package cn.gmssl.sun.security.util;

import java.security.AccessController;
import java.security.AlgorithmConstraints;
import java.security.AlgorithmParameters;
import java.security.CryptoPrimitive;
import java.security.Key;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.bc.pqc.jcajce.spec.McElieceCCA2ParameterSpec;

/* loaded from: input_file:cn/gmssl/sun/security/util/DisabledAlgorithmConstraints.class */
public class DisabledAlgorithmConstraints implements AlgorithmConstraints {
    public static final String PROPERTY_CERTPATH_DISABLED_ALGS = "jdk.certpath.disabledAlgorithms";
    public static final String PROPERTY_TLS_DISABLED_ALGS = "jdk.tls.disabledAlgorithms";
    private static final Map<String, String[]> disabledAlgorithmsMap = new HashMap();
    private static final Map<String, KeySizeConstraints> keySizeConstraintsMap = new HashMap();
    private String[] disabledAlgorithms;
    private KeySizeConstraints keySizeConstraints;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:cn/gmssl/sun/security/util/DisabledAlgorithmConstraints$KeySizeConstraint.class */
    public class KeySizeConstraint {
        private int minSize;
        private int maxSize;
        private int prohibitedSize;
        private static /* synthetic */ int[] $SWITCH_TABLE$cn$gmssl$sun$security$util$DisabledAlgorithmConstraints$KeySizeConstraint$Operator;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:cn/gmssl/sun/security/util/DisabledAlgorithmConstraints$KeySizeConstraint$Operator.class */
        public enum Operator {
            EQ,
            NE,
            LT,
            LE,
            GT,
            GE;

            static Operator of(String str) {
                if (str.equals("==")) {
                    return EQ;
                }
                if (str.equals("!=")) {
                    return NE;
                }
                if (str.equals("<")) {
                    return LT;
                }
                if (str.equals("<=")) {
                    return LE;
                }
                if (str.equals(">")) {
                    return GT;
                }
                if (str.equals(">=")) {
                    return GE;
                }
                throw new IllegalArgumentException(String.valueOf(str) + " is not a legal Operator");
            }

            /* renamed from: values, reason: to resolve conflict with enum method */
            public static Operator[] valuesCustom() {
                Operator[] valuesCustom = values();
                int length = valuesCustom.length;
                Operator[] operatorArr = new Operator[length];
                System.arraycopy(valuesCustom, 0, operatorArr, 0, length);
                return operatorArr;
            }
        }

        public KeySizeConstraint(Operator operator, int i) {
            this.prohibitedSize = -1;
            switch ($SWITCH_TABLE$cn$gmssl$sun$security$util$DisabledAlgorithmConstraints$KeySizeConstraint$Operator()[operator.ordinal()]) {
                case 1:
                    this.minSize = 0;
                    this.maxSize = Integer.MAX_VALUE;
                    this.prohibitedSize = i;
                    return;
                case 2:
                    this.minSize = i;
                    this.maxSize = i;
                    return;
                case 3:
                    this.minSize = i;
                    this.maxSize = Integer.MAX_VALUE;
                    return;
                case 4:
                    this.minSize = i + 1;
                    this.maxSize = Integer.MAX_VALUE;
                    return;
                case 5:
                    this.minSize = 0;
                    this.maxSize = i;
                    return;
                case 6:
                    this.minSize = 0;
                    this.maxSize = i > 1 ? i - 1 : 0;
                    return;
                default:
                    this.minSize = Integer.MAX_VALUE;
                    this.maxSize = -1;
                    return;
            }
        }

        public boolean disables(Key key) {
            int keySize = KeyUtil.getKeySize(key);
            if (keySize == 0) {
                return true;
            }
            if (keySize > 0) {
                return keySize < this.minSize || keySize > this.maxSize || this.prohibitedSize == keySize;
            }
            return false;
        }

