package com.citrix.cck.core.cert.path.validations;

import com.citrix.cck.core.asn1.x509.Extension;
import com.citrix.cck.core.asn1.x509.KeyUsage;
import com.citrix.cck.core.cert.X509CertificateHolder;
import com.citrix.cck.core.cert.path.CertPathValidation;
import com.citrix.cck.core.cert.path.CertPathValidationContext;
import com.citrix.cck.core.cert.path.CertPathValidationException;
import com.citrix.cck.core.util.Memoable;

/* loaded from: classes2.dex */
public class KeyUsageValidation implements CertPathValidation {

    /* renamed from: a, reason: collision with root package name */
    private boolean f1176a;

    public KeyUsageValidation() {
        this(true);
    }

    public KeyUsageValidation(boolean z) {
        this.f1176a = z;
    }

    @Override // com.citrix.cck.core.util.Memoable
    public Memoable copy() {
        return new KeyUsageValidation(this.f1176a);
    }

    @Override // com.citrix.cck.core.util.Memoable
    public void reset(Memoable memoable) {
        this.f1176a = ((KeyUsageValidation) memoable).f1176a;
    }

    @Override // com.citrix.cck.core.cert.path.CertPathValidation
    public void validate(CertPathValidationContext certPathValidationContext, X509CertificateHolder x509CertificateHolder) {
        certPathValidationContext.addHandledExtension(Extension.keyUsage);
        if (certPathValidationContext.isEndEntity()) {
            return;
        }
        KeyUsage fromExtensions = KeyUsage.fromExtensions(x509CertificateHolder.getExtensions());
        if (fromExtensions != null) {
            if (!fromExtensions.hasUsages(4)) {
                throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
            }
        } else if (this.f1176a) {
            throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
        }
    }
}
