package com.adobe.livecycle.signatures.common;

import com.adobe.livecycle.signatures.pki.impl.PKIOperations;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.DSAParameterSpec;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/adobe/livecycle/signatures/common/FIPSCompliance.class */
public final class FIPSCompliance {
    private FIPSCompliance() {
    }

    public static boolean isDigestAlgoCompliant(String str) {
        return "SHA1".equalsIgnoreCase(str) || "SHA256".equalsIgnoreCase(str) || "SHA384".equalsIgnoreCase(str) || "SHA512".equalsIgnoreCase(str);
    }

    public static boolean isEncryptAlgoCompliant(String str, Key key) {
        return isEncryptAlgoCompliant(str, key, null);
    }

    public static boolean isEncryptAlgoCompliant(String str, Key key, AlgorithmParameters algorithmParameters) {
        if (str == null || key == null) {
            return false;
        }
        int keyLength = getKeyLength(key, algorithmParameters);
        return str.equalsIgnoreCase("RSA") ? keyLength >= 1024 && keyLength <= 4096 && keyLength % 512 == 0 : str.equalsIgnoreCase("DSA") && keyLength >= 512 && keyLength <= 1024 && keyLength % 64 == 0;
    }

    public static int getKeyLength(Key key) {
        return getKeyLength(key, null);
    }

    public static int getKeyLength(Key key, AlgorithmParameters algorithmParameters) {
        DSAParameterSpec dSAParameterSpec;
        String algorithm = key.getAlgorithm();
        try {
            BigInteger bigInteger = null;
            KeyFactory keyFactory = KeyFactory.getInstance(algorithm, PKIOperations.getFIPSProvider());
            if (key instanceof PrivateKey) {
                if (algorithm.equalsIgnoreCase("RSA")) {
                    bigInteger = ((RSAPrivateKeySpec) keyFactory.getKeySpec(key, RSAPrivateKeySpec.class)).getModulus();
                } else if (algorithm.equalsIgnoreCase("DSA")) {
                    bigInteger = ((DSAPrivateKeySpec) keyFactory.getKeySpec(key, DSAPrivateKeySpec.class)).getP();
                }
            } else if (key instanceof PublicKey) {
                if (algorithm.equalsIgnoreCase("RSA")) {
                    bigInteger = ((RSAPublicKeySpec) keyFactory.getKeySpec(key, RSAPublicKeySpec.class)).getModulus();
                } else if (algorithm.equalsIgnoreCase("DSA")) {
                    if (algorithmParameters != null && (dSAParameterSpec = (DSAParameterSpec) algorithmParameters.getParameterSpec(DSAParameterSpec.class)) != null) {
                        bigInteger = dSAParameterSpec.getP();
                    }
                    if (bigInteger == null) {
                        bigInteger = ((DSAPublicKeySpec) keyFactory.getKeySpec(key, DSAPublicKeySpec.class)).getP();
                    }
                }
            }
            if (bigInteger != null) {
                return bigInteger.bitLength();
            }
            return -1;
        } catch (Exception e) {
            return -1;
        }
    }

    public static Map<String, String> parseSignatureAlgo(String str) {
        String[] split = str.split("/");
        int indexOf = str.indexOf("with");
        HashMap hashMap = new HashMap();
        if (split.length >= 2) {
            hashMap.put("digest", split[0]);
            hashMap.put("encrypt", split[1]);
            if (split.length >= 3) {
                hashMap.put("pad", split[2]);
            }
        }
        if (indexOf > 0) {
            hashMap.put("digest", str.substring(0, indexOf));
            hashMap.put("encrypt", str.substring(indexOf + 4));
        }
        return hashMap;
    }

    public static boolean isSignatureAlgoFIPSCompliant(String str, Key key) {
        return isSignatureAlgoFIPSCompliant(str, key, null);
    }

    public static boolean isSignatureAlgoFIPSCompliant(String str, Key key, AlgorithmParameters algorithmParameters) {
        if (str == null || key == null) {
            return false;
        }
        Map<String, String> parseSignatureAlgo = parseSignatureAlgo(str);
        return parseSignatureAlgo.size() >= 2 && isDigestAlgoCompliant(parseSignatureAlgo.get("digest")) && isEncryptAlgoCompliant(parseSignatureAlgo.get("encrypt"), key, algorithmParameters);
    }
}
