package be.fedict.trust.constraints;

import be.fedict.trust.CertificateConstraint;
import java.security.cert.X509Certificate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.tsp.TSPUtil;
import org.bouncycastle.tsp.TSPValidationException;

/* loaded from: input_file:be/fedict/trust/constraints/TSACertificateConstraint.class */
public class TSACertificateConstraint implements CertificateConstraint {
    private static final Log LOG = LogFactory.getLog(TSACertificateConstraint.class);

    @Override // be.fedict.trust.CertificateConstraint
    public boolean check(X509Certificate x509Certificate) {
        try {
            TSPUtil.validateCertificate(x509Certificate);
            return true;
        } catch (TSPValidationException e) {
            LOG.error("ExtendedKeyUsage extension with value \"id-kp-timeStamping\" not present.");
            return false;
        }
    }
}
