package org.cesecore.keys.validation;

import java.io.Serializable;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.math.Primes;
import org.cesecore.certificates.certificateprofile.CertificateProfile;
import org.cesecore.certificates.util.AlgorithmConstants;
import org.cesecore.keys.util.KeyTools;
import org.cesecore.profiles.Profile;
import org.cesecore.util.ui.DynamicUiActionCallback;
import org.cesecore.util.ui.DynamicUiCallbackException;
import org.cesecore.util.ui.DynamicUiModel;
import org.cesecore.util.ui.DynamicUiProperty;

/* loaded from: input_file:org/cesecore/keys/validation/RsaKeyValidator.class */
public class RsaKeyValidator extends KeyValidatorBase {
    private static final long serialVersionUID = -335429118359811926L;
    private static final Logger log = Logger.getLogger(RsaKeyValidator.class);
    public static final int CAB_FORUM_BLR_142_KEY_SIZE_MIN = 2048;
    public static final boolean CAB_FORUM_BLR_142_PUBLIC_EXPONENT_ONLY_ALLOW_ODD = true;
    public static final String CAB_FORUM_BLR_142_PUBLIC_EXPONENT_MIN = "65537";
    public static final String CAB_FORUM_BLR_142_PUBLIC_EXPONENT_MAX = "115792089237316195423570985008687907853269984665640564039457584007913129639935";
    public static final boolean CAB_FORUM_BLR_142_PUBLIC_MODULUS_ONLY_ALLOW_ODD = true;
    public static final boolean CAB_FORUM_BLR_142_PUBLIC_MODULUS_DONT_ALLOW_POWER_OF_PRIME = true;
    public static final int CAB_FORUM_BLR_142_PUBLIC_MODULUS_SMALLEST_FACTOR = 752;
    private static final String TYPE_IDENTIFIER = "RSA_KEY_VALIDATOR";
    protected static final String BIT_LENGTHS = "bitLengths";
    protected static final String PUBLIC_KEY_EXPONENT_ONLY_ALLOW_ODD = "publicKeyExponentOnlyAllowOdd";
    protected static final String PUBLIC_KEY_EXPONENT_MIN = "publicKeyExponentMin";
    protected static final String PUBLIC_KEY_EXPONENT_MAX = "publicKeyExponentMax";
    protected static final String PUBLIC_KEY_MODULUS_ONLY_ALLOW_ODD = "publicKeyModulusOnlyAllowOdd";
    protected static final String PUBLIC_KEY_MODULUS_DONT_ALLOW_POWER_OF_PRIME = "publicKeyModulusDontAllowPowerOfPrime";
    protected static final String PUBLIC_KEY_MODULUS_DONT_ALLOW_ROCA_WEAK_KEYS = "publicKeyModulusDontAllowRocaWeakKeys";
    protected static final String PUBLIC_KEY_MODULUS_MIN_FACTOR = "publicKeyModulusMinFactor";
    protected static final String PUBLIC_KEY_MODULUS_MIN = "publicKeyModulusMin";
    protected static final String PUBLIC_KEY_MODULUS_MAX = "publicKeyModulusMax";

    protected static boolean isPowerOfPrime(BigInteger bigInteger) {
        int bitLength = bigInteger.bitLength();
        Primes.MROutput enhancedMRProbablePrimeTest = Primes.enhancedMRProbablePrimeTest(bigInteger, new SecureRandom(), bitLength >= 1536 ? 3 : bitLength >= 1024 ? 4 : bitLength >= 512 ? 7 : 50);
        if (!enhancedMRProbablePrimeTest.isProvablyComposite()) {
            log.debug("RSA modulus is not composite");
            return true;
        }
        if (enhancedMRProbablePrimeTest.isNotPrimePower()) {
            return false;
        }
        log.debug("RSA modulus is a power of a prime");
        return true;
    }

