package org.eclipse.leshan.client.bootstrap;

import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/leshan/client/bootstrap/CertPathUtil.class */
public class CertPathUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CertPathUtil.class);
    private static final String SERVER_AUTHENTICATION = "1.3.6.1.5.5.7.3.1";
    private static final String CLIENT_AUTHENTICATION = "1.3.6.1.5.5.7.3.2";
    private static final int KEY_USAGE_SIGNATURE = 0;
    private static final int KEY_USAGE_CERTIFICATE_SIGNING = 5;

    public static boolean canBeUsedToVerifySignature(X509Certificate x509Certificate) {
        if (x509Certificate.getBasicConstraints() < 0) {
            LOGGER.debug("certificate: {}, not for CA!", x509Certificate.getSubjectX500Principal());
            return false;
        }
        if (x509Certificate.getKeyUsage() == null || x509Certificate.getKeyUsage()[5]) {
            return true;
        }
        LOGGER.debug("certificate: {}, not for certificate signing!", x509Certificate.getSubjectX500Principal());
        return false;
    }

    public static boolean canBeUsedForAuthentication(X509Certificate x509Certificate, boolean z) {
        if (x509Certificate.getKeyUsage() != null && !x509Certificate.getKeyUsage()[0]) {
            LOGGER.debug("certificate: {}, not for signing!", x509Certificate.getSubjectX500Principal());
            return false;
        }
        try {
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            if (extendedKeyUsage == null || extendedKeyUsage.isEmpty()) {
                LOGGER.debug("certificate: {}, no extkeyusage!", x509Certificate.getSubjectX500Principal());
            } else {
                LOGGER.trace("certificate: {}", x509Certificate.getSubjectX500Principal());
                String str = z ? CLIENT_AUTHENTICATION : SERVER_AUTHENTICATION;
                boolean z2 = false;
                for (String str2 : extendedKeyUsage) {
                    LOGGER.trace("   extkeyusage {}", str2);
                    if (str.equals(str2)) {
                        z2 = true;
                    }
                }
                if (!z2) {
                    LOGGER.debug("certificate: {}, not for {}!", x509Certificate.getSubjectX500Principal(), z ? "client" : "server");
                    return false;
                }
            }
            return true;
        } catch (CertificateParsingException e) {
            LOGGER.warn("x509 certificate:", (Throwable) e);
            return true;
        }
    }
}
