package org.jruby.ext.openssl;

import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyFactorySpi;
import java.security.KeyPairGenerator;
import java.security.KeyPairGeneratorSpi;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.MessageDigestSpi;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SecureRandomSpi;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateFactorySpi;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Locale;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.CipherSpi;
import javax.crypto.KeyGenerator;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.Mac;
import javax.crypto.MacSpi;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.SecretKeyFactorySpi;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.cert.CertException;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.crypto.params.DSAParameters;
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.jce.provider.X509CRLObject;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorException;
import org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder;
import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
import org.switchyard.internal.HandlerChain;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-335.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/SecurityHelper.class */
public abstract class SecurityHelper {
    static Provider securityProvider;
    private static String BC_PROVIDER_CLASS = "org.bouncycastle.jce.provider.BouncyCastleProvider";
    static boolean setBouncyCastleProvider = true;
    private static Boolean registerProvider = null;
    private static final Map<String, Class> implEngines = new ConcurrentHashMap(16, 0.75f, 1);
    private static Boolean tryCipherInternal = Boolean.FALSE;
    private static final Class<?>[] STRING_PARAM = {String.class};
    private static boolean providerSSLContext = false;

    public static void addCipher(String str, Class<? extends CipherSpi> cls) {
        implEngines.put("Cipher:" + str, cls);
        tryCipherInternal = true;
    }

    public static void addSignature(String str, Class<? extends SignatureSpi> cls) {
        implEngines.put("Signature:" + str, cls);
    }

    public static Provider getSecurityProvider() {
        if (setBouncyCastleProvider && securityProvider == null) {
            synchronized (SecurityHelper.class) {
                if (setBouncyCastleProvider && securityProvider == null) {
                    setBouncyCastleProvider();
                    setBouncyCastleProvider = false;
                }
            }
        }
        doRegisterProvider();
        return securityProvider;
    }

    public static synchronized void setSecurityProvider(Provider provider) {
        securityProvider = provider;
    }

    static synchronized void setBouncyCastleProvider() {
        setSecurityProvider(newBouncyCastleProvider());
    }

    private static Provider newBouncyCastleProvider() {
        try {
            return (Provider) Class.forName(BC_PROVIDER_CLASS).newInstance();
        } catch (Throwable th) {
            return null;
        }
    }

    public static synchronized void setRegisterProvider(boolean z) {
        registerProvider = Boolean.valueOf(z);
        doRegisterProvider();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isProviderAvailable(String str) {
        return Security.getProvider(str) != null;
    }

    static boolean isProviderRegistered() {
        return (securityProvider == null || Security.getProvider(securityProvider.getName()) == null) ? false : true;
    }

    private static void doRegisterProvider() {
        if (registerProvider != null) {
            synchronized (SecurityHelper.class) {
                if (registerProvider != null && registerProvider.booleanValue() && securityProvider != null) {
                    Security.addProvider(securityProvider);
                }
            }
            registerProvider = null;
        }
    }

    public static CertificateFactory getCertificateFactory(String str) throws CertificateException {
        try {
            Provider securityProvider2 = getSecurityProvider();
            if (securityProvider2 != null) {
                return getCertificateFactory(str, securityProvider2);
            }
        } catch (CertificateException e) {
        }
        return CertificateFactory.getInstance(str);
    }

    static CertificateFactory getCertificateFactory(String str, Provider provider) throws CertificateException {
        CertificateFactorySpi certificateFactorySpi = (CertificateFactorySpi) getImplEngine("CertificateFactory", str);
        if (certificateFactorySpi == null) {
            throw new CertificateException(str + " not found");
        }
        return (CertificateFactory) newInstance(CertificateFactory.class, new Class[]{CertificateFactorySpi.class, Provider.class, String.class}, certificateFactorySpi, provider, str);
    }

    public static KeyFactory getKeyFactory(String str) throws NoSuchAlgorithmException {
        try {
            Provider securityProvider2 = getSecurityProvider();
            if (securityProvider2 != null) {
                return getKeyFactory(str, securityProvider2);
            }
        } catch (NoSuchAlgorithmException e) {
        }
        return KeyFactory.getInstance(str);
    }

    static KeyFactory getKeyFactory(String str, Provider provider) throws NoSuchAlgorithmException {
        KeyFactorySpi keyFactorySpi = (KeyFactorySpi) getImplEngine("KeyFactory", str);
        if (keyFactorySpi == null) {
            throw new NoSuchAlgorithmException(str + " not found");
        }
        return (KeyFactory) newInstance(KeyFactory.class, new Class[]{KeyFactorySpi.class, Provider.class, String.class}, keyFactorySpi, provider, str);
    }