    protected static final boolean hasSmallerFactorThan(BigInteger bigInteger, int i) {
        BigInteger bigInteger2 = new BigInteger("2");
        if (i < 3) {
            return false;
        }
        if (bigInteger.mod(bigInteger2).equals(BigInteger.ZERO) && i > 2) {
            return true;
        }
        int i2 = i;
        while (true) {
            int i3 = i2;
            if (i3 <= 2) {
                return false;
            }
            if (bigInteger.mod(BigInteger.valueOf(i3)).equals(BigInteger.ZERO)) {
                return true;
            }
            i2 = i3 - 2;
        }
    }

    public RsaKeyValidator() {
    }

    public RsaKeyValidator(String str) {
        super(str);
    }

    @Override // org.cesecore.keys.validation.KeyValidatorBase, org.cesecore.keys.validation.ValidatorBase, org.cesecore.keys.validation.Validator
    public void init() {
        super.init();
        if (null == this.data.get(BIT_LENGTHS)) {
            setBitLengths(new ArrayList());
        }
        if (null == this.data.get(PUBLIC_KEY_EXPONENT_ONLY_ALLOW_ODD)) {
            setPublicKeyExponentOnlyAllowOdd(false);
        }
        if (null == this.data.get(PUBLIC_KEY_MODULUS_ONLY_ALLOW_ODD)) {
            setPublicKeyModulusOnlyAllowOdd(false);
        }
        if (null == this.data.get(PUBLIC_KEY_MODULUS_DONT_ALLOW_POWER_OF_PRIME)) {
            setPublicKeyModulusDontAllowPowerOfPrime(false);
        }
        if (null == this.data.get(PUBLIC_KEY_MODULUS_DONT_ALLOW_ROCA_WEAK_KEYS)) {
            setPublicKeyModulusDontAllowRocaWeakKeys(true);
        }
    }

    @Override // org.cesecore.keys.validation.KeyValidatorBase, org.cesecore.util.ui.DynamicUiModelAware
    public void initDynamicUiModel() {
        this.uiModel = new DynamicUiModel(this.data);
        this.uiModel.add(new DynamicUiProperty<>("settings"));
        DynamicUiProperty<? extends Serializable> dynamicUiProperty = new DynamicUiProperty<>(Integer.class, ValidatorBase.SETTINGS_TEMPLATE, getSettingsTemplate(), KeyValidatorSettingsTemplate.types());
        dynamicUiProperty.setRenderingHint(DynamicUiProperty.RENDER_SELECT_ONE);
        dynamicUiProperty.setLabels(KeyValidatorSettingsTemplate.map());
        dynamicUiProperty.setRequired(true);
        dynamicUiProperty.setActionCallback(new DynamicUiActionCallback() { // from class: org.cesecore.keys.validation.RsaKeyValidator.1
            @Override // org.cesecore.util.ui.DynamicUiActionCallback
            public void action(Object obj) throws DynamicUiCallbackException {
                Map<Object, Object> map = (Map) RsaKeyValidator.this.data.clone();
                RsaKeyValidator.this.setKeyValidatorSettingsTemplate(KeyValidatorSettingsTemplate.optionOf(Integer.parseInt((String) obj)));
                RsaKeyValidator.this.uiModel.firePropertyChange(map, RsaKeyValidator.this.data);
            }

