package com.ibm.ws.wssecurity.xml.xss4j;

import com.ibm.ws.wssecurity.core.EngineFactory;
import com.ibm.ws.wssecurity.core.SignatureEngine;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.SignatureEngineRSA256;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.SignatureMethod;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.Stack;
import java.util.StringTokenizer;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/xml/xss4j/AlgorithmFactoryExt.class */
public class AlgorithmFactoryExt extends AlgorithmFactory {
    private static boolean fipsEnabled;
    private static AlgorithmFactoryExt s_theInstance;
    private boolean debug;
    protected static Stack<SignatureEngine> rsa256Pool = new Stack<>();
    protected static Stack<SignatureEngine> hwcRsa256Pool = new Stack<>();
    private static List<Provider> providers = new ArrayList();

    public AlgorithmFactoryExt(String str) {
        super(str);
        this.debug = false;
        if (!fipsEnabled) {
            providers.clear();
            providers.add(str == null ? null : Security.getProvider(str));
        }
        this.supportedSignature.add(SignatureMethod.RSA256);
    }

    public static AlgorithmFactoryExt getInstance() {
        return s_theInstance;
    }

    @Override // com.ibm.ws.wssecurity.xml.xss4j.AlgorithmFactory, com.ibm.ws.wssecurity.core.EngineFactory
    public SignatureEngine getSignatureEngine(String str) throws NoSuchAlgorithmException {
        if (str == null) {
            throw new NullPointerException("No SignatureMethod for null.");
        }
        return SignatureMethod.RSA256.equals(str) ? getSignatureEngineRSA256(str) : super.getSignatureEngine(str);
    }

    @Override // com.ibm.ws.wssecurity.xml.xss4j.AlgorithmFactory, com.ibm.ws.wssecurity.core.EngineFactory
    public boolean releaseSignatureEngine(SignatureEngine signatureEngine) {
        return SignatureMethod.RSA256.equals(signatureEngine.getURI()) ? releaseSignatureEngineRSA256(signatureEngine) : super.releaseSignatureEngine(signatureEngine);
    }

    public boolean releaseSignatureEngineRSA256(SignatureEngine signatureEngine) {
        if (getProviderMaps().isEmpty()) {
            rsa256Pool.push(signatureEngine);
            return true;
        }
        if (this.debug) {
            System.out.println("HWC: AlgorithmFactory, releaseSignatureEngine hw provider is in use");
        }
        synchronized (hwcRsaPool) {
            hwcRsa256Pool.push(signatureEngine);
        }
        return true;
    }

    private SignatureEngine getSignatureEngineRSA256(String str) throws NoSuchAlgorithmException {
        SignatureEngine signatureEngine;
        SignatureEngine pop;
        SignatureEngine pop2;
        Provider provider = (Provider) getLocalProvider("com.ibm.ws.wssecurity.config.keystore.keyStoreRef");
        if (provider != null) {
            synchronized (hwcRsa256Pool) {
                if (!hwcRsa256Pool.empty() && (pop2 = hwcRsa256Pool.pop()) != null) {
                    return pop2;
                }
            }
        }
        Provider provider2 = (Provider) getLocalProvider("HWCONFIG");
        if (provider2 != null) {
            synchronized (hwcRsa256Pool) {
                if (!hwcRsa256Pool.empty() && (pop = hwcRsa256Pool.pop()) != null) {
                    return pop;
                }
            }
        }
        if (provider != null) {
            try {
                return new SignatureEngineRSA256(str, provider);
            } catch (NoSuchAlgorithmException e) {
                System.out.println("HARDWARE CRYPTO, In AlgFactory, caught Exception" + e.getMessage());
                e.printStackTrace();
            }
        }
        if (provider2 != null) {
            try {
                return new SignatureEngineRSA256(str, provider2);
            } catch (NoSuchAlgorithmException e2) {
                System.out.println("HARDWARE CRYPTO, In AlgFactory, caught Exception" + e2.getMessage());
                e2.printStackTrace();
            }
        }
        if ((provider != null || provider2 != null) && this.debug) {
            System.out.println("HARDWARE CRYPTO: getSignatureEngine fails with hardware crypto provider. Continue to use JCE provider");
        }
        synchronized (rsa256Pool) {
            if (!rsa256Pool.empty()) {
                return rsa256Pool.pop();
            }
            if (!fipsEnabled && this.childFactory != null && !this.childFactory.isEmpty()) {
                for (EngineFactory engineFactory : this.childFactory) {
                    Set<String> set = this.childFactoryURIs.get(engineFactory);
                    if (set != null && (set instanceof Set) && set.contains(str) && engineFactory.getSignatureAlgorithms().contains(str) && (signatureEngine = engineFactory.getSignatureEngine(str)) != null) {
                        return signatureEngine;
                    }
                }
            }
            for (int i = 0; i < providers.size(); i++) {
                try {
                    return new SignatureEngineRSA256(str, providers.get(i));
                } catch (NoSuchAlgorithmException e3) {
                }
            }
            throw new NoSuchAlgorithmException("No SignatureEngine for " + str);
        }
    }

    static {
        fipsEnabled = false;
        s_theInstance = null;
        if ("true".equalsIgnoreCase(Security.getProperty(com.ibm.ws.ssl.core.Constants.FIPS_ENABLED))) {
            fipsEnabled = true;
            StringTokenizer stringTokenizer = new StringTokenizer(Security.getProperty(com.ibm.ws.ssl.core.Constants.FIPS_JCEPROVIDERS), "|");
            while (stringTokenizer.hasMoreTokens()) {
                providers.add(Security.getProvider(stringTokenizer.nextToken()));
            }
        }
        s_theInstance = new AlgorithmFactoryExt(null);
    }
}
