package org.openeuler.sun.security.ssl;

import java.security.AlgorithmConstraints;
import java.security.CryptoPrimitive;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.openeuler.gm.GMConstants;
import org.openeuler.sun.security.ssl.SupportedGroupsExtension;
import org.openeuler.sun.security.ssl.X509Authentication;
import org.openeuler.util.SM2Util;
import sun.security.util.KeyUtil;
import sun.security.util.SignatureUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/openeuler/sun/security/ssl/SignatureScheme.class */
public enum SignatureScheme {
    ED25519(2055, "ed25519", "ed25519", "ed25519", ProtocolVersion.PROTOCOLS_OF_13),
    ED448(2056, "ed448", "ed448", "ed448", ProtocolVersion.PROTOCOLS_OF_13),
    ECDSA_SECP256R1_SHA256(1027, "ecdsa_secp256r1_sha256", "SHA256withECDSA", GMConstants.EC, SupportedGroupsExtension.NamedGroup.SECP256_R1, ProtocolVersion.PROTOCOLS_TO_13),
    ECDSA_SECP384R1_SHA384(1283, "ecdsa_secp384r1_sha384", "SHA384withECDSA", GMConstants.EC, SupportedGroupsExtension.NamedGroup.SECP384_R1, ProtocolVersion.PROTOCOLS_TO_13),
    ECDSA_SECP521R1_SHA512(1539, "ecdsa_secp521r1_sha512", "SHA512withECDSA", GMConstants.EC, SupportedGroupsExtension.NamedGroup.SECP521_R1, ProtocolVersion.PROTOCOLS_TO_13),
    SM2SIG_SM3(1800, "sm2sig_sm3", GMConstants.SM3_WITH_SM2, GMConstants.SM2, SupportedGroupsExtension.NamedGroup.curveSM2, ProtocolVersion.PROTOCOLS_OF_RFC8998),
    RSA_PSS_RSAE_SHA256(2052, "rsa_pss_rsae_sha256", "RSASSA-PSS", "RSA", SigAlgParamSpec.RSA_PSS_SHA256, 528, ProtocolVersion.PROTOCOLS_12_13),
    RSA_PSS_RSAE_SHA384(2053, "rsa_pss_rsae_sha384", "RSASSA-PSS", "RSA", SigAlgParamSpec.RSA_PSS_SHA384, 784, ProtocolVersion.PROTOCOLS_12_13),
    RSA_PSS_RSAE_SHA512(2054, "rsa_pss_rsae_sha512", "RSASSA-PSS", "RSA", SigAlgParamSpec.RSA_PSS_SHA512, 1040, ProtocolVersion.PROTOCOLS_12_13),
    RSA_PSS_PSS_SHA256(2057, "rsa_pss_pss_sha256", "RSASSA-PSS", "RSASSA-PSS", SigAlgParamSpec.RSA_PSS_SHA256, 528, ProtocolVersion.PROTOCOLS_12_13),
    RSA_PSS_PSS_SHA384(2058, "rsa_pss_pss_sha384", "RSASSA-PSS", "RSASSA-PSS", SigAlgParamSpec.RSA_PSS_SHA384, 784, ProtocolVersion.PROTOCOLS_12_13),
    RSA_PSS_PSS_SHA512(2059, "rsa_pss_pss_sha512", "RSASSA-PSS", "RSASSA-PSS", SigAlgParamSpec.RSA_PSS_SHA512, 1040, ProtocolVersion.PROTOCOLS_12_13),
    RSA_PKCS1_SHA256(1025, "rsa_pkcs1_sha256", "SHA256withRSA", "RSA", null, null, 511, ProtocolVersion.PROTOCOLS_TO_13, ProtocolVersion.PROTOCOLS_TO_12),
    RSA_PKCS1_SHA384(1281, "rsa_pkcs1_sha384", "SHA384withRSA", "RSA", null, null, 768, ProtocolVersion.PROTOCOLS_TO_13, ProtocolVersion.PROTOCOLS_TO_12),
    RSA_PKCS1_SHA512(1537, "rsa_pkcs1_sha512", "SHA512withRSA", "RSA", null, null, 768, ProtocolVersion.PROTOCOLS_TO_13, ProtocolVersion.PROTOCOLS_TO_12),
    DSA_SHA256(1026, "dsa_sha256", "SHA256withDSA", "DSA", ProtocolVersion.PROTOCOLS_TO_12),
    ECDSA_SHA224(771, "ecdsa_sha224", "SHA224withECDSA", GMConstants.EC, ProtocolVersion.PROTOCOLS_TO_12),
    RSA_SHA224(769, "rsa_sha224", "SHA224withRSA", "RSA", 511, ProtocolVersion.PROTOCOLS_TO_12),
    DSA_SHA224(770, "dsa_sha224", "SHA224withDSA", "DSA", ProtocolVersion.PROTOCOLS_TO_12),
    ECDSA_SHA1(515, "ecdsa_sha1", "SHA1withECDSA", GMConstants.EC, ProtocolVersion.PROTOCOLS_TO_13),
    RSA_PKCS1_SHA1(513, "rsa_pkcs1_sha1", "SHA1withRSA", "RSA", null, null, 511, ProtocolVersion.PROTOCOLS_TO_13, ProtocolVersion.PROTOCOLS_TO_12),
    DSA_SHA1(514, "dsa_sha1", "SHA1withDSA", "DSA", ProtocolVersion.PROTOCOLS_TO_12),
    RSA_MD5(257, "rsa_md5", "MD5withRSA", "RSA", 511, ProtocolVersion.PROTOCOLS_TO_12),
    ECDSA_SM3(1795, "ecdsa_sm3", GMConstants.SM3_WITH_SM2, GMConstants.SM2, SupportedGroupsExtension.NamedGroup.SM2P256V1, ProtocolVersion.PROTOCOLS_TO_12);

