package com.amazon.corretto.crypto.provider;

import com.amazon.corretto.crypto.provider.AesCtrDrbg;
import com.amazon.corretto.crypto.provider.SelfTestSuite;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ForkJoinPool;
import java.util.function.Supplier;
import java.util.logging.Logger;
import org.jfrog.build.api.util.FileChecksumCalculator;

/* loaded from: input_file:WEB-INF/lib/AmazonCorrettoCryptoProvider-1.6.1.jar:com/amazon/corretto/crypto/provider/AmazonCorrettoCryptoProvider.class */
public final class AmazonCorrettoCryptoProvider extends Provider {
    private static final MethodHandles.Lookup LOOKUP = MethodHandles.lookup();
    private static final String PACKAGE_PREFIX = "com.amazon.corretto.crypto.provider.";
    private static final long serialVersionUID = 1;
    public static final AmazonCorrettoCryptoProvider INSTANCE;
    public static final String PROVIDER_NAME = "AmazonCorrettoCryptoProvider";
    private static final boolean rdRandSupported_;
    private final EnumSet<ExtraCheck> extraChecks;
    private transient SelfTestSuite selfTestSuite;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/AmazonCorrettoCryptoProvider-1.6.1.jar:com/amazon/corretto/crypto/provider/AmazonCorrettoCryptoProvider$ACCPService.class */
    public class ACCPService extends Provider.Service {
        private final MethodHandle ctor;
        private final MethodHandle algorithmSetter;
        private boolean failMessagePrinted;
        private volatile boolean testsPassed;
        private Supplier<SelfTestStatus> getTestStatus;

        public ACCPService(String str, String str2, String str3, List<String> list, Map<String, String> map) {
            super(AmazonCorrettoCryptoProvider.this, str, str2, AmazonCorrettoCryptoProvider.PACKAGE_PREFIX + str3, list, map);
            MethodHandle bindTo;
            this.failMessagePrinted = false;
            this.testsPassed = false;
            SelfTestSuite selfTestSuite = AmazonCorrettoCryptoProvider.this.selfTestSuite;
            Objects.requireNonNull(selfTestSuite);
            this.getTestStatus = selfTestSuite::runTests;
            try {
                Class<?> loadClass = AmazonCorrettoCryptoProvider.class.getClassLoader().loadClass(AmazonCorrettoCryptoProvider.PACKAGE_PREFIX + str3);
                try {
                    bindTo = AmazonCorrettoCryptoProvider.LOOKUP.findConstructor(loadClass, MethodType.methodType(Void.TYPE)).asType(MethodType.methodType(Object.class));
                } catch (NoSuchMethodException e) {
                    bindTo = AmazonCorrettoCryptoProvider.LOOKUP.findConstructor(loadClass, MethodType.methodType((Class<?>) Void.TYPE, (Class<?>) AmazonCorrettoCryptoProvider.class)).asType(MethodType.methodType((Class<?>) Object.class, (Class<?>) AmazonCorrettoCryptoProvider.class)).bindTo(AmazonCorrettoCryptoProvider.this);
                }
                this.ctor = bindTo;
                MethodHandle methodHandle = null;
                try {
                    methodHandle = AmazonCorrettoCryptoProvider.LOOKUP.findVirtual(loadClass, "setAlgorithmName", MethodType.methodType((Class<?>) Void.TYPE, (Class<?>) String.class));
                } catch (NoSuchMethodException e2) {
                    if (str.equals("Signature")) {
                        throw e2;
                    }
                }
                this.algorithmSetter = methodHandle;
            } catch (Exception e3) {
                throw new RuntimeException(e3);
            }
        }

        @Override // java.security.Provider.Service
        public Object newInstance(Object obj) throws NoSuchAlgorithmException {
            if (obj != null) {
                throw new NoSuchAlgorithmException("Constructor parameters not used with " + getType() + "/" + getAlgorithm());
            }
            if (!this.testsPassed) {
                checkTests();
            }
            try {
                Object invokeExact = (Object) this.ctor.invokeExact();
                if (this.algorithmSetter != null) {
                    (void) this.algorithmSetter.invoke(invokeExact, getAlgorithm());
                }
                return invokeExact;
            } catch (Error | RuntimeException e) {
                throw e;
            } catch (Throwable th) {
                throw new NoSuchAlgorithmException("Unexpected error constructing algorithm", th);
            }
        }