    public static KeyPairGenerator getKeyPairGenerator(String str) throws NoSuchAlgorithmException {
        try {
            Provider securityProvider2 = getSecurityProvider();
            if (securityProvider2 != null) {
                return getKeyPairGenerator(str, securityProvider2);
            }
        } catch (NoSuchAlgorithmException e) {
        }
        return KeyPairGenerator.getInstance(str);
    }

    static KeyPairGenerator getKeyPairGenerator(String str, Provider provider) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator;
        Object implEngine = getImplEngine("KeyPairGenerator", str);
        if (implEngine == null) {
            throw new NoSuchAlgorithmException(str + " KeyPairGenerator not available");
        }
        if (implEngine instanceof KeyPairGenerator) {
            keyPairGenerator = (KeyPairGenerator) implEngine;
        } else {
            try {
                keyPairGenerator = (KeyPairGenerator) newInstance(Class.forName(KeyPairGenerator.class.getName() + "$Delegate"), new Class[]{KeyPairGeneratorSpi.class, String.class}, implEngine, str);
            } catch (ClassNotFoundException e) {
                throw new RuntimeException(e);
            }
        }
        setField(keyPairGenerator, KeyPairGenerator.class, HandlerChain.PROVIDER_HANDLER, provider);
        return keyPairGenerator;
    }

    public static KeyStore getKeyStore(String str) throws KeyStoreException {
        try {
            Provider securityProvider2 = getSecurityProvider();
            if (securityProvider2 != null) {
                return getKeyStore(str, securityProvider2);
            }
        } catch (KeyStoreException e) {
        }
        return KeyStore.getInstance(str);
    }

    static KeyStore getKeyStore(String str, Provider provider) throws KeyStoreException {
        return KeyStore.getInstance(str, provider);
    }

    public static MessageDigest getMessageDigest(String str) throws NoSuchAlgorithmException {
        try {
            Provider securityProvider2 = getSecurityProvider();
            if (securityProvider2 != null) {
                return getMessageDigest(str, securityProvider2);
            }
        } catch (NoSuchAlgorithmException e) {
        }
        return MessageDigest.getInstance(str);
    }

    static MessageDigest getMessageDigest(String str, Provider provider) throws NoSuchAlgorithmException {
        MessageDigest messageDigest;
        Object implEngine = getImplEngine("MessageDigest", str);
        if (implEngine == null) {
            throw new NoSuchAlgorithmException(str + " not found");
        }
        if (implEngine instanceof MessageDigest) {
            messageDigest = (MessageDigest) implEngine;
        } else {
            try {
                messageDigest = (MessageDigest) newInstance(Class.forName(MessageDigest.class.getName() + "$Delegate"), new Class[]{MessageDigestSpi.class, String.class}, implEngine, str);
            } catch (ClassNotFoundException e) {
                throw new RuntimeException(e);
            }
        }
        setField(messageDigest, MessageDigest.class, HandlerChain.PROVIDER_HANDLER, provider);
        return messageDigest;
    }

    public static SecureRandom getSecureRandom() {
        String secureRandomAlgorithm;
        try {
            Provider securityProvider2 = getSecurityProvider();
            if (securityProvider2 != null && (secureRandomAlgorithm = getSecureRandomAlgorithm(securityProvider2)) != null) {
                return getSecureRandom(secureRandomAlgorithm, securityProvider2);
            }
        } catch (NoSuchAlgorithmException e) {
        }
        return new SecureRandom();
    }

    private static SecureRandom getSecureRandom(String str, Provider provider) throws NoSuchAlgorithmException {
        SecureRandomSpi secureRandomSpi = (SecureRandomSpi) getImplEngine("SecureRandom", str);
        if (secureRandomSpi == null) {
            throw new NoSuchAlgorithmException(str + " not found");
        }
        return (SecureRandom) newInstance(SecureRandom.class, new Class[]{SecureRandomSpi.class, Provider.class, String.class}, secureRandomSpi, provider, str);
    }

    private static String getSecureRandomAlgorithm(Provider provider) {
        for (Provider.Service service : provider.getServices()) {
            if ("SecureRandom".equals(service.getType())) {
                return service.getAlgorithm();
            }
        }
        return null;
    }

