package org.hyperledger.fabric.sdk.identity;

import com.google.protobuf.InvalidProtocolBufferException;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.util.Arrays;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.milagro.amcl.FP256BN.BIG;
import org.hyperledger.fabric.protos.idemix.Idemix;
import org.hyperledger.fabric.protos.msp.Identities;
import org.hyperledger.fabric.sdk.exception.CryptoException;
import org.hyperledger.fabric.sdk.exception.InvalidArgumentException;
import org.hyperledger.fabric.sdk.idemix.IdemixCredential;
import org.hyperledger.fabric.sdk.idemix.IdemixIssuerPublicKey;
import org.hyperledger.fabric.sdk.idemix.IdemixPseudonym;
import org.hyperledger.fabric.sdk.idemix.IdemixPseudonymSignature;
import org.hyperledger.fabric.sdk.idemix.IdemixSignature;
import org.hyperledger.fabric.sdk.idemix.IdemixUtils;

/* loaded from: input_file:BOOT-INF/lib/fabric-sdk-java-1.4.0.jar:org/hyperledger/fabric/sdk/identity/IdemixSigningIdentity.class */
public class IdemixSigningIdentity implements SigningIdentity {
    private final IdemixIdentity idemixIdentity;
    private final IdemixIssuerPublicKey ipk;
    private final BIG sk;
    private final IdemixPseudonym pseudonym;
    private final Idemix.CredentialRevocationInformation cri;
    private final IdemixSignature proof;
    private static final int rhIndex = 3;
    private static final boolean[] disclosedFlags = {true, true, false, false};
    private static final byte[] msgEmpty = new byte[0];
    private static final Log logger = LogFactory.getLog(IdemixSigningIdentity.class);

    public IdemixSigningIdentity(IdemixEnrollment idemixEnrollment) throws CryptoException, InvalidArgumentException {
        this(idemixEnrollment.ipk, idemixEnrollment.revocationPk, idemixEnrollment.mspId, idemixEnrollment.sk, idemixEnrollment.cred, idemixEnrollment.cri, idemixEnrollment.ou, idemixEnrollment.roleMask);
    }

