package ru.CryptoPro.sspiSSL.pc_2;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import ru.CryptoPro.AdES.tools.AdESUtility;

/* loaded from: classes4.dex */
public class cl_1 {
    public static final String a = "1.3.6.1.5.5.7.3.1";
    public static final String b = "1.3.6.1.5.5.7.3.2";
    private static final String c = "2.5.29.37";
    private static final String d = "1.3.6.1.5.5.7.3.3";
    private static final String e = "1.3.6.1.5.5.7.3.8";
    private static final String f = "2.5.29.37.0";
    private static final String g = "2.16.840.1.113730.4.1";
    private static final String h = "1.3.6.1.4.1.311.10.3.3";
    private static final String i = "2.5.29.17";
    private static final String j = "ssl_client";
    private static final String k = "ssl_server";
    private static final String l = "object_signing";
    private static final int m = 0;
    private static final int n = 2;
    private static final int o = 4;
    private final String p;
    private final String q;

    private cl_1(String str, String str2) {
        this.q = str;
        this.p = str2;
    }

    private Set a(X509Certificate x509Certificate) {
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        return criticalExtensionOIDs == null ? Collections.emptySet() : criticalExtensionOIDs;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static cl_1 a(String str, String str2) {
        return new cl_1(str, str2);
    }

    private void a(X509Certificate x509Certificate, String str, Set set) throws CertificateException {
        if (!a(x509Certificate, set, "1.3.6.1.5.5.7.3.2")) {
            throw new cl_6("Extended key usage does not permit use for TLS client authentication", cl_6.b, x509Certificate);
        }
    }

    private void a(X509Certificate x509Certificate, Set set) throws CertificateException {
        if (!a(x509Certificate, 0)) {
            throw new cl_6("KeyUsage does not allow digital signatures", cl_6.b, x509Certificate);
        }
        if (!a(x509Certificate, set, "1.3.6.1.5.5.7.3.3")) {
            throw new cl_6("Extended key usage does not permit use for code signing", cl_6.b, x509Certificate);
        }
        if (!this.p.equals("jce signing")) {
            if (!cl_4.a(x509Certificate, "object_signing")) {
                throw new cl_6("Netscape cert type does not permit use for code signing", cl_6.b, x509Certificate);
            }
            set.remove("2.16.840.1.113730.1.1");
        }
        set.remove(AdESUtility.KEY_USAGE);
        set.remove("2.5.29.37");
        a(set);
    }

    private void a(Set set) throws CertificateException {
        set.remove("2.5.29.19");
        set.remove(i);
        if (!set.isEmpty()) {
            throw new CertificateException("Certificate contains unsupported critical extensions: " + set);
        }
    }

    private boolean a(X509Certificate x509Certificate, int i2) throws CertificateException {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage == null) {
            return true;
        }
        return keyUsage.length > i2 && keyUsage[i2];
    }

    private boolean a(X509Certificate x509Certificate, Set set, String str) throws CertificateException {
        List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
        return extendedKeyUsage == null || extendedKeyUsage.contains(str) || extendedKeyUsage.contains(f);
    }

    private void b(X509Certificate x509Certificate, String str, Set set) throws CertificateException {
        if (!a(x509Certificate, set, "1.3.6.1.5.5.7.3.1")) {
            throw new cl_6("Extended key usage does not permit use for TLS server authentication", cl_6.b, x509Certificate);
        }
    }

    private void b(X509Certificate x509Certificate, Set set) throws CertificateException {
        if (!a(x509Certificate, 0)) {
            throw new cl_6("KeyUsage does not allow digital signatures", cl_6.b, x509Certificate);
        }
        if (x509Certificate.getExtendedKeyUsage() == null) {
            throw new cl_6("Certificate does not contain an extended key usage extension required for a TSA server", cl_6.b, x509Certificate);
        }
        if (!a(x509Certificate, set, "1.3.6.1.5.5.7.3.8")) {
            throw new cl_6("Extended key usage does not permit use for TSA server", cl_6.b, x509Certificate);
        }
        set.remove(AdESUtility.KEY_USAGE);
        set.remove("2.5.29.37");
        a(set);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(X509Certificate x509Certificate, Object obj, boolean z) throws CertificateException {
        if (this.p.equals("generic")) {
            return;
        }
        Set a2 = a(x509Certificate);
        if (this.p.equals("tls server")) {
            b(x509Certificate, (String) obj, a2);
        } else if (this.p.equals("tls client")) {
            a(x509Certificate, (String) obj, a2);
        } else if (this.p.equals("code signing") || this.p.equals("jce signing") || this.p.equals("plugin code signing")) {
            a(x509Certificate, a2);
        } else {
            if (!this.p.equals("tsa server")) {
                throw new CertificateException("Unknown variant: " + this.p);
            }
            b(x509Certificate, a2);
        }
        if (z) {
            a(a2);
        }
    }
}