    public static javax.crypto.Cipher getCipher(String str) throws NoSuchAlgorithmException, NoSuchPaddingException {
        Provider securityProvider2;
        try {
            if (tryCipherInternal == Boolean.FALSE && (securityProvider2 = getSecurityProvider()) != null) {
                return getCipher(str, securityProvider2);
            }
        } catch (SecurityException e) {
            if (tryCipherInternal != null) {
                tryCipherInternal = Boolean.TRUE;
            }
            OpenSSL.debugStackTrace(e);
        } catch (NoSuchAlgorithmException e2) {
        } catch (NoSuchPaddingException e3) {
        }
        if (tryCipherInternal == Boolean.TRUE) {
            try {
                Provider securityProvider3 = getSecurityProvider();
                if (securityProvider3 != null) {
                    return getCipherInternal(str, securityProvider3);
                }
            } catch (RuntimeException e4) {
                tryCipherInternal = null;
                OpenSSL.debugStackTrace(e4);
            } catch (NoSuchAlgorithmException e5) {
            }
        }
        return javax.crypto.Cipher.getInstance(str);
    }

    static javax.crypto.Cipher getCipher(String str, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException {
        return javax.crypto.Cipher.getInstance(str, provider);
    }

    private static javax.crypto.Cipher getCipherInternal(String str, Provider provider) throws NoSuchAlgorithmException {
        CipherSpi cipherSpi = (CipherSpi) getImplEngine("Cipher", str);
        if (cipherSpi == null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, "/");
            String nextToken = stringTokenizer.nextToken();
            cipherSpi = (CipherSpi) getImplEngine("Cipher", nextToken);
            if (cipherSpi == null) {
                throw new NoSuchAlgorithmException(str + " not found");
            }
            if (stringTokenizer.hasMoreTokens() && !str.regionMatches(nextToken.length(), "//", 0, 2)) {
                invoke(cipherSpi, CipherSpi.class, "engineSetMode", STRING_PARAM, stringTokenizer.nextToken());
            }
            if (stringTokenizer.hasMoreTokens()) {
                invoke(cipherSpi, CipherSpi.class, "engineSetPadding", STRING_PARAM, stringTokenizer.nextToken());
            }
        }
        try {
            javax.crypto.Cipher cipher = (javax.crypto.Cipher) newInstance(javax.crypto.Cipher.class, new Class[]{CipherSpi.class, String.class}, cipherSpi, str);
            setField(cipher, javax.crypto.Cipher.class, HandlerChain.PROVIDER_HANDLER, provider);
            return cipher;
        } catch (Exception e) {
            return (javax.crypto.Cipher) newInstance(javax.crypto.Cipher.class, new Class[]{CipherSpi.class, Provider.class, String.class}, cipherSpi, provider, str);
        }
    }

    public static Signature getSignature(String str) throws NoSuchAlgorithmException {
        try {
            Provider securityProvider2 = getSecurityProvider();
            if (securityProvider2 != null) {
                return getSignature(str, securityProvider2);
            }
        } catch (NoSuchAlgorithmException e) {
        }
        return Signature.getInstance(str);
    }

    static Signature getSignature(String str, Provider provider) throws NoSuchAlgorithmException {
        Signature signature;
        Object implEngine = getImplEngine("Signature", str);
        if (implEngine == null) {
            throw new NoSuchAlgorithmException(str + " Signature not available");
        }
        if (implEngine instanceof Signature) {
            signature = (Signature) implEngine;
        } else {
            try {
                signature = (Signature) newInstance(Class.forName(Signature.class.getName() + "$Delegate"), new Class[]{SignatureSpi.class, String.class}, implEngine, str);
            } catch (ClassNotFoundException e) {
                throw new RuntimeException(e);
            }
        }
        setField(signature, Signature.class, HandlerChain.PROVIDER_HANDLER, provider);
        return signature;
    }

    public static Mac getMac(String str) throws NoSuchAlgorithmException {
        Mac mac = null;
        Provider securityProvider2 = getSecurityProvider();
        if (securityProvider2 != null) {
            mac = getMac(str, securityProvider2, true);
        }
        if (mac == null) {
            mac = Mac.getInstance(str);
        }
        return mac;
    }

    static Mac getMac(String str, Provider provider) throws NoSuchAlgorithmException {
        return getMac(str, provider, false);
    }

    private static Mac getMac(String str, Provider provider, boolean z) throws NoSuchAlgorithmException {
        MacSpi macSpi = (MacSpi) getImplEngine("Mac", str);
        if (macSpi != null) {
            return (Mac) newInstance(Mac.class, new Class[]{MacSpi.class, Provider.class, String.class}, macSpi, provider, str);
        }
        if (z) {
            return null;
        }
        throw new NoSuchAlgorithmException(str + " not found");
    }

