package io.jans.util.security;

import java.lang.reflect.InvocationTargetException;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import javax.crypto.Cipher;
import org.apache.commons.io.FilenameUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/util/security/SecurityProviderUtility.class */
public class SecurityProviderUtility {
    public static final String DEF_MODE_BCPROV = "BCPROV";
    public static final String DEF_MODE_BCFIPS = "BCFIPS";
    public static final String DEF_KS_JKS = "JKS";
    public static final String DEF_KS_PKCS12 = "PKCS12";
    public static final String DEF_KS_BCFKS = "BCFKS";
    public static final String DEF_EXT_JKS = "jks";
    public static final String DEF_EXT_KEYSTORE = "keystore";
    public static final String DEF_EXT_KS = "ks";
    public static final String DEF_EXT_PKCS12 = "pkcs12";
    public static final String DEF_EXT_P12 = "p12";
    public static final String DEF_EXT_PFX = "pfx";
    public static final String DEF_EXT_BCFKS = "bcfks";
    public static final String DEF_EXT_BCF = "bcf";
    public static final String DEF_EXT_BCFIPS = "bcfips";
    public static final String BC_PROVIDER_NAME = "BC";
    public static final String BC_FIPS_PROVIDER_NAME = "BCFIPS";
    private static Provider bouncyCastleProvider;
    private static final String BC_GENERIC_PROVIDER_CLASS_NAME = "org.bouncycastle.jce.provider.BouncyCastleProvider";
    private static final String BC_FIPS_PROVIDER_CLASS_NAME = "org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider";
    private static final Logger LOG = LoggerFactory.getLogger(SecurityProviderUtility.class);
    public static boolean USE_FIPS_CHECK_COMMAND = false;
    private static SecurityModeType securityMode = null;

    /* loaded from: input_file:io/jans/util/security/SecurityProviderUtility$KeyStorageType.class */
    public enum KeyStorageType {
        JKS_KS(SecurityProviderUtility.DEF_KS_JKS),
        PKCS12_KS(SecurityProviderUtility.DEF_KS_PKCS12),
        BCFKS_KS(SecurityProviderUtility.DEF_KS_BCFKS);

        private final String value;

        KeyStorageType(String str) {
            this.value = str;
        }

        public static KeyStorageType fromString(String str) {
            String upperCase = str.toUpperCase();
            boolean z = -1;
            switch (upperCase.hashCode()) {
                case -1933293812:
                    if (upperCase.equals(SecurityProviderUtility.DEF_KS_PKCS12)) {
                        z = true;
                        break;
                    }
                    break;
                case 73522:
                    if (upperCase.equals(SecurityProviderUtility.DEF_KS_JKS)) {
                        z = false;
                        break;
                    }
                    break;
                case 63018061:
                    if (upperCase.equals(SecurityProviderUtility.DEF_KS_BCFKS)) {
                        z = 2;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return JKS_KS;
                case true:
                    return PKCS12_KS;
                case true:
                    return BCFKS_KS;
                default:
                    return null;
            }
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.value;
        }

        public String[] getExtensions() {
            String[] strArr = null;
            if (this == JKS_KS) {
                strArr = new String[]{SecurityProviderUtility.DEF_EXT_JKS, SecurityProviderUtility.DEF_EXT_KEYSTORE, SecurityProviderUtility.DEF_EXT_KS};
            } else if (this == PKCS12_KS) {
                strArr = new String[]{SecurityProviderUtility.DEF_EXT_PKCS12, SecurityProviderUtility.DEF_EXT_P12, SecurityProviderUtility.DEF_EXT_P12};
            } else if (this == BCFKS_KS) {
                strArr = new String[]{SecurityProviderUtility.DEF_EXT_BCFKS, SecurityProviderUtility.DEF_EXT_BCF, SecurityProviderUtility.DEF_EXT_BCFIPS};
            }
            return strArr;
        }

        public SecurityModeType getSecurityMode() {
            SecurityModeType securityModeType = null;
            if (this == JKS_KS || this == PKCS12_KS) {
                securityModeType = SecurityModeType.BCPROV_SECURITY_MODE;
            } else if (this == BCFKS_KS) {
                securityModeType = SecurityModeType.BCFIPS_SECURITY_MODE;
            }
            return securityModeType;
        }

        public static KeyStorageType fromExtension(String str) {
            String lowerCase = str.toLowerCase();
            boolean z = -1;
            switch (lowerCase.hashCode()) {
                case -1394738745:
                    if (lowerCase.equals(SecurityProviderUtility.DEF_EXT_BCFIPS)) {
                        z = 8;
                        break;
                    }
                    break;
                case -986624244:
                    if (lowerCase.equals(SecurityProviderUtility.DEF_EXT_PKCS12)) {
                        z = 3;
                        break;
                    }
                    break;
                case 3432:
                    if (lowerCase.equals(SecurityProviderUtility.DEF_EXT_KS)) {
                        z = 2;
                        break;
                    }
                    break;
                case 97349:
                    if (lowerCase.equals(SecurityProviderUtility.DEF_EXT_BCF)) {
                        z = 7;
                        break;
                    }
                    break;
                case 105298:
                    if (lowerCase.equals(SecurityProviderUtility.DEF_EXT_JKS)) {
                        z = false;
                        break;
                    }
                    break;
                case 109201:
                    if (lowerCase.equals(SecurityProviderUtility.DEF_EXT_P12)) {
                        z = 4;
                        break;
                    }
                    break;
                case 110914:
                    if (lowerCase.equals(SecurityProviderUtility.DEF_EXT_PFX)) {
                        z = 5;
                        break;
                    }
                    break;
                case 93555821:
                    if (lowerCase.equals(SecurityProviderUtility.DEF_EXT_BCFKS)) {
                        z = 6;
                        break;
                    }
                    break;
                case 519601634:
                    if (lowerCase.equals(SecurityProviderUtility.DEF_EXT_KEYSTORE)) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                case true:
                case true:
                    return JKS_KS;
                case true:
                case true:
                case true:
                    return PKCS12_KS;
                case true:
                case true:
                case true:
                    return BCFKS_KS;
                default:
                    return null;
            }
        }
    }