            @Override // org.cesecore.util.ui.DynamicUiActionCallback
            public List<String> getRender() {
                return null;
            }
        });
        this.uiModel.add(dynamicUiProperty);
        DynamicUiProperty<String> dynamicUiProperty2 = new DynamicUiProperty<String>(String.class, BIT_LENGTHS, getBitLengthsAsString(), getAvailableBitLengths(0)) { // from class: org.cesecore.keys.validation.RsaKeyValidator.2
            @Override // org.cesecore.util.ui.DynamicUiProperty
            public boolean isDisabled() {
                return RsaKeyValidator.this.isBitLengthsDisabled();
            }
        };
        dynamicUiProperty2.setHasMultipleValues(true);
        dynamicUiProperty2.setLabels(getAvailableBitLengthsAsMap(0));
        dynamicUiProperty2.setRequired(true);
        this.uiModel.add(dynamicUiProperty2);
        this.uiModel.add(new DynamicUiProperty<Boolean>(Boolean.class, PUBLIC_KEY_EXPONENT_ONLY_ALLOW_ODD, Boolean.valueOf(isPublicKeyExponentOnlyAllowOdd())) { // from class: org.cesecore.keys.validation.RsaKeyValidator.3
            @Override // org.cesecore.util.ui.DynamicUiProperty
            public boolean isDisabled() {
                return RsaKeyValidator.this.isPropertyDisabled();
            }
        });
        this.uiModel.add(new DynamicUiProperty<BigInteger>(BigInteger.class, PUBLIC_KEY_EXPONENT_MIN, getPublicKeyExponentMin()) { // from class: org.cesecore.keys.validation.RsaKeyValidator.4
            @Override // org.cesecore.util.ui.DynamicUiProperty
            public boolean isDisabled() {
                return RsaKeyValidator.this.isPropertyDisabled();
            }
        });
        this.uiModel.add(new DynamicUiProperty<BigInteger>(BigInteger.class, PUBLIC_KEY_EXPONENT_MAX, getPublicKeyExponentMax()) { // from class: org.cesecore.keys.validation.RsaKeyValidator.5
            @Override // org.cesecore.util.ui.DynamicUiProperty
            public boolean isDisabled() {
                return RsaKeyValidator.this.isPropertyDisabled();
            }
        });
        this.uiModel.add(new DynamicUiProperty<Boolean>(Boolean.class, PUBLIC_KEY_MODULUS_ONLY_ALLOW_ODD, Boolean.valueOf(isPublicKeyModulusOnlyAllowOdd())) { // from class: org.cesecore.keys.validation.RsaKeyValidator.6
            @Override // org.cesecore.util.ui.DynamicUiProperty
            public boolean isDisabled() {
                return RsaKeyValidator.this.isPropertyDisabled();
            }
        });
        this.uiModel.add(new DynamicUiProperty<Boolean>(Boolean.class, PUBLIC_KEY_MODULUS_DONT_ALLOW_POWER_OF_PRIME, Boolean.valueOf(isPublicKeyModulusDontAllowPowerOfPrime())) { // from class: org.cesecore.keys.validation.RsaKeyValidator.7
            @Override // org.cesecore.util.ui.DynamicUiProperty
            public boolean isDisabled() {
                return RsaKeyValidator.this.isPropertyDisabled();
            }
        });
        this.uiModel.add(new DynamicUiProperty<Boolean>(Boolean.class, PUBLIC_KEY_MODULUS_DONT_ALLOW_ROCA_WEAK_KEYS, Boolean.valueOf(isPublicKeyModulusDontAllowRocaWeakKeys())) { // from class: org.cesecore.keys.validation.RsaKeyValidator.8
            @Override // org.cesecore.util.ui.DynamicUiProperty
            public boolean isDisabled() {
                return RsaKeyValidator.this.isPropertyDisabled();
            }
        });
        this.uiModel.add(new DynamicUiProperty<Integer>(Integer.class, PUBLIC_KEY_MODULUS_MIN_FACTOR, getPublicKeyModulusMinFactor()) { // from class: org.cesecore.keys.validation.RsaKeyValidator.9
            @Override // org.cesecore.util.ui.DynamicUiProperty
            public boolean isDisabled() {
                return RsaKeyValidator.this.isPropertyDisabled();
            }
        });
        this.uiModel.add(new DynamicUiProperty<BigInteger>(BigInteger.class, PUBLIC_KEY_MODULUS_MIN, getPublicKeyModulusMin()) { // from class: org.cesecore.keys.validation.RsaKeyValidator.10
            @Override // org.cesecore.util.ui.DynamicUiProperty
            public boolean isDisabled() {
                return RsaKeyValidator.this.isPropertyDisabled();
            }
        });
        this.uiModel.add(new DynamicUiProperty<BigInteger>(BigInteger.class, PUBLIC_KEY_MODULUS_MAX, getPublicKeyModulusMax()) { // from class: org.cesecore.keys.validation.RsaKeyValidator.11
            @Override // org.cesecore.util.ui.DynamicUiProperty
            public boolean isDisabled() {
                return RsaKeyValidator.this.isPropertyDisabled();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean isPropertyDisabled() {
        return KeyValidatorSettingsTemplate.USE_CAB_FORUM_SETTINGS.getOption() == getSettingsTemplate().intValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean isBitLengthsDisabled() {
        return KeyValidatorSettingsTemplate.USE_CUSTOM_SETTINGS.getOption() != getSettingsTemplate().intValue();
    }