    public static KeyGenerator getKeyGenerator(String str) throws NoSuchAlgorithmException {
        try {
            Provider securityProvider2 = getSecurityProvider();
            if (securityProvider2 != null) {
                return getKeyGenerator(str, securityProvider2);
            }
        } catch (SecurityException e) {
            OpenSSL.debugStackTrace(e);
        } catch (NoSuchAlgorithmException e2) {
        }
        return KeyGenerator.getInstance(str);
    }

    static KeyGenerator getKeyGenerator(String str, Provider provider) throws NoSuchAlgorithmException {
        KeyGeneratorSpi keyGeneratorSpi = (KeyGeneratorSpi) getImplEngine("KeyGenerator", str);
        if (keyGeneratorSpi == null) {
            throw new NoSuchAlgorithmException(str + " not found");
        }
        return (KeyGenerator) newInstance(KeyGenerator.class, new Class[]{KeyGeneratorSpi.class, Provider.class, String.class}, keyGeneratorSpi, provider, str);
    }

    public static SecretKeyFactory getSecretKeyFactory(String str) throws NoSuchAlgorithmException {
        try {
            Provider securityProvider2 = getSecurityProvider();
            if (securityProvider2 != null) {
                return getSecretKeyFactory(str, securityProvider2);
            }
        } catch (SecurityException e) {
            OpenSSL.debugStackTrace(e);
        } catch (NoSuchAlgorithmException e2) {
        }
        return SecretKeyFactory.getInstance(str);
    }

    static SecretKeyFactory getSecretKeyFactory(String str, Provider provider) throws NoSuchAlgorithmException {
        SecretKeyFactorySpi secretKeyFactorySpi = (SecretKeyFactorySpi) getImplEngine("SecretKeyFactory", str);
        if (secretKeyFactorySpi == null) {
            throw new NoSuchAlgorithmException(str + " not found");
        }
        return (SecretKeyFactory) newInstance(SecretKeyFactory.class, new Class[]{SecretKeyFactorySpi.class, Provider.class, String.class}, secretKeyFactorySpi, provider, str);
    }

    public static javax.net.ssl.SSLContext getSSLContext(String str) throws NoSuchAlgorithmException {
        Provider securityProvider2;
        try {
            if (providerSSLContext && (securityProvider2 = getSecurityProvider()) != null) {
                return getSSLContext(str, securityProvider2);
            }
        } catch (NoSuchAlgorithmException e) {
        }
        return javax.net.ssl.SSLContext.getInstance(str);
    }

    private static javax.net.ssl.SSLContext getSSLContext(String str, Provider provider) throws NoSuchAlgorithmException {
        return javax.net.ssl.SSLContext.getInstance(str, provider);
    }

    public static boolean verify(java.security.cert.X509CRL x509crl, PublicKey publicKey) throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {
        return verify(x509crl, publicKey, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean verify(java.security.cert.X509CRL x509crl, PublicKey publicKey, boolean z) throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {
        ContentVerifierProvider build;
        if (x509crl instanceof X509CRLObject) {
            CertificateList certificateList = (CertificateList) getCertificateList(x509crl);
            if (!certificateList.getSignatureAlgorithm().equals(certificateList.getTBSCertList().getSignature())) {
                if (z) {
                    return false;
                }
                throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
            }
            Signature signature = getSignature(x509crl.getSigAlgName(), securityProvider);
            signature.initVerify(publicKey);
            signature.update(x509crl.getTBSCertList());
            if (signature.verify(x509crl.getSignature())) {
                return true;
            }
            if (z) {
                return false;
            }
            throw new SignatureException("CRL does not verify with supplied public key.");
        }
        try {
            DefaultDigestAlgorithmIdentifierFinder defaultDigestAlgorithmIdentifierFinder = new DefaultDigestAlgorithmIdentifierFinder();
            if ("DSA".equalsIgnoreCase(publicKey.getAlgorithm())) {
                BigInteger y = ((DSAPublicKey) publicKey).getY();
                DSAParams params = ((DSAPublicKey) publicKey).getParams();
                build = new BcDSAContentVerifierProviderBuilder(defaultDigestAlgorithmIdentifierFinder).build(new DSAPublicKeyParameters(y, new DSAParameters(params.getP(), params.getQ(), params.getG())));
            } else {
                build = new BcRSAContentVerifierProviderBuilder(defaultDigestAlgorithmIdentifierFinder).build(new RSAKeyParameters(false, ((RSAPublicKey) publicKey).getModulus(), ((RSAPublicKey) publicKey).getPublicExponent()));
            }
            return new X509CRLHolder(x509crl.getEncoded()).isSignatureValid(build);
        } catch (IOException e) {
            throw new SignatureException(e);
        } catch (ClassCastException e2) {
            throw new SignatureException(e2);
        } catch (CertException e3) {
            throw new SignatureException(e3);
        } catch (OperatorException e4) {
            throw new SignatureException(e4);
        }
    }

