package org.eclipse.californium.elements.util;

import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.ECGenParameterSpec;
import javax.crypto.Cipher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/elements/util/JceProviderUtil.class */
public class JceProviderUtil {
    private static volatile JceProviderUtil features;
    private static final String NET_I2P_CRYPTO_EDDSA = "net.i2p.crypto.eddsa";
    private static final String NET_I2P_CRYPTO_EDDSA_PROVIDER = "net.i2p.crypto.eddsa.EdDSASecurityProvider";
    private static final String BOUNCY_CASTLE_JCE_PROVIDER = "org.bouncycastle.jce.provider.BouncyCastleProvider";
    private static final String BOUNCY_CASTLE_JSSE_PROVIDER = "org.bouncycastle.jsse.provider.BouncyCastleJsseProvider";
    private static final String JSSE_PROVIDER_BOUNCY_CASTLE = "BCJSSE";
    private static final String AES = "AES";
    private final boolean useBc;
    private final boolean rsa;
    private final boolean ec;
    private final boolean ed25519;
    private final boolean ed448;
    private final boolean strongEncryption;
    private final boolean ecdsaVulnerable;
    private final String providerVersion;
    private static final Logger LOGGER = LoggerFactory.getLogger(JceProviderUtil.class);
    private static final String[] ED25519_ALIASES = {"Ed25519", "1.3.101.112", "OID.1.3.101.112", "EdDSA", "Ed25519.v2"};
    private static final String[] ED448_ALIASES = {"Ed448", "1.3.101.113", "OID.1.3.101.113", "EdDSA", "Ed448.v2"};
    private static final String[][] ALGORITHM_ALIASES = {new String[]{"DH", "DiffieHellman"}, new String[]{"EC", "EC.v2"}, ED25519_ALIASES, ED448_ALIASES, new String[]{"X25519", "X25519.v2", "OID.1.3.101.110"}, new String[]{"X448", "X448.v2", "OID.1.3.101.111"}};

    private static void doPrivileged() {
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: org.eclipse.californium.elements.util.JceProviderUtil.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                try {
                    JceProviderUtil.setupJce();
                    return null;
                } catch (Throwable th) {
                    JceProviderUtil.LOGGER.error("JCE:", th);
                    return null;
                }
            }
        });
    }

    private static boolean isBouncyCastle(Provider provider) {
        return provider != null && provider.getName().equals(JceNames.JCE_PROVIDER_BOUNCY_CASTLE);
    }

    private static boolean isNetI2PEdDsa(Provider provider) {
        return provider != null && provider.getClass().getName().equals(NET_I2P_CRYPTO_EDDSA_PROVIDER);
    }

    private static void configure(Provider provider, String str, String str2) {
        if (str2.equals(provider.getProperty(str))) {
            return;
        }
        provider.setProperty(str, str2);
    }

    private static Provider loadProvider(String str) {
        try {
            Provider provider = (Provider) Class.forName(str).getConstructor(new Class[0]).newInstance(new Object[0]);
            LOGGER.debug("Loaded {}", str);
            return provider;
        } catch (Throwable th) {
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("Loading {} failed!", str, th);
                return null;
            }
            LOGGER.debug("Loading {} failed!", str);
            return null;
        }
    }

    private static void setupLoggingBridge() {
        try {
            Class<?> cls = Class.forName("org.slf4j.bridge.SLF4JBridgeHandler");
            cls.getMethod("removeHandlersForRootLogger", new Class[0]).invoke(null, new Object[0]);
            cls.getMethod("install", new Class[0]).invoke(null, new Object[0]);
        } catch (ClassNotFoundException e) {
            LOGGER.warn("Setup BC logging failed, missing logging bridge 'jul-to-slf4j'!");
        } catch (Throwable th) {
            LOGGER.warn("Setup BC logging failed!", th);
        }
    }

