package org.bouncycastle.crypto.asymmetric;

import com.unboundid.util.BouncyCastleFIPSHelper;
import java.lang.ref.WeakReference;
import java.math.BigInteger;
import java.util.HashSet;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.concurrent.atomic.AtomicReference;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.crypto.Algorithm;
import org.bouncycastle.crypto.AsymmetricKey;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.fips.FipsUnapprovedOperationError;
import org.bouncycastle.util.Properties;

/* loaded from: input_file:lib/bc-fips-1.0.2.4.jar:org/bouncycastle/crypto/asymmetric/AsymmetricRSAKey.class */
public abstract class AsymmetricRSAKey implements AsymmetricKey {
    protected static final AlgorithmIdentifier DEF_ALG_ID = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE);
    private static final Set<ASN1ObjectIdentifier> rsaOids = new HashSet(4);
    private final boolean approvedModeOnly;
    private final KeyMarker keyMarker;
    private Algorithm algorithm;
    protected BigInteger modulus;
    protected final AlgorithmIdentifier rsaAlgIdentifier;
    private static WeakHashMap<BigInteger, WeakReference<KeyMarker>> markers;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/bc-fips-1.0.2.4.jar:org/bouncycastle/crypto/asymmetric/AsymmetricRSAKey$KeyMarker.class */
    public static class KeyMarker {
        private final AtomicReference<Usage> keyUsage = new AtomicReference<>(null);
        private final BigInteger modulus;

        KeyMarker(BigInteger bigInteger) {
            this.modulus = bigInteger;
        }

        public boolean canBeUsed(Usage usage) {
            return this.keyUsage.compareAndSet(null, usage) || this.keyUsage.get().equals(usage) || this.keyUsage.compareAndSet(Usage.SIGN_OR_VERIFY, usage);
        }
    }

    /* loaded from: input_file:lib/bc-fips-1.0.2.4.jar:org/bouncycastle/crypto/asymmetric/AsymmetricRSAKey$Usage.class */
    public enum Usage {
        SIGN_OR_VERIFY,
        ENCRYPT_OR_DECRYPT
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AsymmetricRSAKey(Algorithm algorithm, BigInteger bigInteger) {
        this.approvedModeOnly = CryptoServicesRegistrar.isInApprovedOnlyMode();
        this.algorithm = algorithm;
        this.keyMarker = getKeyMarker(bigInteger);
        this.modulus = this.keyMarker.modulus;
        this.rsaAlgIdentifier = DEF_ALG_ID;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AsymmetricRSAKey(Algorithm algorithm, AlgorithmIdentifier algorithmIdentifier, BigInteger bigInteger) {
        ASN1ObjectIdentifier algorithm2 = algorithmIdentifier.getAlgorithm();
        if (!rsaOids.contains(algorithm2)) {
            throw new IllegalArgumentException("Unknown algorithm type: " + algorithm2);
        }
        this.approvedModeOnly = CryptoServicesRegistrar.isInApprovedOnlyMode();
        this.algorithm = algorithm;
        this.rsaAlgIdentifier = algorithmIdentifier;
        this.keyMarker = getKeyMarker(bigInteger);
        this.modulus = this.keyMarker.modulus;
        if (algorithm2.equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) {
            this.keyMarker.canBeUsed(Usage.SIGN_OR_VERIFY);
        } else if (algorithm2.equals(PKCSObjectIdentifiers.id_RSAES_OAEP)) {
            this.keyMarker.canBeUsed(Usage.ENCRYPT_OR_DECRYPT);
        }
    }

    @Override // org.bouncycastle.crypto.Key
    public Algorithm getAlgorithm() {
        return this.algorithm;
    }

    public BigInteger getModulus() {
        return this.modulus;
    }

    public boolean canBeUsed(Usage usage) {
        return Properties.isOverrideSet(BouncyCastleFIPSHelper.PROPERTY_ALLOW_RSA_MULTI_USE) || this.keyMarker.canBeUsed(usage);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void zeroize() {
        this.algorithm = null;
        this.modulus = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void checkApprovedOnlyModeStatus() {
        if (this.approvedModeOnly != CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            throw new FipsUnapprovedOperationError("No access to key in current thread.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized boolean isAlreadySeen(BigInteger bigInteger) {
        return markers.containsKey(bigInteger);
    }

    static synchronized KeyMarker getKeyMarker(BigInteger bigInteger) {
        KeyMarker keyMarker = null;
        WeakReference<KeyMarker> weakReference = markers.get(bigInteger);
        if (weakReference != null) {
            keyMarker = weakReference.get();
        }
        if (keyMarker != null) {
            return keyMarker;
        }
        KeyMarker keyMarker2 = new KeyMarker(bigInteger);
        markers.put(bigInteger, new WeakReference<>(keyMarker2));
        return keyMarker2;
    }

    static {
        rsaOids.add(PKCSObjectIdentifiers.rsaEncryption);
        rsaOids.add(X509ObjectIdentifiers.id_ea_rsa);
        rsaOids.add(PKCSObjectIdentifiers.id_RSAES_OAEP);
        rsaOids.add(PKCSObjectIdentifiers.id_RSASSA_PSS);
        rsaOids.add(PKCSObjectIdentifiers.id_rsa_KEM);
        markers = new WeakHashMap<>();
    }
}