    final int id;
    final String name;
    private final String algorithm;
    final String keyAlgorithm;
    private final AlgorithmParameterSpec signAlgParameter;
    private final SupportedGroupsExtension.NamedGroup namedGroup;
    final int minimalKeySize;
    final List<ProtocolVersion> supportedProtocols;
    final List<ProtocolVersion> handshakeSupportedProtocols;
    final boolean isAvailable;
    private static final String[] hashAlgorithms = {"none", "md5", "sha1", "sha224", "sha256", "sha384", "sha512", "sm3"};
    private static final String[] signatureAlgorithms = {"anonymous", "rsa", "dsa", "ecdsa"};
    private static final Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET = Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));

    /* loaded from: input_file:org/openeuler/sun/security/ssl/SignatureScheme$SigAlgParamSpec.class */
    enum SigAlgParamSpec {
        RSA_PSS_SHA256("SHA-256", 32),
        RSA_PSS_SHA384("SHA-384", 48),
        RSA_PSS_SHA512("SHA-512", 64);

        private final AlgorithmParameterSpec parameterSpec;
        final boolean isAvailable;

        SigAlgParamSpec(String str, int i) {
            PSSParameterSpec pSSParameterSpec = new PSSParameterSpec(str, "MGF1", new MGF1ParameterSpec(str), i, 1);
            boolean z = true;
            try {
                JsseJce.getSignature("RSASSA-PSS").setParameter(pSSParameterSpec);
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
                z = false;
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.warning("RSASSA-PSS signature with " + str + " is not supported by the underlying providers", e);
                }
            }
            this.isAvailable = z;
            this.parameterSpec = z ? pSSParameterSpec : null;
        }

        AlgorithmParameterSpec getParameterSpec() {
            return this.parameterSpec;
        }
    }

    SignatureScheme(int i, String str, String str2, String str3, ProtocolVersion[] protocolVersionArr) {
        this(i, str, str2, str3, -1, protocolVersionArr);
    }

    SignatureScheme(int i, String str, String str2, String str3, int i2, ProtocolVersion[] protocolVersionArr) {
        this(i, str, str2, str3, null, i2, protocolVersionArr);
    }

    SignatureScheme(int i, String str, String str2, String str3, SigAlgParamSpec sigAlgParamSpec, int i2, ProtocolVersion[] protocolVersionArr) {
        this(i, str, str2, str3, sigAlgParamSpec, null, i2, protocolVersionArr, protocolVersionArr);
    }

    SignatureScheme(int i, String str, String str2, String str3, SupportedGroupsExtension.NamedGroup namedGroup, ProtocolVersion[] protocolVersionArr) {
        this(i, str, str2, str3, null, namedGroup, -1, protocolVersionArr, protocolVersionArr);
    }

