package org.bouncycastle.crypto.fips;

import java.io.IOException;
import java.io.InputStream;
import java.net.URLDecoder;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import org.apache.bookkeeper.net.NodeBase;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.bouncycastle.LICENSE;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.internal.macs.HMac;
import org.bouncycastle.crypto.internal.params.KeyParameterImpl;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:org/bouncycastle/crypto/fips/FipsStatus.class */
public final class FipsStatus {
    public static final String READY = "READY";
    private static final Object statusLock = new Object();
    private static final String[] classes = {FipsAES.class.getName(), FipsTripleDES.class.getName(), FipsDH.class.getName(), FipsDRBG.class.getName(), FipsDSA.class.getName(), FipsEC.class.getName(), FipsKDF.class.getName(), FipsPBKD.class.getName(), FipsRSA.class.getName(), FipsSHS.class.getName()};
    private static volatile Loader loader;
    private static volatile Throwable statusException;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsStatus$Loader.class */
    public static class Loader {
        Loader() throws Exception {
            for (String str : FipsStatus.classes) {
                if (!FipsStatus.isErrorStatus()) {
                    FipsStatus.loadClass(str);
                }
            }
        }
    }

    private FipsStatus() {
    }

    public static boolean isReady() {
        synchronized (statusLock) {
            if (loader == null && statusException == null) {
                try {
                    loader = new Loader();
                } catch (Exception e) {
                    statusException = e;
                    moveToErrorStatus(new FipsOperationError("Module startup failed: " + e.getMessage(), e));
                }
                checksumValidate();
            } else if (statusException != null) {
                throw new FipsOperationError("Module in error status: " + statusException.getMessage(), statusException);
            }
        }
        return true;
    }

    private static void checksumValidate() {
        JarFile jarFile = (JarFile) AccessController.doPrivileged(new PrivilegedAction<JarFile>() { // from class: org.bouncycastle.crypto.fips.FipsStatus.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public JarFile run() {
                return FipsStatus.access$000();
            }
        });
        if (jarFile != null) {
            try {
                byte[] calculateModuleHMAC = calculateModuleHMAC(jarFile);
                InputStream inputStream = jarFile.getInputStream(jarFile.getEntry("META-INF/HMAC.SHA256"));
                StringBuilder sb = new StringBuilder(calculateModuleHMAC.length * 2);
                while (true) {
                    int read = inputStream.read();
                    if (read < 0 || read == 13 || read == 10) {
                        break;
                    } else {
                        sb.append((char) read);
                    }
                }
                if (!Arrays.areEqual(calculateModuleHMAC, Hex.decode(sb.toString().trim()))) {
                    moveToErrorStatus(new FipsOperationError("Module checksum failed: expected [" + sb.toString().trim() + "] got [" + Strings.fromByteArray(Hex.encode(calculateModuleHMAC))) + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
                }
            } catch (Exception e) {
                statusException = e;
                moveToErrorStatus(new FipsOperationError("Module checksum failed: " + e.getMessage(), e));
            }
        }
    }

    public static String getStatusMessage() {
        try {
            isReady();
        } catch (FipsOperationError e) {
        }
        return statusException != null ? statusException.getMessage() : READY;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void loadClass(String str) {
        try {
            Class.forName(str);
        } catch (ClassNotFoundException e) {
            statusException = e;
            throw new IllegalStateException("Unable to initialize module: " + e.getMessage(), e);
        } catch (ExceptionInInitializerError e2) {
            if (e2.getCause() != null) {
                statusException = e2.getCause();
            } else {
                statusException = e2;
            }
            throw e2;
        }
    }

    public static byte[] getModuleHMAC() {
        try {
            return calculateModuleHMAC(getJarFile());
        } catch (Exception e) {
            return new byte[32];
        }
    }

