package org.cesecore.util;

import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import javax.crypto.Cipher;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.math.ec.ECCurve;
import org.bouncycastle.util.encoders.Hex;
import org.cesecore.certificates.util.DnComponents;
import org.cesecore.config.CesecoreConfiguration;
import org.ejbca.cvc.CVCProvider;

/* loaded from: input_file:org/cesecore/util/CryptoProviderTools.class */
public final class CryptoProviderTools {
    private static final Logger log = Logger.getLogger(CryptoProviderTools.class);
    private static final String IMPLICITLYCA_Q = CesecoreConfiguration.getEcdsaImplicitlyCaQ();
    private static final String IMPLICITLYCA_A = CesecoreConfiguration.getEcdsaImplicitlyCaA();
    private static final String IMPLICITLYCA_B = CesecoreConfiguration.getEcdsaImplicitlyCaB();
    private static final String IMPLICITLYCA_G = CesecoreConfiguration.getEcdsaImplicitlyCaG();
    private static final String IMPLICITLYCA_N = CesecoreConfiguration.getEcdsaImplicitlyCaN();
    public static String SYSTEM_SECURITY_PROVIDER = "SUN";

    private CryptoProviderTools() {
    }

    public static boolean isUsingExportableCryptography() {
        boolean z = true;
        try {
            int maxAllowedKeyLength = Cipher.getMaxAllowedKeyLength("DES");
            if (log.isDebugEnabled()) {
                log.debug("MaxAllowedKeyLength for DES is: " + maxAllowedKeyLength);
            }
            if (maxAllowedKeyLength == Integer.MAX_VALUE) {
                z = false;
            }
        } catch (NoSuchAlgorithmException e) {
        }
        return z;
    }

    public static synchronized void installBCProviderIfNotAvailable() {
        if (Security.getProvider("BC") == null) {
            installBCProvider();
        }
    }

    public static synchronized void removeBCProvider() {
        Security.removeProvider("BC");
        Security.removeProvider("CVC");
    }

    public static synchronized void installBCProvider() {
        boolean z = false;
        if (Security.addProvider(new BouncyCastleProvider()) >= 0) {
            z = true;
        } else if (CesecoreConfiguration.isDevelopmentProviderInstallation()) {
            removeBCProvider();
            if (Security.addProvider(new BouncyCastleProvider()) < 0) {
                log.error("Cannot even install BC provider again!");
            } else {
                z = true;
            }
        }
        try {
            Security.addProvider(new CVCProvider());
        } catch (Exception e) {
            log.info("CVC provider can not be installed, CVC certificate will not work: ", e);
        }
        if (z) {
            ECCurve.Fp fp = new ECCurve.Fp(new BigInteger(IMPLICITLYCA_Q), new BigInteger(IMPLICITLYCA_A, 16), new BigInteger(IMPLICITLYCA_B, 16));
            ECParameterSpec eCParameterSpec = new ECParameterSpec(fp, fp.decodePoint(Hex.decode(IMPLICITLYCA_G)), new BigInteger(IMPLICITLYCA_N));
            ConfigurableProvider provider = Security.getProvider("BC");
            if (provider != null) {
                provider.setParameter("ecImplicitlyCa", eCParameterSpec);
            } else {
                log.error("Can not get ConfigurableProvider, implicitlyCA EC parameters NOT set!");
            }
        }
        X509Name.DefaultSymbols.put(X509Name.SN, DnComponents.SN);
        if (Security.getProvider(SYSTEM_SECURITY_PROVIDER) == null) {
            log.debug("SUN security provider does not exist, using BC as system default provider.");
            SYSTEM_SECURITY_PROVIDER = "BC";
        }
    }
}
