package sun.security.util;

import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.security.AlgorithmParameters;
import java.security.CryptoPrimitive;
import java.security.Key;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.TimeZone;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import sun.security.validator.Validator;

/* loaded from: input_file:sun/security/util/DisabledAlgorithmConstraints.class */
public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
    private static final Debug debug = Debug.getInstance("certpath");
    public static final String PROPERTY_CERTPATH_DISABLED_ALGS = "jdk.certpath.disabledAlgorithms";
    public static final String PROPERTY_TLS_DISABLED_ALGS = "jdk.tls.disabledAlgorithms";
    public static final String PROPERTY_JAR_DISABLED_ALGS = "jdk.jar.disabledAlgorithms";
    private final String[] disabledAlgorithms;
    private final Constraints algorithmConstraints;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:sun/security/util/DisabledAlgorithmConstraints$Constraint.class */
    public static abstract class Constraint {
        String algorithm;
        Constraint nextConstraint;

        /* loaded from: input_file:sun/security/util/DisabledAlgorithmConstraints$Constraint$Operator.class */
        enum Operator {
            EQ,
            NE,
            LT,
            LE,
            GT,
            GE;

            static Operator of(String str) {
                boolean z = -1;
                switch (str.hashCode()) {
                    case 60:
                        if (str.equals("<")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 62:
                        if (str.equals(">")) {
                            z = 4;
                            break;
                        }
                        break;
                    case 1084:
                        if (str.equals("!=")) {
                            z = true;
                            break;
                        }
                        break;
                    case 1921:
                        if (str.equals("<=")) {
                            z = 3;
                            break;
                        }
                        break;
                    case 1952:
                        if (str.equals("==")) {
                            z = false;
                            break;
                        }
                        break;
                    case 1983:
                        if (str.equals(">=")) {
                            z = 5;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        return EQ;
                    case true:
                        return NE;
                    case true:
                        return LT;
                    case true:
                        return LE;
                    case true:
                        return GT;
                    case true:
                        return GE;
                    default:
                        throw new IllegalArgumentException("Error in security property. " + str + " is not a legal Operator");
                }
            }
        }

        private Constraint() {
            this.nextConstraint = null;
        }

        public boolean permits(Key key) {
            return true;
        }

        public boolean permits(AlgorithmParameters algorithmParameters) {
            return true;
        }

        public abstract void permits(ConstraintsParameters constraintsParameters) throws CertPathValidatorException;

        boolean next(ConstraintsParameters constraintsParameters) throws CertPathValidatorException {
            if (this.nextConstraint == null) {
                return false;
            }
            this.nextConstraint.permits(constraintsParameters);
            return true;
        }

        boolean next(Key key) {
            return this.nextConstraint != null && this.nextConstraint.permits(key);
        }

        String extendedMsg(ConstraintsParameters constraintsParameters) {
            if (constraintsParameters.getCertificate() == null) {
                return ".";
            }
            return " used with certificate: " + ((Object) constraintsParameters.getCertificate().getSubjectX500Principal()) + (constraintsParameters.getVariant() != Validator.VAR_GENERIC ? ".  Usage was " + constraintsParameters.getVariant() : ".");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:sun/security/util/DisabledAlgorithmConstraints$Constraints.class */
    public static class Constraints {
        private Map<String, List<Constraint>> constraintsMap = new HashMap();

        /* loaded from: input_file:sun/security/util/DisabledAlgorithmConstraints$Constraints$Holder.class */
        private static class Holder {
            private static final Pattern DENY_AFTER_PATTERN = Pattern.compile("denyAfter\\s+(\\d{4})-(\\d{2})-(\\d{2})");

