package ru.CryptoPro.reprov;

import com.objsys.asn1j.runtime.Asn1DerDecodeBuffer;
import com.objsys.asn1j.runtime.Asn1OctetString;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import ru.CryptoPro.JCP.ASN.CertificateExtensions.CertificatePoliciesSyntax;
import ru.CryptoPro.JCP.params.OID;
import ru.CryptoPro.JCP.tools.JCPLogger;

/* loaded from: classes4.dex */
public class TSPCertPolicyChecker extends PKIXCertPathChecker {
    private static Set a;

    private static boolean a(X509Certificate x509Certificate) throws CertPathValidatorException {
        JCPLogger.subEnter();
        try {
            OID oid = new OID("1.3.6.1.5.5.7.3.8");
            byte[] extensionValue = x509Certificate.getExtensionValue("1.3.6.1.4.1.311.21.10");
            if (extensionValue == null) {
                JCPLogger.fine("Value of the ApplicationCertPolicies extension is null.");
                JCPLogger.subExit();
                return true;
            }
            Asn1DerDecodeBuffer asn1DerDecodeBuffer = new Asn1DerDecodeBuffer(extensionValue);
            Asn1OctetString asn1OctetString = new Asn1OctetString();
            asn1OctetString.decode(asn1DerDecodeBuffer);
            CertificatePoliciesSyntax certificatePoliciesSyntax = new CertificatePoliciesSyntax();
            certificatePoliciesSyntax.decode(new Asn1DerDecodeBuffer(asn1OctetString.value));
            if (certificatePoliciesSyntax.elements != null && certificatePoliciesSyntax.elements.length != 0) {
                for (int i = 0; i < certificatePoliciesSyntax.elements.length; i++) {
                    if (oid.equals(new OID(certificatePoliciesSyntax.elements[i].policyIdentifier.value))) {
                        JCPLogger.fine("Certificate policies have been found.");
                        JCPLogger.subExit();
                        return true;
                    }
                }
                JCPLogger.fine("ApplicationCertPolicies extension does not contain the policy: " + oid);
                JCPLogger.subExit();
                return false;
            }
            JCPLogger.fine("Certificate policies are null.");
            JCPLogger.subExit();
            return true;
        } catch (Exception e) {
            throw new CertPathValidatorException(e);
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) throws CertPathValidatorException {
        JCPLogger.subEnter();
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (collection != null && !collection.isEmpty() && cl_1.a(x509Certificate) && a(x509Certificate)) {
            collection.remove("1.3.6.1.4.1.311.21.10");
        }
        JCPLogger.subExit();
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        if (a == null) {
            HashSet hashSet = new HashSet();
            a = hashSet;
            hashSet.add("1.3.6.1.4.1.311.21.10");
            a = Collections.unmodifiableSet(a);
        }
        return a;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
