package sun.security.ssl;

import java.security.AlgorithmConstraints;
import java.security.AlgorithmParameters;
import java.security.CryptoPrimitive;
import java.security.Key;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocket;
import sun.security.util.DisabledAlgorithmConstraints;

/* loaded from: input_file:sun/security/ssl/SSLAlgorithmConstraints.class */
final class SSLAlgorithmConstraints implements AlgorithmConstraints {
    private AlgorithmConstraints userAlgConstraints;
    private AlgorithmConstraints peerAlgConstraints;
    private boolean enabledX509DisabledAlgConstraints;
    private static final AlgorithmConstraints tlsDisabledAlgConstraints = new DisabledAlgorithmConstraints("jdk.tls.disabledAlgorithms", new SSLAlgorithmDecomposer());
    private static final AlgorithmConstraints x509DisabledAlgConstraints = new DisabledAlgorithmConstraints("jdk.certpath.disabledAlgorithms", new SSLAlgorithmDecomposer(true));
    static final AlgorithmConstraints DEFAULT = new SSLAlgorithmConstraints(null);
    static final AlgorithmConstraints DEFAULT_SSL_ONLY = new SSLAlgorithmConstraints((SSLSocket) null, false);

    /* loaded from: input_file:sun/security/ssl/SSLAlgorithmConstraints$SupportedSignatureAlgorithmConstraints.class */
    private static class SupportedSignatureAlgorithmConstraints implements AlgorithmConstraints {
        private String[] supportedAlgorithms;

        SupportedSignatureAlgorithmConstraints(String[] strArr) {
            if (strArr != null) {
                this.supportedAlgorithms = (String[]) strArr.clone();
            } else {
                this.supportedAlgorithms = null;
            }
        }

        @Override // java.security.AlgorithmConstraints
        public boolean permits(Set<CryptoPrimitive> set, String str, AlgorithmParameters algorithmParameters) {
            if (str == null || str.length() == 0) {
                throw new IllegalArgumentException("No algorithm name specified");
            }
            if (set == null || set.isEmpty()) {
                throw new IllegalArgumentException("No cryptographic primitive specified");
            }
            if (this.supportedAlgorithms == null || this.supportedAlgorithms.length == 0) {
                return false;
            }
            int indexOf = str.indexOf("and");
            if (indexOf > 0) {
                str = str.substring(0, indexOf);
            }
            for (String str2 : this.supportedAlgorithms) {
                if (str.equalsIgnoreCase(str2)) {
                    return true;
                }
            }
            return false;
        }

        @Override // java.security.AlgorithmConstraints
        public final boolean permits(Set<CryptoPrimitive> set, Key key) {
            return true;
        }

        @Override // java.security.AlgorithmConstraints
        public final boolean permits(Set<CryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
            if (str == null || str.length() == 0) {
                throw new IllegalArgumentException("No algorithm name specified");
            }
            return permits(set, str, algorithmParameters);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
        this.userAlgConstraints = null;
        this.peerAlgConstraints = null;
        this.enabledX509DisabledAlgConstraints = true;
        this.userAlgConstraints = algorithmConstraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLAlgorithmConstraints(SSLSocket sSLSocket, boolean z) {
        this.userAlgConstraints = null;
        this.peerAlgConstraints = null;
        this.enabledX509DisabledAlgConstraints = true;
        if (sSLSocket != null) {
            this.userAlgConstraints = sSLSocket.getSSLParameters().getAlgorithmConstraints();
        }
        if (z) {
            return;
        }
        this.enabledX509DisabledAlgConstraints = false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLAlgorithmConstraints(SSLEngine sSLEngine, boolean z) {
        this.userAlgConstraints = null;
        this.peerAlgConstraints = null;
        this.enabledX509DisabledAlgConstraints = true;
        if (sSLEngine != null) {
            this.userAlgConstraints = sSLEngine.getSSLParameters().getAlgorithmConstraints();
        }
        if (z) {
            return;
        }
        this.enabledX509DisabledAlgConstraints = false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLAlgorithmConstraints(SSLSocket sSLSocket, String[] strArr, boolean z) {
        this.userAlgConstraints = null;
        this.peerAlgConstraints = null;
        this.enabledX509DisabledAlgConstraints = true;
        if (sSLSocket != null) {
            this.userAlgConstraints = sSLSocket.getSSLParameters().getAlgorithmConstraints();
            this.peerAlgConstraints = new SupportedSignatureAlgorithmConstraints(strArr);
        }
        if (z) {
            return;
        }
        this.enabledX509DisabledAlgConstraints = false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLAlgorithmConstraints(SSLEngine sSLEngine, String[] strArr, boolean z) {
        this.userAlgConstraints = null;
        this.peerAlgConstraints = null;
        this.enabledX509DisabledAlgConstraints = true;
        if (sSLEngine != null) {
            this.userAlgConstraints = sSLEngine.getSSLParameters().getAlgorithmConstraints();
            this.peerAlgConstraints = new SupportedSignatureAlgorithmConstraints(strArr);
        }
        if (z) {
            return;
        }
        this.enabledX509DisabledAlgConstraints = false;
    }

    @Override // java.security.AlgorithmConstraints
    public boolean permits(Set<CryptoPrimitive> set, String str, AlgorithmParameters algorithmParameters) {
        boolean z = true;
        if (this.peerAlgConstraints != null) {
            z = this.peerAlgConstraints.permits(set, str, algorithmParameters);
        }
        if (z && this.userAlgConstraints != null) {
            z = this.userAlgConstraints.permits(set, str, algorithmParameters);
        }
        if (z) {
            z = tlsDisabledAlgConstraints.permits(set, str, algorithmParameters);
        }
        if (z && this.enabledX509DisabledAlgConstraints) {
            z = x509DisabledAlgConstraints.permits(set, str, algorithmParameters);
        }
        return z;
    }

    @Override // java.security.AlgorithmConstraints
    public boolean permits(Set<CryptoPrimitive> set, Key key) {
        boolean z = true;
        if (this.peerAlgConstraints != null) {
            z = this.peerAlgConstraints.permits(set, key);
        }
        if (z && this.userAlgConstraints != null) {
            z = this.userAlgConstraints.permits(set, key);
        }
        if (z) {
            z = tlsDisabledAlgConstraints.permits(set, key);
        }
        if (z && this.enabledX509DisabledAlgConstraints) {
            z = x509DisabledAlgConstraints.permits(set, key);
        }
        return z;
    }

    @Override // java.security.AlgorithmConstraints
    public boolean permits(Set<CryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
        boolean z = true;
        if (this.peerAlgConstraints != null) {
            z = this.peerAlgConstraints.permits(set, str, key, algorithmParameters);
        }
        if (z && this.userAlgConstraints != null) {
            z = this.userAlgConstraints.permits(set, str, key, algorithmParameters);
        }
        if (z) {
            z = tlsDisabledAlgConstraints.permits(set, str, key, algorithmParameters);
        }
        if (z && this.enabledX509DisabledAlgConstraints) {
            z = x509DisabledAlgConstraints.permits(set, str, key, algorithmParameters);
        }
        return z;
    }
}