            private Holder() {
            }
        }

        public Constraints(String[] strArr) {
            Constraint usageConstraint;
            for (String str : strArr) {
                if (str != null && !str.isEmpty()) {
                    String trim = str.trim();
                    if (DisabledAlgorithmConstraints.debug != null) {
                        DisabledAlgorithmConstraints.debug.println("Constraints: " + trim);
                    }
                    int indexOf = trim.indexOf(32);
                    String hashName = AlgorithmDecomposer.hashName(indexOf > 0 ? trim.substring(0, indexOf) : trim);
                    List<Constraint> orDefault = this.constraintsMap.getOrDefault(hashName.toUpperCase(Locale.ENGLISH), new ArrayList(1));
                    Iterator<String> it = AlgorithmDecomposer.getAliases(hashName).iterator();
                    while (it.hasNext()) {
                        this.constraintsMap.putIfAbsent(it.next().toUpperCase(Locale.ENGLISH), orDefault);
                    }
                    if (indexOf <= 0) {
                        orDefault.add(new DisabledConstraint(hashName));
                    } else {
                        Constraint constraint = null;
                        boolean z = false;
                        boolean z2 = false;
                        for (String str2 : trim.substring(indexOf + 1).split("&")) {
                            String trim2 = str2.trim();
                            if (trim2.startsWith("keySize")) {
                                if (DisabledAlgorithmConstraints.debug != null) {
                                    DisabledAlgorithmConstraints.debug.println("Constraints set to keySize: " + trim2);
                                }
                                StringTokenizer stringTokenizer = new StringTokenizer(trim2);
                                if (!"keySize".equals(stringTokenizer.nextToken())) {
                                    throw new IllegalArgumentException("Error in security property. Constraint unknown: " + trim2);
                                }
                                usageConstraint = new KeySizeConstraint(hashName, Constraint.Operator.of(stringTokenizer.nextToken()), Integer.parseInt(stringTokenizer.nextToken()));
                            } else if (trim2.equalsIgnoreCase("jdkCA")) {
                                if (DisabledAlgorithmConstraints.debug != null) {
                                    DisabledAlgorithmConstraints.debug.println("Constraints set to jdkCA.");
                                }
                                if (z) {
                                    throw new IllegalArgumentException("Only one jdkCA entry allowed in property. Constraint: " + trim);
                                }
                                usageConstraint = new jdkCAConstraint(hashName);
                                z = true;
                            } else {
                                if (trim2.startsWith("denyAfter")) {
                                    Matcher matcher = Holder.DENY_AFTER_PATTERN.matcher(trim2);
                                    if (matcher.matches()) {
                                        if (DisabledAlgorithmConstraints.debug != null) {
                                            DisabledAlgorithmConstraints.debug.println("Constraints set to denyAfter");
                                        }
                                        if (z2) {
                                            throw new IllegalArgumentException("Only one denyAfter entry allowed in property. Constraint: " + trim);
                                        }
                                        usageConstraint = new DenyAfterConstraint(hashName, Integer.parseInt(matcher.group(1)), Integer.parseInt(matcher.group(2)), Integer.parseInt(matcher.group(3)));
                                        z2 = true;
                                    }
                                }
                                if (!trim2.startsWith("usage")) {
                                    throw new IllegalArgumentException("Error in security property. Constraint unknown: " + trim2);
                                }
                                String[] split = trim2.substring(5).trim().split(" ");
                                usageConstraint = new UsageConstraint(hashName, split);
                                if (DisabledAlgorithmConstraints.debug != null) {
                                    DisabledAlgorithmConstraints.debug.println("Constraints usage length is " + split.length);
                                }
                            }
                            if (constraint == null) {
                                orDefault.add(usageConstraint);
                            } else {
                                constraint.nextConstraint = usageConstraint;
                            }
                            constraint = usageConstraint;
                        }
                    }
                }
            }
        }

        private List<Constraint> getConstraints(String str) {
            return this.constraintsMap.get(str.toUpperCase(Locale.ENGLISH));
        }

        public boolean permits(Key key) {
            List<Constraint> constraints = getConstraints(key.getAlgorithm());
            if (constraints == null) {
                return true;
            }
            Iterator<Constraint> it = constraints.iterator();
            while (it.hasNext()) {
                if (!it.next().permits(key)) {
                    if (DisabledAlgorithmConstraints.debug == null) {
                        return false;
                    }
                    DisabledAlgorithmConstraints.debug.println("keySizeConstraint: failed key constraint check " + KeyUtil.getKeySize(key));
                    return false;
                }
            }
            return true;
        }

        public boolean permits(String str, AlgorithmParameters algorithmParameters) {
            List<Constraint> constraints = getConstraints(str);
            if (constraints == null) {
                return true;
            }
            Iterator<Constraint> it = constraints.iterator();
            while (it.hasNext()) {
                if (!it.next().permits(algorithmParameters)) {
                    if (DisabledAlgorithmConstraints.debug == null) {
                        return false;
                    }
                    DisabledAlgorithmConstraints.debug.println("keySizeConstraint: failed algorithm parameters constraint check " + ((Object) algorithmParameters));
                    return false;
                }
            }
            return true;
        }