    private static Object getCertificateList(Object obj) {
        try {
            Field declaredField = X509CRLObject.class.getDeclaredField("c");
            declaredField.setAccessible(true);
            return declaredField.get(obj);
        } catch (IllegalAccessException e) {
            return null;
        } catch (NoSuchFieldException e2) {
            OpenSSL.debugStackTrace(e2);
            return null;
        } catch (SecurityException e3) {
            return null;
        }
    }

    private static Object getImplEngine(String str, String str2) {
        Object findImplEngine = findImplEngine(str, str2.toUpperCase(Locale.ENGLISH));
        if (findImplEngine == null) {
            findImplEngine = findImplEngine(str, str2);
        }
        return findImplEngine;
    }

    private static Object findImplEngine(String str, String str2) {
        Class<?> cls = implEngines.get(str + ":" + str2);
        if (cls == null) {
            Provider provider = securityProvider;
            while (true) {
                String property = provider.getProperty("Alg.Alias." + str + "." + str2);
                if (property == null) {
                    break;
                }
                str2 = property;
            }
            String property2 = provider.getProperty(str + "." + str2);
            if (property2 == null) {
                return null;
            }
            try {
                ClassLoader classLoader = provider.getClass().getClassLoader();
                cls = classLoader != null ? classLoader.loadClass(property2) : Class.forName(property2);
                cls.newInstance();
                implEngines.put(str + ":" + str2, cls);
            } catch (ClassNotFoundException e) {
                throw new IllegalStateException("algorithm " + str2 + " in provider " + provider.getName() + " but no class \"" + property2 + "\" found!");
            } catch (Exception e2) {
                throw new IllegalStateException("algorithm " + str2 + " in provider " + provider.getName() + " but class \"" + property2 + "\" inaccessible!");
            }
        }
        try {
            return cls.newInstance();
        } catch (Exception e3) {
            throw new IllegalStateException("algorithm " + str2 + " in provider " + securityProvider.getName() + " but class \"" + cls.getName() + "\" inaccessible!");
        }
    }

    private static <T> T newInstance(Class<T> cls, Class<?>[] clsArr, Object... objArr) {
        try {
            Constructor<T> declaredConstructor = cls.getDeclaredConstructor(clsArr);
            declaredConstructor.setAccessible(true);
            return declaredConstructor.newInstance(objArr);
        } catch (IllegalAccessException e) {
            throw new IllegalStateException(e);
        } catch (InstantiationException e2) {
            throw new IllegalStateException(e2);
        } catch (NoSuchMethodException e3) {
            throw new IllegalStateException(e3.getMessage(), e3);
        } catch (InvocationTargetException e4) {
            throw new IllegalStateException(e4.getTargetException());
        }
    }

    private static <T> T invoke(Object obj, Class<?> cls, String str, Class<?>[] clsArr, Object... objArr) {
        try {
            Method declaredMethod = cls.getDeclaredMethod(str, clsArr);
            declaredMethod.setAccessible(true);
            return (T) declaredMethod.invoke(obj, objArr);
        } catch (IllegalAccessException e) {
            throw new IllegalStateException(e);
        } catch (NoSuchMethodException e2) {
            throw new IllegalStateException(e2.getMessage(), e2);
        } catch (InvocationTargetException e3) {
            throw new IllegalStateException(e3.getTargetException());
        }
    }

    private static void setField(Object obj, Class<?> cls, String str, Object obj2) {
        try {
            Field declaredField = cls.getDeclaredField(str);
            declaredField.setAccessible(true);
            declaredField.set(obj, obj2);
        } catch (IllegalAccessException e) {
            throw new IllegalStateException(e);
        } catch (NoSuchFieldException e2) {
            throw new IllegalStateException("no field '" + str + "' declared in " + cls + "", e2);
        }
    }
}
