package com.unboundid.util;

import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPRuntimeException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.ssl.TLSCipherSuiteSelector;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
/* loaded from: input_file:BOOT-INF/lib/unboundid-ldapsdk-5.1.4.jar:com/unboundid/util/CryptoHelper.class */
public final class CryptoHelper {

    @NotNull
    public static final String PROPERTY_FIPS_MODE = "com.unboundid.crypto.FIPS_MODE";

    @NotNull
    public static final String PROPERTY_REMOVE_NON_NECESSARY_PROVIDERS = "com.unboundid.crypto.REMOVE_NON_ESSENTIAL_PROVIDERS";

    @NotNull
    private static final Set<String> ESSENTIAL_PROVIDERS_TO_PRESERVE = StaticUtils.setOf(BouncyCastleFIPSHelper.BOUNCY_CASTLE_FIPS_PROVIDER_CLASS_NAME, BouncyCastleFIPSHelper.BOUNCY_CASTLE_JSSE_PROVIDER_CLASS_NAME, "com.sun.net.ssl.internal.ssl.Provider", "sun.security.provider.Sun", "sun.security.jgss.SunProvider", "com.sun.security.sasl.Provider", "sun.security.provider.certpath.ldap.JdkLDAP", "com.sun.security.sasl.gsskerb.JdkSASL", "sun.security.pkcs11.SunPKCS11", "com.ibm.security.jgss.IBMJGSSProvider", "com.ibm.security.sasl.IBMSASL");

    @NotNull
    private static final AtomicBoolean FIPS_MODE;

    @NotNull
    public static final String KEY_STORE_TYPE_BCFKS = "BCFKS";

    @NotNull
    public static final String KEY_STORE_TYPE_JKS = "JKS";

    @NotNull
    public static final String KEY_STORE_TYPE_PKCS_11 = "PKCS11";

    @NotNull
    public static final String KEY_STORE_TYPE_PKCS_12 = "PKCS12";

    @NotNull
    public static final String PROPERTY_DEFAULT_KEY_STORE_TYPE = "com.unboundid.crypto.DEFAULT_KEY_STORE_TYPE";

    @NotNull
    private static final AtomicReference<String> DEFAULT_KEY_STORE_TYPE;

    @NotNull
    private static final String SECURE_RANDOM_SERVICE_TYPE = "SecureRandom";

    @Nullable
    private static final Provider NULL_PROVIDER;

    private CryptoHelper() {
    }

    public static boolean usingFIPSMode() {
        return FIPS_MODE.get();
    }

    public static void setUseFIPSMode(boolean z) throws NoSuchProviderException {
        if (z) {
            BouncyCastleFIPSHelper.loadBouncyCastleFIPSProvider(true);
            BouncyCastleFIPSHelper.loadBouncyCastleJSSEProvider(true);
        }
        FIPS_MODE.set(z);
        TLSCipherSuiteSelector.recompute();
    }

    public static void removeNonEssentialSecurityProviders() {
        for (Provider provider : Security.getProviders()) {
            if (!ESSENTIAL_PROVIDERS_TO_PRESERVE.contains(provider.getClass().getName())) {
                Security.removeProvider(provider.getName());
            }
        }
    }

    @NotNull
    public static CertificateFactory getCertificateFactory(@NotNull String str) throws CertificateException {
        return getCertificateFactory(str, NULL_PROVIDER);
    }

    @NotNull
    public static CertificateFactory getCertificateFactory(@NotNull String str, @Nullable String str2) throws CertificateException, NoSuchProviderException {
        return getCertificateFactory(str, getProvider(str2, true));
    }

    @NotNull
    public static CertificateFactory getCertificateFactory(@NotNull String str, @Nullable Provider provider) throws CertificateException {
        if (provider != null) {
            if (usingFIPSMode()) {
                String name = provider.getName();
                if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                    throw new CertificateException(UtilityMessages.ERR_CRYPTO_HELPER_GET_CERT_FACTORY_WRONG_PROVIDER_FOR_FIPS_MODE.get(str, name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
                }
            }
            return CertificateFactory.getInstance(str, provider);
        }
        if (!usingFIPSMode()) {
            return CertificateFactory.getInstance(str);
        }
        try {
            return CertificateFactory.getInstance(str, BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new CertificateException(e.getMessage(), e);
        }
    }

    @NotNull
    public static Cipher getCipher(@NotNull String str) throws NoSuchAlgorithmException, NoSuchPaddingException {
        return getCipher(str, NULL_PROVIDER);
    }

    @NotNull
    public static Cipher getCipher(@NotNull String str, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException {
        return getCipher(str, getProvider(str2, true));
    }

