package org.eclipse.californium.elements.util;

import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import javax.crypto.Cipher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/elements/util/JceProviderUtil.class */
public class JceProviderUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(JceProviderUtil.class);
    private static volatile JceProviderUtil features;
    private static final String NET_I2P_CRYPTO_EDDSA = "net.i2p.crypto.eddsa";
    private static final String NET_I2P_CRYPTO_EDDSA_PROVIDER = "net.i2p.crypto.eddsa.EdDSASecurityProvider";
    private static final String BOUNCY_CASTLE_JCE_PROVIDER = "org.bouncycastle.jce.provider.BouncyCastleProvider";
    private static final String BOUNCY_CASTLE_JSSE_PROVIDER = "org.bouncycastle.jsse.provider.BouncyCastleJsseProvider";
    private static final String CALIFORNIUM_JCE_PROVIDER = "CALIFORNIUM_JCE_PROVIDER";
    private static final String JCE_PROVIDER_SYSTEM = "SYSTEM";
    private static final String JCE_PROVIDER_BOUNCY_CASTLE = "BC";
    private static final String JCE_PROVIDER_NET_I2P_CRYPTO = "I2P";
    private static final String JSSE_PROVIDER_BOUNCY_CASTLE = "BCJSSE";
    private static final String AES = "AES";
    private final boolean useBc;
    private final boolean rsa;
    private final boolean ec;
    private final boolean ed25519;
    private final boolean ed448;
    private final boolean strongEncryption;

    private static boolean isBouncyCastle(Provider provider) {
        return provider != null && provider.getName().equals(JCE_PROVIDER_BOUNCY_CASTLE);
    }

    private static void configureBouncyCastle(Provider provider) {
        if (isBouncyCastle(provider)) {
            configure(provider, "Alg.Alias.KeyFactory.OID.1.3.101.112", Asn1DerDecoder.ED25519);
            configure(provider, "Alg.Alias.KeyFactory.OID.1.3.101.113", Asn1DerDecoder.ED448);
        }
    }

    private static void configure(Provider provider, String str, String str2) {
        if (str2.equals(provider.getProperty(str))) {
            return;
        }
        provider.setProperty(str, str2);
    }

    private static Provider loadProvider(String str) {
        try {
            Provider provider = (Provider) Class.forName(str).getConstructor(new Class[0]).newInstance(new Object[0]);
            LOGGER.info("Loaded {}", str);
            return provider;
        } catch (Throwable th) {
            LOGGER.trace("Loading {} failed!", str, th);
            return null;
        }
    }

    private static void setupLoggingBridge() {
        try {
            Class<?> cls = Class.forName("org.slf4j.bridge.SLF4JBridgeHandler");
            cls.getMethod("removeHandlersForRootLogger", new Class[0]).invoke(null, new Object[0]);
            cls.getMethod("install", new Class[0]).invoke(null, new Object[0]);
        } catch (Throwable th) {
            LOGGER.warn("Setup BC logging failed!", th);
        }
    }

