package com.huawei.wienerchain.security;

import com.huawei.wienerchain.exception.CryptoException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequenceGenerator;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/wienerchain/security/CryptoEcdsa.class */
public class CryptoEcdsa extends CryptoX509 {
    private static final Logger logger = LoggerFactory.getLogger(CryptoEcdsa.class);
    private static final String SIGNATURE_ALGORITHM = "SHA256withECDSA";
    private static final String TYPE = "X.509";
    private static final int COUNT = 2;
    private static final int R_INDEX = 0;
    private static final int S_INDEX = 1;
    private static final String ENCODE_TABLE = "secp256r1";
    private KeyStore keyStore;

    @Override // com.huawei.wienerchain.security.Crypto
    public void loadCaCertificate(String str) throws CryptoException {
        try {
            InputStream newInputStream = Files.newInputStream(new File(str).toPath(), new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    Certificate generateCertificate = CertificateFactory.getInstance(TYPE).generateCertificate(newInputStream);
                    if (this.keyStore == null) {
                        this.keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        this.keyStore.load(null, null);
                    }
                    this.keyStore.setCertificateEntry(generateCertificate instanceof X509Certificate ? ((X509Certificate) generateCertificate).getSerialNumber().toString() : Integer.toString(generateCertificate.hashCode()), generateCertificate);
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new CryptoException("load ca cert error: " + e.getMessage(), e);
        }
    }

    @Override // com.huawei.wienerchain.security.Crypto
    public byte[] sign(byte[] bArr) throws CryptoException {
        PrivateKey privateKey = getPrivateKey();
        if (privateKey == null) {
            throw new CryptoException("Please load private key first");
        }
        try {
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
            signature.initSign(privateKey);
            signature.update(bArr);
            return decodeEcdsaSignature(signature.sign());
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new CryptoException("Sign message error", e);
        }
    }

    @Override // com.huawei.wienerchain.security.Crypto
    public boolean verify(byte[] bArr, byte[] bArr2, byte[] bArr3) throws CryptoException {
        if (this.keyStore == null) {
            throw new CryptoException("Please load ca certificate first! ");
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(TYPE);
            Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(bArr3));
            if (generateCertificate == null) {
                logger.error("Certificate is null. ");
                return false;
            }
            PKIXParameters pKIXParameters = new PKIXParameters(this.keyStore);
            pKIXParameters.setRevocationEnabled(false);
            CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
            ArrayList arrayList = new ArrayList();
            arrayList.add(generateCertificate);
            certPathValidator.validate(certificateFactory.generateCertPath(arrayList), pKIXParameters);
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
            signature.initVerify(generateCertificate);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | CertPathValidatorException | CertificateException e) {
            logger.error("Verify error: ", e);
            return false;
        }
    }

    private static byte[] decodeEcdsaSignature(byte[] bArr) throws CryptoException, IOException {
        ASN1Sequence readObject = new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
        BigInteger[] bigIntegerArr = new BigInteger[2];
        int i = 0;
        if (!(readObject instanceof ASN1Sequence)) {
            throw new CryptoException("the asn1Primitive is not instance of ASN1Sequence");
        }
        for (ASN1Encodable aSN1Encodable : readObject.toArray()) {
            ASN1Integer aSN1Primitive = aSN1Encodable.toASN1Primitive();
            if (aSN1Primitive instanceof ASN1Integer) {
                BigInteger value = aSN1Primitive.getValue();
                if (i < 2) {
                    bigIntegerArr[i] = value;
                }
                i++;
            }
        }
        if (i != 2) {
            throw new CryptoException("Invalid ECDSA signature.");
        }
        X9ECParameters byName = ECNamedCurveTable.getByName(ENCODE_TABLE);
        if (byName == null) {
            throw new CryptoException("Get x9ecParameters error.");
        }
        BigInteger n = byName.getN();
        BigInteger divide = n.divide(BigInteger.valueOf(2L));
        BigInteger bigInteger = bigIntegerArr[1];
        if (bigInteger.compareTo(divide) > 0) {
            bigIntegerArr[1] = n.subtract(bigInteger);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DERSequenceGenerator dERSequenceGenerator = new DERSequenceGenerator(byteArrayOutputStream);
        dERSequenceGenerator.addObject(new ASN1Integer(bigIntegerArr[0]));
        dERSequenceGenerator.addObject(new ASN1Integer(bigIntegerArr[1]));
        dERSequenceGenerator.close();
        return byteArrayOutputStream.toByteArray();
    }

    @Override // com.huawei.wienerchain.security.CryptoX509
    public CertificateFactory getCertificateFactory() throws CryptoException {
        try {
            return CertificateFactory.getInstance(TYPE);
        } catch (CertificateException e) {
            throw new CryptoException("get CertificateFactory error", e);
        }
    }

    @Override // com.huawei.wienerchain.security.Crypto
    public byte[] getHash(byte[] bArr) {
        return getHashSha256(bArr);
    }

    public static byte[] getHashSha256(byte[] bArr) {
        SHA256Digest sHA256Digest = new SHA256Digest();
        byte[] bArr2 = new byte[sHA256Digest.getDigestSize()];
        sHA256Digest.update(bArr, 0, bArr.length);
        sHA256Digest.doFinal(bArr2, 0);
        return bArr2;
    }
}