    public IdemixSigningIdentity(IdemixIssuerPublicKey idemixIssuerPublicKey, PublicKey publicKey, String str, BIG big, IdemixCredential idemixCredential, Idemix.CredentialRevocationInformation credentialRevocationInformation, String str2, int i) throws CryptoException, InvalidArgumentException {
        if (idemixIssuerPublicKey == null) {
            throw new InvalidArgumentException("Issuer Public Key (IPK) must not be null");
        }
        if (publicKey == null) {
            throw new InvalidArgumentException("Revocation PK must not be null");
        }
        if (str == null) {
            throw new InvalidArgumentException("MSP ID must not be null");
        }
        if (str.isEmpty()) {
            throw new InvalidArgumentException("MSP ID must not be empty");
        }
        if (str2 == null) {
            throw new InvalidArgumentException("OU must not be null");
        }
        if (str2.isEmpty()) {
            throw new InvalidArgumentException("OU must not be empty");
        }
        if (big == null) {
            throw new InvalidArgumentException("SK must not be null");
        }
        if (idemixCredential == null) {
            throw new InvalidArgumentException("Credential must not be null");
        }
        if (credentialRevocationInformation == null) {
            throw new InvalidArgumentException("Credential revocation information must not be null");
        }
        logger.trace("Verifying public key with hash: " + Arrays.toString(idemixIssuerPublicKey.getHash()) + " \nAttributes: " + Arrays.toString(idemixIssuerPublicKey.getAttributeNames()));
        if (!idemixIssuerPublicKey.check()) {
            CryptoException cryptoException = new CryptoException("Issuer public key is not valid");
            logger.error("", cryptoException);
            throw cryptoException;
        }
        this.ipk = idemixIssuerPublicKey;
        this.sk = big;
        this.cri = credentialRevocationInformation;
        logger.trace("Verifying the credential");
        if (!idemixCredential.verify(big, idemixIssuerPublicKey)) {
            CryptoException cryptoException2 = new CryptoException("Credential is not cryptographically valid");
            logger.error("", cryptoException2);
            throw cryptoException2;
        }
        logger.trace("Checking attributes");
        if (idemixCredential.getAttrs().length != 4) {
            throw new CryptoException("Error: There are " + idemixCredential.getAttrs().length + " attributes and the expected are 4");
        }
        byte[] bArr = idemixCredential.getAttrs()[0];
        byte[] bArr2 = idemixCredential.getAttrs()[1];
        BIG[] bigArr = {BIG.fromBytes(bArr), BIG.fromBytes(bArr2), BIG.fromBytes(idemixCredential.getAttrs()[2]), BIG.fromBytes(idemixCredential.getAttrs()[3])};
        if (!Arrays.equals(IdemixUtils.bigToBytes(IdemixUtils.hashModOrder(str2.getBytes(StandardCharsets.UTF_8))), bArr)) {
            throw new IllegalArgumentException("the OU string does not match the credential");
        }
        if (!Arrays.equals(IdemixUtils.bigToBytes(new BIG(i)), bArr2)) {
            throw new IllegalArgumentException("the role does not match the credential");
        }
        logger.trace("Generating fresh pseudonym and proof");
        this.pseudonym = new IdemixPseudonym(this.sk, this.ipk);
        this.proof = new IdemixSignature(idemixCredential, this.sk, this.pseudonym, this.ipk, disclosedFlags, msgEmpty, 3, credentialRevocationInformation);
        logger.trace("Verifying the proof");
        if (!this.proof.verify(disclosedFlags, this.ipk, msgEmpty, bigArr, 3, publicKey, (int) credentialRevocationInformation.getEpoch())) {
            throw new CryptoException("Generated proof of identity is not valid");
        }
        logger.trace("Generating the Identity Object");
        this.idemixIdentity = new IdemixIdentity(str, this.ipk, this.pseudonym.getNym(), str2, i, this.proof);
        logger.trace(this.idemixIdentity.toString());
    }

    @Override // org.hyperledger.fabric.sdk.identity.SigningIdentity
    public byte[] sign(byte[] bArr) throws CryptoException, InvalidArgumentException {
        if (bArr == null) {
            throw new InvalidArgumentException("Input must not be null");
        }
        return new IdemixPseudonymSignature(this.sk, this.pseudonym, this.ipk, bArr).toProto().toByteArray();
    }

    @Override // org.hyperledger.fabric.sdk.identity.Identity
    public Identities.SerializedIdentity createSerializedIdentity() {
        return this.idemixIdentity.createSerializedIdentity();
    }

    @Override // org.hyperledger.fabric.sdk.identity.SigningIdentity
    public boolean verifySignature(byte[] bArr, byte[] bArr2) throws CryptoException, InvalidArgumentException {
        if (bArr == null) {
            throw new InvalidArgumentException("Message must not be null");
        }
        if (bArr2 == null) {
            throw new InvalidArgumentException("Signature must not be null");
        }
        try {
            if (new IdemixPseudonymSignature(Idemix.NymSignature.parseFrom(bArr2)).verify(this.pseudonym.getNym(), this.ipk, bArr)) {
                return true;
            }
            logger.error("Idemix Nym Signature verification error, dumping \nSignature: " + Arrays.toString(bArr2) + " \nMessage: " + Arrays.toString(bArr));
            return false;
        } catch (InvalidProtocolBufferException e) {
            logger.error("Idemix Nym Signature parsing error, dumping \nSignature: " + Arrays.toString(bArr2) + " \nMessage: " + Arrays.toString(bArr));
            throw new CryptoException("Could not parse Idemix Nym Signature", e);
        }
    }

    public IdemixPseudonym getNym() {
        return this.pseudonym;
    }

    public IdemixSignature getProof() {
        return this.proof;
    }
}