    private static void setupJce() {
        Provider loadProvider;
        boolean z = true;
        boolean z2 = false;
        boolean z3 = true;
        String configuration = StringUtil.getConfiguration(CALIFORNIUM_JCE_PROVIDER);
        if (configuration != null && !configuration.isEmpty()) {
            LOGGER.info("JCE setup: {}", configuration);
            if (JCE_PROVIDER_SYSTEM.equalsIgnoreCase(configuration)) {
                z2 = false;
                z3 = false;
            } else if (JCE_PROVIDER_BOUNCY_CASTLE.equalsIgnoreCase(configuration)) {
                z2 = true;
                z = false;
                z3 = false;
            } else if (JCE_PROVIDER_NET_I2P_CRYPTO.equalsIgnoreCase(configuration)) {
                z = false;
                z2 = false;
            }
        }
        boolean z4 = false;
        Provider provider = null;
        try {
            provider = KeyFactory.getInstance(Asn1DerDecoder.EDDSA).getProvider();
            if (z) {
                z4 = true;
                LOGGER.trace("EdDSA from default jce {}", provider.getName());
            }
        } catch (NoSuchAlgorithmException e) {
        }
        if (!z4 && z2) {
            if (isBouncyCastle(provider)) {
                z4 = true;
                LOGGER.trace("EdDSA from BC");
            } else {
                setupLoggingBridge();
                Provider loadProvider2 = loadProvider(BOUNCY_CASTLE_JCE_PROVIDER);
                if (loadProvider2 != null) {
                    try {
                        KeyFactory.getInstance(Asn1DerDecoder.EDDSA, loadProvider2);
                        Security.removeProvider(loadProvider2.getName());
                        Security.insertProviderAt(loadProvider2, 1);
                        provider = loadProvider2;
                        z4 = true;
                        LOGGER.trace("EdDSA from BC");
                    } catch (SecurityException e2) {
                    } catch (NoSuchAlgorithmException e3) {
                    }
                }
                if (z4 && Security.getProvider(JSSE_PROVIDER_BOUNCY_CASTLE) == null && (loadProvider = loadProvider(BOUNCY_CASTLE_JSSE_PROVIDER)) != null) {
                    Security.setProperty("ssl.KeyManagerFactory.algorithm", "PKIX");
                    Security.setProperty("ssl.TrustManagerFactory.algorithm", "PKIX");
                    try {
                        Security.insertProviderAt(loadProvider, 2);
                        LOGGER.info("TLS from BC");
                    } catch (SecurityException e4) {
                    }
                }
            }
        }
        if (!z4 && z3) {
            if (provider == null || !provider.getClass().getName().equals(NET_I2P_CRYPTO_EDDSA_PROVIDER)) {
                Provider loadProvider3 = loadProvider(NET_I2P_CRYPTO_EDDSA_PROVIDER);
                if (loadProvider3 != null) {
                    try {
                        KeyFactory.getInstance(Asn1DerDecoder.ED25519, loadProvider3);
                        Security.removeProvider(loadProvider3.getName());
                        Security.addProvider(loadProvider3);
                        provider = loadProvider3;
                        z4 = true;
                        LOGGER.trace("EdDSA from {}", NET_I2P_CRYPTO_EDDSA);
                    } catch (SecurityException e5) {
                    } catch (NoSuchAlgorithmException e6) {
                    }
                }
            } else {
                z4 = true;
                LOGGER.trace("EdDSA from {}", NET_I2P_CRYPTO_EDDSA);
            }
        }
        boolean z5 = false;
        try {
            z5 = Cipher.getMaxAllowedKeyLength(AES) >= 256;
        } catch (NoSuchAlgorithmException e7) {
        }
        boolean z6 = false;
        boolean z7 = false;
        try {
            KeyFactory.getInstance(Asn1DerDecoder.RSA);
            z7 = true;
        } catch (NoSuchAlgorithmException e8) {
        }
        try {
            KeyFactory.getInstance(Asn1DerDecoder.EC);
            z6 = true;
        } catch (NoSuchAlgorithmException e9) {
        }
        LOGGER.debug("RSA: {}, EC: {}, strong encryption: {}", new Object[]{Boolean.valueOf(z7), Boolean.valueOf(z6), Boolean.valueOf(z5)});
        boolean z8 = false;
        boolean z9 = false;
        if (!z4 || provider == null) {
            provider = null;
            LOGGER.debug("EdDSA not supported!");
        } else {
            configureBouncyCastle(provider);
            try {
                KeyFactory.getInstance(Asn1DerDecoder.ED25519);
                z8 = true;
            } catch (NoSuchAlgorithmException e10) {
            }
            try {
                KeyFactory.getInstance(Asn1DerDecoder.ED448);
                z9 = true;
            } catch (NoSuchAlgorithmException e11) {
            }
            LOGGER.debug("EdDSA supported by {}, Ed25519: {}, Ed448: {}", new Object[]{provider.getName(), Boolean.valueOf(z8), Boolean.valueOf(z9)});
        }
        JceProviderUtil jceProviderUtil = new JceProviderUtil(isBouncyCastle(provider), z7, z6, z8, z9, z5);
        if (jceProviderUtil.equals(features)) {
            return;
        }
        features = jceProviderUtil;
    }

    public static void init() {
    }

    public static boolean usesBouncyCastle() {
        return features.useBc;
    }

    public static boolean hasStrongEncryption() {
        return features.strongEncryption;
    }

    public static boolean isSupported(String str) {
        if (Asn1DerDecoder.EC.equalsIgnoreCase(str)) {
            return features.ec;
        }
        if (Asn1DerDecoder.RSA.equalsIgnoreCase(str)) {
            return features.rsa;
        }
        String edDsaStandardAlgorithmName = Asn1DerDecoder.getEdDsaStandardAlgorithmName(str, null);
        if (Asn1DerDecoder.OID_ED25519.equals(edDsaStandardAlgorithmName)) {
            return features.ed25519;
        }
        if (Asn1DerDecoder.OID_ED448.equals(edDsaStandardAlgorithmName)) {
            return features.ed448;
        }
        if (Asn1DerDecoder.EDDSA.equalsIgnoreCase(str)) {
            return features.ed25519 || features.ed448;
        }
        return false;
    }

    private JceProviderUtil(boolean z, boolean z2, boolean z3, boolean z4, boolean z5, boolean z6) {
        this.useBc = z;
        this.rsa = z2;
        this.ec = z3;
        this.ed25519 = z4;
        this.ed448 = z5;
        this.strongEncryption = z6;
    }

    public int hashCode() {
        return (31 * ((31 * ((31 * ((31 * ((31 * ((31 * 1) + (this.ed25519 ? 41 : 37))) + (this.ed448 ? 41 : 37))) + (this.strongEncryption ? 41 : 37))) + (this.ec ? 41 : 37))) + (this.rsa ? 41 : 37))) + (this.useBc ? 41 : 37);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        JceProviderUtil jceProviderUtil = (JceProviderUtil) obj;
        return this.ed25519 == jceProviderUtil.ed25519 && this.ed448 == jceProviderUtil.ed448 && this.strongEncryption == jceProviderUtil.strongEncryption && this.ec == jceProviderUtil.ec && this.rsa == jceProviderUtil.rsa && this.useBc == jceProviderUtil.useBc;
    }

    static {
        setupJce();
    }
}
