package org.opensaml.xmlsec.algorithm;

import com.google.common.base.MoreObjects;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotLive;
import net.shibboleth.utilities.java.support.annotation.constraint.Unmodifiable;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.xmlsec.algorithm.AlgorithmDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/opensaml-xmlsec-api-4.2.0.jar:org/opensaml/xmlsec/algorithm/AlgorithmRegistry.class */
public class AlgorithmRegistry {
    private Logger log = LoggerFactory.getLogger((Class<?>) AlgorithmRegistry.class);
    private Map<String, AlgorithmDescriptor> descriptors = new HashMap();
    private Map<AlgorithmDescriptor.AlgorithmType, Set<String>> types = new HashMap();
    private Set<String> runtimeSupported = new HashSet();
    private Map<String, DigestAlgorithm> digestAlgorithms = new HashMap();
    private Map<SignatureAlgorithmIndex, SignatureAlgorithm> signatureAlgorithms = new HashMap();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:BOOT-INF/lib/opensaml-xmlsec-api-4.2.0.jar:org/opensaml/xmlsec/algorithm/AlgorithmRegistry$SignatureAlgorithmIndex.class */
    public class SignatureAlgorithmIndex {
        private String key;
        private String digest;

        public SignatureAlgorithmIndex(@Nonnull String str, @Nonnull String str2) {
            this.key = StringSupport.trim(str);
            this.digest = StringSupport.trim(str2);
        }

        public int hashCode() {
            return (37 * ((37 * 17) + this.key.hashCode())) + this.digest.hashCode();
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof SignatureAlgorithmIndex)) {
                return false;
            }
            SignatureAlgorithmIndex signatureAlgorithmIndex = (SignatureAlgorithmIndex) obj;
            return Objects.equals(this.key, signatureAlgorithmIndex.key) && Objects.equals(this.digest, signatureAlgorithmIndex.digest);
        }

        public String toString() {
            return MoreObjects.toStringHelper(this).add("Key", this.key).add("Digest", this.digest).toString();
        }
    }

    @Nullable
    public AlgorithmDescriptor get(@Nullable String str) {
        String trimOrNull = StringSupport.trimOrNull(str);
        if (trimOrNull == null) {
            return null;
        }
        return this.descriptors.get(trimOrNull);
    }

    public boolean isRuntimeSupported(@Nullable String str) {
        String trimOrNull = StringSupport.trimOrNull(str);
        if (trimOrNull == null) {
            this.log.debug("Runtime support failed, algorithm URI was null or empty");
            return false;
        }
        boolean contains = this.runtimeSupported.contains(trimOrNull);
        this.log.debug("Runtime support eval for algorithm URI '{}': {}", trimOrNull, contains ? "supported" : "unsupported");
        return contains;
    }

    public void clear() {
        this.descriptors.clear();
        this.runtimeSupported.clear();
        this.digestAlgorithms.clear();
        this.signatureAlgorithms.clear();
    }

    public void register(@Nonnull AlgorithmDescriptor algorithmDescriptor) {
        Constraint.isNotNull(algorithmDescriptor, "AlgorithmDescriptor was null");
        this.log.debug("Registering algorithm descriptor with URI: {}", algorithmDescriptor.getURI());
        AlgorithmDescriptor algorithmDescriptor2 = this.descriptors.get(algorithmDescriptor.getURI());
        if (algorithmDescriptor2 != null) {
            this.log.debug("Registry contained existing descriptor with URI, removing old instance and re-registering: {}", algorithmDescriptor.getURI());
            deindex(algorithmDescriptor2);
            deregister(algorithmDescriptor2);
        }
        this.descriptors.put(algorithmDescriptor.getURI(), algorithmDescriptor);
        index(algorithmDescriptor);
    }

    public void deregister(@Nonnull AlgorithmDescriptor algorithmDescriptor) {
        Constraint.isNotNull(algorithmDescriptor, "AlgorithmDescriptor was null");
        if (!this.descriptors.containsKey(algorithmDescriptor.getURI())) {
            this.log.debug("Registry did not contain descriptor with URI, nothing to do: {}", algorithmDescriptor.getURI());
        } else {
            deindex(algorithmDescriptor);
            this.descriptors.remove(algorithmDescriptor.getURI());
        }
    }

    public void deregister(@Nonnull String str) {
        Constraint.isNotNull(str, "AlgorithmDescriptor URI was null");
        AlgorithmDescriptor algorithmDescriptor = get(str);
        if (algorithmDescriptor != null) {
            deregister(algorithmDescriptor);
        }
    }

    @Nullable
    public DigestAlgorithm getDigestAlgorithm(@Nonnull String str) {
        Constraint.isNotNull(str, "Digest method was null");
        return this.digestAlgorithms.get(str);
    }

    @Nullable
    public SignatureAlgorithm getSignatureAlgorithm(@Nonnull String str, @Nonnull String str2) {
        Constraint.isNotNull(str, "Key type was null");
        Constraint.isNotNull(str2, "Digest type was null");
        return this.signatureAlgorithms.get(new SignatureAlgorithmIndex(str, str2));
    }

    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public Set<String> getRegisteredURIsByType(@Nonnull AlgorithmDescriptor.AlgorithmType algorithmType) {
        Constraint.isNotNull(algorithmType, "AlgorithmType was null");
        Set<String> set = this.types.get(algorithmType);
        return set != null ? Set.copyOf(set) : Collections.emptySet();
    }

