package org.bouncycastle.crypto.fips;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import java.util.jar.JarException;
import java.util.logging.Logger;
import org.bouncycastle.crypto.fips.FipsSHS;
import org.bouncycastle.crypto.internal.ExtendedDigest;
import org.bouncycastle.crypto.internal.io.DigestOutputStream;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Properties;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.io.Streams;
import org.bouncycastle.util.io.TeeOutputStream;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/bouncycastle/crypto/fips/NativeLoader.class */
public class NativeLoader {
    public static final String BCFIPS_LIB_CPU_VARIANT = "org.bouncycastle.native.cpu_variant";
    private static final Logger LOG = Logger.getLogger(NativeLoader.class.getName());
    private static final AtomicBoolean nativeLibsAvailableForSystem = new AtomicBoolean(false);
    private static final AtomicBoolean nativeInstalled = new AtomicBoolean(false);
    private static final AtomicBoolean nativeEnabled = new AtomicBoolean(false);
    private static final AtomicReference<String> nativeStatusMessage = new AtomicReference<>("Driver load not attempted");
    private static final AtomicReference<String> selectedVariant = new AtomicReference<>(null);
    private static final FipsNativeServices nativeServices = new FipsNativeServices();

    NativeLoader() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized boolean isNativeInstalled() {
        return nativeInstalled.get();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized boolean isNativeAvailable() {
        return nativeLibsAvailableForSystem.get() && nativeInstalled.get() && nativeEnabled.get();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized void setNativeEnabled(boolean z) {
        nativeEnabled.set(z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized String getNativeStatusMessage() {
        return nativeStatusMessage.get();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized String getSelectedVariant() {
        return selectedVariant.get();
    }

    static String getFile(String str) {
        try {
            InputStream resourceAsStream = NativeLoader.class.getResourceAsStream(str);
            String fromByteArray = Strings.fromByteArray(Streams.readAll(resourceAsStream));
            resourceAsStream.close();
            return fromByteArray;
        } catch (Exception e) {
            return null;
        }
    }