    private static byte[] calculateModuleHMAC(JarFile jarFile) {
        try {
            HMac hMac = new HMac(new SHA256Digest());
            hMac.init(new KeyParameterImpl(Strings.toByteArray(CryptoServicesRegistrar.MODULE_HMAC_KEY)));
            TreeMap treeMap = new TreeMap();
            Enumeration<JarEntry> entries = jarFile.entries();
            while (entries.hasMoreElements()) {
                JarEntry nextElement = entries.nextElement();
                if (!nextElement.isDirectory() && !nextElement.getName().startsWith("META-INF/") && !nextElement.getName().equals("module-info.class") && treeMap.put(nextElement.getName(), nextElement) != null) {
                    IllegalStateException illegalStateException = new IllegalStateException("Unable to initialize module: duplicate entry found in jar file");
                    statusException = illegalStateException;
                    throw illegalStateException;
                }
            }
            byte[] bArr = new byte[8192];
            Iterator it = treeMap.entrySet().iterator();
            while (it.hasNext()) {
                JarEntry jarEntry = (JarEntry) ((Map.Entry) it.next()).getValue();
                InputStream inputStream = jarFile.getInputStream(jarEntry);
                byte[] uTF8ByteArray = Strings.toUTF8ByteArray(jarEntry.getName());
                hMac.update((byte) 91);
                hMac.update(uTF8ByteArray, 0, uTF8ByteArray.length);
                hMac.update(Pack.longToBigEndian(jarEntry.getSize()), 0, 8);
                hMac.update((byte) 93);
                while (true) {
                    int read = inputStream.read(bArr, 0, bArr.length);
                    if (read != -1) {
                        hMac.update(bArr, 0, read);
                    }
                }
                inputStream.close();
            }
            hMac.update((byte) 91);
            byte[] uTF8ByteArray2 = Strings.toUTF8ByteArray("END");
            hMac.update(uTF8ByteArray2, 0, uTF8ByteArray2.length);
            hMac.update((byte) 93);
            byte[] bArr2 = new byte[hMac.getMacSize()];
            hMac.doFinal(bArr2, 0);
            return bArr2;
        } catch (Exception e) {
            return new byte[32];
        }
    }

    private static JarFile getJarFile() {
        JarFile jarFile = null;
        String marker = getMarker(LICENSE.class, LICENSE.class.getCanonicalName().replace(DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER, NodeBase.PATH_SEPARATOR_STR).replace("LICENSE", "MARKER"));
        if (marker != null) {
            if (marker.startsWith("jar:file:") && marker.contains("!/")) {
                try {
                    jarFile = new JarFile(URLDecoder.decode(marker.substring("jar:file:".length(), marker.lastIndexOf("!/")), "UTF-8"));
                } catch (IOException e) {
                    jarFile = null;
                }
            } else if (marker.startsWith("file:") && marker.endsWith(".jar")) {
                try {
                    jarFile = new JarFile(URLDecoder.decode(marker.substring("file:".length()), "UTF-8"));
                } catch (IOException e2) {
                    jarFile = null;
                }
            }
        }
        return jarFile;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void moveToErrorStatus(String str) {
        moveToErrorStatus(new FipsOperationError(str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void moveToErrorStatus(FipsOperationError fipsOperationError) {
        statusException = fipsOperationError;
        throw ((FipsOperationError) statusException);
    }

    public static boolean isErrorStatus() {
        return statusException != null;
    }

    static String getMarker(final Class cls, final String str) {
        ClassLoader classLoader = cls.getClassLoader();
        return classLoader != null ? classLoader.getResource(str) != null ? classLoader.getResource(str).toString() : AccessController.doPrivileged(new PrivilegedAction() { // from class: org.bouncycastle.crypto.fips.FipsStatus.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                return cls.getProtectionDomain().getCodeSource().getLocation();
            }
        }).toString() : (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: org.bouncycastle.crypto.fips.FipsStatus.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                return ClassLoader.getSystemResource(str).toString();
            }
        });
    }

    static /* synthetic */ JarFile access$000() {
        return getJarFile();
    }
}
