package org.bouncycastle.est.jcajce;

import a0.w0;
import java.security.GeneralSecurityException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Set;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;

/* loaded from: classes3.dex */
public class JcaJceUtils {

    /* renamed from: org.bouncycastle.est.jcajce.JcaJceUtils$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    final class AnonymousClass1 implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public final X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* renamed from: org.bouncycastle.est.jcajce.JcaJceUtils$2, reason: invalid class name */
    /* loaded from: classes3.dex */
    final class AnonymousClass2 implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(x509CertificateArr)), "BC");
                CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "BC");
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate(x509CertificateArr[0]);
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) null, x509CertSelector);
                pKIXBuilderParameters.addCertStore(certStore);
                pKIXBuilderParameters.setRevocationEnabled(false);
                JcaJceUtils.a(x509CertificateArr[0]);
            } catch (CertificateException e10) {
                throw e10;
            } catch (GeneralSecurityException e11) {
                StringBuilder o7 = w0.o("unable to process certificates: ");
                o7.append(e11.getMessage());
                throw new CertificateException(o7.toString(), e11);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public final X509Certificate[] getAcceptedIssuers() {
            throw null;
        }
    }

    public static void a(X509Certificate x509Certificate) throws CertificateException {
        Extension j10;
        try {
            X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(x509Certificate.getEncoded());
            Extensions extensions = x509CertificateHolder.f30526b;
            ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.f30309f;
            ASN1Encodable aSN1Encodable = null;
            if (extensions != null && (j10 = extensions.j(aSN1ObjectIdentifier)) != null) {
                aSN1Encodable = j10.j();
            }
            KeyUsage j11 = KeyUsage.j(aSN1Encodable);
            if (j11 != null) {
                if (j11.k(4)) {
                    throw new CertificateException("Key usage must not contain keyCertSign");
                }
                if (!j11.k(128) && !j11.k(32)) {
                    throw new CertificateException("Key usage must be none, digitalSignature or keyEncipherment");
                }
            }
            ExtendedKeyUsage j12 = ExtendedKeyUsage.j(x509CertificateHolder.f30526b);
            if (j12 != null && !j12.k(KeyPurposeId.f30357b) && !j12.k(KeyPurposeId.f30359d) && !j12.k(KeyPurposeId.f30360e)) {
                throw new CertificateException("Certificate extended key usage must include serverAuth, msSGC or nsSGC");
            }
        } catch (CertificateException e10) {
            throw e10;
        } catch (Exception e11) {
            throw new CertificateException(e11.getMessage(), e11);
        }
    }
}