    SignatureScheme(int i, String str, String str2, String str3, SigAlgParamSpec sigAlgParamSpec, SupportedGroupsExtension.NamedGroup namedGroup, int i2, ProtocolVersion[] protocolVersionArr, ProtocolVersion[] protocolVersionArr2) {
        this.id = i;
        this.name = str;
        this.algorithm = str2;
        this.keyAlgorithm = str3;
        this.signAlgParameter = sigAlgParamSpec != null ? sigAlgParamSpec.parameterSpec : null;
        this.namedGroup = namedGroup;
        this.minimalKeySize = i2;
        this.supportedProtocols = Arrays.asList(protocolVersionArr);
        this.handshakeSupportedProtocols = Arrays.asList(protocolVersionArr2);
        boolean isEcAvailable = GMConstants.EC.equals(str3) ? JsseJce.isEcAvailable() : true;
        if (isEcAvailable) {
            if (sigAlgParamSpec != null) {
                isEcAvailable = sigAlgParamSpec.isAvailable;
            } else {
                try {
                    JsseJce.getSignature(str2);
                } catch (Exception e) {
                    isEcAvailable = false;
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                        SSLLogger.warning("Signature algorithm, " + str2 + ", is not supported by the underlying providers", new Object[0]);
                    }
                }
            }
        }
        if (isEcAvailable && ((i >> 8) & 255) == 3 && Security.getProvider("SunMSCAPI") != null) {
            isEcAvailable = false;
        }
        this.isAvailable = isEcAvailable;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SignatureScheme valueOf(int i) {
        for (SignatureScheme signatureScheme : values()) {
            if (signatureScheme.id == i) {
                return signatureScheme;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String nameOf(int i) {
        for (SignatureScheme signatureScheme : values()) {
            if (signatureScheme.id == i) {
                return signatureScheme.name;
            }
        }
        int i2 = (i >> 8) & 255;
        int i3 = i & 255;
        return (i3 >= signatureAlgorithms.length ? "UNDEFINED-SIGNATURE(" + i3 + ")" : signatureAlgorithms[i3]) + "_" + (i2 >= hashAlgorithms.length ? "UNDEFINED-HASH(" + i2 + ")" : hashAlgorithms[i2]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SignatureScheme nameOf(String str) {
        for (SignatureScheme signatureScheme : values()) {
            if (signatureScheme.name.equalsIgnoreCase(str)) {
                return signatureScheme;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int sizeInRecord() {
        return 2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<SignatureScheme> getSupportedAlgorithms(SSLConfiguration sSLConfiguration, AlgorithmConstraints algorithmConstraints, List<ProtocolVersion> list) {
        LinkedList linkedList = new LinkedList();
        for (SignatureScheme signatureScheme : values()) {
            if (signatureScheme.isAvailable && (sSLConfiguration.signatureSchemes.isEmpty() || sSLConfiguration.signatureSchemes.contains(signatureScheme))) {
                boolean z = false;
                Iterator<ProtocolVersion> it = list.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (signatureScheme.supportedProtocols.contains(it.next())) {
                        z = true;
                        break;
                    }
                }
                if (z) {
                    if (algorithmConstraints.permits(SIGNATURE_PRIMITIVE_SET, signatureScheme.algorithm, null)) {
                        linkedList.add(signatureScheme);
                    } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("Ignore disabled signature scheme: " + signatureScheme.name, new Object[0]);
                    }
                } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                    SSLLogger.finest("Ignore inactive signature scheme: " + signatureScheme.name, new Object[0]);
                }
            } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                SSLLogger.finest("Ignore unsupported signature scheme: " + signatureScheme.name, new Object[0]);
            }
        }
        return linkedList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<SignatureScheme> getSupportedAlgorithms(SSLConfiguration sSLConfiguration, AlgorithmConstraints algorithmConstraints, ProtocolVersion protocolVersion, int[] iArr) {
        LinkedList linkedList = new LinkedList();
        for (int i : iArr) {
            SignatureScheme valueOf = valueOf(i);
            if (valueOf == null) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.warning("Unsupported signature scheme: " + nameOf(i), new Object[0]);
                }
            } else if (valueOf.isAvailable && valueOf.supportedProtocols.contains(protocolVersion) && ((sSLConfiguration.signatureSchemes.isEmpty() || sSLConfiguration.signatureSchemes.contains(valueOf)) && algorithmConstraints.permits(SIGNATURE_PRIMITIVE_SET, valueOf.algorithm, null))) {
                linkedList.add(valueOf);
            } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.warning("Unsupported signature scheme: " + valueOf.name, new Object[0]);
            }
        }
        return linkedList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SignatureScheme getPreferableAlgorithm(List<SignatureScheme> list, SignatureScheme signatureScheme, ProtocolVersion protocolVersion) {
        for (SignatureScheme signatureScheme2 : list) {
