package be.fedict.trust.constraints;

import be.fedict.trust.CertificateConstraint;
import be.fedict.trust.TrustValidator;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:be/fedict/trust/constraints/EndEntityCertificateConstraint.class */
public class EndEntityCertificateConstraint implements CertificateConstraint {
    private Map<String, Set<BigInteger>> endEntities = new HashMap();

    public void addEndEntity(X509Certificate x509Certificate) {
        addEndEntity(x509Certificate.getIssuerX500Principal().getName(), x509Certificate.getSerialNumber());
    }

    public void addEndEntity(String str, BigInteger bigInteger) {
        Set<BigInteger> set = this.endEntities.get(str);
        if (null == set) {
            set = new HashSet();
            this.endEntities.put(str, set);
        }
        set.add(bigInteger);
    }

    @Override // be.fedict.trust.CertificateConstraint
    public boolean check(X509Certificate x509Certificate) {
        if (TrustValidator.getSelfSignedResult(x509Certificate).isValid()) {
            return true;
        }
        Set<BigInteger> set = this.endEntities.get(x509Certificate.getIssuerX500Principal().getName());
        if (null == set) {
            return false;
        }
        return set.contains(x509Certificate.getSerialNumber());
    }
}
