package org.cesecore.keys.validation;

import java.io.Serializable;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
import org.bouncycastle.math.ec.ECPoint;
import org.cesecore.certificates.certificateprofile.CertificateProfile;
import org.cesecore.certificates.util.AlgorithmConstants;
import org.cesecore.certificates.util.AlgorithmTools;
import org.cesecore.profiles.Profile;
import org.cesecore.util.ui.DynamicUiActionCallback;
import org.cesecore.util.ui.DynamicUiCallbackException;
import org.cesecore.util.ui.DynamicUiModel;
import org.cesecore.util.ui.DynamicUiProperty;

/* loaded from: input_file:org/cesecore/keys/validation/EccKeyValidator.class */
public class EccKeyValidator extends KeyValidatorBase {
    private static final long serialVersionUID = -335429158339811928L;
    private static final Logger log = Logger.getLogger(EccKeyValidator.class);
    private static final String TYPE_IDENTIFIER = "ECC_KEY_VALIDATOR";
    protected static final String CURVES = "ecCurves";
    protected static final String USE_FULL_PUBLIC_KEY_VALIDATION_ROUTINE = "useFullPublicKeyValidationRoutine";

    public EccKeyValidator() {
    }

    public EccKeyValidator(String str) {
        super(str);
    }

    @Override // org.cesecore.keys.validation.KeyValidatorBase, org.cesecore.keys.validation.ValidatorBase, org.cesecore.keys.validation.Validator
    public void init() {
        super.init();
        if (null == this.data.get(CURVES)) {
            setCurves(new ArrayList());
        }
        if (this.data.get(USE_FULL_PUBLIC_KEY_VALIDATION_ROUTINE) == null) {
            setUseFullPublicKeyValidationRoutine(true);
        }
    }

    @Override // org.cesecore.keys.validation.KeyValidatorBase, org.cesecore.util.ui.DynamicUiModelAware
    public void initDynamicUiModel() {
        this.uiModel = new DynamicUiModel(this.data);
        this.uiModel.add(new DynamicUiProperty<>("settings"));
        DynamicUiProperty<? extends Serializable> dynamicUiProperty = new DynamicUiProperty<>(Integer.class, ValidatorBase.SETTINGS_TEMPLATE, getSettingsTemplate(), KeyValidatorSettingsTemplate.types());
        dynamicUiProperty.setRenderingHint(DynamicUiProperty.RENDER_SELECT_ONE);
        dynamicUiProperty.setLabels(KeyValidatorSettingsTemplate.map());
        dynamicUiProperty.setRequired(true);
        dynamicUiProperty.setActionCallback(new DynamicUiActionCallback() { // from class: org.cesecore.keys.validation.EccKeyValidator.1
            @Override // org.cesecore.util.ui.DynamicUiActionCallback
            public void action(Object obj) throws DynamicUiCallbackException {
                Map<Object, Object> map = (Map) EccKeyValidator.this.data.clone();
                EccKeyValidator.this.setKeyValidatorSettingsTemplate(KeyValidatorSettingsTemplate.optionOf(Integer.parseInt((String) obj)));
                EccKeyValidator.this.uiModel.firePropertyChange(map, EccKeyValidator.this.data);
            }

            @Override // org.cesecore.util.ui.DynamicUiActionCallback
            public List<String> getRender() {
                return null;
            }
        });
        this.uiModel.add(dynamicUiProperty);
        DynamicUiProperty<String> dynamicUiProperty2 = new DynamicUiProperty<String>(String.class, CURVES, getCurvesAsString(), new ArrayList(AlgorithmTools.getFlatNamedEcCurvesMap(false).keySet())) { // from class: org.cesecore.keys.validation.EccKeyValidator.2
            @Override // org.cesecore.util.ui.DynamicUiProperty
            public boolean isDisabled() {
                return EccKeyValidator.this.isCurvesDisabled();
            }
        };
        dynamicUiProperty2.setLabels(AlgorithmTools.getFlatNamedEcCurvesMap(false));
        dynamicUiProperty2.setHasMultipleValues(true);
        dynamicUiProperty2.setRequired(true);
        this.uiModel.add(dynamicUiProperty2);
        this.uiModel.add(new DynamicUiProperty<Boolean>(Boolean.class, USE_FULL_PUBLIC_KEY_VALIDATION_ROUTINE, Boolean.valueOf(isUseFullPublicKeyValidationRoutine())) { // from class: org.cesecore.keys.validation.EccKeyValidator.3
            @Override // org.cesecore.util.ui.DynamicUiProperty
            public boolean isDisabled() {
                return EccKeyValidator.this.isPropertyDisabled();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean isPropertyDisabled() {
        return KeyValidatorSettingsTemplate.USE_CAB_FORUM_SETTINGS.getOption() == getSettingsTemplate().intValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean isCurvesDisabled() {
        return KeyValidatorSettingsTemplate.USE_CUSTOM_SETTINGS.getOption() != getSettingsTemplate().intValue();
    }

