package org.bouncycastle.crypto.fips;

import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.SecureRandomSpi;
import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Logger;
import org.bouncycastle.crypto.Algorithm;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.fips.FipsSHS;
import org.bouncycastle.crypto.internal.ValidatedSymmetricKey;
import org.bouncycastle.crypto.internal.params.AEADParameters;
import org.bouncycastle.crypto.internal.params.KeyParameter;
import org.bouncycastle.crypto.internal.params.KeyParameterImpl;
import org.bouncycastle.crypto.internal.params.ParametersWithIV;
import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.bouncycastle.math.ec.ECCurve;
import org.bouncycastle.util.Pack;
import org.bouncycastle.util.Properties;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/bouncycastle/crypto/fips/Utils.class */
public class Utils {
    static final SecureRandom testRandom = new TestSecureRandom();

    /* loaded from: input_file:org/bouncycastle/crypto/fips/Utils$TestSecureRandom.class */
    private static class TestSecureRandom extends SecureRandom {

        /* loaded from: input_file:org/bouncycastle/crypto/fips/Utils$TestSecureRandom$RandomProvider.class */
        private static class RandomProvider extends Provider {
            RandomProvider() {
                super("BCFIPS_TEST_RNG", 1.0d, "BCFIPS Test Secure Random Provider");
            }
        }

        /* loaded from: input_file:org/bouncycastle/crypto/fips/Utils$TestSecureRandom$RandomSpi.class */
        private static class RandomSpi extends SecureRandomSpi {
            private final AtomicLong counter;

            private RandomSpi() {
                this.counter = new AtomicLong(System.currentTimeMillis());
            }

            @Override // java.security.SecureRandomSpi
            protected void engineSetSeed(byte[] bArr) {
            }

            @Override // java.security.SecureRandomSpi
            protected void engineNextBytes(byte[] bArr) {
                SHA256Digest sHA256Digest = new SHA256Digest();
                byte[] bArr2 = new byte[sHA256Digest.getDigestSize()];
                byte[] bArr3 = new byte[8];
                int i = 0;
                for (int length = bArr.length; length > 0; length -= bArr2.length) {
                    Pack.longToBigEndian(this.counter.getAndIncrement(), bArr3, 0);
                    sHA256Digest.update(bArr3, 0, bArr3.length);
                    sHA256Digest.doFinal(bArr2, 0);
                    if (length > bArr2.length) {
                        System.arraycopy(bArr2, 0, bArr, i, bArr2.length);
                    } else {
                        System.arraycopy(bArr2, 0, bArr, i, length);
                    }
                    i += bArr2.length;
                }
            }

            @Override // java.security.SecureRandomSpi
            protected byte[] engineGenerateSeed(int i) {
                byte[] bArr = new byte[i];
                engineNextBytes(bArr);
                return bArr;
            }
        }

        public TestSecureRandom() {
            super(new RandomSpi(), new RandomProvider());
        }
    }

    Utils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateRandom(SecureRandom secureRandom, String str) {
        if (!(secureRandom instanceof FipsSecureRandom) && !(secureRandom.getProvider() instanceof BouncyCastleFipsProvider)) {
            throw new FipsUnapprovedOperationError(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateRandom(SecureRandom secureRandom, FipsAlgorithm fipsAlgorithm, String str) {
        if (!(secureRandom instanceof FipsSecureRandom) && !(secureRandom.getProvider() instanceof BouncyCastleFipsProvider)) {
            throw new FipsUnapprovedOperationError(str, fipsAlgorithm);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateRandom(SecureRandom secureRandom, int i, FipsAlgorithm fipsAlgorithm, String str) {
        if (secureRandom instanceof FipsSecureRandom) {
            if (((FipsSecureRandom) secureRandom).getSecurityStrength() < i) {
                throw new FipsUnapprovedOperationError("FIPS SecureRandom security strength not as high as required for operation", fipsAlgorithm);
            }
        } else {
            if (!(secureRandom.getProvider() instanceof BouncyCastleFipsProvider)) {
                throw new FipsUnapprovedOperationError(str, fipsAlgorithm);
            }
            if (((BouncyCastleFipsProvider) secureRandom.getProvider()).getDefaultRandomSecurityStrength() < i) {
                throw new FipsUnapprovedOperationError("FIPS SecureRandom security strength not as high as required for operation", fipsAlgorithm);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateKeyGenRandom(SecureRandom secureRandom, int i, FipsAlgorithm fipsAlgorithm) {
        validateRandom(secureRandom, i, fipsAlgorithm, "Attempt to create key with unapproved RNG");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateKeyPairGenRandom(SecureRandom secureRandom, int i, FipsAlgorithm fipsAlgorithm) {
        validateRandom(secureRandom, i, fipsAlgorithm, "Attempt to create key pair with unapproved RNG");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkPermission(final Permission permission) {
        final SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.bouncycastle.crypto.fips.Utils.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    securityManager.checkPermission(permission);
                    return null;
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void approvedModeCheck(boolean z, FipsAlgorithm fipsAlgorithm) {
        if (z != CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            if (!z) {
                throw new FipsUnapprovedOperationError("Attempt to use unapproved implementation in approved thread", fipsAlgorithm);
            }
            throw new FipsUnapprovedOperationError("Attempt to use approved implementation in unapproved thread", fipsAlgorithm);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int getDefaultMacSize(Algorithm algorithm, int i) {
        return (algorithm.getName().endsWith("GMAC") || algorithm.getName().endsWith("CMAC") || algorithm.getName().endsWith("GCM")) ? i : i / 2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyParameter getKeyParameter(ValidatedSymmetricKey validatedSymmetricKey) {
        return new KeyParameterImpl(validatedSymmetricKey.getKeyBytes());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ParametersWithIV getParametersWithIV(ValidatedSymmetricKey validatedSymmetricKey, byte[] bArr) {
        return new ParametersWithIV(new KeyParameterImpl(validatedSymmetricKey.getKeyBytes()), bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AEADParameters getAEADParameters(ValidatedSymmetricKey validatedSymmetricKey, byte[] bArr, int i) {
        return new AEADParameters(new KeyParameterImpl(validatedSymmetricKey.getKeyBytes()), i, bArr);
    }

    public static int getAsymmetricSecurityStrength(int i) {
        if (i >= 15360) {
            return 256;
        }
        if (i >= 7680) {
            return 192;
        }
        if (i >= 3072) {
            return 128;
        }
        if (i >= 2048) {
            return 112;
        }
        if (i >= 1024) {
            return 80;
        }
        throw new FipsUnapprovedOperationError("Requested security strength unknown");
    }

    public static int getECCurveSecurityStrength(ECCurve eCCurve) {
        int fieldSize = eCCurve.getFieldSize();
        if (fieldSize >= 512) {
            return 256;
        }
        if (fieldSize >= 384) {
            return 192;
        }
        if (fieldSize >= 256) {
            return 128;
        }
        if (fieldSize >= 224) {
            return 112;
        }
        if (fieldSize >= 160) {
            return 80;
        }
        throw new FipsUnapprovedOperationError("Requested security strength unknown");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkDigestAlgorithm(Logger logger, Algorithm algorithm, String str) {
        if (CryptoServicesRegistrar.isInApprovedOnlyMode() && FipsSHS.Algorithm.SHA1.equals(algorithm)) {
            if (!Properties.isOverrideSet(str)) {
                throw new FipsUnapprovedOperationError("SHA-1 is not approved for signature generation");
            }
            logger.warning("[" + logger.getName() + "] SHA-1 signature creation detected: no longer an approved operation but override set");
        }
    }
}
