package com.ibm.ws.security.common.crypto;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.security.Key;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/common/crypto/KeyAlgorithmChecker.class */
public class KeyAlgorithmChecker {
    private static final TraceComponent tc = Tr.register(KeyAlgorithmChecker.class, (String) null, (String) null);
    private static final Pattern HSA_PATTERN = Pattern.compile("HS[0-9]{3,}");
    private static final Pattern RSA_PATTERN = Pattern.compile("RS[0-9]{3,}");
    private static final Pattern ESA_PATTERN = Pattern.compile("ES[0-9]{3,}");
    private static final Pattern ALG_PATTERN = Pattern.compile("[RHEP]S([0-9]{3,})", 2);
    public static int UNKNOWN_HASH_SIZE = 0;
    static final long serialVersionUID = -1185560328885431269L;

    private KeyAlgorithmChecker() {
    }

    public static boolean isHSAlgorithm(String str) {
        if (str == null) {
            return false;
        }
        return HSA_PATTERN.matcher(str).matches();
    }

    public static boolean isPublicKeyValidType(Key key, String str) {
        if (key == null || str == null) {
            return true;
        }
        if (isRSAlgorithm(str)) {
            return isValidRSAPublicKey(key);
        }
        if (isESAlgorithm(str)) {
            return isValidECPublicKey(str, key);
        }
        if (!tc.isDebugEnabled()) {
            return false;
        }
        Tr.debug(tc, "Did not find matching algorithm support for [" + str + "]", new Object[0]);
        return false;
    }

    public static boolean isRSAlgorithm(String str) {
        if (str == null) {
            return false;
        }
        return RSA_PATTERN.matcher(str).matches();
    }

    public static boolean isValidRSAPublicKey(Key key) {
        return key.getAlgorithm().equals("RSA") && (key instanceof RSAPublicKey);
    }

    public static boolean isESAlgorithm(String str) {
        if (str == null) {
            return false;
        }
        return ESA_PATTERN.matcher(str).matches();
    }

    public static boolean isValidECPublicKey(String str, Key key) {
        if ("EC".equals(key.getAlgorithm()) && (key instanceof ECPublicKey)) {
            return isValidECKeyParameters(str, (ECPublicKey) key);
        }
        return false;
    }

    static boolean isValidECKeyParameters(String str, ECKey eCKey) {
        int fieldSize = eCKey.getParams().getCurve().getField().getFieldSize();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Comparing supported algorithm [" + str + "] against key field size [" + fieldSize + "]", new Object[0]);
        }
        int hashSizeFromAlgorithm = getHashSizeFromAlgorithm(str);
        return fieldSize == 521 ? hashSizeFromAlgorithm == 512 : hashSizeFromAlgorithm == fieldSize;
    }

    @FFDCIgnore({Exception.class})
    public static int getHashSizeFromAlgorithm(String str) {
        int i = UNKNOWN_HASH_SIZE;
        Matcher matcher = ALG_PATTERN.matcher(str);
        if (!matcher.matches()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Algorithm [" + str + "] did not match expected regex " + ALG_PATTERN.toString(), new Object[0]);
            }
            return i;
        }
        String group = matcher.group(1);
        try {
            i = Integer.parseInt(group);
            return i;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception parsing hash size string [" + group + "]: " + e, new Object[0]);
            }
            return i;
        }
    }

    public static boolean isPrivateKeyValidType(Key key, String str) {
        if (key == null || str == null) {
            return true;
        }
        if (isRSAlgorithm(str)) {
            return isValidRSAPrivateKey(key);
        }
        if (isESAlgorithm(str)) {
            return isValidECPrivateKey(str, key);
        }
        if (!tc.isDebugEnabled()) {
            return false;
        }
        Tr.debug(tc, "Did not find matching algorithm support for [" + str + "]", new Object[0]);
        return false;
    }

    public static boolean isValidRSAPrivateKey(Key key) {
        return key.getAlgorithm().equals("RSA") && (key instanceof RSAPrivateKey);
    }

    public static boolean isValidECPrivateKey(String str, Key key) {
        if ("EC".equals(key.getAlgorithm()) && (key instanceof ECPrivateKey)) {
            return isValidECKeyParameters(str, (ECPrivateKey) key);
        }
        return false;
    }
}
