package org.opensaml.xmlsec.algorithm;

import com.google.common.base.Strings;
import java.security.Key;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Collection;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.xmlsec.algorithm.AlgorithmDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-xmlsec-api-3.1.1.jar:org/opensaml/xmlsec/algorithm/AlgorithmSupport.class */
public final class AlgorithmSupport {
    private static final Logger LOG = LoggerFactory.getLogger(AlgorithmSupport.class);

    private AlgorithmSupport() {
    }

    @Nullable
    public static AlgorithmRegistry getGlobalAlgorithmRegistry() {
        return (AlgorithmRegistry) ConfigurationService.get(AlgorithmRegistry.class);
    }

    public static boolean isKeyEncryptionAlgorithm(@Nullable AlgorithmDescriptor algorithmDescriptor) {
        if (algorithmDescriptor == null) {
            return false;
        }
        switch (algorithmDescriptor.getType()) {
            case KeyTransport:
            case SymmetricKeyWrap:
                return true;
            default:
                return false;
        }
    }

    public static boolean isDataEncryptionAlgorithm(@Nullable AlgorithmDescriptor algorithmDescriptor) {
        if (algorithmDescriptor == null) {
            return false;
        }
        switch (algorithmDescriptor.getType()) {
            case BlockEncryption:
                return true;
            default:
                return false;
        }
    }

    public static boolean credentialSupportsAlgorithmForSigning(@Nullable Credential credential, @Nullable AlgorithmDescriptor algorithmDescriptor) {
        Key extractSigningKey;
        if (credential == null || algorithmDescriptor == null || (extractSigningKey = CredentialSupport.extractSigningKey(credential)) == null) {
            return false;
        }
        switch (algorithmDescriptor.getType()) {
            case Signature:
                if (!(extractSigningKey instanceof PrivateKey)) {
                    return false;
                }
                break;
            case Mac:
                if (!(extractSigningKey instanceof SecretKey)) {
                    return false;
                }
                break;
            default:
                return false;
        }
        return checkKeyAlgorithmAndLength(extractSigningKey, algorithmDescriptor);
    }

    public static boolean credentialSupportsAlgorithmForEncryption(@Nullable Credential credential, @Nullable AlgorithmDescriptor algorithmDescriptor) {
        Key extractEncryptionKey;
        if (credential == null || algorithmDescriptor == null || (extractEncryptionKey = CredentialSupport.extractEncryptionKey(credential)) == null) {
            return false;
        }
        switch (algorithmDescriptor.getType()) {
            case KeyTransport:
                if (!(extractEncryptionKey instanceof PublicKey)) {
                    return false;
                }
                break;
            case SymmetricKeyWrap:
            case BlockEncryption:
                if (!(extractEncryptionKey instanceof SecretKey)) {
                    return false;
                }
                break;
            default:
                return false;
        }
        return checkKeyAlgorithmAndLength(extractEncryptionKey, algorithmDescriptor);
    }

    public static boolean checkKeyAlgorithmAndLength(@Nonnull Key key, @Nonnull AlgorithmDescriptor algorithmDescriptor) {
        if (!(algorithmDescriptor instanceof KeySpecifiedAlgorithm) || ((KeySpecifiedAlgorithm) algorithmDescriptor).getKey().equals(key.getAlgorithm())) {
            return !(algorithmDescriptor instanceof KeyLengthSpecifiedAlgorithm) || ((KeyLengthSpecifiedAlgorithm) algorithmDescriptor).getKeyLength().equals(KeySupport.getKeyLength(key));
        }
        return false;
    }

    @Nullable
    public static String getAlgorithmID(@Nonnull String str) {
        AlgorithmDescriptor algorithmDescriptor;
        AlgorithmRegistry globalAlgorithmRegistry = getGlobalAlgorithmRegistry();
        if (globalAlgorithmRegistry == null || (algorithmDescriptor = globalAlgorithmRegistry.get(str)) == null) {
            return null;
        }
        return algorithmDescriptor.getJCAAlgorithmID();
    }

    public static boolean isRSAOAEP(@Nonnull String str) {
        return "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(str) || "http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(str);
    }

    public static boolean isHMAC(@Nonnull String str) {
        AlgorithmDescriptor algorithmDescriptor;
        AlgorithmRegistry globalAlgorithmRegistry = getGlobalAlgorithmRegistry();
        if (globalAlgorithmRegistry == null || (algorithmDescriptor = globalAlgorithmRegistry.get(str)) == null) {
            return false;
        }
        return algorithmDescriptor.getType().equals(AlgorithmDescriptor.AlgorithmType.Mac);
    }