    @Override // org.cesecore.keys.validation.ValidatorBase, org.cesecore.keys.validation.Validator
    public void setKeyValidatorSettingsTemplate(KeyValidatorSettingsTemplate keyValidatorSettingsTemplate) {
        setSettingsTemplate(Integer.valueOf(keyValidatorSettingsTemplate.getOption()));
        if (log.isDebugEnabled()) {
            log.debug("Set configuration template for RSA key validator settings option: " + keyValidatorSettingsTemplate.getOption() + ", " + intres.getLocalizedMessage(keyValidatorSettingsTemplate.getLabel(), new Object[0]));
        }
        if (KeyValidatorSettingsTemplate.USE_CUSTOM_SETTINGS.equals(keyValidatorSettingsTemplate)) {
            return;
        }
        if (KeyValidatorSettingsTemplate.USE_CAB_FORUM_SETTINGS.equals(keyValidatorSettingsTemplate)) {
            setCABForumBaseLineRequirements142Settings();
        } else if (KeyValidatorSettingsTemplate.USE_CERTIFICATE_PROFILE_SETTINGS.equals(keyValidatorSettingsTemplate)) {
            setCertProfileSettings();
        }
    }

    private void setCertProfileSettings() {
        setBitLengths(new ArrayList());
    }

    public void setCABForumBaseLineRequirements142Settings() {
        setBitLengths(getAvailableBitLengths(CAB_FORUM_BLR_142_KEY_SIZE_MIN));
        List<Integer> certificateProfileIds = getCertificateProfileIds();
        if (!certificateProfileIds.contains(3) && certificateProfileIds.contains(2)) {
        }
        setPublicKeyExponentMin(null);
        setPublicKeyExponentMax(null);
        setPublicKeyExponentOnlyAllowOdd(true);
        setPublicKeyExponentMin(new BigInteger(CAB_FORUM_BLR_142_PUBLIC_EXPONENT_MIN));
        setPublicKeyExponentMax(new BigInteger(CAB_FORUM_BLR_142_PUBLIC_EXPONENT_MAX));
        setPublicKeyModulusOnlyAllowOdd(true);
        setPublicKeyModulusDontAllowPowerOfPrime(true);
        setPublicKeyModulusMinFactor(Integer.valueOf(CAB_FORUM_BLR_142_PUBLIC_MODULUS_SMALLEST_FACTOR));
        setPublicKeyModulusMin(null);
        setPublicKeyModulusMax(null);
        setPublicKeyModulusDontAllowRocaWeakKeys(true);
    }

    public List<String> getBitLengths() {
        return (List) this.data.get(BIT_LENGTHS);
    }

    public String getBitLengthsAsString() {
        return getBitLengths() != null ? StringUtils.join(getBitLengths(), ";") : "";
    }

    public void setBitLengths(List<String> list) {
        Collections.sort(list);
        this.data.put(BIT_LENGTHS, list);
    }