        public void permits(String str, ConstraintsParameters constraintsParameters) throws CertPathValidatorException {
            X509Certificate certificate = constraintsParameters.getCertificate();
            if (DisabledAlgorithmConstraints.debug != null) {
                DisabledAlgorithmConstraints.debug.println("Constraints.permits(): " + str + " Variant: " + constraintsParameters.getVariant());
            }
            HashSet hashSet = new HashSet();
            if (str != null) {
                hashSet.addAll(AlgorithmDecomposer.decomposeOneHash(str));
                hashSet.add(str);
            }
            if (certificate != null) {
                hashSet.add(certificate.getPublicKey().getAlgorithm());
            }
            if (constraintsParameters.getPublicKey() != null) {
                hashSet.add(constraintsParameters.getPublicKey().getAlgorithm());
            }
            Iterator<E> it = hashSet.iterator();
            while (it.hasNext()) {
                List<Constraint> constraints = getConstraints((String) it.next());
                if (constraints != null) {
                    Iterator<Constraint> it2 = constraints.iterator();
                    while (it2.hasNext()) {
                        it2.next().permits(constraintsParameters);
                    }
                }
            }
        }
    }

    /* loaded from: input_file:sun/security/util/DisabledAlgorithmConstraints$DenyAfterConstraint.class */
    private static class DenyAfterConstraint extends Constraint {
        private Date denyAfterDate;
        private static final SimpleDateFormat dateFormat = new SimpleDateFormat("EEE, MMM d HH:mm:ss z yyyy");

        DenyAfterConstraint(String str, int i, int i2, int i3) {
            super();
            this.algorithm = str;
            if (DisabledAlgorithmConstraints.debug != null) {
                DisabledAlgorithmConstraints.debug.println("DenyAfterConstraint read in as:  year " + i + ", month = " + i2 + ", day = " + i3);
            }
            Calendar build = new Calendar.Builder().setTimeZone(TimeZone.getTimeZone("GMT")).setDate(i, i2 - 1, i3).build();
            if (i > build.getActualMaximum(1) || i < build.getActualMinimum(1)) {
                throw new IllegalArgumentException("Invalid year given in constraint: " + i);
            }
            if (i2 - 1 > build.getActualMaximum(2) || i2 - 1 < build.getActualMinimum(2)) {
                throw new IllegalArgumentException("Invalid month given in constraint: " + i2);
            }
            if (i3 > build.getActualMaximum(5) || i3 < build.getActualMinimum(5)) {
                throw new IllegalArgumentException("Invalid Day of Month given in constraint: " + i3);
            }
            this.denyAfterDate = build.getTime();
            if (DisabledAlgorithmConstraints.debug != null) {
                DisabledAlgorithmConstraints.debug.println("DenyAfterConstraint date set to: " + dateFormat.format(this.denyAfterDate));
            }
        }

        @Override // sun.security.util.DisabledAlgorithmConstraints.Constraint
        public void permits(ConstraintsParameters constraintsParameters) throws CertPathValidatorException {
            Date date;
            String str;
            if (constraintsParameters.getJARTimestamp() != null) {
                date = constraintsParameters.getJARTimestamp().getTimestamp();
                str = "JAR Timestamp date: ";
            } else if (constraintsParameters.getPKIXParamDate() != null) {
                date = constraintsParameters.getPKIXParamDate();
                str = "PKIXParameter date: ";
            } else {
                date = new Date();
                str = "Current date: ";
            }
            if (!this.denyAfterDate.after(date) && !next(constraintsParameters)) {
                throw new CertPathValidatorException("denyAfter constraint check failed: " + this.algorithm + " used with Constraint date: " + dateFormat.format(this.denyAfterDate) + "; " + str + dateFormat.format(date) + extendedMsg(constraintsParameters), null, null, -1, CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED);
            }
        }

        @Override // sun.security.util.DisabledAlgorithmConstraints.Constraint
        public boolean permits(Key key) {
            if (next(key)) {
                return true;
            }
            if (DisabledAlgorithmConstraints.debug != null) {
                DisabledAlgorithmConstraints.debug.println("DenyAfterConstraints.permits(): " + this.algorithm);
            }
            return this.denyAfterDate.after(new Date());
        }
    }

    /* loaded from: input_file:sun/security/util/DisabledAlgorithmConstraints$DisabledConstraint.class */
    private static class DisabledConstraint extends Constraint {
        DisabledConstraint(String str) {
            super();
            this.algorithm = str;
        }

        @Override // sun.security.util.DisabledAlgorithmConstraints.Constraint
        public void permits(ConstraintsParameters constraintsParameters) throws CertPathValidatorException {
            throw new CertPathValidatorException("Algorithm constraints check failed on disabled algorithm: " + this.algorithm + extendedMsg(constraintsParameters), null, null, -1, CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED);
        }