    @NotNull
    public static Cipher getCipher(@NotNull String str, @Nullable Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException {
        if (provider != null) {
            if (usingFIPSMode()) {
                String name = provider.getName();
                if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                    throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_CIPHER_WRONG_PROVIDER_FOR_FIPS_MODE.get(str, name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
                }
            }
            return Cipher.getInstance(str, provider);
        }
        if (!usingFIPSMode()) {
            return Cipher.getInstance(str);
        }
        try {
            return Cipher.getInstance(str, BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @NotNull
    public static KeyFactory getKeyFactory(@NotNull String str) throws NoSuchAlgorithmException {
        return getKeyFactory(str, NULL_PROVIDER);
    }

    @NotNull
    public static KeyFactory getKeyFactory(@NotNull String str, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        return getKeyFactory(str, getProvider(str2, true));
    }

    @NotNull
    public static KeyFactory getKeyFactory(@NotNull String str, @Nullable Provider provider) throws NoSuchAlgorithmException {
        if (provider != null) {
            if (usingFIPSMode()) {
                String name = provider.getName();
                if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                    throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_KEY_FACTORY_WRONG_PROVIDER_FOR_FIPS_MODE.get(str, name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
                }
            }
            return KeyFactory.getInstance(str, provider);
        }
        if (!usingFIPSMode()) {
            return KeyFactory.getInstance(str);
        }
        try {
            return KeyFactory.getInstance(str, BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @NotNull
    public static KeyManagerFactory getKeyManagerFactory() throws NoSuchAlgorithmException {
        if (!usingFIPSMode()) {
            return getKeyManagerFactory(KeyManagerFactory.getDefaultAlgorithm());
        }
        try {
            return KeyManagerFactory.getInstance("X.509", BouncyCastleFIPSHelper.getBouncyCastleJSSEProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @NotNull
    public static KeyManagerFactory getKeyManagerFactory(@NotNull String str) throws NoSuchAlgorithmException {
        return getKeyManagerFactory(str, NULL_PROVIDER);
    }

    @NotNull
    public static KeyManagerFactory getKeyManagerFactory(@NotNull String str, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        return getKeyManagerFactory(str, getProvider(str2, true));
    }

    @NotNull
    public static KeyManagerFactory getKeyManagerFactory(@NotNull String str, @Nullable Provider provider) throws NoSuchAlgorithmException {
        if (provider != null) {
            if (usingFIPSMode()) {
                String name = provider.getName();
                if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                    throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_KM_FACTORY_WRONG_PROVIDER_FOR_FIPS_MODE.get(str, name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
                }
            }
            return KeyManagerFactory.getInstance(str, provider);
        }
        if (!usingFIPSMode()) {
            return KeyManagerFactory.getInstance(str);
        }
        try {
            return KeyManagerFactory.getInstance(str, BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @NotNull
    public static KeyPairGenerator getKeyPairGenerator(@NotNull String str) throws NoSuchAlgorithmException {
        return getKeyPairGenerator(str, NULL_PROVIDER);
    }

    @NotNull
    public static KeyPairGenerator getKeyPairGenerator(@NotNull String str, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        return getKeyPairGenerator(str, getProvider(str2, true));
    }

    @NotNull
    public static KeyPairGenerator getKeyPairGenerator(@NotNull String str, @Nullable Provider provider) throws NoSuchAlgorithmException {
        if (provider != null) {
            if (usingFIPSMode()) {
                String name = provider.getName();
                if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                    throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_KP_GEN_WRONG_PROVIDER_FOR_FIPS_MODE.get(str, name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
                }
            }
            return KeyPairGenerator.getInstance(str, provider);
        }
        if (!usingFIPSMode()) {
            return KeyPairGenerator.getInstance(str);
        }
        try {
            return KeyPairGenerator.getInstance(str, BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @NotNull
    public static String getDefaultKeyStoreType() {
        return DEFAULT_KEY_STORE_TYPE.get();
    }

    public static void setDefaultKeyStoreType(@NotNull String str) {
        DEFAULT_KEY_STORE_TYPE.set(str);
    }

    @NotNull
    public static KeyStore getKeyStore(@NotNull String str) throws KeyStoreException {
        return getKeyStore(str, NULL_PROVIDER);
    }

    @NotNull
    public static KeyStore getKeyStore(@NotNull String str, @Nullable String str2) throws KeyStoreException, NoSuchProviderException {
        return getKeyStore(str, getProvider(str2, false));
    }

    @NotNull
    public static KeyStore getKeyStore(@NotNull String str, @Nullable Provider provider) throws KeyStoreException {
        return getKeyStore(str, provider, false);
    }

