package sun.security.ssl;

import java.security.AlgorithmConstraints;
import java.security.AlgorithmParameters;
import java.security.CryptoPrimitive;
import java.security.Key;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocket;
import sun.security.util.DisabledAlgorithmConstraints;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/java.base-2024-05-10.jar:META-INF/modules/java.base/classes/sun/security/ssl/SSLAlgorithmConstraints.class
 */
/* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLAlgorithmConstraints.class */
public final class SSLAlgorithmConstraints implements AlgorithmConstraints {
    private final AlgorithmConstraints userSpecifiedConstraints;
    private final AlgorithmConstraints peerSpecifiedConstraints;
    private final boolean enabledX509DisabledAlgConstraints;
    private static final AlgorithmConstraints tlsDisabledAlgConstraints = new DisabledAlgorithmConstraints(DisabledAlgorithmConstraints.PROPERTY_TLS_DISABLED_ALGS, new SSLAlgorithmDecomposer());
    private static final AlgorithmConstraints x509DisabledAlgConstraints = new DisabledAlgorithmConstraints(DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS, new SSLAlgorithmDecomposer(true));
    static final AlgorithmConstraints DEFAULT = new SSLAlgorithmConstraints(null, true);
    static final AlgorithmConstraints DEFAULT_SSL_ONLY = new SSLAlgorithmConstraints(null, false);

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/java.base-2024-05-10.jar:META-INF/modules/java.base/classes/sun/security/ssl/SSLAlgorithmConstraints$SupportedSignatureAlgorithmConstraints.class
     */
    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLAlgorithmConstraints$SupportedSignatureAlgorithmConstraints.class */
    private static class SupportedSignatureAlgorithmConstraints implements AlgorithmConstraints {
        private final String[] supportedAlgorithms;

        SupportedSignatureAlgorithmConstraints(String[] strArr) {
            if (strArr != null) {
                this.supportedAlgorithms = (String[]) strArr.clone();
            } else {
                this.supportedAlgorithms = null;
            }
        }

        @Override // java.security.AlgorithmConstraints
        public boolean permits(Set<CryptoPrimitive> set, String str, AlgorithmParameters algorithmParameters) {
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("No algorithm name specified");
            }
            if (set == null || set.isEmpty()) {
                throw new IllegalArgumentException("No cryptographic primitive specified");
            }
            if (this.supportedAlgorithms == null || this.supportedAlgorithms.length == 0) {
                return false;
            }
            int indexOf = str.indexOf("and");
            if (indexOf > 0) {
                str = str.substring(0, indexOf);
            }
            for (String str2 : this.supportedAlgorithms) {
                if (str.equalsIgnoreCase(str2)) {
                    return true;
                }
            }
            return false;
        }

        @Override // java.security.AlgorithmConstraints
        public final boolean permits(Set<CryptoPrimitive> set, Key key) {
            return true;
        }

        @Override // java.security.AlgorithmConstraints
        public final boolean permits(Set<CryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("No algorithm name specified");
            }
            return permits(set, str, algorithmParameters);
        }
    }

    private SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints, boolean z) {
        this(algorithmConstraints, null, z);
    }

    private SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints, SupportedSignatureAlgorithmConstraints supportedSignatureAlgorithmConstraints, boolean z) {
        this.userSpecifiedConstraints = algorithmConstraints;
        this.peerSpecifiedConstraints = supportedSignatureAlgorithmConstraints;
        this.enabledX509DisabledAlgConstraints = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AlgorithmConstraints wrap(AlgorithmConstraints algorithmConstraints) {
        return wrap(algorithmConstraints, true);
    }