    static List<String> loadVariantsDeps(String str, String str2) {
        String file = getFile(str);
        if (file == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (String str3 : file.split("\n")) {
            String[] split = str3.trim().split(":");
            if (split[0].trim().equals(str2)) {
                arrayList.add(split[1].trim());
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    static File installLib(String str, String str2, String str3, File file, Set<File> set) throws Exception {
        String mapLibraryName = System.mapLibraryName(str);
        for (String str4 : loadVariantsDeps(str3 + "/deps.list", mapLibraryName)) {
            set.remove(copyFromJar(str3 + "/" + str4, file, str4));
        }
        File copyFromJar = copyFromJar(str2 + "/" + mapLibraryName, file, mapLibraryName);
        set.remove(copyFromJar);
        return copyFromJar;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized void loadDriver() {
        String propertyValue = Properties.getPropertyValue(BCFIPS_LIB_CPU_VARIANT);
        if ("java".equals(propertyValue)) {
            nativeEnabled.set(false);
            nativeInstalled.set(false);
            nativeStatusMessage.set("java support only");
            return;
        }
        String lowerCase = Strings.toLowerCase(Properties.getPropertyValue("os.arch", ""));
        String lowerCase2 = Strings.toLowerCase(Properties.getPropertyValue("os.name", ""));
        Object obj = null;
        String str = lowerCase2.contains("linux") ? "linux" : null;
        if (str == null) {
            nativeStatusMessage.set("OS '" + lowerCase2 + "' is not supported.");
            return;
        }
        if (lowerCase.contains("x86") || (lowerCase.contains("amd") && lowerCase.contains("64"))) {
            obj = "x86_64";
        }
        if (obj == null) {
            nativeStatusMessage.set("architecture '" + lowerCase + "' is not supported");
            return;
        }
        File file = (File) AccessController.doPrivileged(new PrivilegedAction<File>() { // from class: org.bouncycastle.crypto.fips.NativeLoader.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public File run() {
                File file2 = new File(Properties.getPropertyValue("java.io.tmpdir"));
                if (!file2.exists()) {
                    NativeLoader.nativeInstalled.set(false);
                    NativeLoader.nativeStatusMessage.set(file2 + " did not exist");
                    return null;
                }
                try {
                    File file3 = null;
                    long nanoTime = System.nanoTime();
                    for (int i = 0; i < 1000; i++) {
                        file3 = new File(file2, "bc-fips-jni" + Long.toString(nanoTime + i, 32) + "-libs");
                        if (file3.mkdirs()) {
                            break;
                        }
                        file3 = null;
                        Thread.sleep(nanoTime % 97);
                    }
                    if (file3 == null) {
                        NativeLoader.nativeInstalled.set(false);
                        NativeLoader.nativeStatusMessage.set("unable to create directory in " + file2 + " after 1000 unique attempts");
                        return null;
                    }
                    if (file3.exists()) {
                        final File file4 = file3;
                        Runtime.getRuntime().addShutdownHook(new Thread(new Runnable() { // from class: org.bouncycastle.crypto.fips.NativeLoader.1.1
                            @Override // java.lang.Runnable
                            public void run() {
                                if (file4.exists()) {
                                    boolean z = true;
                                    if (file4.isDirectory()) {
                                        for (File file5 : file4.listFiles()) {
                                            z &= file5.delete();
                                        }
                                    }
                                    if (z && file4.delete()) {
                                        NativeLoader.LOG.fine("successfully cleaned up: " + file4.getAbsolutePath());
                                    } else {
                                        NativeLoader.LOG.fine(" failed to delete: " + file4.getAbsolutePath());
                                    }
                                }
                            }
                        }));
                        return file4;
                    }
                    NativeLoader.nativeInstalled.set(false);
                    NativeLoader.nativeStatusMessage.set("unable to create temp directory for jni libs: " + file3);
                    return null;
                } catch (Exception e) {
                    NativeLoader.nativeInstalled.set(false);
                    NativeLoader.nativeStatusMessage.set("failed because it was not able to create a temporary file in 'java.io.tmpdir' " + e.getMessage());
                    return null;
                }
            }
        });
        if (file == null) {
            return;
        }
        HashSet<File> hashSet = new HashSet();
        for (File file2 : file.listFiles()) {
            hashSet.add(file2);
        }
        String format = String.format("/native/%s/%s", str, obj);
        String format2 = String.format("/native/%s/%s/probe", str, obj);
        InputStream resourceAsStream = NativeLoader.class.getResourceAsStream(format2 + "/" + System.mapLibraryName("bc-probe"));
        if (resourceAsStream == null) {
            nativeStatusMessage.set(String.format("platform '%s' and architecture '%s' are not supported", str, obj));
            nativeInstalled.set(false);
            return;
        }
        try {
            resourceAsStream.close();
        } catch (IOException e) {
        }
        if (propertyValue != null) {
            selectedVariant.set(propertyValue);
        } else {
            try {
                final File installLib = installLib("bc-probe", format2, format, file, hashSet);
                AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.bouncycastle.crypto.fips.NativeLoader.2
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        System.load(installLib.getAbsolutePath());
                        return new Object();
                    }
                });
                try {
                    selectedVariant.set(VariantSelector.getBestVariantName());
                } catch (Throwable th) {
                    nativeStatusMessage.set("probe lib failed return a variant " + th.getMessage());
                    nativeInstalled.set(false);
                    return;
                }
            } catch (Exception e2) {
                nativeStatusMessage.set("probe lib failed to load " + e2.getMessage());
                nativeInstalled.set(false);
                return;
            }
        }
        if (selectedVariant.get().equals("none")) {
            nativeEnabled.set(false);
            nativeInstalled.set(false);
            nativeStatusMessage.set("probe returned no suitable CPU features, java support only");
            return;
        }
        try {
            final File installLib2 = installLib("bc-fips-" + selectedVariant, String.format("/native/%s/%s/%s", str, obj, selectedVariant), format, file, hashSet);
            if (hashSet.isEmpty()) {
                AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.bouncycastle.crypto.fips.NativeLoader.3
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        System.load(installLib2.getAbsolutePath());
                        return new Object();
                    }
                });
                if (!selectedVariant.get().equals(NativeLibIdentity.getLibraryIdent())) {
                    nativeStatusMessage.set(String.format("loaded native library variant is %s but the requested library variant is %s", NativeLibIdentity.getLibraryIdent(), selectedVariant));
                    nativeInstalled.set(false);
                    return;
                } else {
                    nativeLibsAvailableForSystem.set(true);
                    nativeStatusMessage.set("successfully loaded");
                    nativeInstalled.set(true);
                    nativeEnabled.set(true);
                    return;
                }
            }
            StringBuilder sb = new StringBuilder();
            for (File file3 : hashSet) {
                if (sb.length() != 0) {
                    sb.append(",");
                }
                sb.append(file3.getName());
            }
            nativeStatusMessage.set(String.format("unexpected files in %s: %s", file.toString(), sb.toString()));
            nativeInstalled.set(false);
        } catch (Exception e3) {
            nativeStatusMessage.set("native capabilities lib failed to load " + e3.getMessage());
            nativeInstalled.set(false);
        }
    }