    @NotNull
    public static KeyStore getKeyStore(@NotNull String str, @Nullable Provider provider, boolean z) throws KeyStoreException {
        if (usingFIPSMode() && !z && !str.equals("BCFKS") && !str.equals(KEY_STORE_TYPE_PKCS_11)) {
            throw new KeyStoreException(UtilityMessages.ERR_CRYPTO_HELPER_GET_KEY_STORE_WRONG_STORE_TYPE_FOR_FIPS_MODE.get(str, "BCFKS", KEY_STORE_TYPE_PKCS_11));
        }
        if (provider != null) {
            if (!str.equals("BCFKS") || provider.getName().equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                return KeyStore.getInstance(str, provider);
            }
            throw new KeyStoreException(UtilityMessages.ERR_CRYPTO_HELPER_GET_KEY_STORE_WRONG_PROVIDER_FOR_STORE_TYPE.get(str, provider.getName(), "BCFKS", str));
        }
        if (!str.equals("BCFKS")) {
            return KeyStore.getInstance(str);
        }
        try {
            return KeyStore.getInstance(str, BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
        } catch (NoSuchProviderException e) {
            throw new KeyStoreException(e.getMessage(), e);
        }
    }

    @NotNull
    public static Mac getMAC(@NotNull String str) throws NoSuchAlgorithmException {
        return getMAC(str, NULL_PROVIDER);
    }

    @NotNull
    public static Mac getMAC(@NotNull String str, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        return getMAC(str, getProvider(str2, true));
    }

    @NotNull
    public static Mac getMAC(@NotNull String str, @Nullable Provider provider) throws NoSuchAlgorithmException {
        if (provider != null) {
            if (usingFIPSMode()) {
                String name = provider.getName();
                if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                    throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_MAC_WRONG_PROVIDER_FOR_FIPS_MODE.get(str, name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
                }
            }
            return Mac.getInstance(str, provider);
        }
        if (!usingFIPSMode()) {
            return Mac.getInstance(str);
        }
        try {
            return Mac.getInstance(str, BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @NotNull
    public static MessageDigest getMessageDigest(@NotNull String str) throws NoSuchAlgorithmException {
        return getMessageDigest(str, NULL_PROVIDER);
    }

    @NotNull
    public static MessageDigest getMessageDigest(@NotNull String str, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        return getMessageDigest(str, getProvider(str2, true));
    }

    @NotNull
    public static MessageDigest getMessageDigest(@NotNull String str, @Nullable Provider provider) throws NoSuchAlgorithmException {
        if (provider != null) {
            if (usingFIPSMode()) {
                String name = provider.getName();
                if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                    throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_DIGEST_WRONG_PROVIDER_FOR_FIPS_MODE.get(str, name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
                }
            }
            return MessageDigest.getInstance(str, provider);
        }
        if (!usingFIPSMode()) {
            return MessageDigest.getInstance(str);
        }
        try {
            return MessageDigest.getInstance(str, BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @NotNull
    public static SecretKeyFactory getSecretKeyFactory(@NotNull String str) throws NoSuchAlgorithmException {
        return getSecretKeyFactory(str, NULL_PROVIDER);
    }

    @NotNull
    public static SecretKeyFactory getSecretKeyFactory(@NotNull String str, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        return getSecretKeyFactory(str, getProvider(str2, true));
    }

    @NotNull
    public static SecretKeyFactory getSecretKeyFactory(@NotNull String str, @Nullable Provider provider) throws NoSuchAlgorithmException {
        if (provider != null) {
            if (usingFIPSMode()) {
                String name = provider.getName();
                if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                    throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_SK_FACTORY_WRONG_PROVIDER_FOR_FIPS_MODE.get(str, name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
                }
            }
            return SecretKeyFactory.getInstance(str, provider);
        }
        if (!usingFIPSMode()) {
            return SecretKeyFactory.getInstance(str);
        }
        try {
            return SecretKeyFactory.getInstance(str, BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @NotNull
    public static SecureRandom getSecureRandom() {
        try {
            return getSecureRandom((String) null, NULL_PROVIDER);
        } catch (NoSuchAlgorithmException e) {
            Debug.debugException(e);
            throw new LDAPRuntimeException(new LDAPException(ResultCode.LOCAL_ERROR, e.getMessage(), e));
        }
    }

    @NotNull
    public static SecureRandom getSecureRandom(@Nullable String str) throws NoSuchAlgorithmException {
        return getSecureRandom(str, NULL_PROVIDER);
    }