    private static String setupNonBlockingSecureRandom() {
        String property = Security.getProperty("securerandom.strongAlgorithms");
        if (property != null) {
            if (property.contains("NativePRNGBlocking")) {
                Security.setProperty("securerandom.strongAlgorithms", property.replaceAll("NativePRNGBlocking", "NativePRNGNonBlocking"));
            } else {
                SecureRandom secureRandom = new SecureRandom();
                String str = secureRandom.getAlgorithm() + ":";
                if (property.contains(str)) {
                    LOGGER.info("Random: {} already in {}", str, property);
                } else {
                    Security.setProperty("securerandom.strongAlgorithms", str + secureRandom.getProvider().getName() + "," + property);
                }
            }
        }
        return property;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setupJce() {
        String configuration;
        Provider loadProvider;
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        String configuration2 = StringUtil.getConfiguration(JceNames.CALIFORNIUM_JCE_PROVIDER);
        if (configuration2 == null || configuration2.isEmpty()) {
            LOGGER.info("JCE default setup");
            z = true;
            z3 = true;
        } else {
            LOGGER.info("JCE setup: {}", configuration2);
            if (JceNames.JCE_PROVIDER_SYSTEM.equalsIgnoreCase(configuration2)) {
                z = true;
            } else if (JceNames.JCE_PROVIDER_BOUNCY_CASTLE.equalsIgnoreCase(configuration2)) {
                z2 = true;
            } else if (JceNames.JCE_PROVIDER_BOUNCY_CASTLE_NON_BLOCKING_RANDOM.equalsIgnoreCase(configuration2)) {
                z2 = true;
                z4 = true;
            } else if (JceNames.JCE_PROVIDER_NET_I2P_CRYPTO.equalsIgnoreCase(configuration2)) {
                z3 = true;
            }
        }
        boolean z5 = false;
        Provider provider = null;
        try {
            provider = KeyFactory.getInstance("EdDSA").getProvider();
            if (z) {
                z5 = true;
                LOGGER.trace("EdDSA from default jce {}", provider.getName());
            }
        } catch (NoSuchAlgorithmException e) {
        }
        if (!z5 && z2) {
            if (isBouncyCastle(provider)) {
                z5 = true;
                LOGGER.trace("EdDSA from BC");
            } else {
                setupLoggingBridge();
                String str = z4 ? setupNonBlockingSecureRandom() : null;
                Provider loadProvider2 = loadProvider(BOUNCY_CASTLE_JCE_PROVIDER);
                if (loadProvider2 != null) {
                    try {
                        KeyFactory.getInstance("EdDSA", loadProvider2);
                        Security.removeProvider(loadProvider2.getName());
                        Security.insertProviderAt(loadProvider2, 1);
                        provider = loadProvider2;
                        z5 = true;
                        new SecureRandom().nextInt();
                        String property = Security.getProperty("securerandom.strongAlgorithms");
                        if (property == null) {
                            property = "not available";
                        }
                        LOGGER.info("StrongRandom: {}", property);
                        LOGGER.trace("EdDSA added from BC");
                    } catch (SecurityException e2) {
                    } catch (NoSuchAlgorithmException e3) {
                    }
                }
                if (str != null) {
                    Security.setProperty("securerandom.strongAlgorithms", str);
                }
                if (z5 && Security.getProvider(JSSE_PROVIDER_BOUNCY_CASTLE) == null && (loadProvider = loadProvider(BOUNCY_CASTLE_JSSE_PROVIDER)) != null) {
                    Security.setProperty("ssl.KeyManagerFactory.algorithm", "PKIX");
                    Security.setProperty("ssl.TrustManagerFactory.algorithm", "PKIX");
                    try {
                        Security.insertProviderAt(loadProvider, 2);
                        LOGGER.trace("TLS from added BC");
                    } catch (SecurityException e4) {
                    }
                }
            }
        }
        if (!z5 && z3) {
            if (isNetI2PEdDsa(provider)) {
                z5 = true;
                LOGGER.trace("EdDSA from {}", NET_I2P_CRYPTO_EDDSA);
            } else {
                Provider loadProvider3 = loadProvider(NET_I2P_CRYPTO_EDDSA_PROVIDER);