    public boolean isPublicKeyExponentOnlyAllowOdd() {
        return ((Boolean) this.data.get(PUBLIC_KEY_EXPONENT_ONLY_ALLOW_ODD)).booleanValue();
    }

    public void setPublicKeyExponentOnlyAllowOdd(boolean z) {
        this.data.put(PUBLIC_KEY_EXPONENT_ONLY_ALLOW_ODD, Boolean.valueOf(z));
    }

    public BigInteger getPublicKeyExponentMin() {
        if (StringUtils.isNotBlank((String) this.data.get(PUBLIC_KEY_EXPONENT_MIN))) {
            return new BigInteger((String) this.data.get(PUBLIC_KEY_EXPONENT_MIN));
        }
        return null;
    }

    public String getPublicKeyExponentMinAsString() {
        return (String) this.data.get(PUBLIC_KEY_EXPONENT_MIN);
    }

    public void setPublicKeyExponentMin(BigInteger bigInteger) {
        if (null == bigInteger) {
            this.data.put(PUBLIC_KEY_EXPONENT_MIN, null);
            return;
        }
        if (bigInteger.compareTo(BigInteger.ZERO) == -1) {
            if (log.isDebugEnabled()) {
                log.debug(intres.getLocalizedMessage("validator.error.set_key_validator_exp_min", bigInteger));
            }
        } else if (getPublicKeyExponentMax() == null || bigInteger.compareTo(getPublicKeyExponentMax()) < 1) {
            this.data.put(PUBLIC_KEY_EXPONENT_MIN, bigInteger.toString());
        } else if (log.isDebugEnabled()) {
            log.debug(intres.getLocalizedMessage("validator.error.minimum_bigger_log", bigInteger, getPublicKeyExponentMax()));
        }
    }

    public void setPublicKeyExponentMinAsString(String str) {
        setPublicKeyExponentMin(new BigInteger(str));
    }

    public BigInteger getPublicKeyExponentMax() {
        if (StringUtils.isNotBlank((String) this.data.get(PUBLIC_KEY_EXPONENT_MAX))) {
            return new BigInteger((String) this.data.get(PUBLIC_KEY_EXPONENT_MAX));
        }
        return null;
    }

    public String getPublicKeyExponentMaxAsString() {
        return (String) this.data.get(PUBLIC_KEY_EXPONENT_MAX);
    }

    public void setPublicKeyExponentMax(BigInteger bigInteger) {
        if (null == bigInteger) {
            this.data.put(PUBLIC_KEY_EXPONENT_MAX, null);
            return;
        }
        if (bigInteger.compareTo(BigInteger.ZERO) == -1) {
            if (log.isDebugEnabled()) {
                log.debug(intres.getLocalizedMessage("validator.error.set_key_validator_exp_max", bigInteger));
            }
        } else if (getPublicKeyExponentMin() == null || bigInteger.compareTo(getPublicKeyExponentMin()) > -1) {
            this.data.put(PUBLIC_KEY_EXPONENT_MAX, bigInteger.toString());
        } else if (log.isDebugEnabled()) {
            log.debug(intres.getLocalizedMessage("validator.error.minimum_bigger_log", getPublicKeyExponentMin(), bigInteger));
        }
    }

    public void setPublicKeyExponentMaxAsString(String str) {
        setPublicKeyExponentMax(new BigInteger(str));
    }

    public boolean isPublicKeyModulusOnlyAllowOdd() {
        return ((Boolean) this.data.get(PUBLIC_KEY_MODULUS_ONLY_ALLOW_ODD)).booleanValue();
    }

    public void setPublicKeyModulusOnlyAllowOdd(boolean z) {
        this.data.put(PUBLIC_KEY_MODULUS_ONLY_ALLOW_ODD, Boolean.valueOf(z));
    }

