package com.tongweb.gmssl.jsse.security.ssl;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:com/tongweb/gmssl/jsse/security/ssl/bp.class */
enum bp {
    NONE(Collections.emptySet()),
    CLIENT(new HashSet(Arrays.asList("2.5.29.37.0", "1.3.6.1.5.5.7.3.2"))),
    SERVER(new HashSet(Arrays.asList("2.5.29.37.0", "1.3.6.1.5.5.7.3.1", "2.16.840.1.113730.4.1", "1.3.6.1.4.1.311.10.3.3")));

    private Set<String> d;

    bp(Set set) {
        this.d = set;
    }

    private static boolean a(boolean[] zArr, int i) {
        return i < zArr.length && zArr[i];
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final bo a(X509Certificate x509Certificate, Date date) {
        if (this == NONE) {
            return bo.OK;
        }
        try {
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            if (extendedKeyUsage != null && Collections.disjoint(this.d, extendedKeyUsage)) {
                return bo.EXTENSION_MISMATCH;
            }
            boolean[] keyUsage = x509Certificate.getKeyUsage();
            if (keyUsage != null) {
                String algorithm = x509Certificate.getPublicKey().getAlgorithm();
                boolean a = a(keyUsage, 0);
                if (algorithm.equals("RSA")) {
                    if (!a && (this == CLIENT || !a(keyUsage, 2))) {
                        return bo.EXTENSION_MISMATCH;
                    }
                } else if (algorithm.equals("DSA")) {
                    if (!a) {
                        return bo.EXTENSION_MISMATCH;
                    }
                } else if (algorithm.equals("DH")) {
                    if (!a(keyUsage, 4)) {
                        return bo.EXTENSION_MISMATCH;
                    }
                } else if (algorithm.equals("EC")) {
                    if (!a) {
                        return bo.EXTENSION_MISMATCH;
                    }
                    if (this == SERVER && !a(keyUsage, 4)) {
                        return bo.EXTENSION_MISMATCH;
                    }
                }
            }
            try {
                x509Certificate.checkValidity(date);
                return bo.OK;
            } catch (CertificateException unused) {
                return bo.EXPIRED;
            }
        } catch (CertificateException unused2) {
            return bo.EXTENSION_MISMATCH;
        }
    }
}
