package sun1.security.util;

import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: classes3.dex */
public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
    public static final String PROPERTY_CERTPATH_DISABLED_ALGS = "jdk.certpath.disabledAlgorithms";
    public static final String PROPERTY_JAR_DISABLED_ALGS = "jdk.jar.disabledAlgorithms";
    public static final String PROPERTY_TLS_DISABLED_ALGS = "jdk.tls.disabledAlgorithms";
    private static final Debug debug = Debug.getInstance("certpath");
    private final Constraints algorithmConstraints;
    private final String[] disabledAlgorithms;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static abstract class Constraint {
        String algorithm;
        Constraint nextConstraint;

        /* loaded from: classes3.dex */
        enum Operator {
            EQ,
            NE,
            LT,
            LE,
            GT,
            GE;

            static Operator of(String str) {
                if ("==".equals(str)) {
                    return EQ;
                }
                if ("!=".equals(str)) {
                    return NE;
                }
                if ("<".equals(str)) {
                    return LT;
                }
                if ("<=".equals(str)) {
                    return LE;
                }
                if (">".equals(str)) {
                    return GT;
                }
                if (">=".equals(str)) {
                    return GE;
                }
                throw new IllegalArgumentException("Error in security property. " + str + " is not a legal Operator");
            }

            /* renamed from: values, reason: to resolve conflict with enum method */
            public static Operator[] valuesCustom() {
                Operator[] valuesCustom = values();
                int length = valuesCustom.length;
                Operator[] operatorArr = new Operator[length];
                System.arraycopy(valuesCustom, 0, operatorArr, 0, length);
                return operatorArr;
            }
        }

        private Constraint() {
            this.nextConstraint = null;
        }

        /* synthetic */ Constraint(Constraint constraint) {
            this();
        }

        public abstract void permits(CertConstraintParameters certConstraintParameters);

        public boolean permits(Key key) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class Constraints {
        private static final Pattern keySizePattern = Pattern.compile("keySize\\s*(<=|<|==|!=|>|>=)\\s*(\\d+)");
        private Map<String, Set<Constraint>> constraintsMap = new HashMap();

        public Constraints(String[] strArr) {
            int length = strArr.length;
            int i = 0;
            int i2 = 0;
            while (i2 < length) {
                String str = strArr[i2];
                if (str != null && !str.isEmpty()) {
                    String trim = str.trim();
                    if (DisabledAlgorithmConstraints.debug != null) {
                        DisabledAlgorithmConstraints.debug.println("Constraints: ".concat(String.valueOf(trim)));
                    }
                    int indexOf = trim.indexOf(32);
                    if (indexOf > 0) {
                        String hashName = AlgorithmDecomposer.hashName(trim.substring(i, indexOf).toUpperCase(Locale.ENGLISH));
                        String[] split = trim.substring(indexOf + 1).split("&");
                        int length2 = split.length;
                        Constraint constraint = null;
                        Constraint constraint2 = null;
                        int i3 = 0;
                        boolean z = false;
                        while (i3 < length2) {
                            String trim2 = split[i3].trim();
                            Matcher matcher = keySizePattern.matcher(trim2);
                            if (matcher.matches()) {
                                if (DisabledAlgorithmConstraints.debug != null) {
                                    DisabledAlgorithmConstraints.debug.println("Constraints set to keySize: ".concat(String.valueOf(trim2)));
                                }
                                constraint = new KeySizeConstraint(hashName, KeySizeConstraint.Operator.valueOf(matcher.group(1)), Integer.parseInt(matcher.group(2)));
                            } else if (trim2.equalsIgnoreCase("jdkCA")) {
                                if (DisabledAlgorithmConstraints.debug != null) {
                                    DisabledAlgorithmConstraints.debug.println("Constraints set to jdkCA.");
                                }
                                if (z) {
                                    throw new IllegalArgumentException("Only one jdkCA entry allowed in property. Constraint: ".concat(String.valueOf(trim)));
                                }
                                constraint = new jdkCAConstraint(hashName);
                                z = true;
                            }
                            if (constraint2 == null) {
                                if (!this.constraintsMap.containsKey(hashName)) {
                                    this.constraintsMap.put(hashName, new HashSet());
                                }
                                if (constraint != null) {
                                    this.constraintsMap.mo21581get(hashName).add(constraint);
                                }
                            } else {
                                constraint2.nextConstraint = constraint;
                            }
                            i3++;
                            constraint2 = constraint;
                        }
                    } else {
                        String upperCase = trim.toUpperCase(Locale.ENGLISH);
                        if (this.constraintsMap.mo21581get(upperCase) == null) {
                            this.constraintsMap.put(upperCase, new HashSet());
                        }
                    }
                }
                i2++;
                i = 0;
            }
        }