    public boolean isPublicKeyModulusDontAllowPowerOfPrime() {
        return ((Boolean) this.data.get(PUBLIC_KEY_MODULUS_DONT_ALLOW_POWER_OF_PRIME)).booleanValue();
    }

    public boolean isPublicKeyModulusDontAllowRocaWeakKeys() {
        Boolean bool = (Boolean) this.data.get(PUBLIC_KEY_MODULUS_DONT_ALLOW_ROCA_WEAK_KEYS);
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }

    public void setPublicKeyModulusDontAllowPowerOfPrime(boolean z) {
        this.data.put(PUBLIC_KEY_MODULUS_DONT_ALLOW_POWER_OF_PRIME, Boolean.valueOf(z));
    }

    public void setPublicKeyModulusDontAllowRocaWeakKeys(boolean z) {
        this.data.put(PUBLIC_KEY_MODULUS_DONT_ALLOW_ROCA_WEAK_KEYS, Boolean.valueOf(z));
    }

    public Integer getPublicKeyModulusMinFactor() {
        return (Integer) this.data.get(PUBLIC_KEY_MODULUS_MIN_FACTOR);
    }

    public void setPublicKeyModulusMinFactor(Integer num) {
        if (null == num) {
            this.data.put(PUBLIC_KEY_MODULUS_MIN_FACTOR, null);
        } else if (num.intValue() >= 0) {
            this.data.put(PUBLIC_KEY_MODULUS_MIN_FACTOR, num);
        } else if (log.isDebugEnabled()) {
            log.debug(intres.getLocalizedMessage("validator.error.set_key_validator_fact_min", num));
        }
    }

    public BigInteger getPublicKeyModulusMin() {
        if (StringUtils.isNotBlank((String) this.data.get(PUBLIC_KEY_MODULUS_MIN))) {
            return new BigInteger((String) this.data.get(PUBLIC_KEY_MODULUS_MIN));
        }
        return null;
    }

    public String getPublicKeyModulusMinAsString() {
        return (String) this.data.get(PUBLIC_KEY_MODULUS_MIN);
    }

    public void setPublicKeyModulusMin(BigInteger bigInteger) {
        if (null == bigInteger) {
            this.data.put(PUBLIC_KEY_MODULUS_MIN, null);
            return;
        }
        if (bigInteger.compareTo(BigInteger.ZERO) == -1) {
            if (log.isDebugEnabled()) {
                log.debug(intres.getLocalizedMessage("validator.error.set_key_validator_mod_min", bigInteger));
            }
        } else if (getPublicKeyModulusMax() == null || bigInteger.compareTo(getPublicKeyModulusMax()) < 1) {
            this.data.put(PUBLIC_KEY_MODULUS_MIN, bigInteger.toString());
        } else if (log.isDebugEnabled()) {
            log.debug(intres.getLocalizedMessage("validator.error.minimum_bigger_log", bigInteger, getPublicKeyModulusMax()));
        }
    }

    public void setPublicKeyModulusMinAsString(String str) {
        setPublicKeyModulusMin(new BigInteger(str));
    }

    public BigInteger getPublicKeyModulusMax() {
        if (StringUtils.isNotBlank((String) this.data.get(PUBLIC_KEY_MODULUS_MAX))) {
            return new BigInteger((String) this.data.get(PUBLIC_KEY_MODULUS_MAX));
        }
        return null;
    }

    public String getPublicKeyModulusMaxAsString() {
        return (String) this.data.get(PUBLIC_KEY_MODULUS_MAX);
    }

