package com.urbancode.commons.util.crypto;

import com.infradna.tool.bridge_method_injector.BridgeMethodsAdded;
import com.urbancode.commons.util.logging.LogUtil;
import java.security.Provider;
import java.security.Security;
import org.apache.log4j.Logger;

@BridgeMethodsAdded
/* loaded from: input_file:lib/udclient.jar:com/urbancode/commons/util/crypto/FIPSHelper.class */
public class FIPSHelper {
    private static final Logger log = Logger.getLogger(FIPSHelper.class);
    public static final String IBM_FIPS_FLAG = "com.ibm.jsse2.usefipsprovider";
    public static final String SSL_SOCKET_FACTORY_PROVIDER = "ssl.SocketFactory.provider";
    public static final String SSL_SERVER_SOCKET_FACTORY_PROVIDER = "ssl.ServerSocketFactory.provider";
    public static final String FIPS_SOCKET_PROVIDER = "com.ibm.jsse2.SSLSocketFactoryImpl";
    public static final String FIPS_SERVER_SOCKET_PROVIDER = "com.ibm.jsse2.SSLServerSocketFactoryImpl";
    public static final String FIPS_JCE_PROVIDER = "com.ibm.crypto.fips.provider.IBMJCEFIPS";

    public static boolean isFipsRequested() {
        return Boolean.getBoolean(IBM_FIPS_FLAG);
    }

    public static boolean isFipsEnabled() {
        boolean z = false;
        if (isFipsRequested()) {
            z = true;
            Provider[] providers = Security.getProviders();
            Class<?> cls = null;
            try {
                cls = Class.forName(FIPS_JCE_PROVIDER);
            } catch (Exception e) {
                LogUtil.logDebug(log, "Deploy is configured to run in FIPS-compliant mode, but the IBMJCEFIPS provider was not found!", e);
                z = false;
            }
            if (!providers[0].getClass().equals(cls)) {
                LogUtil.logDebug(log, "The IBMJCEFIPS provider was not found at its expected position in the Java provider list.");
                z = false;
            }
            String property = Security.getProperty(SSL_SERVER_SOCKET_FACTORY_PROVIDER);
            String property2 = Security.getProperty(SSL_SOCKET_FACTORY_PROVIDER);
            if (!FIPS_SERVER_SOCKET_PROVIDER.equals(property) || !FIPS_SOCKET_PROVIDER.equals(property2)) {
                LogUtil.logDebug(log, "Socket Factories are not properly configured for FIPS compliant mode. Found: " + property + ", " + property2);
                z = false;
            }
        }
        return z;
    }

    public static void enableFips() {
        if (!isFipsRequested() || isFipsEnabled()) {
            return;
        }
        LogUtil.logTrace(log, "Enabling FIPS. Checking Java vendor...");
        String property = System.getProperty("java.vendor");
        if (property == null || !property.toLowerCase().contains("ibm")) {
            throw new RuntimeException("IBM Java is required for FIPS compliance, but the detected vendor was " + property);
        }
        LogUtil.logTrace(log, "IBM Vendor found. Checking Java version...");
        String property2 = System.getProperty("java.specification.version");
        if (!"1.6".equals(property2) && !"1.7".equals(property2)) {
            throw new RuntimeException("To run in FIPS mode, a minimum version of IBM Java 1.6 SR12 is required.");
        }
        if ("1.6".equals(property2)) {
            log.warn("IBM Java 1.6 detected. Please note that a minimum Service Refresh of 12 is required for this version.");
        }
        LogUtil.logTrace(log, "Found version " + property2 + ". Configuring providers...");
        Security.setProperty(SSL_SOCKET_FACTORY_PROVIDER, FIPS_SOCKET_PROVIDER);
        Security.setProperty(SSL_SERVER_SOCKET_FACTORY_PROVIDER, FIPS_SERVER_SOCKET_PROVIDER);
        try {
            Security.insertProviderAt((Provider) Class.forName(FIPS_JCE_PROVIDER).getConstructor(new Class[0]).newInstance(new Object[0]), 1);
            LogUtil.logDebug(log, "FIPS 140-2 Compliant Mode Enabled");
        } catch (Exception e) {
            throw new RuntimeException("An error occurred while trying configure the server for FIPS compliance.", e);
        }
    }

    private FIPSHelper() {
    }
}