        private Set<Constraint> getConstraints(String str) {
            return this.constraintsMap.mo21581get(str);
        }

        public void permits(CertConstraintParameters certConstraintParameters) {
            X509Certificate certificate = certConstraintParameters.getCertificate();
            if (DisabledAlgorithmConstraints.debug != null) {
                DisabledAlgorithmConstraints.debug.println("Constraints.permits(): " + certificate.getSigAlgName());
            }
            Set<String> decomposeOneHash = AlgorithmDecomposer.decomposeOneHash(certificate.getSigAlgName());
            if (decomposeOneHash == null || decomposeOneHash.isEmpty()) {
                return;
            }
            decomposeOneHash.add(certificate.getPublicKey().getAlgorithm());
            Iterator<String> it = decomposeOneHash.iterator();
            while (it.hasNext()) {
                Set<Constraint> constraints = getConstraints(it.next());
                if (constraints != null) {
                    Iterator<Constraint> it2 = constraints.iterator();
                    while (it2.hasNext()) {
                        it2.next().permits(certConstraintParameters);
                    }
                }
            }
        }

        public boolean permits(Key key) {
            Set<Constraint> constraints = getConstraints(key.getAlgorithm());
            if (constraints == null) {
                return true;
            }
            Iterator<Constraint> it = constraints.iterator();
            while (it.hasNext()) {
                if (!it.next().permits(key)) {
                    if (DisabledAlgorithmConstraints.debug == null) {
                        return false;
                    }
                    DisabledAlgorithmConstraints.debug.println("keySizeConstraint: failed key constraint check " + KeyUtil.getKeySize(key));
                    return false;
                }
            }
            return true;
        }
    }

    /* loaded from: classes3.dex */
    static class KeySizeConstraint extends Constraint {
        private static /* synthetic */ int[] $SWITCH_TABLE$sun1$security$util$DisabledAlgorithmConstraints$KeySizeConstraint$Operator;
        private int maxSize;
        private int minSize;
        private int prohibitedSize;

        /* loaded from: classes3.dex */
        public enum Operator {
            EQ,
            NE,
            LT,
            LE,
            GT,
            GE;

            /* renamed from: values, reason: to resolve conflict with enum method */
            public static Operator[] valuesCustom() {
                Operator[] valuesCustom = values();
                int length = valuesCustom.length;
                Operator[] operatorArr = new Operator[length];
                System.arraycopy(valuesCustom, 0, operatorArr, 0, length);
                return operatorArr;
            }
        }

        static /* synthetic */ int[] $SWITCH_TABLE$sun1$security$util$DisabledAlgorithmConstraints$KeySizeConstraint$Operator() {
            int[] iArr = $SWITCH_TABLE$sun1$security$util$DisabledAlgorithmConstraints$KeySizeConstraint$Operator;
            if (iArr != null) {
                return iArr;
            }
            int[] iArr2 = new int[Operator.valuesCustom().length];
            try {
                iArr2[Operator.EQ.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                iArr2[Operator.GE.ordinal()] = 6;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                iArr2[Operator.GT.ordinal()] = 5;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                iArr2[Operator.LE.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                iArr2[Operator.LT.ordinal()] = 3;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                iArr2[Operator.NE.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            $SWITCH_TABLE$sun1$security$util$DisabledAlgorithmConstraints$KeySizeConstraint$Operator = iArr2;
            return iArr2;
        }

        public KeySizeConstraint(String str, Operator operator, int i) {
            super(null);
            this.prohibitedSize = -1;
            this.algorithm = str;
            switch ($SWITCH_TABLE$sun1$security$util$DisabledAlgorithmConstraints$KeySizeConstraint$Operator()[operator.ordinal()]) {
                case 1:
                    this.minSize = 0;
                    this.maxSize = Integer.MAX_VALUE;
                    this.prohibitedSize = i;
                    return;
                case 2:
                    this.minSize = i;
                    this.maxSize = i;
                    return;
                case 3:
                    this.minSize = i;
                    this.maxSize = Integer.MAX_VALUE;
                    return;
                case 4:
                    this.minSize = i + 1;
                    this.maxSize = Integer.MAX_VALUE;
                    return;
                case 5:
                    this.minSize = 0;
                    this.maxSize = i;
                    return;
                case 6:
                    this.minSize = 0;
                    this.maxSize = i > 1 ? i - 1 : 0;
                    return;
                default:
                    this.minSize = Integer.MAX_VALUE;
                    this.maxSize = -1;
                    return;
            }
        }

        private boolean permitsImpl(Key key) {
            if (this.algorithm.compareToIgnoreCase(key.getAlgorithm()) != 0) {
                return true;
            }
            int keySize = KeyUtil.getKeySize(key);
            if (keySize == 0) {
                return false;
            }
            if (keySize > 0) {
                return keySize >= this.minSize && keySize <= this.maxSize && this.prohibitedSize != keySize;
            }
            return true;
        }