        static /* synthetic */ int[] $SWITCH_TABLE$cn$gmssl$sun$security$util$DisabledAlgorithmConstraints$KeySizeConstraint$Operator() {
            int[] iArr = $SWITCH_TABLE$cn$gmssl$sun$security$util$DisabledAlgorithmConstraints$KeySizeConstraint$Operator;
            if (iArr != null) {
                return iArr;
            }
            int[] iArr2 = new int[Operator.valuesCustom().length];
            try {
                iArr2[Operator.EQ.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                iArr2[Operator.GE.ordinal()] = 6;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                iArr2[Operator.GT.ordinal()] = 5;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                iArr2[Operator.LE.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                iArr2[Operator.LT.ordinal()] = 3;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                iArr2[Operator.NE.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            $SWITCH_TABLE$cn$gmssl$sun$security$util$DisabledAlgorithmConstraints$KeySizeConstraint$Operator = iArr2;
            return iArr2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:cn/gmssl/sun/security/util/DisabledAlgorithmConstraints$KeySizeConstraints.class */
    public class KeySizeConstraints {
        private static final Pattern pattern = Pattern.compile("(\\S+)\\s+keySize\\s*(<=|<|==|!=|>|>=)\\s*(\\d+)");
        private Map<String, Set<KeySizeConstraint>> constraintsMap = Collections.synchronizedMap(new HashMap());

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v26, types: [java.util.Map<java.lang.String, java.util.Set<cn.gmssl.sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint>>] */
        /* JADX WARN: Type inference failed for: r0v27, types: [java.lang.Throwable] */
        /* JADX WARN: Type inference failed for: r0v30, types: [boolean] */
        public KeySizeConstraints(String[] strArr) {
            for (String str : strArr) {
                if (str != null && !str.isEmpty()) {
                    Matcher matcher = pattern.matcher(str);
                    if (matcher.matches()) {
                        String group = matcher.group(1);
                        KeySizeConstraint.Operator of = KeySizeConstraint.Operator.of(matcher.group(2));
                        int parseInt = Integer.parseInt(matcher.group(3));
                        String lowerCase = group.toLowerCase(Locale.ENGLISH);
                        ?? r0 = this.constraintsMap;
                        synchronized (r0) {
                            r0 = this.constraintsMap.containsKey(lowerCase);
                            if (r0 == 0) {
                                this.constraintsMap.put(lowerCase, new HashSet());
                            }
                            this.constraintsMap.get(lowerCase).add(new KeySizeConstraint(of, parseInt));
                        }
                    } else {
                        continue;
                    }
                }
            }
        }

        /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable, java.util.Map<java.lang.String, java.util.Set<cn.gmssl.sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint>>] */
        public boolean disables(Key key) {
            String lowerCase = key.getAlgorithm().toLowerCase(Locale.ENGLISH);
            synchronized (this.constraintsMap) {
                if (this.constraintsMap.containsKey(lowerCase)) {
                    Iterator<KeySizeConstraint> it = this.constraintsMap.get(lowerCase).iterator();
                    while (it.hasNext()) {
                        if (it.next().disables(key)) {
                            return true;
                        }
                    }
                }
                return false;
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Map<java.lang.String, java.lang.String[]>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    public DisabledAlgorithmConstraints(String str) {
        ?? r0 = disabledAlgorithmsMap;
        synchronized (r0) {
            if (!disabledAlgorithmsMap.containsKey(str)) {
                loadDisabledAlgorithmsMap(str);
            }
            this.disabledAlgorithms = disabledAlgorithmsMap.get(str);
            this.keySizeConstraints = keySizeConstraintsMap.get(str);
            r0 = r0;
        }
    }