        @Override // sun.security.util.DisabledAlgorithmConstraints.Constraint
        public boolean permits(Key key) {
            return false;
        }
    }

    /* loaded from: input_file:sun/security/util/DisabledAlgorithmConstraints$KeySizeConstraint.class */
    private static class KeySizeConstraint extends Constraint {
        private int minSize;
        private int maxSize;
        private int prohibitedSize;
        private int size;

        public KeySizeConstraint(String str, Constraint.Operator operator, int i) {
            super();
            this.prohibitedSize = -1;
            this.algorithm = str;
            switch (operator) {
                case EQ:
                    this.minSize = 0;
                    this.maxSize = Integer.MAX_VALUE;
                    this.prohibitedSize = i;
                    return;
                case NE:
                    this.minSize = i;
                    this.maxSize = i;
                    return;
                case LT:
                    this.minSize = i;
                    this.maxSize = Integer.MAX_VALUE;
                    return;
                case LE:
                    this.minSize = i + 1;
                    this.maxSize = Integer.MAX_VALUE;
                    return;
                case GT:
                    this.minSize = 0;
                    this.maxSize = i;
                    return;
                case GE:
                    this.minSize = 0;
                    this.maxSize = i > 1 ? i - 1 : 0;
                    return;
                default:
                    this.minSize = Integer.MAX_VALUE;
                    this.maxSize = -1;
                    return;
            }
        }

        @Override // sun.security.util.DisabledAlgorithmConstraints.Constraint
        public void permits(ConstraintsParameters constraintsParameters) throws CertPathValidatorException {
            Key key = null;
            if (constraintsParameters.getPublicKey() != null) {
                key = constraintsParameters.getPublicKey();
            } else if (constraintsParameters.getCertificate() != null) {
                key = constraintsParameters.getCertificate().getPublicKey();
            }
            if (key == null || permitsImpl(key)) {
                return;
            }
            if (this.nextConstraint == null) {
                throw new CertPathValidatorException("Algorithm constraints check failed on keysize limits. " + this.algorithm + " " + KeyUtil.getKeySize(key) + "bit key" + extendedMsg(constraintsParameters), null, null, -1, CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED);
            }
            this.nextConstraint.permits(constraintsParameters);
        }

        @Override // sun.security.util.DisabledAlgorithmConstraints.Constraint
        public boolean permits(Key key) {
            if (this.nextConstraint != null && this.nextConstraint.permits(key)) {
                return true;
            }
            if (DisabledAlgorithmConstraints.debug != null) {
                DisabledAlgorithmConstraints.debug.println("KeySizeConstraints.permits(): " + this.algorithm);
            }
            return permitsImpl(key);
        }

        @Override // sun.security.util.DisabledAlgorithmConstraints.Constraint
        public boolean permits(AlgorithmParameters algorithmParameters) {
            String algorithm = algorithmParameters.getAlgorithm();
            if (!this.algorithm.equalsIgnoreCase(algorithmParameters.getAlgorithm()) && !AlgorithmDecomposer.getAliases(this.algorithm).contains(algorithm)) {
                return true;
            }
            int keySize = KeyUtil.getKeySize(algorithmParameters);
            if (keySize == 0) {
                return false;
            }
            if (keySize > 0) {
                return keySize >= this.minSize && keySize <= this.maxSize && this.prohibitedSize != keySize;
            }
            return true;
        }

        private boolean permitsImpl(Key key) {
            if (this.algorithm.compareToIgnoreCase(key.getAlgorithm()) != 0) {
                return true;
            }
            this.size = KeyUtil.getKeySize(key);
            if (this.size == 0) {
                return false;
            }
            if (this.size > 0) {
                return this.size >= this.minSize && this.size <= this.maxSize && this.prohibitedSize != this.size;
            }
            return true;
        }
    }

    /* loaded from: input_file:sun/security/util/DisabledAlgorithmConstraints$UsageConstraint.class */
    private static class UsageConstraint extends Constraint {
        String[] usages;

        UsageConstraint(String str, String[] strArr) {
            super();
            this.algorithm = str;
            this.usages = strArr;
        }

