package ru.CryptoPro.reprov.certpath;

import java.security.cert.CertPathValidatorException;
import java.security.cert.CertSelector;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXReason;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.reprov.cl_9;
import ru.CryptoPro.reprov.x509.PKIXExtensions;

/* loaded from: classes3.dex */
class KeyChecker extends PKIXCertPathChecker {

    /* renamed from: d, reason: collision with root package name */
    private static Set f18465d;

    /* renamed from: a, reason: collision with root package name */
    private final int f18466a;

    /* renamed from: b, reason: collision with root package name */
    private CertSelector f18467b;

    /* renamed from: c, reason: collision with root package name */
    private int f18468c;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(X509Certificate x509Certificate) {
        JCPLogger.finerFormat("KeyChecker.verifyCAKeyUsage() ---checking {0}...", "CA key usage");
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage == null) {
            return;
        }
        if (keyUsage[5]) {
            JCPLogger.finerFormat("KeyChecker.verifyCAKeyUsage() {0} verified.", "CA key usage");
            return;
        }
        if (cl_9.a()) {
            throw new CertPathValidatorException("CA key usage check failed: keyCertSign bit is not set", null, null, -1, PKIXReason.INVALID_KEY_USAGE);
        }
        throw new CertPathValidatorException("CA key usage check failed: keyCertSign bit is not set");
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        int i10 = this.f18468c - 1;
        this.f18468c = i10;
        if (i10 == 0) {
            CertSelector certSelector = this.f18467b;
            if (certSelector != null && !certSelector.match(x509Certificate)) {
                throw new CertPathValidatorException("target certificate constraints check failed");
            }
        } else {
            a(x509Certificate);
        }
        if (collection == null || collection.isEmpty()) {
            return;
        }
        collection.remove(PKIXExtensions.KeyUsage_Id.toString());
        collection.remove(PKIXExtensions.ExtendedKeyUsage_Id.toString());
        collection.remove(PKIXExtensions.SubjectAlternativeName_Id.toString());
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        if (f18465d == null) {
            HashSet hashSet = new HashSet();
            f18465d = hashSet;
            hashSet.add(PKIXExtensions.KeyUsage_Id.toString());
            f18465d.add(PKIXExtensions.ExtendedKeyUsage_Id.toString());
            f18465d.add(PKIXExtensions.SubjectAlternativeName_Id.toString());
            f18465d = Collections.unmodifiableSet(f18465d);
        }
        return f18465d;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z10) {
        if (z10) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f18468c = this.f18466a;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