            if (signatureScheme2.isAvailable && signatureScheme2.handshakeSupportedProtocols.contains(protocolVersion) && signatureScheme.keyAlgorithm.equalsIgnoreCase(signatureScheme2.keyAlgorithm)) {
                return signatureScheme2;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map.Entry<SignatureScheme, Signature> getSignerOfPreferableAlgorithm(List<SignatureScheme> list, X509Authentication.X509Possession x509Possession, ProtocolVersion protocolVersion) {
        SupportedGroupsExtension.NamedGroup valueOf;
        Signature signer;
        Signature signer2;
        PrivateKey privateKey = x509Possession.popPrivateKey;
        ECParameterSpec eCParameterSpec = x509Possession.getECParameterSpec();
        SupportedGroupsExtension.NamedGroup valueOf2 = eCParameterSpec != null ? SupportedGroupsExtension.NamedGroup.valueOf(eCParameterSpec) : null;
        if (protocolVersion.useTLS13PlusSpec() && valueOf2 != null && SupportedGroupsExtension.NamedGroup.curveSM2.oid.equals(valueOf2.oid)) {
            return new AbstractMap.SimpleImmutableEntry(SM2SIG_SM3, SM2SIG_SM3.getSigner(privateKey, SM2Util.createSM2ParameterSpec(GMConstants.TLS13_GM_ID)));
        }
        String algorithm = privateKey.getAlgorithm();
        int keySize = (algorithm.equalsIgnoreCase("RSA") || algorithm.equalsIgnoreCase("RSASSA-PSS")) ? KeyUtil.getKeySize(privateKey) : Integer.MAX_VALUE;
        for (SignatureScheme signatureScheme : list) {
            if (signatureScheme.isAvailable && keySize >= signatureScheme.minimalKeySize && signatureScheme.handshakeSupportedProtocols.contains(protocolVersion) && algorithm.equalsIgnoreCase(signatureScheme.keyAlgorithm)) {
                if (signatureScheme.namedGroup != null && signatureScheme.namedGroup.type == SupportedGroupsExtension.NamedGroupType.NAMED_GROUP_ECDHE) {
                    ECParameterSpec eCParameterSpec2 = x509Possession.getECParameterSpec();
                    if (eCParameterSpec2 != null && signatureScheme.namedGroup == SupportedGroupsExtension.NamedGroup.valueOf(eCParameterSpec2) && (signer2 = signatureScheme.getSigner(privateKey)) != null) {
                        return new AbstractMap.SimpleImmutableEntry(signatureScheme, signer2);
                    }
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("Ignore the signature algorithm (" + signatureScheme + "), unsupported EC parameter spec: " + eCParameterSpec2, new Object[0]);
                    }
                } else if (GMConstants.EC.equals(signatureScheme.keyAlgorithm)) {
                    ECParameterSpec eCParameterSpec3 = x509Possession.getECParameterSpec();
                    if (eCParameterSpec3 != null && (valueOf = SupportedGroupsExtension.NamedGroup.valueOf(eCParameterSpec3)) != null && SupportedGroupsExtension.SupportedGroups.isSupported(valueOf) && (signer = signatureScheme.getSigner(privateKey)) != null) {
                        return new AbstractMap.SimpleImmutableEntry(signatureScheme, signer);
                    }
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("Ignore the legacy signature algorithm (" + signatureScheme + "), unsupported EC parameter spec: " + eCParameterSpec3, new Object[0]);
                    }
                } else {
                    Signature signer3 = signatureScheme.getSigner(privateKey);
                    if (signer3 != null) {
                        return new AbstractMap.SimpleImmutableEntry(signatureScheme, signer3);
                    }
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String[] getAlgorithmNames(Collection<SignatureScheme> collection) {
        if (collection == null) {
            return new String[0];
        }
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator<SignatureScheme> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().algorithm);
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Signature getVerifier(PublicKey publicKey, AlgorithmParameterSpec algorithmParameterSpec) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException {
        if (!this.isAvailable) {
            return null;
        }
        Signature signature = Signature.getInstance(this.algorithm);
        if (algorithmParameterSpec != null) {
            signature.setParameter(algorithmParameterSpec);
        }
        SignatureUtil.initVerifyWithParam(signature, publicKey, this.signAlgParameter);
        return signature;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Signature getVerifier(PublicKey publicKey) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, InvalidKeyException {
        return getVerifier(publicKey, null);
    }

    private Signature getSigner(PrivateKey privateKey, AlgorithmParameterSpec algorithmParameterSpec) {
        if (!this.isAvailable) {
            return null;
        }
        try {
            Signature signature = Signature.getInstance(this.algorithm);
            if (algorithmParameterSpec != null) {
                signature.setParameter(algorithmParameterSpec);
            }
            SignatureUtil.initSignWithParam(signature, privateKey, this.signAlgParameter, (SecureRandom) null);
            return signature;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException e) {
            if (!SSLLogger.isOn || !SSLLogger.isOn("ssl,handshake,verbose")) {
                return null;
            }
            SSLLogger.finest("Ignore unsupported signature algorithm (" + this.name + ")", e);
            return null;
        }
    }

    private Signature getSigner(PrivateKey privateKey) {
        return getSigner(privateKey, null);
    }
}
