package org.jenkinsci.plugins.oic;

import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.impl.AESCryptoProvider;
import com.nimbusds.jose.crypto.impl.ContentCryptoProvider;
import com.nimbusds.jose.crypto.impl.ECDHCryptoProvider;
import com.nimbusds.jose.crypto.impl.PasswordBasedCryptoProvider;
import com.nimbusds.jose.crypto.impl.RSACryptoProvider;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.function.Function;
import jenkins.security.FIPS140;

/* loaded from: input_file:org/jenkinsci/plugins/oic/OicAlgorithmValidator.class */
public class OicAlgorithmValidator {
    private static final boolean isFIPSMode = FIPS140.useCompliantAlgorithms();

    public static boolean isJwsAlgorithmFipsNonCompliant(String str) {
        boolean z = false;
        if (isFIPSMode && str != null) {
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            linkedHashSet.addAll(MACSigner.SUPPORTED_ALGORITHMS);
            linkedHashSet.addAll(RSASSASigner.SUPPORTED_ALGORITHMS);
            linkedHashSet.addAll(ECDSASigner.SUPPORTED_ALGORITHMS);
            if (!linkedHashSet.isEmpty()) {
                z = linkedHashSet.stream().map((v0) -> {
                    return v0.getName();
                }).noneMatch(str2 -> {
                    return str2.equals(str);
                });
            }
        }
        return z;
    }

    public static boolean isJweAlgorithmFipsNonCompliant(String str) {
        boolean z = false;
        if (isFIPSMode && str != null) {
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            linkedHashSet.addAll(AESCryptoProvider.SUPPORTED_ALGORITHMS);
            linkedHashSet.addAll(RSACryptoProvider.SUPPORTED_ALGORITHMS);
            linkedHashSet.remove(JWEAlgorithm.RSA1_5);
            linkedHashSet.addAll(ECDHCryptoProvider.SUPPORTED_ALGORITHMS);
            linkedHashSet.addAll(PasswordBasedCryptoProvider.SUPPORTED_ALGORITHMS);
            if (!linkedHashSet.isEmpty()) {
                z = linkedHashSet.stream().map((v0) -> {
                    return v0.getName();
                }).noneMatch(str2 -> {
                    return str2.equals(str);
                });
            }
        }
        return z;
    }

    public static void filterFipsNonCompliantJweAlgorithm(List<JWEAlgorithm> list) {
        filterFipsNonCompliantAlgorithms(list, OicAlgorithmValidator::isJweAlgorithmFipsNonCompliant);
    }

    public static boolean isJwsAlgoFipsNonCompliant(List<JWSAlgorithm> list) {
        if (!isFIPSMode || list == null || list.isEmpty()) {
            return false;
        }
        Iterator<JWSAlgorithm> it = list.iterator();
        while (it.hasNext()) {
            if (isJwsAlgorithmFipsNonCompliant(it.next().getName())) {
                return true;
            }
        }
        return false;
    }

    public static void filterFipsNonCompliantJwsAlgorithm(List<JWSAlgorithm> list) {
        filterFipsNonCompliantAlgorithms(list, OicAlgorithmValidator::isJwsAlgorithmFipsNonCompliant);
    }

    public static boolean isEncryptionMethodFipsNonCompliant(String str) {
        boolean z = false;
        if (isFIPSMode && str != null) {
            LinkedHashSet linkedHashSet = new LinkedHashSet(ContentCryptoProvider.SUPPORTED_ENCRYPTION_METHODS);
            if (!linkedHashSet.isEmpty()) {
                z = linkedHashSet.stream().map((v0) -> {
                    return v0.getName();
                }).noneMatch(str2 -> {
                    return str2.equals(str);
                });
            }
        }
        return z;
    }

    public static void filterFipsNonCompliantEncryptionMethod(List<EncryptionMethod> list) {
        filterFipsNonCompliantAlgorithms(list, OicAlgorithmValidator::isEncryptionMethodFipsNonCompliant);
    }

    public static <T extends Algorithm> void filterFipsNonCompliantAlgorithms(List<T> list, Function<String, Boolean> function) {
        if (!isFIPSMode || list == null || list.isEmpty()) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (T t : list) {
            if (function.apply(t.getName()).booleanValue()) {
                arrayList.add(t);
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        list.removeAll(arrayList);
    }
}