                if (loadProvider3 != null) {
                    try {
                        KeyFactory.getInstance("EdDSA", loadProvider3);
                        Security.removeProvider(loadProvider3.getName());
                        Security.addProvider(loadProvider3);
                        provider = loadProvider3;
                        z5 = true;
                        LOGGER.trace("EdDSA added from {}", NET_I2P_CRYPTO_EDDSA);
                    } catch (SecurityException e5) {
                    } catch (NoSuchAlgorithmException e6) {
                    }
                }
            }
        }
        boolean z6 = false;
        boolean z7 = false;
        boolean z8 = false;
        String str2 = "not supported";
        int i = 0;
        try {
            i = Cipher.getMaxAllowedKeyLength(AES);
            if (i == Integer.MAX_VALUE) {
                str2 = "not restricted";
            } else {
                str2 = "restricted to " + i + " bits key length";
            }
        } catch (NoSuchAlgorithmException e7) {
        }
        LOGGER.debug("AES: {}", str2);
        try {
            KeyFactory.getInstance("RSA");
            z7 = true;
        } catch (NoSuchAlgorithmException e8) {
        }
        LOGGER.debug("RSA: {}", Boolean.valueOf(z7));
        try {
            KeyFactory.getInstance("EC");
            z6 = true;
        } catch (NoSuchAlgorithmException e9) {
        }
        LOGGER.debug("EC: {}", Boolean.valueOf(z6));
        if (z6 && ((configuration = StringUtil.getConfiguration(JceNames.CALIFORNIUM_JCE_ECDSA_FIX)) == null || !configuration.equalsIgnoreCase("false"))) {
            z8 = true;
            try {
                Signature signature = Signature.getInstance("SHA256withECDSA");
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
                keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"));
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                byte[] hex2ByteArray = StringUtil.hex2ByteArray("3006020100020100");
                signature.initVerify(generateKeyPair.getPublic());
                signature.update(hex2ByteArray);
                z8 = signature.verify(hex2ByteArray);
            } catch (InvalidAlgorithmParameterException e10) {
            } catch (InvalidKeyException e11) {
            } catch (NoSuchAlgorithmException e12) {
            } catch (SignatureException e13) {
            }
            LOGGER.debug("ECDSA {}vulnerable.", z8 ? io.netty.util.internal.StringUtil.EMPTY_STRING : "not ");
        }
        if (!LOGGER.isDebugEnabled()) {
            LOGGER.info("RSA: {}, EC: {}, AES: {}", new Object[]{Boolean.valueOf(z7), Boolean.valueOf(z6), str2});
        }
        String d = provider == null ? "n.a." : Double.toString(provider.getVersion());
        boolean z9 = false;
        boolean z10 = false;
        if (!z5 || provider == null) {
            provider = null;
            LOGGER.info("EdDSA not supported!");
        } else {
            if (isBouncyCastle(provider)) {
                configure(provider, "Alg.Alias.KeyFactory.OID.1.3.101.112", "Ed25519");
                configure(provider, "Alg.Alias.KeyFactory.OID.1.3.101.113", "Ed448");
            } else if (isNetI2PEdDsa(provider)) {
                configure(provider, "Alg.Alias.KeyFactory.Ed25519", "EdDSA");
            }
            try {
                KeyFactory.getInstance("Ed25519");
                z9 = true;
            } catch (NoSuchAlgorithmException e14) {
            }
            try {
                KeyFactory.getInstance("Ed448");
                z10 = true;
            } catch (NoSuchAlgorithmException e15) {
            }
            LOGGER.info("EdDSA supported by {}, Ed25519: {}, Ed448: {}", new Object[]{provider.getName(), Boolean.valueOf(z9), Boolean.valueOf(z10)});
        }
        JceProviderUtil jceProviderUtil = new JceProviderUtil(isBouncyCastle(provider), z7, z6, z9, z10, i >= 256, z8, d);
        if (!jceProviderUtil.equals(features)) {
            features = jceProviderUtil;
        }
        LOGGER.info("JCE setup: {}, ready.", provider);
        if (LOGGER.isDebugEnabled()) {
            Provider[] providers = Security.getProviders();
            for (int i2 = 0; i2 < providers.length; i2++) {
                LOGGER.debug("Security Provider [{}]: {}.", Integer.valueOf(i2), providers[i2]);
            }
            LOGGER.trace("JCE setup callstack:", new Throwable("JCE setup"));
        }
    }