        private void checkTests() throws NoSuchAlgorithmException {
            if (inJarValidation() && !getType().equals("SecureRandom")) {
                throw new NoSuchAlgorithmException("Can't use AACP before JAR validation completes");
            }
            switch (this.getTestStatus.get()) {
                case RECURSIVELY_INVOKED:
                    throw new NoSuchAlgorithmException("Algorithm unavailable until self tests complete");
                case FAILED:
                    synchronized (this) {
                        if (!this.failMessagePrinted) {
                            Logger.getLogger(AmazonCorrettoCryptoProvider.PROVIDER_NAME).severe("Self tests failed - disabling. Detailed results: " + AmazonCorrettoCryptoProvider.this.selfTestSuite.getAllTestResults().toString());
                            this.failMessagePrinted = true;
                        }
                    }
                    throw new NoSuchAlgorithmException("Self-tests failed");
                case NOT_RUN:
                    throw new NoSuchAlgorithmException("Internal error: self tests not run");
                case PASSED:
                    this.testsPassed = true;
                    return;
                default:
                    return;
            }
        }

        private boolean inJarValidation() {
            for (StackTraceElement stackTraceElement : Thread.currentThread().getStackTrace()) {
                if (stackTraceElement.getClassName().equals("javax.crypto.JarVerifier")) {
                    return true;
                }
            }
            return false;
        }

        public void setSelfTest(SelfTestSuite.SelfTest selfTest) {
            this.getTestStatus = () -> {
                return selfTest.runTest().getStatus();
            };
        }
    }

    private static native boolean nativeRdRandSupported();

    private void buildServiceMap() {
        addService("MessageDigest", "SHA-512", "SHA512Spi");
        addService("MessageDigest", "SHA-384", "SHA384Spi");
        addService("MessageDigest", "SHA-256", "SHA256Spi");
        addService("MessageDigest", "SHA-1", "SHA1Spi");
        addService("MessageDigest", "MD5", "MD5Spi");
        addService("Cipher", "AES/GCM/NoPadding", "AesGcmSpi");
        addService("Cipher", "AES_128/GCM/NoPadding", "AesGcmSpi");
        addService("Cipher", "AES_256/GCM/NoPadding", "AesGcmSpi");
        addService("KeyPairGenerator", "RSA", "RsaGen");
        addService("KeyPairGenerator", "EC", "EcGen");
        addService("Cipher", "RSA/ECB/NoPadding", "RsaCipher$NoPadding");
        addService("Cipher", "RSA/ECB/Pkcs1Padding", "RsaCipher$Pkcs1");
        addService("Cipher", "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", "RsaCipher$OAEPSha1");
        for (String str : new String[]{"MD5", FileChecksumCalculator.SHA1_ALGORITHM, "SHA256", "SHA384", "SHA512"}) {
            addService("Mac", "Hmac" + str, "Hmac" + str + "Spi");
        }
        addService("KeyAgreement", "ECDH", "EvpKeyAgreement$ECDH", Collections.singletonMap("SupportedKeyClasses", "java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey"), new String[0]);
        addService("KeyAgreement", "DH", "EvpKeyAgreement$DH", Collections.emptyMap(), "DIFFIEHELLMAN");
        if (isRdRandSupported()) {
            addService("SecureRandom", "NIST800-90A/AES-CTR-256", "AesCtrDrbg$SPI", Collections.singletonMap("ThreadSafe", "true"), new String[0]).setSelfTest(AesCtrDrbg.SPI.SELF_TEST);
        }
        addSignatures();
    }

    private void addSignatures() {
        List<String> asList = Arrays.asList("DSA", "RSA", "ECDSA");
        List asList2 = Arrays.asList(FileChecksumCalculator.SHA1_ALGORITHM, "SHA224", "SHA256", "SHA384", "SHA512");
        for (String str : asList) {
            Iterator it = asList2.iterator();
            while (it.hasNext()) {
                String format = String.format("%swith%s", (String) it.next(), str);
                String format2 = String.format("EvpSignature$%s", format);
                addService("Signature", format, format2);
                if (str.equals("ECDSA")) {
                    addService("Signature", format + "inP1363Format", format2);
                }
            }
        }
        addService("Signature", "NONEwithECDSA", "EvpSignatureRaw$NONEwithECDSA");
        addService("Signature", "NONEwithDSA", "EvpSignatureRaw$NONEwithDSA");
    }

    private ACCPService addService(String str, String str2, String str3) {
        return addService(str, str2, str3, null, new String[0]);
    }

