package mitm.common.security.certificate.validator;

import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Set;
import mitm.common.security.certificate.ExtendedKeyUsageType;
import mitm.common.security.certificate.KeyUsageType;
import mitm.common.security.certificate.X509CertificateInspector;

/* loaded from: classes2.dex */
public class IsValidForSMIMEEncryption implements CertificateValidator {
    private String failureMessage;
    private final String name;

    public IsValidForSMIMEEncryption() {
        this(null);
    }

    public IsValidForSMIMEEncryption(String str) {
        this.failureMessage = "";
        this.name = str;
    }

    @Override // mitm.common.security.certificate.validator.CertificateValidator
    public String getFailureMessage() {
        return this.failureMessage;
    }

    @Override // mitm.common.security.certificate.validator.CertificateValidator
    public String getName() {
        return this.name;
    }

    @Override // mitm.common.security.certificate.validator.CertificateValidator
    public boolean isValid(Certificate certificate) throws CertificateException {
        if (!(certificate instanceof X509Certificate)) {
            this.failureMessage = "Certificate is not a X509Certificate";
            return false;
        }
        this.failureMessage = "";
        X509Certificate x509Certificate = (X509Certificate) certificate;
        Set<KeyUsageType> keyUsage = X509CertificateInspector.getKeyUsage(x509Certificate);
        boolean z = keyUsage == null || keyUsage.contains(KeyUsageType.KEYENCIPHERMENT);
        if (!z) {
            this.failureMessage = "Key usage does not allow " + KeyUsageType.KEYENCIPHERMENT;
            return z;
        }
        Set<ExtendedKeyUsageType> extendedKeyUsage = X509CertificateInspector.getExtendedKeyUsage(x509Certificate);
        boolean z2 = extendedKeyUsage == null || extendedKeyUsage.contains(ExtendedKeyUsageType.ANYKEYUSAGE) || extendedKeyUsage.contains(ExtendedKeyUsageType.EMAILPROTECTION);
        if (!z2) {
            this.failureMessage = "Extended key usage does not allow " + ExtendedKeyUsageType.EMAILPROTECTION;
        }
        return z2;
    }
}