        @Override // sun.security.util.DisabledAlgorithmConstraints.Constraint
        public void permits(ConstraintsParameters constraintsParameters) throws CertPathValidatorException {
            for (String str : this.usages) {
                String str2 = null;
                if (str.compareToIgnoreCase("TLSServer") == 0) {
                    str2 = Validator.VAR_TLS_SERVER;
                } else if (str.compareToIgnoreCase("TLSClient") == 0) {
                    str2 = Validator.VAR_TLS_CLIENT;
                } else if (str.compareToIgnoreCase("SignedJAR") == 0) {
                    str2 = Validator.VAR_PLUGIN_CODE_SIGNING;
                }
                if (DisabledAlgorithmConstraints.debug != null) {
                    DisabledAlgorithmConstraints.debug.println("Checking if usage constraint \"" + str2 + "\" matches \"" + constraintsParameters.getVariant() + "\"");
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    new Exception().printStackTrace(new PrintStream(byteArrayOutputStream));
                    DisabledAlgorithmConstraints.debug.println(byteArrayOutputStream.toString());
                }
                if (constraintsParameters.getVariant().compareTo(str2) == 0) {
                    if (!next(constraintsParameters)) {
                        throw new CertPathValidatorException("Usage constraint " + str + " check failed: " + this.algorithm + extendedMsg(constraintsParameters), null, null, -1, CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED);
                    }
                    return;
                }
            }
        }
    }

    /* loaded from: input_file:sun/security/util/DisabledAlgorithmConstraints$jdkCAConstraint.class */
    private static class jdkCAConstraint extends Constraint {
        jdkCAConstraint(String str) {
            super();
            this.algorithm = str;
        }

        @Override // sun.security.util.DisabledAlgorithmConstraints.Constraint
        public void permits(ConstraintsParameters constraintsParameters) throws CertPathValidatorException {
            if (DisabledAlgorithmConstraints.debug != null) {
                DisabledAlgorithmConstraints.debug.println("jdkCAConstraints.permits(): " + this.algorithm);
            }
            if (constraintsParameters.isTrustedMatch() && !next(constraintsParameters)) {
                throw new CertPathValidatorException("Algorithm constraints check failed on certificate anchor limits. " + this.algorithm + extendedMsg(constraintsParameters), null, null, -1, CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED);
            }
        }
    }

    public DisabledAlgorithmConstraints(String str) {
        this(str, new AlgorithmDecomposer());
    }

    public DisabledAlgorithmConstraints(String str, AlgorithmDecomposer algorithmDecomposer) {
        super(algorithmDecomposer);
        this.disabledAlgorithms = getAlgorithms(str);
        this.algorithmConstraints = new Constraints(this.disabledAlgorithms);
    }

    @Override // java.security.AlgorithmConstraints
    public final boolean permits(Set<CryptoPrimitive> set, String str, AlgorithmParameters algorithmParameters) {
        if (!checkAlgorithm(this.disabledAlgorithms, str, this.decomposer)) {
            return false;
        }
        if (algorithmParameters != null) {
            return this.algorithmConstraints.permits(str, algorithmParameters);
        }
        return true;
    }

    @Override // java.security.AlgorithmConstraints
    public final boolean permits(Set<CryptoPrimitive> set, Key key) {
        return checkConstraints(set, "", key, null);
    }

    @Override // java.security.AlgorithmConstraints
    public final boolean permits(Set<CryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("No algorithm name specified");
        }
        return checkConstraints(set, str, key, algorithmParameters);
    }

    public final void permits(ConstraintsParameters constraintsParameters) throws CertPathValidatorException {
        permits(constraintsParameters.getAlgorithm(), constraintsParameters);
    }

    public final void permits(String str, Key key, AlgorithmParameters algorithmParameters, String str2) throws CertPathValidatorException {
        permits(str, new ConstraintsParameters(str, algorithmParameters, key, str2 == null ? Validator.VAR_GENERIC : str2));
    }

    public final void permits(String str, ConstraintsParameters constraintsParameters) throws CertPathValidatorException {
        this.algorithmConstraints.permits(str, constraintsParameters);
    }

    public boolean checkProperty(String str) {
        String lowerCase = str.toLowerCase(Locale.ENGLISH);
        for (String str2 : this.disabledAlgorithms) {
            if (str2.toLowerCase(Locale.ENGLISH).indexOf(lowerCase) >= 0) {
                return true;
            }
        }
        return false;
    }

    private boolean checkConstraints(Set<CryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
        if (key == null) {
            throw new IllegalArgumentException("The key cannot be null");
        }
        if ((str == null || str.length() == 0 || permits(set, str, algorithmParameters)) && permits(set, key.getAlgorithm(), null)) {
            return this.algorithmConstraints.permits(key);
        }
        return false;
    }
}
