package com.itextpdf.signatures.validation.extensions;

import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
import com.itextpdf.commons.bouncycastle.IBouncyCastleFactory;
import com.itextpdf.commons.bouncycastle.asn1.x509.IKeyPurposeId;
import com.itextpdf.signatures.SignerProperties;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:com/itextpdf/signatures/validation/extensions/ExtendedKeyUsageExtension.class */
public class ExtendedKeyUsageExtension extends CertificateExtension {
    public static final String ANY_EXTENDED_KEY_USAGE_OID = "2.5.29.37.0";
    public static final String TIME_STAMPING = "1.3.6.1.5.5.7.3.8";
    public static final String OCSP_SIGNING = "1.3.6.1.5.5.7.3.9";
    public static final String CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
    public static final String CLIENT_AUTH = "1.3.6.1.5.5.7.3.2";
    private static final IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.getFactory();
    public static final String EXPECTED_KEY_USAGES = "Expected extended key usages:";
    public static final String ACTUAL = "But found :";
    public static final String NO_EXTENDED_KEY_USAGES_WERE_FOUND = " But no extended key usages were found.";
    public static final String ERROR_OCCURRED_DURING_RETRIEVAL = " But error occurred during retrieval ";
    private final List<String> extendedKeyUsageOids;
    private String errorMessage;

    public ExtendedKeyUsageExtension(List<String> list) {
        super("2.5.29.37", FACTORY.createExtendedKeyUsage(createKeyPurposeIds(list)).toASN1Primitive());
        this.errorMessage = SignerProperties.IGNORED_ID;
        this.extendedKeyUsageOids = list;
    }

    @Override // com.itextpdf.signatures.validation.extensions.CertificateExtension
    public boolean existsInCertificate(X509Certificate x509Certificate) {
        try {
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            if (extendedKeyUsage == null) {
                this.errorMessage = NO_EXTENDED_KEY_USAGES_WERE_FOUND;
                return false;
            }
            if (extendedKeyUsage.contains(ANY_EXTENDED_KEY_USAGE_OID) || new HashSet(extendedKeyUsage).containsAll(this.extendedKeyUsageOids)) {
                return true;
            }
            StringBuilder sb = new StringBuilder(ACTUAL);
            char c = '(';
            Iterator<String> it = extendedKeyUsage.iterator();
            while (it.hasNext()) {
                sb.append(c).append(it.next());
                c = ',';
            }
            sb.append(')');
            this.errorMessage = sb.toString();
            return false;
        } catch (RuntimeException | CertificateParsingException e) {
            this.errorMessage = ERROR_OCCURRED_DURING_RETRIEVAL + e.getClass().getName() + " " + e.getMessage();
            return false;
        }
    }

    private static IKeyPurposeId[] createKeyPurposeIds(List<String> list) {
        IKeyPurposeId[] iKeyPurposeIdArr = new IKeyPurposeId[list.size()];
        for (int i = 0; i < list.size(); i++) {
            iKeyPurposeIdArr[i] = FACTORY.createKeyPurposeId(FACTORY.createASN1ObjectIdentifier(list.get(i)));
        }
        return iKeyPurposeIdArr;
    }

    @Override // com.itextpdf.signatures.validation.extensions.CertificateExtension
    public String getMessage() {
        StringBuilder sb = new StringBuilder(EXPECTED_KEY_USAGES);
        char c = '(';
        Iterator<String> it = this.extendedKeyUsageOids.iterator();
        while (it.hasNext()) {
            sb.append(c).append(it.next());
            c = ',';
        }
        sb.append(')');
        sb.append(this.errorMessage);
        return sb.toString();
    }
}
