package net.shibboleth.metadata.validate.x509;

import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.GuardedBy;
import javax.annotation.concurrent.ThreadSafe;
import net.shibboleth.metadata.Item;
import net.shibboleth.shared.logic.Constraint;

@ThreadSafe
/* loaded from: input_file:net/shibboleth/metadata/validate/x509/X509RSAExponentValidator.class */
public class X509RSAExponentValidator extends AbstractX509Validator {

    @Nonnull
    @GuardedBy("this")
    private BigInteger errorBoundary = bigInteger(5);

    @Nonnull
    @GuardedBy("this")
    private BigInteger warningBoundary = bigInteger(0);
    static final /* synthetic */ boolean $assertionsDisabled;

    @Nonnull
    private static final BigInteger bigInteger(long j) {
        BigInteger valueOf = BigInteger.valueOf(j);
        if ($assertionsDisabled || valueOf != null) {
            return valueOf;
        }
        throw new AssertionError();
    }

    public final synchronized BigInteger getErrorBoundary() {
        return this.errorBoundary;
    }

    public synchronized void setErrorBoundary(@Nonnull BigInteger bigInteger) {
        Constraint.isGreaterThanOrEqual(0, bigInteger.compareTo(bigInteger(0L)), "boundary value must not be negative");
        this.errorBoundary = bigInteger;
    }

    public void setErrorBoundary(long j) {
        setErrorBoundary(bigInteger(j));
    }

    public final synchronized BigInteger getWarningBoundary() {
        return this.warningBoundary;
    }

    public synchronized void setWarningBoundary(@Nonnull BigInteger bigInteger) {
        Constraint.isGreaterThanOrEqual(0, bigInteger.compareTo(BigInteger.ZERO), "boundary value must not be negative");
        this.warningBoundary = bigInteger;
    }

    public synchronized void setWarningBoundary(long j) {
        setWarningBoundary(bigInteger(j));
    }

    @Override // net.shibboleth.metadata.validate.x509.AbstractX509Validator
    public void doValidate(@Nonnull X509Certificate x509Certificate, @Nonnull Item<?> item, @Nonnull String str) {
        PublicKey publicKey = x509Certificate.getPublicKey();
        if ("RSA".equals(publicKey.getAlgorithm())) {
            BigInteger publicExponent = ((RSAPublicKey) publicKey).getPublicExponent();
            if (!publicExponent.testBit(0)) {
                addError("RSA public exponent of " + publicExponent + " must be odd", item, str);
            } else if (publicExponent.compareTo(getErrorBoundary()) < 0) {
                addError("RSA public exponent of " + publicExponent + " is less than required " + getErrorBoundary(), item, str);
            } else if (publicExponent.compareTo(getWarningBoundary()) < 0) {
                addWarning("RSA public exponent of " + publicExponent + " is less than recommended " + getWarningBoundary(), item, str);
            }
        }
    }

    static {
        $assertionsDisabled = !X509RSAExponentValidator.class.desiredAssertionStatus();
    }
}