    public static boolean isNativeLibsAvailableForSystem() {
        return nativeLibsAvailableForSystem.get();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FipsNativeServices getNativeServices() {
        return nativeServices;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean hasNativeService(String str) {
        return isNativeAvailable() && nativeServices.hasService(str);
    }

    private static byte[] takeSHA256Digest(InputStream inputStream) {
        try {
            byte[] bArr = new byte[65535];
            ExtendedDigest createBaseDigest = FipsSHS.createBaseDigest(FipsSHS.Algorithm.SHA256);
            while (true) {
                int read = inputStream.read(bArr);
                if (read < 0) {
                    byte[] bArr2 = new byte[createBaseDigest.getDigestSize()];
                    createBaseDigest.doFinal(bArr2, 0);
                    return bArr2;
                }
                createBaseDigest.update(bArr, 0, read);
            }
        } catch (IOException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    private static File copyFromJar(String str, File file, String str2) throws Exception {
        InputStream resourceAsStream = NativeLoader.class.getResourceAsStream(str);
        if (resourceAsStream == null) {
            throw new JarException(str + " lib not found in jar");
        }
        File file2 = new File(file, str2);
        if (file2.exists()) {
            byte[] takeSHA256Digest = takeSHA256Digest(resourceAsStream);
            resourceAsStream.close();
            FileInputStream fileInputStream = new FileInputStream(file2);
            byte[] takeSHA256Digest2 = takeSHA256Digest(fileInputStream);
            fileInputStream.close();
            if (Arrays.constantTimeAreEqual(takeSHA256Digest2, takeSHA256Digest)) {
                return file2;
            }
            throw new IOException("pre existing file found and is different to file in jar file");
        }
        FileOutputStream fileOutputStream = new FileOutputStream(file2);
        DigestOutputStream digestOutputStream = new DigestOutputStream(FipsSHS.createBaseDigest(FipsSHS.Algorithm.SHA256));
        TeeOutputStream teeOutputStream = new TeeOutputStream(fileOutputStream, digestOutputStream);
        Streams.pipeAll(resourceAsStream, teeOutputStream);
        teeOutputStream.flush();
        teeOutputStream.close();
        resourceAsStream.close();
        FileInputStream fileInputStream2 = new FileInputStream(file2);
        byte[] takeSHA256Digest3 = takeSHA256Digest(fileInputStream2);
        fileInputStream2.close();
        if (Arrays.constantTimeAreEqual(digestOutputStream.getDigest(), takeSHA256Digest3)) {
            return file2;
        }
        throw new IOException("file copied from jar does not have same digest as source file in jar");
    }

    public static boolean isNativeEnabled() {
        return nativeEnabled.get();
    }
}
