package com.oracle.pic.opensearch.common.crypto;

import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.fips.FipsStatus;
import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;

/* loaded from: input_file:com/oracle/pic/opensearch/common/crypto/JCEProviders.class */
public final class JCEProviders {
    private static final String PKIX_ALGORITHM = "PKIX";
    private static final String KEY_STORE_TYPE = "keystore type";
    private static final String SSL_KEY_STORE_TYPE = "ssl.keystore.type";
    private static final String JAVAX_KEYSTORE_PROVIDER_PROPERTY = "javax.net.ssl.keyStoreProvider";
    private static final String SSL_KEY_MANAGER_FACTORY_ALGORITHM = "ssl.KeyManagerFactory.algorithm";
    private static final String SSL_TRUST_MANAGER_FACTORY_ALGORITHM = "ssl.TrustManagerFactory.algorithm";
    public static final String BC_FIPS_KEYSTORE_TYPE = "BCFKS";
    private static final String FIPS_APPROVED_ONLY_PROPERTY = "org.bouncycastle.fips.approved_only";
    private static final String JAVAX_KEYSTORE_TYPE_PROPERTY = "javax.net.ssl.keyStoreType";
    private static final boolean FIPS_MODE = true;
    private static final boolean USE_BCJSSE = false;
    private static final Object LOCK = new Object();
    private static volatile boolean loaded;

    /* loaded from: input_file:com/oracle/pic/opensearch/common/crypto/JCEProviders$JCEProvidersException.class */
    public static final class JCEProvidersException extends RuntimeException {
        public JCEProvidersException(String str) {
            super(str);
        }
    }

    private JCEProviders() {
    }

    public static void load() {
        synchronized (LOCK) {
            if (loaded) {
                return;
            }
            doLoad();
            loaded = true;
        }
    }

    private static void doLoad() {
        SecureRandom secureRandom;
        setSystemAndSecurityProperty(null, FIPS_APPROVED_ONLY_PROPERTY, "true");
        setSystemAndSecurityProperty(null, JAVAX_KEYSTORE_TYPE_PROPERTY, BC_FIPS_KEYSTORE_TYPE);
        setSystemAndSecurityProperty(null, JAVAX_KEYSTORE_PROVIDER_PROPERTY, BouncyCastleFipsProvider.PROVIDER_NAME);
        setSystemAndSecurityProperty(null, KEY_STORE_TYPE, BC_FIPS_KEYSTORE_TYPE);
        setSystemAndSecurityProperty(null, SSL_KEY_STORE_TYPE, BC_FIPS_KEYSTORE_TYPE);
        System.setProperty(JAVAX_KEYSTORE_TYPE_PROPERTY, BC_FIPS_KEYSTORE_TYPE);
        System.setProperty(FIPS_APPROVED_ONLY_PROPERTY, "true");
        try {
            secureRandom = SecureRandom.getInstance("NativePRNGNonBlocking", "SUN");
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            secureRandom = new SecureRandom();
        }
        BouncyCastleFipsProvider bouncyCastleFipsProvider = new BouncyCastleFipsProvider(null, secureRandom);
        Security.removeProvider(BouncyCastleFipsProvider.PROVIDER_NAME);
        Security.insertProviderAt(bouncyCastleFipsProvider, 1);
        Provider sunJsseProvider = getSunJsseProvider();
        Security.removeProvider(sunJsseProvider.getName());
        Security.insertProviderAt(sunJsseProvider, 2);
        if (!CryptoServicesRegistrar.setApprovedOnlyMode(true)) {
            throw new IllegalStateException("Requires approved mode for compliance.");
        }
        Security.getProviders();
        String statusMessage = FipsStatus.getStatusMessage();
        boolean isReady = FipsStatus.isReady();
        boolean isInFipsApprovedOnlyMode = isInFipsApprovedOnlyMode();
        if (!isReady || !isInFipsApprovedOnlyMode) {
            throw new IllegalStateException("Unable to initialize FIPS mode for Bouncy Castle: " + statusMessage + ", FIPS ready: " + isReady + ", FIPS approved only mode: " + isInFipsApprovedOnlyMode);
        }
    }

    public static boolean isInFipsApprovedOnlyMode() {
        boolean z;
        synchronized (LOCK) {
            z = Boolean.getBoolean(FIPS_APPROVED_ONLY_PROPERTY);
        }
        return z;
    }

    private static Provider getSunJsseProvider() {
        setSystemAndSecurityProperty(null, SSL_KEY_MANAGER_FACTORY_ALGORITHM, PKIX_ALGORITHM);
        setSystemAndSecurityProperty(null, SSL_TRUST_MANAGER_FACTORY_ALGORITHM, PKIX_ALGORITHM);
        Security.getProviders();
        BouncyCastleJsseProvider bouncyCastleJsseProvider = new BouncyCastleJsseProvider();
        bouncyCastleJsseProvider.put("Alg.Alias.SSLContext.SSL", "TLS");
        return bouncyCastleJsseProvider;
    }

    private static Provider getBCJsseProvider(Provider provider) {
        setSystemAndSecurityProperty(null, SSL_KEY_MANAGER_FACTORY_ALGORITHM, PKIX_ALGORITHM);
        setSystemAndSecurityProperty(null, SSL_TRUST_MANAGER_FACTORY_ALGORITHM, PKIX_ALGORITHM);
        BouncyCastleJsseProvider bouncyCastleJsseProvider = new BouncyCastleJsseProvider(true, provider);
        bouncyCastleJsseProvider.put("Alg.Alias.SSLContext.SSL", "TLS");
        return bouncyCastleJsseProvider;
    }

    private static void setSystemAndSecurityProperty(String str, String str2, String str3) {
        System.setProperty(str2, str3);
        Security.setProperty(str2, str3);
    }

    static {
        synchronized (LOCK) {
            loaded = false;
        }
    }
}