    private ACCPService addService(String str, String str2, String str3, Map<String, String> map, String... strArr) {
        ACCPService aCCPService = new ACCPService(str, str2, str3, Arrays.asList(strArr), map);
        putService(aCCPService);
        return aCCPService;
    }

    private void resetAllSelfTests() {
        this.selfTestSuite.resetAllSelfTests();
    }

    public AmazonCorrettoCryptoProvider() {
        super(PROVIDER_NAME, Loader.PROVIDER_VERSION, "");
        this.extraChecks = EnumSet.noneOf(ExtraCheck.class);
        this.selfTestSuite = new SelfTestSuite();
        String[] split = Loader.getProperty("extrachecks", "").split(",");
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String str = split[i];
            if (str.equalsIgnoreCase("all")) {
                this.extraChecks.addAll(EnumSet.allOf(ExtraCheck.class));
                break;
            }
            try {
                ExtraCheck valueOf = ExtraCheck.valueOf(str.toUpperCase());
                if (valueOf != null) {
                    this.extraChecks.add(valueOf);
                }
            } catch (Exception e) {
            }
            i++;
        }
        if (!Loader.IS_AVAILABLE) {
            Logger.getLogger(PROVIDER_NAME).fine("Native JCE libraries are unavailable - disabling");
        } else {
            buildServiceMap();
            initializeSelfTests();
        }
    }

    private synchronized void initializeSelfTests() {
        if (this.selfTestSuite == null) {
            this.selfTestSuite = new SelfTestSuite();
        }
        this.selfTestSuite.addSelfTest(HmacSHA512Spi.SELF_TEST);
        this.selfTestSuite.addSelfTest(HmacSHA384Spi.SELF_TEST);
        this.selfTestSuite.addSelfTest(HmacSHA256Spi.SELF_TEST);
        this.selfTestSuite.addSelfTest(HmacSHA1Spi.SELF_TEST);
        this.selfTestSuite.addSelfTest(HmacMD5Spi.SELF_TEST);
        if (isRdRandSupported()) {
            this.selfTestSuite.addSelfTest(AesCtrDrbg.SPI.SELF_TEST);
        }
        ForkJoinPool commonPool = ForkJoinPool.commonPool();
        SelfTestSuite selfTestSuite = this.selfTestSuite;
        Objects.requireNonNull(selfTestSuite);
        commonPool.submit(selfTestSuite::runTests);
    }

    public String getVersionStr() {
        return Loader.PROVIDER_VERSION_STR;
    }

    public static void install() {
        Security.insertProviderAt(INSTANCE, 1);
    }

    public static boolean isRdRandSupported() {
        return rdRandSupported_;
    }

    public SelfTestStatus getSelfTestStatus() {
        return this.selfTestSuite.getOverallStatus();
    }

    public SelfTestStatus runSelfTests() {
        return this.selfTestSuite.runTests();
    }

    public Throwable getLoadingError() {
        return Loader.LOADING_ERROR;
    }

    public void assertHealthy() throws RuntimeCryptoException {
        if (Loader.LOADING_ERROR != null) {
            throw new RuntimeCryptoException("Unable to load native library", Loader.LOADING_ERROR);
        }
        this.selfTestSuite.assertAllTestsPassed();
    }

    @Override // java.util.Hashtable, java.util.Map
    public synchronized boolean equals(Object obj) {
        return this == obj;
    }

    @Override // java.util.Hashtable, java.util.Map
    public synchronized int hashCode() {
        return System.identityHashCode(this);
    }

    public Set<ExtraCheck> getExtraChecks() {
        return Collections.unmodifiableSet(this.extraChecks);
    }

    public boolean hasExtraCheck(ExtraCheck extraCheck) {
        return this.extraChecks.contains(extraCheck);
    }

    public void addExtraChecks(ExtraCheck... extraCheckArr) {
        this.extraChecks.addAll(Arrays.asList(extraCheckArr));
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        readObjectNoData();
    }

    private void readObjectNoData() {
        initializeSelfTests();
    }

    static {
        if (Loader.IS_AVAILABLE) {
            rdRandSupported_ = nativeRdRandSupported();
        } else {
            Logger.getLogger(PROVIDER_NAME).fine("Native JCE libraries are unavailable - disabling");
            rdRandSupported_ = false;
        }
        INSTANCE = new AmazonCorrettoCryptoProvider();
    }
}
