package org.keycloak.crypto.fips;

import java.lang.reflect.Method;
import java.security.Provider;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.jboss.logging.Logger;

/* loaded from: input_file:org/keycloak/crypto/fips/KeycloakFipsSecurityProvider.class */
public class KeycloakFipsSecurityProvider extends Provider {
    protected static final Logger logger = Logger.getLogger(KeycloakFipsSecurityProvider.class);
    private final BouncyCastleFipsProvider bcFipsProvider;

    public KeycloakFipsSecurityProvider(BouncyCastleFipsProvider bouncyCastleFipsProvider) {
        super("KC(" + bouncyCastleFipsProvider.toString() + (CryptoServicesRegistrar.isInApprovedOnlyMode() ? " Approved Mode" : "") + ", FIPS-JVM: " + isSystemFipsEnabled() + ")", 1.0d, "Keycloak pseudo provider");
        this.bcFipsProvider = bouncyCastleFipsProvider;
    }

    @Override // java.security.Provider
    public final synchronized Provider.Service getService(String str, String str2) {
        if (!"SHA1PRNG".equals(str2) || !"SecureRandom".equals(str)) {
            return null;
        }
        logger.debug("Returning DEFAULT algorithm of BCFIPS provider instead of SHA1PRNG");
        return this.bcFipsProvider.getService("SecureRandom", "DEFAULT");
    }

    public static String isSystemFipsEnabled() {
        Method method = null;
        try {
            try {
                method = KeycloakFipsSecurityProvider.class.getClassLoader().loadClass("java.security.SystemConfigurator").getDeclaredMethod("isSystemFipsEnabled", new Class[0]);
                method.setAccessible(true);
                String str = ((Boolean) method.invoke(null, new Object[0])).booleanValue() ? "enabled" : "disabled";
                if (method != null) {
                    method.setAccessible(false);
                }
                return str;
            } catch (Throwable th) {
                logger.debug("Could not detect if FIPS is enabled from the host", th);
                if (method != null) {
                    method.setAccessible(false);
                }
                return "unknown";
            }
        } catch (Throwable th2) {
            if (method != null) {
                method.setAccessible(false);
            }
            throw th2;
        }
    }
}