    @Override // org.cesecore.keys.validation.ValidatorBase, org.cesecore.keys.validation.Validator
    public void setKeyValidatorSettingsTemplate(KeyValidatorSettingsTemplate keyValidatorSettingsTemplate) {
        setSettingsTemplate(Integer.valueOf(keyValidatorSettingsTemplate.getOption()));
        if (log.isDebugEnabled()) {
            log.debug("Set configuration template for ECC key validator settings option: " + intres.getLocalizedMessage(keyValidatorSettingsTemplate.getLabel(), new Object[0]));
        }
        if (KeyValidatorSettingsTemplate.USE_CUSTOM_SETTINGS.equals(keyValidatorSettingsTemplate)) {
            return;
        }
        if (!KeyValidatorSettingsTemplate.USE_CAB_FORUM_SETTINGS.equals(keyValidatorSettingsTemplate)) {
            if (KeyValidatorSettingsTemplate.USE_CERTIFICATE_PROFILE_SETTINGS.equals(keyValidatorSettingsTemplate)) {
            }
        } else {
            setCABForumBaseLineRequirements142Settings();
            setUseFullPublicKeyValidationRoutine(true);
        }
    }

    public void setCABForumBaseLineRequirements142Settings() {
        setCurves(AlgorithmTools.getNistCurves());
        setUseFullPublicKeyValidationRoutine(true);
    }

    public List<String> getCurves() {
        return (List) this.data.get(CURVES);
    }

    public String getCurvesAsString() {
        return getCurves() != null ? StringUtils.join(getCurves(), ";") : "";
    }

    public void setCurves(List<String> list) {
        this.data.put(CURVES, list);
    }

    public boolean isUseFullPublicKeyValidationRoutine() {
        return ((Boolean) this.data.get(USE_FULL_PUBLIC_KEY_VALIDATION_ROUTINE)).booleanValue();
    }

    public void setUseFullPublicKeyValidationRoutine(boolean z) {
        this.data.put(USE_FULL_PUBLIC_KEY_VALIDATION_ROUTINE, Boolean.valueOf(z));
    }

    @Override // org.cesecore.keys.validation.ValidatorBase, org.cesecore.profiles.ProfileBase, org.cesecore.internal.UpgradeableDataHashMap, org.cesecore.internal.IUpgradeableData
    public void upgrade() {
        super.upgrade();
        if (log.isTraceEnabled()) {
            log.trace(">upgrade: " + getLatestVersion() + ", " + getVersion());
        }
        if (Float.compare(7.0f, getVersion()) != 0) {
            log.info(intres.getLocalizedMessage("ecckeyvalidator.upgrade", new Float(getVersion())));
            init();
        }
    }