    @NotNull
    public static SecureRandom getSecureRandom(@Nullable String str, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        return getSecureRandom(str, getProvider(str2, true));
    }

    @NotNull
    public static SecureRandom getSecureRandom(@Nullable String str, @Nullable Provider provider) throws NoSuchAlgorithmException {
        if (str == null) {
            if (provider != null) {
                return getSecureRandom(provider);
            }
            if (!usingFIPSMode()) {
                return new SecureRandom();
            }
            try {
                return getSecureRandom(BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
            } catch (NoSuchProviderException e) {
                Debug.debugException(e);
                throw new NoSuchAlgorithmException(e.getMessage(), e);
            }
        }
        if (provider != null) {
            if (usingFIPSMode()) {
                String name = provider.getName();
                if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                    throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_SEC_RAND_WRONG_PROVIDER_FOR_FIPS_MODE.get(str, name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
                }
            }
            return SecureRandom.getInstance(str, provider);
        }
        if (!usingFIPSMode()) {
            return SecureRandom.getInstance(str);
        }
        try {
            return getSecureRandom(str, BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
        } catch (NoSuchProviderException e2) {
            Debug.debugException(e2);
            throw new NoSuchAlgorithmException(e2.getMessage(), e2);
        }
    }

    @NotNull
    private static SecureRandom getSecureRandom(@NotNull Provider provider) throws NoSuchAlgorithmException {
        if (usingFIPSMode()) {
            String name = provider.getName();
            if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_SEC_RAND_WRONG_PROVIDER_FOR_FIPS_MODE_NO_ALG.get(name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
            }
        }
        for (Provider.Service service : provider.getServices()) {
            if (service.getType().equals(SECURE_RANDOM_SERVICE_TYPE)) {
                return SecureRandom.getInstance(service.getAlgorithm(), provider);
            }
        }
        throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_SEC_RAND_NO_ALG_FOR_PROVIDER.get(provider.getName()));
    }

    @NotNull
    public static Signature getSignature(@NotNull String str) throws NoSuchAlgorithmException {
        return getSignature(str, NULL_PROVIDER);
    }

    @NotNull
    public static Signature getSignature(@NotNull String str, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        return getSignature(str, getProvider(str2, true));
    }

    @NotNull
    public static Signature getSignature(@NotNull String str, @Nullable Provider provider) throws NoSuchAlgorithmException {
        if (provider != null) {
            if (usingFIPSMode()) {
                String name = provider.getName();
                if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                    throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_SIGNATURE_WRONG_PROVIDER_FOR_FIPS_MODE.get(str, name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
                }
            }
            return Signature.getInstance(str, provider);
        }
        if (!usingFIPSMode()) {
            return Signature.getInstance(str);
        }
        try {
            return Signature.getInstance(str, BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @NotNull
    public static SSLContext getDefaultSSLContext() throws NoSuchAlgorithmException {
        if (!usingFIPSMode()) {
            return SSLContext.getDefault();
        }
        try {
            return SSLContext.getInstance(BouncyCastleFIPSHelper.DEFAULT_SSL_CONTEXT_PROTOCOL, BouncyCastleFIPSHelper.getBouncyCastleJSSEProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @NotNull
    public static SSLContext getSSLContext(@NotNull String str) throws NoSuchAlgorithmException {
        return getSSLContext(str, NULL_PROVIDER);
    }

    @NotNull
    public static SSLContext getSSLContext(@NotNull String str, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        return getSSLContext(str, getProvider(str2, true));
    }

    @NotNull
    public static SSLContext getSSLContext(@NotNull String str, @Nullable Provider provider) throws NoSuchAlgorithmException {
        if (provider != null) {
            if (usingFIPSMode()) {
                String name = provider.getName();
                if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                    throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_SSL_CONTEXT_WRONG_PROVIDER_FOR_FIPS_MODE.get(str, name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
                }
            }
            return SSLContext.getInstance(str, provider);
        }
        if (!usingFIPSMode()) {
            return SSLContext.getInstance(str);
        }
        try {
            return SSLContext.getInstance(str, BouncyCastleFIPSHelper.getBouncyCastleJSSEProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @NotNull
    public static TrustManagerFactory getTrustManagerFactory() throws NoSuchAlgorithmException {
        if (!usingFIPSMode()) {
            return getTrustManagerFactory(TrustManagerFactory.getDefaultAlgorithm());
        }
        try {
            return TrustManagerFactory.getInstance(BouncyCastleFIPSHelper.DEFAULT_TRUST_MANAGER_FACTORY_ALGORITHM, BouncyCastleFIPSHelper.getBouncyCastleJSSEProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @NotNull
    public static TrustManagerFactory getTrustManagerFactory(@NotNull String str) throws NoSuchAlgorithmException {
        return getTrustManagerFactory(str, NULL_PROVIDER);
    }

