCertificateFromBytes(byte[] bArr) throws ChainMakerCryptoSuiteException {
        if (bArr == null || bArr.length == 0) {
            throw new ChainMakerCryptoSuiteException("bytesToCertificate: input null or zero length");
        }
        return getX509Certificate(bArr);
    }

    private static X509Certificate getX509Certificate(byte[] bArr) throws ChainMakerCryptoSuiteException {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(CERTIFICATE_FORMAT, "BC").generateCertificate(new ByteArrayInputStream(bArr));
            if (x509Certificate == null) {
                throw new ChainMakerCryptoSuiteException("can't convert pem bytes");
            }
            algorithm = x509Certificate.getSigAlgName();
            return x509Certificate;
        } catch (NoSuchProviderException | CertificateException e) {
            logger.error("convert pem bytes fail : ", e);
            throw new ChainMakerCryptoSuiteException("convert pem bytes fail : " + e.getMessage());
        }
    }

    private static ECPublicKeyParameters convertPublicKeyToParameters(BCECPublicKey bCECPublicKey) {
        ECParameterSpec parameters = bCECPublicKey.getParameters();
        return new ECPublicKeyParameters(bCECPublicKey.getQ(), new ECDomainParameters(parameters.getCurve(), parameters.getG(), parameters.getN(), parameters.getH()));
    }

    private static void enableX509CertificateWithGM() throws IllegalAccessException, InvocationTargetException, NoSuchFieldException, ClassNotFoundException, IOException {
        Method[] declaredMethods = CurveDB.class.getDeclaredMethods();
        Method method = null;
        Pattern compile = Pattern.compile(",|\\[|\\]");
        for (Method method2 : declaredMethods) {
            if ("add".equals(method2.getName())) {
                method = method2;
            }
        }
        if (method == null) {
            throw new NoSuchFieldException();
        }
        method.setAccessible(true);
        method.invoke(CurveDB.class, "sm2p256v1", "1.2.156.10197.1.301", 1, "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", "28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", "32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", "BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", 1, compile);
        Field declaredField = CurveDB.class.getDeclaredField("specCollection");
        Field declaredField2 = CurveDB.class.getDeclaredField("oidMap");
        declaredField2.setAccessible(true);
        declaredField.setAccessible(true);
        declaredField.set(CurveDB.class, Collections.unmodifiableCollection(((Map) declaredField2.get(CurveDB.class)).values()));
        Field declaredField3 = AlgorithmId.class.getDeclaredField("nameTable");
        declaredField3.setAccessible(true);
        ((HashMap) declaredField3.get(AlgorithmId.class)).put(ObjectIdentifier.newInternal(new int[]{1, 2, 156, 10197, 1, 501}), ALGORITHM_SM2_KEY);
        Field declaredField4 = Class.forName("io.netty.handler.ssl.ExtendedOpenSslSession").getDeclaredField("LOCAL_SUPPORTED_SIGNATURE_ALGORITHMS");
        declaredField4.setAccessible(true);
        Field declaredField5 = Field.class.getDeclaredField("modifiers");
        declaredField5.setAccessible(true);
        declaredField5.setInt(declaredField4, declaredField4.getModifiers() & (-17));
        String[] strArr = (String[]) declaredField4.get(null);
        String[] strArr2 = new String[strArr.length + 1];
        System.arraycopy(strArr, 0, strArr2, 0, strArr.length);
        strArr2[strArr.length] = ALGORITHM_SM2_KEY;
        declaredField4.set(null, strArr2);
        if (System.getProperty("os.name").toLowerCase().startsWith("win")) {
            loadLib("libcrypto-1_1-x64");
            loadLib("libssl-1_1-x64");
        }
    }

    private static void loadLib(String str) throws IOException {
        String str2 = str + ".dll";
        InputStream inputStream = null;
        FileOutputStream fileOutputStream = null;
        File file = new File(System.getProperty("java.io.tmpdir") + File.separator + str2);
        try {
            if (!file.exists()) {
                try {
                    inputStream = ChainmakerX509CryptoSuite.class.getResourceAsStream("/win32-x86-64/" + str2);
                    if (inputStream == null) {
                        inputStream = ChainmakerX509CryptoSuite.class.getResourceAsStream(str2);
                    }
                    ChainmakerX509CryptoSuite.class.getResource(str2);
                    BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
                    fileOutputStream = new FileOutputStream(file);
                    for (byte[] bArr = new byte[1024]; bufferedInputStream.read(bArr) > 0; bArr = new byte[1024]) {
                        fileOutputStream.write(bArr);
                    }
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    if (fileOutputStream != null) {
                        fileOutputStream.close();
                    }
                } catch (IOException e) {
                    e.printStackTrace();
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    if (fileOutputStream != null) {
                        fileOutputStream.close();
                    }
                }
            }
            System.load(file.toString());
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    static {
        try {
            enableX509CertificateWithGM();
        } catch (Exception e) {
            logger.error("CurveDB enableGM err : ", e);
        }
        Security.addProvider(new BouncyCastleProvider());
        HASH_TYPE_SET = Arrays.asList(HASH_ALGORITHM, "SM3", "SHA3");
    }
}
