package com.fisec.jsse.provider;

import com.fisec.jsse.java.security.FMAlgorithmConstraints;
import com.fisec.jsse.java.security.FMCryptoPrimitive;
import java.security.AlgorithmParameters;
import java.security.Key;
import java.util.Set;

/* loaded from: classes2.dex */
public class ProvAlgorithmConstraints extends AbstractAlgorithmConstraints {
    public final FMAlgorithmConstraints configAlgorithmConstraints;
    public final boolean enableX509Constraints;
    public final Set<String> supportedSignatureAlgorithms;
    public static final String PROPERTY_TLS_DISABLED_ALGORITHMS = "jdk.tls.disabledAlgorithms";
    public static final String DEFAULT_TLS_DISABLED_ALGORITHMS = "SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves";
    public static final DisabledAlgorithmConstraints provTlsDisabledAlgorithms = DisabledAlgorithmConstraints.create(ProvAlgorithmDecomposer.INSTANCE_TLS, PROPERTY_TLS_DISABLED_ALGORITHMS, DEFAULT_TLS_DISABLED_ALGORITHMS);
    public static final String PROPERTY_CERTPATH_DISABLED_ALGORITHMS = "jdk.certpath.disabledAlgorithms";
    public static final String DEFAULT_CERTPATH_DISABLED_ALGORITHMS = "MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, include jdk.disabled.namedCurves";
    public static final DisabledAlgorithmConstraints provX509DisabledAlgorithms = DisabledAlgorithmConstraints.create(ProvAlgorithmDecomposer.INSTANCE_X509, PROPERTY_CERTPATH_DISABLED_ALGORITHMS, DEFAULT_CERTPATH_DISABLED_ALGORITHMS);
    public static final ProvAlgorithmConstraints DEFAULT = new ProvAlgorithmConstraints(null, true);
    public static final ProvAlgorithmConstraints DEFAULT_TLS_ONLY = new ProvAlgorithmConstraints(null, false);

    public ProvAlgorithmConstraints(FMAlgorithmConstraints fMAlgorithmConstraints, boolean z) {
        super(null);
        this.configAlgorithmConstraints = fMAlgorithmConstraints;
        this.supportedSignatureAlgorithms = null;
        this.enableX509Constraints = z;
    }

    public ProvAlgorithmConstraints(FMAlgorithmConstraints fMAlgorithmConstraints, String[] strArr, boolean z) {
        super(null);
        this.configAlgorithmConstraints = fMAlgorithmConstraints;
        this.supportedSignatureAlgorithms = AbstractAlgorithmConstraints.asUnmodifiableSet(strArr);
        this.enableX509Constraints = z;
    }

    private String getAlgorithm(String str) {
        int indexOf = str.indexOf(58);
        return indexOf < 0 ? str : str.substring(0, indexOf);
    }

    private boolean isSupportedSignatureAlgorithm(String str) {
        return containsIgnoreCase(this.supportedSignatureAlgorithms, str);
    }

    @Override // com.fisec.jsse.java.security.FMAlgorithmConstraints
    public boolean permits(Set<FMCryptoPrimitive> set, String str, AlgorithmParameters algorithmParameters) {
        DisabledAlgorithmConstraints disabledAlgorithmConstraints;
        checkPrimitives(set);
        checkAlgorithmName(str);
        if (this.supportedSignatureAlgorithms != null) {
            String algorithm = getAlgorithm(str);
            if (!isSupportedSignatureAlgorithm(str)) {
                return false;
            }
            str = algorithm;
        }
        FMAlgorithmConstraints fMAlgorithmConstraints = this.configAlgorithmConstraints;
        if (fMAlgorithmConstraints != null && !fMAlgorithmConstraints.permits(set, str, algorithmParameters)) {
            return false;
        }
        DisabledAlgorithmConstraints disabledAlgorithmConstraints2 = provTlsDisabledAlgorithms;
        if (disabledAlgorithmConstraints2 == null || disabledAlgorithmConstraints2.permits(set, str, algorithmParameters)) {
            return !this.enableX509Constraints || (disabledAlgorithmConstraints = provX509DisabledAlgorithms) == null || disabledAlgorithmConstraints.permits(set, str, algorithmParameters);
        }
        return false;
    }

    @Override // com.fisec.jsse.java.security.FMAlgorithmConstraints
    public boolean permits(Set<FMCryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
        DisabledAlgorithmConstraints disabledAlgorithmConstraints;
        checkPrimitives(set);
        checkAlgorithmName(str);
        checkKey(key);
        if (this.supportedSignatureAlgorithms != null) {
            String algorithm = getAlgorithm(str);
            if (!isSupportedSignatureAlgorithm(str)) {
                return false;
            }
            str = algorithm;
        }
        FMAlgorithmConstraints fMAlgorithmConstraints = this.configAlgorithmConstraints;
        if (fMAlgorithmConstraints != null && !fMAlgorithmConstraints.permits(set, str, key, algorithmParameters)) {
            return false;
        }
        DisabledAlgorithmConstraints disabledAlgorithmConstraints2 = provTlsDisabledAlgorithms;
        if (disabledAlgorithmConstraints2 == null || disabledAlgorithmConstraints2.permits(set, str, key, algorithmParameters)) {
            return !this.enableX509Constraints || (disabledAlgorithmConstraints = provX509DisabledAlgorithms) == null || disabledAlgorithmConstraints.permits(set, str, key, algorithmParameters);
        }
        return false;
    }

    @Override // com.fisec.jsse.java.security.FMAlgorithmConstraints
    public boolean permits(Set<FMCryptoPrimitive> set, Key key) {
        DisabledAlgorithmConstraints disabledAlgorithmConstraints;
        checkPrimitives(set);
        checkKey(key);
        FMAlgorithmConstraints fMAlgorithmConstraints = this.configAlgorithmConstraints;
        if (fMAlgorithmConstraints != null && !fMAlgorithmConstraints.permits(set, key)) {
            return false;
        }
        DisabledAlgorithmConstraints disabledAlgorithmConstraints2 = provTlsDisabledAlgorithms;
        if (disabledAlgorithmConstraints2 == null || disabledAlgorithmConstraints2.permits(set, key)) {
            return !this.enableX509Constraints || (disabledAlgorithmConstraints = provX509DisabledAlgorithms) == null || disabledAlgorithmConstraints.permits(set, key);
        }
        return false;
    }
}
