package be.fedict.trust.constraints;

import be.fedict.trust.CertificateConstraint;
import java.security.cert.X509Certificate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:be/fedict/trust/constraints/KeyUsageCertificateConstraint.class */
public class KeyUsageCertificateConstraint implements CertificateConstraint {
    private static final Log LOG = LogFactory.getLog(KeyUsageCertificateConstraint.class);
    private static final int DIGITAL_SIGNATURE_IDX = 0;
    private static final int NON_REPUDIATION_IDX = 1;
    private static final int KEY_ENCIPHERMENT_IDX = 2;
    private static final int DATA_ENCIPHERMENT_IDX = 3;
    private static final int KEY_AGREEMENT_IDX = 4;
    private static final int KEY_CERT_SIGN_IDX = 5;
    private static final int CRL_SIGN_IDX = 6;
    private static final int ENCIPHER_ONLY_IDX = 7;
    private static final int DECIPHER_ONLY_IDX = 8;
    private final Boolean[] mask = new Boolean[9];

    public void setDigitalSignatureFilter(Boolean bool) {
        this.mask[0] = bool;
    }

    public void setNonRepudiationFilter(Boolean bool) {
        this.mask[1] = bool;
    }

    public void setKeyEnciphermentFilter(Boolean bool) {
        this.mask[2] = bool;
    }

    public void setDataEnciphermentFilter(Boolean bool) {
        this.mask[3] = bool;
    }

    public void setKeyAgreementFilter(Boolean bool) {
        this.mask[4] = bool;
    }

    public void setKeyCertificateSigningFilter(Boolean bool) {
        this.mask[5] = bool;
    }

    public void setCRLSigningFilter(Boolean bool) {
        this.mask[6] = bool;
    }

    public void setEncipherOnlyFilter(Boolean bool) {
        this.mask[7] = bool;
    }

    public void setDecipherOnlyFilter(Boolean bool) {
        this.mask[8] = bool;
    }

    @Override // be.fedict.trust.CertificateConstraint
    public boolean check(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (null == keyUsage) {
            LOG.debug("no key usage extension for certificate: " + x509Certificate.getSubjectX500Principal());
            return false;
        }
        for (int i = 0; i < this.mask.length; i++) {
            Boolean bool = this.mask[i];
            if (null != bool) {
                if (false == bool.booleanValue()) {
                    if (keyUsage[i]) {
                        LOG.debug("should not have key usage: " + i);
                        return false;
                    }
                } else if (false == keyUsage[i]) {
                    LOG.debug("missing key usage: " + i);
                    return false;
                }
            }
        }
        LOG.debug("key usage checked");
        return true;
    }
}