        @Override // sun1.security.util.DisabledAlgorithmConstraints.Constraint
        public void permits(CertConstraintParameters certConstraintParameters) {
            if (permitsImpl(certConstraintParameters.getCertificate().getPublicKey())) {
                return;
            }
            if (this.nextConstraint == null) {
                throw new CertPathValidatorException("Algorithm constraints check failed on keysize limits");
            }
            this.nextConstraint.permits(certConstraintParameters);
        }

        @Override // sun1.security.util.DisabledAlgorithmConstraints.Constraint
        public boolean permits(Key key) {
            if (this.nextConstraint != null && this.nextConstraint.permits(key)) {
                return true;
            }
            if (DisabledAlgorithmConstraints.debug != null) {
                DisabledAlgorithmConstraints.debug.println("KeySizeConstraints.permits(): " + this.algorithm);
            }
            return permitsImpl(key);
        }
    }

    /* loaded from: classes3.dex */
    static class jdkCAConstraint extends Constraint {
        jdkCAConstraint(String str) {
            super(null);
            this.algorithm = str;
        }

        @Override // sun1.security.util.DisabledAlgorithmConstraints.Constraint
        public void permits(CertConstraintParameters certConstraintParameters) {
            if (DisabledAlgorithmConstraints.debug != null) {
                DisabledAlgorithmConstraints.debug.println("jdkCAConstraints.permits(): " + this.algorithm);
            }
            if (certConstraintParameters.isTrustedMatch()) {
                if (this.nextConstraint == null) {
                    throw new CertPathValidatorException("Algorithm constraints check failed on certificate anchor limits");
                }
                this.nextConstraint.permits(certConstraintParameters);
            }
        }
    }

    public DisabledAlgorithmConstraints(String str) {
        this(str, new AlgorithmDecomposer());
    }

    public DisabledAlgorithmConstraints(String str, AlgorithmDecomposer algorithmDecomposer) {
        super(algorithmDecomposer);
        this.disabledAlgorithms = getAlgorithms(str);
        this.algorithmConstraints = new Constraints(this.disabledAlgorithms);
    }

    private void checkConstraints(Set<CryptoPrimitive> set, CertConstraintParameters certConstraintParameters) {
        X509Certificate certificate = certConstraintParameters.getCertificate();
        String sigAlgName = certificate.getSigAlgName();
        if (!permits(set, sigAlgName, null)) {
            throw new CertPathValidatorException("Algorithm constraints check failed on disabled signature algorithm: ".concat(String.valueOf(sigAlgName)));
        }
        if (!permits(set, certificate.getPublicKey().getAlgorithm(), null)) {
            throw new CertPathValidatorException("Algorithm constraints check failed on disabled public key algorithm: ".concat(String.valueOf(sigAlgName)));
        }
        this.algorithmConstraints.permits(certConstraintParameters);
    }

    private boolean checkConstraints(Set<CryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
        if (key == null) {
            throw new IllegalArgumentException("The key cannot be null");
        }
        if ((str == null || str.length() == 0 || permits(set, str, algorithmParameters)) && permits(set, key.getAlgorithm(), null)) {
            return this.algorithmConstraints.permits(key);
        }
        return false;
    }

    public boolean checkProperty(String str) {
        String lowerCase = str.toLowerCase(Locale.ENGLISH);
        for (String str2 : this.disabledAlgorithms) {
            if (str2.toLowerCase(Locale.ENGLISH).indexOf(lowerCase) >= 0) {
                return true;
            }
        }
        return false;
    }

    public final void permits(Set<CryptoPrimitive> set, X509Certificate x509Certificate) {
        checkConstraints(set, new CertConstraintParameters(x509Certificate));
    }

    public final void permits(Set<CryptoPrimitive> set, CertConstraintParameters certConstraintParameters) {
        checkConstraints(set, certConstraintParameters);
    }

    @Override // sun1.security.util.AlgorithmConstraints
    public final boolean permits(Set<CryptoPrimitive> set, String str, AlgorithmParameters algorithmParameters) {
        if (set == null || set.isEmpty()) {
            throw new IllegalArgumentException("No cryptographic primitive specified");
        }
        return checkAlgorithm(this.disabledAlgorithms, str, this.decomposer);
    }

    @Override // sun1.security.util.AlgorithmConstraints
    public final boolean permits(Set<CryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("No algorithm name specified");
        }
        return checkConstraints(set, str, key, algorithmParameters);
    }

    @Override // sun1.security.util.AlgorithmConstraints
    public final boolean permits(Set<CryptoPrimitive> set, Key key) {
        return checkConstraints(set, "", key, null);
    }
}
