package org.apache.cxf.transport.https;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-transports-http-2.7.9.jar:org/apache/cxf/transport/https/CertConstraints.class */
public class CertConstraints {
    private final DNConstraints subjectDNConstraints;
    private final DNConstraints issuerDNConstraints;

    /* loaded from: input_file:WEB-INF/lib/cxf-rt-transports-http-2.7.9.jar:org/apache/cxf/transport/https/CertConstraints$Combinator.class */
    public enum Combinator {
        ANY,
        ALL
    }

    /* loaded from: input_file:WEB-INF/lib/cxf-rt-transports-http-2.7.9.jar:org/apache/cxf/transport/https/CertConstraints$DNConstraints.class */
    private static class DNConstraints {
        private final Combinator combinator;
        private final Collection<Pattern> dnPatterns = new ArrayList();

        DNConstraints(List<String> list, Combinator combinator) throws PatternSyntaxException {
            if (list == null) {
                this.combinator = Combinator.ALL;
                return;
            }
            this.combinator = combinator;
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                this.dnPatterns.add(Pattern.compile(it.next()));
            }
        }

        final boolean matches(X500Principal x500Principal) {
            boolean z = false;
            boolean z2 = false;
            Iterator<Pattern> it = this.dnPatterns.iterator();
            while (it.hasNext()) {
                if (it.next().matcher(x500Principal.getName()).matches()) {
                    z = true;
                    if (this.combinator == Combinator.ANY) {
                        break;
                    }
                } else {
                    z2 = true;
                    if (this.combinator == Combinator.ALL) {
                        break;
                    }
                }
            }
            switch (this.combinator) {
                case ALL:
                    return !z2;
                case ANY:
                    return z;
                default:
                    throw new RuntimeException("LOGIC ERROR: Unreachable code");
            }
        }
    }

    public CertConstraints(List<String> list, Combinator combinator, List<String> list2, Combinator combinator2) throws PatternSyntaxException {
        this.subjectDNConstraints = new DNConstraints(list, combinator);
        this.issuerDNConstraints = new DNConstraints(list2, combinator2);
    }

    public boolean matches(X509Certificate x509Certificate) {
        return this.subjectDNConstraints.matches(x509Certificate.getSubjectX500Principal()) && this.issuerDNConstraints.matches(x509Certificate.getIssuerX500Principal());
    }
}