    public void setPublicKeyModulusMax(BigInteger bigInteger) {
        if (null == bigInteger) {
            this.data.put(PUBLIC_KEY_MODULUS_MAX, null);
            return;
        }
        if (bigInteger.compareTo(BigInteger.ZERO) == -1) {
            if (log.isDebugEnabled()) {
                log.debug(intres.getLocalizedMessage("validator.error.set_key_validator_mod_max", bigInteger));
            }
        } else if (getPublicKeyModulusMin() == null || bigInteger.compareTo(getPublicKeyModulusMin()) > -1) {
            this.data.put(PUBLIC_KEY_MODULUS_MAX, bigInteger.toString());
        } else if (log.isDebugEnabled()) {
            log.debug(intres.getLocalizedMessage("validator.error.minimum_bigger_log", getPublicKeyModulusMin(), bigInteger));
        }
    }

    public void setPublicKeyModulusMaxAsString(String str) {
        setPublicKeyModulusMax(new BigInteger(str));
    }

    @Override // org.cesecore.keys.validation.ValidatorBase, org.cesecore.profiles.ProfileBase, org.cesecore.internal.UpgradeableDataHashMap, org.cesecore.internal.IUpgradeableData
    public void upgrade() {
        super.upgrade();
        if (log.isTraceEnabled()) {
            log.trace(">upgrade: " + getLatestVersion() + ", " + getVersion());
        }
        if (Float.compare(7.0f, getVersion()) != 0) {
            log.info(intres.getLocalizedMessage("rsakeyvalidator.upgrade", new Float(getVersion())));
            init();
        }
    }

    @Override // org.cesecore.keys.validation.KeyValidator
    public List<String> validate(PublicKey publicKey, CertificateProfile certificateProfile) throws ValidatorNotApplicableException, ValidationException {
        ArrayList arrayList = new ArrayList();
        if (log.isDebugEnabled()) {
            log.debug("Validating public key with algorithm " + publicKey.getAlgorithm() + ", format " + publicKey.getFormat() + ", implementation " + publicKey.getClass().getName());
        }
        if (!AlgorithmConstants.KEYALGORITHM_RSA.equals(publicKey.getAlgorithm()) || !(publicKey instanceof RSAPublicKey)) {
            String str = "Invalid: Public key algorithm is not RSA or could not be parsed: " + publicKey.getAlgorithm() + ", format " + publicKey.getFormat();
            arrayList.add(str);
            log.info(str + ", " + publicKey.getClass().getName());
            throw new ValidatorNotApplicableException(str);
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        BigInteger publicExponent = rSAPublicKey.getPublicExponent();
        BigInteger modulus = rSAPublicKey.getModulus();
        if (log.isDebugEnabled()) {
            log.debug("Validate RSA public key with exponent " + publicExponent + " and modulus " + modulus);
        }
        int intValue = getSettingsTemplate().intValue();
        int keyLength = KeyTools.getKeyLength(publicKey);
        if (KeyValidatorSettingsTemplate.USE_CERTIFICATE_PROFILE_SETTINGS.getOption() == intValue) {
            List<Integer> availableBitLengthsAsList = certificateProfile.getAvailableBitLengthsAsList();
            if (!availableBitLengthsAsList.contains(Integer.valueOf(keyLength))) {
                arrayList.add("Invalid: RSA key size/strength: Use one of the following " + availableBitLengthsAsList + ".");
            }
        } else {
            List<String> bitLengths = getBitLengths();
            if (!bitLengths.contains(Integer.toString(keyLength))) {
                arrayList.add("Invalid: RSA key size/strength: Use one of the following " + bitLengths + ".");
            }
        }
        if (isPublicKeyExponentOnlyAllowOdd()) {
            if (publicExponent.mod(BigInteger.valueOf(2L)).compareTo(BigInteger.ZERO) == 0) {
                arrayList.add("Invalid: RSA public key exponent is odd.");
            } else {
                log.trace("isPublicKeyExponentOnlyAllowOdd passed");
            }
        }
        if (null != getPublicKeyExponentMin()) {
            if (publicExponent.compareTo(getPublicKeyExponentMin()) == -1) {
                arrayList.add("Invalid: RSA public key exponent is smaller than " + getPublicKeyExponentMin());
            } else {
                log.trace("getPublicKeyExponentMin passed");
            }
        }
        if (null != getPublicKeyExponentMax() && publicExponent.compareTo(getPublicKeyExponentMax()) == 1) {
            arrayList.add("Invalid: RSA public key exponent is greater than " + getPublicKeyExponentMax());
        }
        if (isPublicKeyModulusOnlyAllowOdd()) {
            if (modulus.mod(BigInteger.valueOf(2L)).compareTo(BigInteger.ZERO) == 0) {
                arrayList.add("Invalid: RSA public key modulus is odd.");
            } else {
                log.trace("isPublicKeyModulusOnlyAllowOdd passed");
            }
        }
        if (isPublicKeyModulusDontAllowPowerOfPrime()) {
            if (isPowerOfPrime(modulus)) {
                arrayList.add("Invalid: RSA public key modulus is not allowed to be the power of a prime.");
            } else {
                log.trace("isPublicKeyModulusDontAllowPowerOfPrime passed");
            }
        }
        if (isPublicKeyModulusDontAllowRocaWeakKeys()) {
            if (RocaBrokenKey.isAffected(modulus)) {
                arrayList.add("Invalid: RSA public key modulus is a weak key according to CVE-2017-15361.");
            } else {
                log.trace("isPublicKeyModulusDontAllowRocaWeakKeys passed");
            }
        }
        if (null != getPublicKeyModulusMinFactor()) {
            if (hasSmallerFactorThan(modulus, getPublicKeyModulusMinFactor().intValue() + 1)) {
                arrayList.add("Invalid: RSA public key modulus smallest factor is less than " + getPublicKeyModulusMinFactor());
            } else {
                log.trace("getPublicKeyModulusMinFactor passed");
            }
        }
        if (null != getPublicKeyModulusMin()) {
            if (modulus.compareTo(getPublicKeyModulusMin()) == -1) {
                arrayList.add("Invalid: RSA public key modulus is smaller than " + getPublicKeyModulusMin());
            } else {
                log.trace("getPublicKeyModulusMin passed");
            }
        }
        if (null != getPublicKeyModulusMax()) {
            if (modulus.compareTo(getPublicKeyModulusMax()) == 1) {
                arrayList.add("Invalid: RSA public key modulus is greater than " + getPublicKeyModulusMax());
            } else {
                log.trace("getPublicKeyModulusMax passed");
            }
        }
        if (log.isDebugEnabled()) {
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                log.debug((String) it.next());
            }
        }
        return arrayList;
    }