    @Override // java.security.AlgorithmConstraints
    public final boolean permits(Set<CryptoPrimitive> set, String str, AlgorithmParameters algorithmParameters) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("No algorithm name specified");
        }
        if (set == null || set.isEmpty()) {
            throw new IllegalArgumentException("No cryptographic primitive specified");
        }
        Set<String> set2 = null;
        for (String str2 : this.disabledAlgorithms) {
            if (str2 != null && !str2.isEmpty()) {
                if (str2.equalsIgnoreCase(str)) {
                    return false;
                }
                if (set2 == null) {
                    set2 = decomposes(str);
                }
                Iterator<String> it = set2.iterator();
                while (it.hasNext()) {
                    if (str2.equalsIgnoreCase(it.next())) {
                        return false;
                    }
                }
            }
        }
        return true;
    }

    @Override // java.security.AlgorithmConstraints
    public final boolean permits(Set<CryptoPrimitive> set, Key key) {
        return checkConstraints(set, "", key, null);
    }

    @Override // java.security.AlgorithmConstraints
    public final boolean permits(Set<CryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("No algorithm name specified");
        }
        return checkConstraints(set, str, key, algorithmParameters);
    }

    public Set<String> decomposes(String str) {
        if (str == null || str.length() == 0) {
            return new HashSet();
        }
        String[] split = Pattern.compile("/").split(str);
        HashSet hashSet = new HashSet();
        for (String str2 : split) {
            if (str2 != null && str2.length() != 0) {
                for (String str3 : Pattern.compile("with|and", 2).split(str2)) {
                    if (str3 != null && str3.length() != 0) {
                        hashSet.add(str3);
                    }
                }
            }
        }
        if (hashSet.contains("SHA1") && !hashSet.contains("SHA-1")) {
            hashSet.add("SHA-1");
        }
        if (hashSet.contains("SHA-1") && !hashSet.contains("SHA1")) {
            hashSet.add("SHA1");
        }
        if (hashSet.contains("SHA224") && !hashSet.contains("SHA-224")) {
            hashSet.add("SHA-224");
        }
        if (hashSet.contains("SHA-224") && !hashSet.contains("SHA224")) {
            hashSet.add("SHA224");
        }
        if (hashSet.contains(McElieceCCA2ParameterSpec.DEFAULT_MD) && !hashSet.contains("SHA-256")) {
            hashSet.add("SHA-256");
        }
        if (hashSet.contains("SHA-256") && !hashSet.contains(McElieceCCA2ParameterSpec.DEFAULT_MD)) {
            hashSet.add(McElieceCCA2ParameterSpec.DEFAULT_MD);
        }
        if (hashSet.contains("SHA384") && !hashSet.contains("SHA-384")) {
            hashSet.add("SHA-384");
        }
        if (hashSet.contains("SHA-384") && !hashSet.contains("SHA384")) {
            hashSet.add("SHA384");
        }
        if (hashSet.contains("SHA512") && !hashSet.contains("SHA-512")) {
            hashSet.add("SHA-512");
        }
        if (hashSet.contains("SHA-512") && !hashSet.contains("SHA512")) {
            hashSet.add("SHA512");
        }
        return hashSet;
    }

    private boolean checkConstraints(Set<CryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
        if (key == null) {
            throw new IllegalArgumentException("The key cannot be null");
        }
        return (str == null || str.length() == 0 || permits(set, str, algorithmParameters)) && permits(set, key.getAlgorithm(), null) && !this.keySizeConstraints.disables(key);
    }

    private static void loadDisabledAlgorithmsMap(final String str) {
        String str2 = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: cn.gmssl.sun.security.util.DisabledAlgorithmConstraints.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                return Security.getProperty(str);
            }
        });
        String[] strArr = null;
        if (str2 != null && !str2.isEmpty()) {
            if (str2.charAt(0) == '\"' && str2.charAt(str2.length() - 1) == '\"') {
                str2 = str2.substring(1, str2.length() - 1);
            }
            strArr = str2.split(",");
            for (int i = 0; i < strArr.length; i++) {
                strArr[i] = strArr[i].trim();
            }
        }
        if (strArr == null) {
            strArr = new String[0];
        }
        disabledAlgorithmsMap.put(str, strArr);
        keySizeConstraintsMap.put(str, new KeySizeConstraints(strArr));
    }
}