    @Nullable
    public static String getKeyAlgorithm(@Nonnull String str) {
        AlgorithmDescriptor algorithmDescriptor;
        AlgorithmRegistry globalAlgorithmRegistry = getGlobalAlgorithmRegistry();
        if (globalAlgorithmRegistry == null || (algorithmDescriptor = globalAlgorithmRegistry.get(str)) == null || !(algorithmDescriptor instanceof KeySpecifiedAlgorithm)) {
            return null;
        }
        return ((KeySpecifiedAlgorithm) algorithmDescriptor).getKey();
    }

    @Nullable
    public static Integer getKeyLength(@Nonnull String str) {
        AlgorithmDescriptor algorithmDescriptor;
        Logger logger = getLogger();
        AlgorithmRegistry globalAlgorithmRegistry = getGlobalAlgorithmRegistry();
        if (globalAlgorithmRegistry != null && (algorithmDescriptor = globalAlgorithmRegistry.get(str)) != null && (algorithmDescriptor instanceof KeyLengthSpecifiedAlgorithm)) {
            return ((KeyLengthSpecifiedAlgorithm) algorithmDescriptor).getKeyLength();
        }
        logger.info("Mapping from algorithm URI {} to key length not available", str);
        return null;
    }

    @Nonnull
    public static SecretKey generateSymmetricKey(@Nonnull String str) throws NoSuchAlgorithmException, KeyException {
        Integer keyLength;
        Logger logger = getLogger();
        String keyAlgorithm = getKeyAlgorithm(str);
        if (Strings.isNullOrEmpty(keyAlgorithm)) {
            logger.error("Mapping from algorithm URI '" + str + "' to key algorithm not available, key generation failed");
            throw new NoSuchAlgorithmException("Algorithm URI'" + str + "' is invalid for key generation");
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -2024697340:
                if (str.equals("http://www.w3.org/2001/04/xmlenc#kw-tripledes")) {
                    z = true;
                    break;
                }
                break;
            case 340266362:
                if (str.equals("http://www.w3.org/2001/04/xmlenc#tripledes-cbc")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
                keyLength = 168;
                break;
            default:
                keyLength = getKeyLength(str);
                break;
        }
        if (keyLength == null) {
            logger.error("Key length could not be determined from algorithm URI, can't generate key");
            throw new KeyException("Key length not determinable from algorithm URI, could not generate new key");
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance(keyAlgorithm);
        keyGenerator.init(keyLength.intValue());
        return keyGenerator.generateKey();
    }

    @Nonnull
    public static KeyPair generateKeyPair(@Nonnull String str, int i) throws NoSuchAlgorithmException, NoSuchProviderException {
        return KeySupport.generateKeyPair(getKeyAlgorithm(str), i, null);
    }

    @Nonnull
    public static Credential generateSymmetricKeyAndCredential(@Nonnull String str) throws NoSuchAlgorithmException, KeyException {
        return new BasicCredential(generateSymmetricKey(str));
    }

    @Nonnull
    public static Credential generateKeyPairAndCredential(@Nonnull String str, int i, boolean z) throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPair generateKeyPair = generateKeyPair(str, i);
        BasicCredential basicCredential = new BasicCredential(generateKeyPair.getPublic());
        if (z) {
            basicCredential.setPrivateKey(generateKeyPair.getPrivate());
        }
        return basicCredential;
    }

    public static boolean validateAlgorithmURI(@Nonnull String str, @Nullable Collection<String> collection, @Nullable Collection<String> collection2) {
        if (collection2 != null) {
            LOG.debug("Saw non-null algorithm blacklist: {}", collection2);
            if (collection2.contains(str)) {
                LOG.warn("Algorithm failed blacklist validation: {}", str);
                return false;
            }
            LOG.debug("Algorithm passed blacklist validation: {}", str);
        } else {
            LOG.debug("Saw null algorithm blacklist, nothing to evaluate");
        }
        if (collection == null) {
            LOG.debug("Saw null algorithm whitelist, nothing to evaluate");
            return true;
        }
        LOG.debug("Saw non-null algorithm whitelist: {}", collection);
        if (collection.isEmpty()) {
            LOG.debug("Non-null algorithm whitelist was empty, skipping evaluation");
            return true;
        }
        if (collection.contains(str)) {
            LOG.debug("Algorithm passed whitelist validation: {}", str);
            return true;
        }
        LOG.warn("Algorithm failed whitelist validation: {}", str);
        return false;
    }

    @Nonnull
    private static Logger getLogger() {
        return LoggerFactory.getLogger(AlgorithmSupport.class);
    }
}