    public List<String> getAvailableBitLengths() {
        ArrayList arrayList = new ArrayList();
        for (int i : CertificateProfile.DEFAULTBITLENGTHS) {
            arrayList.add(Integer.toString(i));
        }
        return arrayList;
    }

    public static List<String> getAvailableBitLengths(int i) {
        ArrayList arrayList = new ArrayList();
        for (int i2 : CertificateProfile.DEFAULTBITLENGTHS) {
            if (i2 >= i) {
                arrayList.add(Integer.toString(i2));
            }
        }
        return arrayList;
    }

    public static Map<String, String> getAvailableBitLengthsAsMap(int i) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (int i2 : CertificateProfile.DEFAULTBITLENGTHS) {
            if (i2 >= i) {
                linkedHashMap.put(Integer.toString(i2), Integer.toString(i2));
            }
        }
        return linkedHashMap;
    }

    @Override // org.cesecore.keys.validation.Validator
    public String getLabel() {
        return intres.getLocalizedMessage("validator.implementation.key.rsa", new Object[0]);
    }

    @Override // org.cesecore.keys.validation.Validator
    public String getValidatorTypeIdentifier() {
        return TYPE_IDENTIFIER;
    }

    @Override // org.cesecore.profiles.ProfileBase
    protected Class<? extends Profile> getImplementationClass() {
        return RsaKeyValidator.class;
    }
}