    @NotNull
    public static TrustManagerFactory getTrustManagerFactory(@NotNull String str, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        return getTrustManagerFactory(str, getProvider(str2, true));
    }

    @NotNull
    public static TrustManagerFactory getTrustManagerFactory(@NotNull String str, @Nullable Provider provider) throws NoSuchAlgorithmException {
        if (provider != null) {
            if (usingFIPSMode()) {
                String name = provider.getName();
                if (!name.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
                    throw new NoSuchAlgorithmException(UtilityMessages.ERR_CRYPTO_HELPER_GET_TM_FACTORY_WRONG_PROVIDER_FOR_FIPS_MODE.get(str, name, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
                }
            }
            return TrustManagerFactory.getInstance(str, provider);
        }
        if (!usingFIPSMode()) {
            return TrustManagerFactory.getInstance(str);
        }
        try {
            return TrustManagerFactory.getInstance(str, BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider());
        } catch (NoSuchProviderException e) {
            Debug.debugException(e);
            throw new NoSuchAlgorithmException(e.getMessage(), e);
        }
    }

    @Nullable
    private static Provider getProvider(@Nullable String str, boolean z) throws NoSuchProviderException {
        if (str == null) {
            return null;
        }
        if (str.equals(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME)) {
            return BouncyCastleFIPSHelper.getBouncyCastleFIPSProvider();
        }
        if (str.equals(BouncyCastleFIPSHelper.JSSE_PROVIDER_NAME)) {
            return BouncyCastleFIPSHelper.getBouncyCastleJSSEProvider();
        }
        if (z && usingFIPSMode()) {
            throw new NoSuchProviderException(UtilityMessages.ERR_CRYPTO_HELPER_PROVIDER_NOT_AVAILABLE_IN_FIPS_MODE.get(str, BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME));
        }
        Provider provider = Security.getProvider(str);
        if (provider == null) {
            throw new NoSuchProviderException(UtilityMessages.ERR_CRYPTO_HELPER_NO_SUCH_PROVIDER.get(str));
        }
        return provider;
    }

    static {
        String systemProperty = StaticUtils.getSystemProperty(PROPERTY_FIPS_MODE);
        if (systemProperty == null) {
            FIPS_MODE = new AtomicBoolean(false);
        } else if (systemProperty.equalsIgnoreCase("true")) {
            FIPS_MODE = new AtomicBoolean(true);
            try {
                BouncyCastleFIPSHelper.loadBouncyCastleFIPSProvider(true);
                BouncyCastleFIPSHelper.loadBouncyCastleJSSEProvider(true);
                String systemProperty2 = StaticUtils.getSystemProperty(PROPERTY_REMOVE_NON_NECESSARY_PROVIDERS);
                if (systemProperty2 != null) {
                    if (systemProperty2.equalsIgnoreCase("true")) {
                        removeNonEssentialSecurityProviders();
                    } else if (!systemProperty2.equalsIgnoreCase("false")) {
                        Validator.violation(UtilityMessages.ERR_CRYPTO_HELPER_INVALID_FIPS_MODE_PROPERTY_VALUE.get(PROPERTY_REMOVE_NON_NECESSARY_PROVIDERS, systemProperty2));
                    }
                }
                TLSCipherSuiteSelector.recompute();
            } catch (Exception e) {
                Validator.violation(UtilityMessages.ERR_CRYPTO_HELPER_INSTANTIATION_ERROR_FROM_FIPS_MODE_PROPERTY.get(PROPERTY_FIPS_MODE, StaticUtils.getExceptionMessage(e)), e);
            }
        } else if (systemProperty.equalsIgnoreCase("false")) {
            FIPS_MODE = new AtomicBoolean(false);
        } else {
            FIPS_MODE = new AtomicBoolean(false);
            Validator.violation(UtilityMessages.ERR_CRYPTO_HELPER_INVALID_FIPS_MODE_PROPERTY_VALUE.get(PROPERTY_FIPS_MODE, systemProperty));
        }
        String systemProperty3 = StaticUtils.getSystemProperty(PROPERTY_DEFAULT_KEY_STORE_TYPE);
        DEFAULT_KEY_STORE_TYPE = new AtomicReference<>(systemProperty3 == null ? FIPS_MODE.get() ? "BCFKS" : KeyStore.getDefaultType() : systemProperty3);
        NULL_PROVIDER = null;
    }
}