    public static void init() {
    }

    public static boolean usesBouncyCastle() {
        return features.useBc;
    }

    public static boolean hasStrongEncryption() {
        return features.strongEncryption;
    }

    public static boolean isEcdsaVulnerable() {
        return features.ecdsaVulnerable;
    }

    public static boolean isSupported(String str) {
        if ("EC".equalsIgnoreCase(str)) {
            return features.ec;
        }
        if ("RSA".equalsIgnoreCase(str)) {
            return features.rsa;
        }
        String edDsaStandardAlgorithmName = getEdDsaStandardAlgorithmName(str, null);
        if ("OID.1.3.101.112".equals(edDsaStandardAlgorithmName)) {
            return features.ed25519;
        }
        if ("OID.1.3.101.113".equals(edDsaStandardAlgorithmName)) {
            return features.ed448;
        }
        if ("EdDSA".equalsIgnoreCase(str)) {
            return features.ed25519 || features.ed448;
        }
        return false;
    }

    public static String getEdDsaStandardAlgorithmName(String str, String str2) {
        return "EdDSA".equalsIgnoreCase(str) ? "EdDSA" : StringUtil.containsIgnoreCase(ED25519_ALIASES, str) ? "OID.1.3.101.112" : StringUtil.containsIgnoreCase(ED448_ALIASES, str) ? "OID.1.3.101.113" : str2;
    }

    public static boolean equalKeyAlgorithmSynonyms(String str, String str2) {
        if (str != null && str.equals(str2)) {
            return true;
        }
        for (String[] strArr : ALGORITHM_ALIASES) {
            if (StringUtil.containsIgnoreCase(strArr, str) && StringUtil.containsIgnoreCase(strArr, str2)) {
                return true;
            }
        }
        return false;
    }

    public static String getProviderVersion() {
        return features.providerVersion;
    }

    private JceProviderUtil(boolean z, boolean z2, boolean z3, boolean z4, boolean z5, boolean z6, boolean z7, String str) {
        this.useBc = z;
        this.rsa = z2;
        this.ec = z3;
        this.ed25519 = z4;
        this.ed448 = z5;
        this.strongEncryption = z6;
        this.ecdsaVulnerable = z7;
        this.providerVersion = str;
    }

    public int hashCode() {
        return (31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * 1) + (this.ed25519 ? 41 : 37))) + (this.ed448 ? 41 : 37))) + (this.strongEncryption ? 41 : 37))) + (this.ec ? 41 : 37))) + (this.rsa ? 41 : 37))) + (this.useBc ? 41 : 37))) + this.providerVersion.hashCode();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        JceProviderUtil jceProviderUtil = (JceProviderUtil) obj;
        return this.ed25519 == jceProviderUtil.ed25519 && this.ed448 == jceProviderUtil.ed448 && this.strongEncryption == jceProviderUtil.strongEncryption && this.ec == jceProviderUtil.ec && this.rsa == jceProviderUtil.rsa && this.useBc == jceProviderUtil.useBc && this.providerVersion.equals(jceProviderUtil.providerVersion);
    }

    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.String[], java.lang.String[][]] */
    static {
        try {
            Class.forName(AccessController.class.getName());
            doPrivileged();
        } catch (ClassNotFoundException e) {
            try {
                setupJce();
            } catch (Throwable th) {
                LOGGER.error("JCE:", th);
            }
        }
    }
}