    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public Set<AlgorithmDescriptor> getRegisteredByType(@Nonnull AlgorithmDescriptor.AlgorithmType algorithmType) {
        return (Set) getRegisteredURIsByType(algorithmType).stream().map(this::get).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toUnmodifiableSet());
    }

    private void index(AlgorithmDescriptor algorithmDescriptor) {
        Set<String> set = this.types.get(algorithmDescriptor.getType());
        if (set == null) {
            set = new HashSet();
            this.types.put(algorithmDescriptor.getType(), set);
        }
        set.add(algorithmDescriptor.getURI());
        if (checkRuntimeSupports(algorithmDescriptor)) {
            this.runtimeSupported.add(algorithmDescriptor.getURI());
        } else {
            this.log.info("Algorithm failed runtime support check, will not be usable: {}", algorithmDescriptor.getURI());
            this.runtimeSupported.remove(algorithmDescriptor.getURI());
        }
        if (algorithmDescriptor instanceof DigestAlgorithm) {
            DigestAlgorithm digestAlgorithm = (DigestAlgorithm) algorithmDescriptor;
            this.digestAlgorithms.put(digestAlgorithm.getJCAAlgorithmID(), digestAlgorithm);
        }
        if (algorithmDescriptor instanceof SignatureAlgorithm) {
            SignatureAlgorithm signatureAlgorithm = (SignatureAlgorithm) algorithmDescriptor;
            this.signatureAlgorithms.put(new SignatureAlgorithmIndex(signatureAlgorithm.getKey(), signatureAlgorithm.getDigest()), signatureAlgorithm);
        }
    }

    private void deindex(AlgorithmDescriptor algorithmDescriptor) {
        Set<String> set = this.types.get(algorithmDescriptor.getType());
        if (set != null) {
            set.remove(algorithmDescriptor.getURI());
        }
        this.runtimeSupported.remove(algorithmDescriptor.getURI());
        if (algorithmDescriptor instanceof DigestAlgorithm) {
            this.digestAlgorithms.remove(((DigestAlgorithm) algorithmDescriptor).getJCAAlgorithmID());
        }
        if (algorithmDescriptor instanceof SignatureAlgorithm) {
            SignatureAlgorithm signatureAlgorithm = (SignatureAlgorithm) algorithmDescriptor;
            this.signatureAlgorithms.remove(new SignatureAlgorithmIndex(signatureAlgorithm.getKey(), signatureAlgorithm.getDigest()));
        }
    }

    private boolean checkRuntimeSupports(AlgorithmDescriptor algorithmDescriptor) {
        try {
            try {
                switch (algorithmDescriptor.getType()) {
                    case BlockEncryption:
                    case KeyTransport:
                    case SymmetricKeyWrap:
                        Cipher.getInstance(algorithmDescriptor.getJCAAlgorithmID());
                        return checkCipherSupportedKeyLength(algorithmDescriptor);
                    case Signature:
                        Signature.getInstance(algorithmDescriptor.getJCAAlgorithmID());
                        return true;
                    case Mac:
                        Mac.getInstance(algorithmDescriptor.getJCAAlgorithmID());
                        return true;
                    case MessageDigest:
                        MessageDigest.getInstance(algorithmDescriptor.getJCAAlgorithmID());
                        return true;
                    case KeyAgreement:
                        KeyAgreement.getInstance(algorithmDescriptor.getJCAAlgorithmID());
                        return true;
                    default:
                        this.log.info("Saw unknown AlgorithmDescriptor type, failing runtime support check: {}", algorithmDescriptor.getClass().getName());
                        return false;
                }
            } catch (Throwable th) {
                this.log.error("Fatal error evaluating algorithm runtime support", th);
                return false;
            }
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            if (checkSpecialCasesRuntimeSupport(algorithmDescriptor)) {
                return true;
            }
            this.log.debug(String.format("AlgorithmDescriptor failed runtime support check: %s", algorithmDescriptor.getURI()), e);
            return false;
        }
    }

    private boolean checkCipherSupportedKeyLength(AlgorithmDescriptor algorithmDescriptor) throws NoSuchAlgorithmException {
        int intValue;
        int maxAllowedKeyLength;
        if (!(algorithmDescriptor instanceof KeyLengthSpecifiedAlgorithm) || (intValue = ((KeyLengthSpecifiedAlgorithm) algorithmDescriptor).getKeyLength().intValue()) <= (maxAllowedKeyLength = Cipher.getMaxAllowedKeyLength(algorithmDescriptor.getJCAAlgorithmID()))) {
            return true;
        }
        this.log.info("Cipher algorithm '{}' is not supported, its key length {} exceeds Cipher max key length {}", algorithmDescriptor.getURI(), Integer.valueOf(intValue), Integer.valueOf(maxAllowedKeyLength));
        return false;
    }

    private boolean checkSpecialCasesRuntimeSupport(AlgorithmDescriptor algorithmDescriptor) {
        this.log.trace("Checking runtime support failure for special cases: {}", algorithmDescriptor.getURI());
        try {
            if ("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(algorithmDescriptor.getURI())) {
                Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
                this.log.trace("RSA OAEP algorithm passed as special case with OAEPWithSHA1AndMGF1Padding");
                return true;
            }
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            this.log.trace("Special case eval for algorithm failed with exception", e);
        }
        this.log.trace("Algorithm was not supported by any special cases: {}", algorithmDescriptor.getURI());
        return false;
    }
}
