package mitm.common.security.certpath;

import java.io.IOException;
import java.security.cert.CRLException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import mitm.common.security.certificate.X509CertificateInspector;
import mitm.common.security.crl.CRLDistributionPointsInspector;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.X509Extension;

/* loaded from: classes2.dex */
public class CRLDistPointCertPathChecker extends PKIXCertPathChecker {
    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("Certificate is not a X509Certificate.");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (collection == null || !collection.contains(X509Extension.cRLDistributionPoints.getId())) {
            return;
        }
        try {
            CRLDistPoint cRLDistibutionPoints = X509CertificateInspector.getCRLDistibutionPoints(x509Certificate);
            if (cRLDistibutionPoints == null) {
                throw new CertPathValidatorException("CRLDistributionPoints is critical but CRLDistPoint is null.");
            }
            Set<String> uRIDistributionPointNames = CRLDistributionPointsInspector.getURIDistributionPointNames(cRLDistibutionPoints);
            if (uRIDistributionPointNames == null || uRIDistributionPointNames.size() == 0) {
                throw new CertPathValidatorException("CRLDistributionPoints does not contain a supported URI.");
            }
            collection.remove(X509Extension.cRLDistributionPoints.getId());
        } catch (IOException e) {
            throw new CertPathValidatorException(e);
        } catch (CRLException e2) {
            throw new CertPathValidatorException(e2);
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        HashSet hashSet = new HashSet();
        hashSet.add(X509Extension.cRLDistributionPoints.getId());
        return hashSet;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return true;
    }
}