    private static AlgorithmConstraints wrap(AlgorithmConstraints algorithmConstraints, boolean z) {
        return nullIfDefault(algorithmConstraints) == null ? z ? DEFAULT : DEFAULT_SSL_ONLY : new SSLAlgorithmConstraints(algorithmConstraints, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AlgorithmConstraints forSocket(SSLSocket sSLSocket, boolean z) {
        return wrap(getUserSpecifiedConstraints(sSLSocket), z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLAlgorithmConstraints forSocket(SSLSocket sSLSocket, String[] strArr, boolean z) {
        return new SSLAlgorithmConstraints(nullIfDefault(getUserSpecifiedConstraints(sSLSocket)), new SupportedSignatureAlgorithmConstraints(strArr), z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AlgorithmConstraints forEngine(SSLEngine sSLEngine, boolean z) {
        return wrap(getUserSpecifiedConstraints(sSLEngine), z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLAlgorithmConstraints forEngine(SSLEngine sSLEngine, String[] strArr, boolean z) {
        return new SSLAlgorithmConstraints(nullIfDefault(getUserSpecifiedConstraints(sSLEngine)), new SupportedSignatureAlgorithmConstraints(strArr), z);
    }

    private static AlgorithmConstraints nullIfDefault(AlgorithmConstraints algorithmConstraints) {
        if (algorithmConstraints == DEFAULT) {
            return null;
        }
        return algorithmConstraints;
    }

    private static AlgorithmConstraints getUserSpecifiedConstraints(SSLEngine sSLEngine) {
        HandshakeContext handshakeContext;
        if (sSLEngine != null) {
            return (!(sSLEngine instanceof SSLEngineImpl) || (handshakeContext = ((SSLEngineImpl) sSLEngine).conContext.handshakeContext) == null) ? sSLEngine.getSSLParameters().getAlgorithmConstraints() : handshakeContext.sslConfig.userSpecifiedAlgorithmConstraints;
        }
        return null;
    }

    private static AlgorithmConstraints getUserSpecifiedConstraints(SSLSocket sSLSocket) {
        HandshakeContext handshakeContext;
        if (sSLSocket != null) {
            return (!(sSLSocket instanceof SSLSocketImpl) || (handshakeContext = ((SSLSocketImpl) sSLSocket).conContext.handshakeContext) == null) ? sSLSocket.getSSLParameters().getAlgorithmConstraints() : handshakeContext.sslConfig.userSpecifiedAlgorithmConstraints;
        }
        return null;
    }

    @Override // java.security.AlgorithmConstraints
    public boolean permits(Set<CryptoPrimitive> set, String str, AlgorithmParameters algorithmParameters) {
        boolean z = true;
        if (this.peerSpecifiedConstraints != null) {
            z = this.peerSpecifiedConstraints.permits(set, str, algorithmParameters);
        }
        if (z && this.userSpecifiedConstraints != null) {
            z = this.userSpecifiedConstraints.permits(set, str, algorithmParameters);
        }
        if (z) {
            z = tlsDisabledAlgConstraints.permits(set, str, algorithmParameters);
        }
        if (z && this.enabledX509DisabledAlgConstraints) {
            z = x509DisabledAlgConstraints.permits(set, str, algorithmParameters);
        }
        return z;
    }

    @Override // java.security.AlgorithmConstraints
    public boolean permits(Set<CryptoPrimitive> set, Key key) {
        boolean z = true;
        if (this.peerSpecifiedConstraints != null) {
            z = this.peerSpecifiedConstraints.permits(set, key);
        }
        if (z && this.userSpecifiedConstraints != null) {
            z = this.userSpecifiedConstraints.permits(set, key);
        }
        if (z) {
            z = tlsDisabledAlgConstraints.permits(set, key);
        }
        if (z && this.enabledX509DisabledAlgConstraints) {
            z = x509DisabledAlgConstraints.permits(set, key);
        }
        return z;
    }

    @Override // java.security.AlgorithmConstraints
    public boolean permits(Set<CryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
        boolean z = true;
        if (this.peerSpecifiedConstraints != null) {
            z = this.peerSpecifiedConstraints.permits(set, str, key, algorithmParameters);
        }
        if (z && this.userSpecifiedConstraints != null) {
            z = this.userSpecifiedConstraints.permits(set, str, key, algorithmParameters);
        }
        if (z) {
            z = tlsDisabledAlgConstraints.permits(set, str, key, algorithmParameters);
        }
        if (z && this.enabledX509DisabledAlgConstraints) {
            z = x509DisabledAlgConstraints.permits(set, str, key, algorithmParameters);
        }
        return z;
    }
}
