package org.hyperledger.fabric.sdk.security;

import io.netty.util.internal.StringUtil;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.interfaces.ECPrivateKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.sec.SECNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.HKDFParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.util.Arrays;
import org.hyperledger.fabric.sdk.exception.CryptoException;
import org.hyperledger.fabric.sdk.helper.SDKUtil;

/* loaded from: input_file:org/hyperledger/fabric/sdk/security/CryptoPrimitives.class */
public class CryptoPrimitives {
    private String hashAlgorithm;
    private int securityLevel;
    private String curveName;
    private static final String SECURITY_PROVIDER = "BC";
    private static final String ASYMMETRIC_KEY_TYPE = "EC";
    private static final String KEY_AGREEMENT_ALGORITHM = "ECDH";
    private static final String SYMMETRIC_KEY_TYPE = "AES";
    private static final int SYMMETRIC_KEY_BYTE_COUNT = 32;
    private static final String SYMMETRIC_ALGORITHM = "AES/CFB/NoPadding";
    private static final int MAC_KEY_BYTE_COUNT = 32;

    public CryptoPrimitives(String str, int i) {
        this.hashAlgorithm = str;
        this.securityLevel = i;
        Security.addProvider(new BouncyCastleProvider());
        init();
    }

    public int getSecurityLevel() {
        return this.securityLevel;
    }

    public void setSecurityLevel(int i) {
        this.securityLevel = i;
    }

    public String getHashAlgorithm() {
        return this.hashAlgorithm;
    }

    public void setHashAlgorithm(String str) {
        this.hashAlgorithm = str;
    }

    public KeyPair ecdsaKeyGen() throws CryptoException {
        return generateKey("ECDSA", this.curveName);
    }

    private KeyPair generateKey(String str, String str2) throws CryptoException {
        try {
            ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(str2);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, SECURITY_PROVIDER);
            keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            throw new CryptoException("Unable to generate key pair", e);
        }
    }

    public byte[] eciesDecrypt(KeyPair keyPair, byte[] bArr) throws CryptoException {
        try {
            int floor = (int) ((Math.floor((this.securityLevel + 7) / 8) * 2.0d) + 1.0d);
            int length = (bArr.length - floor) - (this.securityLevel >> 3);
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, floor);
            byte[] copyOfRange2 = Arrays.copyOfRange(bArr, floor, floor + length);
            byte[] copyOfRange3 = Arrays.copyOfRange(bArr, floor + length, bArr.length);
            ECNamedCurveParameterSpec generateECParameterSpec = generateECParameterSpec();
            PublicKey generatePublic = KeyFactory.getInstance(ASYMMETRIC_KEY_TYPE, SECURITY_PROVIDER).generatePublic(new ECPublicKeySpec(generateECParameterSpec.getCurve().decodePoint(copyOfRange), generateECParameterSpec));
            KeyAgreement keyAgreement = KeyAgreement.getInstance(KEY_AGREEMENT_ALGORITHM, SECURITY_PROVIDER);
            keyAgreement.init(keyPair.getPrivate());
            keyAgreement.doPhase(generatePublic, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            HKDFBytesGenerator hKDFBytesGenerator = new HKDFBytesGenerator(getHashDigest());
            hKDFBytesGenerator.init(new HKDFParameters(generateSecret, (byte[]) null, (byte[]) null));
            byte[] bArr2 = new byte[32];
            hKDFBytesGenerator.generateBytes(bArr2, 0, 32);
            byte[] bArr3 = new byte[32];
            hKDFBytesGenerator.generateBytes(bArr3, 0, 32);
            if (Arrays.areEqual(copyOfRange3, calculateMac(bArr3, copyOfRange2))) {
                return aesDecrypt(bArr2, Arrays.copyOfRange(copyOfRange2, 0, 16), Arrays.copyOfRange(copyOfRange2, 16, copyOfRange2.length));
            }
            throw new RuntimeException("Bad Message Authentication Code!");
        } catch (Exception e) {
            throw new CryptoException("Could not decrypt the message", e);
        }
    }

    private byte[] calculateMac(byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException {
        HMac hMac = new HMac(getHashDigest());
        hMac.init(new KeyParameter(bArr));
        hMac.update(bArr2, 0, bArr2.length);
        byte[] bArr3 = new byte[32];
        hMac.doFinal(bArr3, 0);
        return bArr3;
    }

    private byte[] aesDecrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance(SYMMETRIC_ALGORITHM);
        cipher.init(2, new SecretKeySpec(bArr, SYMMETRIC_KEY_TYPE), new IvParameterSpec(bArr2));
        return cipher.doFinal(bArr3);
    }

    private ECNamedCurveParameterSpec generateECParameterSpec() {
        return ECNamedCurveTable.getParameterSpec(this.curveName);
    }

    /* JADX WARN: Type inference failed for: r0v13, types: [byte[], byte[][]] */
    public byte[][] ecdsaSign(PrivateKey privateKey, byte[] bArr) throws CryptoException {
        try {
            byte[] hash = SDKUtil.hash(bArr, getHashDigest());
            X9ECParameters byName = SECNamedCurves.getByName(this.curveName);
            ECDomainParameters eCDomainParameters = new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN(), byName.getH());
            ECDSASigner eCDSASigner = new ECDSASigner(new HMacDSAKCalculator(new SHA512Digest()));
            eCDSASigner.init(true, new ECPrivateKeyParameters(((ECPrivateKey) privateKey).getS(), eCDomainParameters));
            BigInteger[] generateSignature = eCDSASigner.generateSignature(hash);
            return new byte[]{generateSignature[0].toString().getBytes(), generateSignature[1].toString().getBytes()};
        } catch (Exception e) {
            throw new CryptoException("Could not sign the message using private key", e);
        }
    }

    public PrivateKey ecdsaKeyFromPrivate(byte[] bArr) throws CryptoException {
        try {
            return KeyFactory.getInstance("ECDSA", SECURITY_PROVIDER).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (Exception e) {
            throw new CryptoException("Unable to convert byte[] into PrivateKey", e);
        }
    }

    private void init() {
        if (this.securityLevel != 256 && this.securityLevel != 384) {
            throw new RuntimeException("Illegal level: " + this.securityLevel + " must be either 256 or 384");
        }
        if (StringUtil.isNullOrEmpty(this.hashAlgorithm) || !(this.hashAlgorithm.equalsIgnoreCase("SHA2") || this.hashAlgorithm.equalsIgnoreCase("SHA3"))) {
            throw new RuntimeException("Illegal Hash function family: " + this.hashAlgorithm + " - must be either SHA2 or SHA3");
        }
        if (this.securityLevel == 256) {
            this.curveName = "secp256r1";
        } else if (this.securityLevel == 384) {
            this.curveName = "secp384r1";
        }
    }

    private Digest getHashDigest() {
        return this.hashAlgorithm.equalsIgnoreCase("SHA3") ? new SHA3Digest() : this.hashAlgorithm.equalsIgnoreCase("SHA2") ? new SHA256Digest() : new SHA256Digest();
    }
}