    @Override // org.cesecore.keys.validation.KeyValidator
    public List<String> validate(PublicKey publicKey, CertificateProfile certificateProfile) throws ValidatorNotApplicableException, ValidationException {
        ArrayList arrayList = new ArrayList();
        if (log.isDebugEnabled()) {
            log.debug("Validating public key with algorithm " + publicKey.getAlgorithm() + ", format " + publicKey.getFormat() + ", implementation " + publicKey.getClass().getName());
        }
        if ((!AlgorithmConstants.KEYALGORITHM_ECDSA.equals(publicKey.getAlgorithm()) && !AlgorithmConstants.KEYALGORITHM_EC.equals(publicKey.getAlgorithm())) || !(publicKey instanceof ECPublicKey)) {
            String str = "Invalid: Public key is not ECC algorithm or could not be parsed: " + publicKey.getAlgorithm() + ", format " + publicKey.getFormat();
            arrayList.add(str);
            throw new ValidatorNotApplicableException(str);
        }
        ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
        if (log.isDebugEnabled()) {
            log.debug("ECC Key algorithm " + eCPublicKey.getAlgorithm());
            log.debug("ECC format " + eCPublicKey.getFormat());
            log.debug("ECC affine X " + eCPublicKey.getW().getAffineX());
            log.debug("ECC affine Y " + eCPublicKey.getW().getAffineY());
            log.debug("ECC co factor " + eCPublicKey.getParams().getCofactor());
            log.debug("ECC order " + eCPublicKey.getParams().getOrder());
            log.debug("ECC generator " + eCPublicKey.getParams().getGenerator());
            log.debug("ECC curve seed " + eCPublicKey.getParams().getCurve().getSeed());
            log.debug("ECC curve A " + eCPublicKey.getParams().getCurve().getA());
            log.debug("ECC curve B " + eCPublicKey.getParams().getCurve().getB());
            log.debug("ECC curve field size " + eCPublicKey.getParams().getCurve().getField().getFieldSize());
        }
        List<String> availableEcCurvesAsList = KeyValidatorSettingsTemplate.USE_CERTIFICATE_PROFILE_SETTINGS.getOption() == getSettingsTemplate().intValue() ? certificateProfile.getAvailableEcCurvesAsList() : getCurves();
        String keySpecification = AlgorithmTools.getKeySpecification(publicKey);
        if (log.isDebugEnabled()) {
            log.debug("Matching key specification " + keySpecification + " against allowed ECC curves: " + availableEcCurvesAsList);
        }
        if (!availableEcCurvesAsList.contains(CertificateProfile.ANY_EC_CURVE)) {
            boolean z = false;
            Iterator<String> it = AlgorithmTools.getEcKeySpecAliases(keySpecification).iterator();
            while (it.hasNext()) {
                if (availableEcCurvesAsList.contains(it.next())) {
                    z = true;
                }
            }
            if (!z) {
                arrayList.add("Invalid: ECDSA curve " + AlgorithmTools.getEcKeySpecAliases(keySpecification) + ": Use one of the following " + availableEcCurvesAsList + ".");
            }
        }
        if (isUseFullPublicKeyValidationRoutine()) {
            if (log.isDebugEnabled()) {
                log.debug("Performing full EC public key validation.");
            }
            ECPoint convertPoint = EC5Util.convertPoint(eCPublicKey.getParams(), eCPublicKey.getW(), false);
            if (convertPoint == null) {
                arrayList.add("Invalid: EC key point has null value.");
            } else {
                log.trace("EC point has value test passed");
            }
            if (convertPoint.isInfinity()) {
                arrayList.add("Invalid: EC key point at infinity.");
            } else {
                log.trace("EC point not on infinity test passed");
            }
            if (convertPoint.normalize().isValid()) {
                log.trace("EC point not on curve test passed");
            } else {
                arrayList.add("Invalid: EC key point not on curve.");
            }
        }
        if (log.isDebugEnabled()) {
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                log.debug((String) it2.next());
            }
        }
        return arrayList;
    }

    public final void setCABForumBaseLineRequirements142() {
        setUseFullPublicKeyValidationRoutine(true);
    }

    @Override // org.cesecore.keys.validation.Validator
    public String getLabel() {
        return intres.getLocalizedMessage("validator.implementation.key.ecc", new Object[0]);
    }

    @Override // org.cesecore.keys.validation.Validator
    public String getValidatorTypeIdentifier() {
        return TYPE_IDENTIFIER;
    }

    @Override // org.cesecore.profiles.ProfileBase
    protected Class<? extends Profile> getImplementationClass() {
        return EccKeyValidator.class;
    }
}