    /* loaded from: input_file:io/jans/util/security/SecurityProviderUtility$SecurityModeType.class */
    public enum SecurityModeType {
        BCPROV_SECURITY_MODE(SecurityProviderUtility.DEF_MODE_BCPROV),
        BCFIPS_SECURITY_MODE("BCFIPS");

        private final String value;

        SecurityModeType(String str) {
            this.value = str;
        }

        public static SecurityModeType fromString(String str) {
            String upperCase = str.toUpperCase();
            boolean z = -1;
            switch (upperCase.hashCode()) {
                case 1953557959:
                    if (upperCase.equals("BCFIPS")) {
                        z = true;
                        break;
                    }
                    break;
                case 1953864490:
                    if (upperCase.equals(SecurityProviderUtility.DEF_MODE_BCPROV)) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return BCPROV_SECURITY_MODE;
                case true:
                    return BCFIPS_SECURITY_MODE;
                default:
                    return null;
            }
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.value;
        }

        public KeyStorageType[] getKeystorageTypes() {
            KeyStorageType[] keyStorageTypeArr = null;
            if (this == BCPROV_SECURITY_MODE) {
                keyStorageTypeArr = new KeyStorageType[]{KeyStorageType.JKS_KS, KeyStorageType.PKCS12_KS};
            } else if (this == BCFIPS_SECURITY_MODE) {
                keyStorageTypeArr = new KeyStorageType[]{KeyStorageType.BCFKS_KS};
            }
            return keyStorageTypeArr;
        }
    }

    public static void installBCProvider(boolean z) {
        String str = BC_PROVIDER_NAME;
        String str2 = BC_GENERIC_PROVIDER_CLASS_NAME;
        if (securityMode == null || securityMode == SecurityModeType.BCFIPS_SECURITY_MODE) {
            if (checkFipsMode()) {
                LOG.info("Fips mode is enabled");
                str = "BCFIPS";
                str2 = BC_FIPS_PROVIDER_CLASS_NAME;
                securityMode = SecurityModeType.BCFIPS_SECURITY_MODE;
            } else {
                securityMode = SecurityModeType.BCPROV_SECURITY_MODE;
            }
        }
        try {
            installBCProvider(str, str2, z);
        } catch (Exception e) {
            LOG.error("Security provider '{}' doesn't exists in class path. Please deploy correct war for this environment!", str);
            LOG.error(e.getMessage(), e);
        }
    }

    public static void installBCProvider() {
        installBCProvider(false);
    }

    public static void installBCProvider(String str, String str2, boolean z) throws InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException, ClassNotFoundException {
        bouncyCastleProvider = Security.getProvider(str);
        if (bouncyCastleProvider != null) {
            if (z) {
                return;
            }
            LOG.info("Bouncy Castle Provider was added already");
        } else {
            if (!z) {
                LOG.info("Adding Bouncy Castle Provider");
            }
            bouncyCastleProvider = (Provider) Class.forName(str2).getConstructor(new Class[0]).newInstance(new Object[0]);
            Security.addProvider(bouncyCastleProvider);
            LOG.info("Provider '{}' with version {} is added", bouncyCastleProvider.getName(), bouncyCastleProvider.getVersionStr());
        }
    }

    private static boolean checkFipsMode() {
        try {
            Class.forName(BC_FIPS_PROVIDER_CLASS_NAME);
            return true;
        } catch (ClassNotFoundException e) {
            LOG.trace("BC Fips provider is not available", e);
            return false;
        }
    }

    public static boolean checkRestrictedCryptography() {
        try {
            return Cipher.getMaxAllowedKeyLength("AES/CBC/PKCS5Padding") < Integer.MAX_VALUE;
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("The transform \"AES/CBC/PKCS5Padding\" is not available (the availability of this algorithm is mandatory for Java SE implementations)", e);
        }
    }

    public static String getBCProviderName() {
        return bouncyCastleProvider.getName();
    }

    public static Provider getBCProvider() {
        return bouncyCastleProvider;
    }

    public static SecurityModeType getSecurityMode() {
        return securityMode;
    }

    public static void setSecurityMode(SecurityModeType securityModeType) {
        securityMode = securityModeType;
    }

    public static KeyStorageType solveKeyStorageType(String str) {
        if (str == null) {
            throw new InvalidParameterException("KeyStore File isn't defined. Check configuration.");
        }
        SecurityModeType securityMode2 = getSecurityMode();
        if (securityMode2 == null) {
            throw new InvalidParameterException("Security Mode wasn't initialized. Call installBCProvider() before");
        }
        KeyStorageType fromExtension = KeyStorageType.fromExtension(FilenameUtils.getExtension(str));
        boolean z = false;
        KeyStorageType[] keystorageTypes = securityMode2.getKeystorageTypes();
        int length = keystorageTypes.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (fromExtension == keystorageTypes[i]) {
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            switch (securityMode2) {
                case BCFIPS_SECURITY_MODE:
                    fromExtension = KeyStorageType.BCFKS_KS;
                    break;
                case BCPROV_SECURITY_MODE:
                    fromExtension = KeyStorageType.PKCS12_KS;
                    break;
            }
        }
        return fromExtension;
    }
}
