package be.fedict.trust.constraints;

import be.fedict.trust.CertificateConstraint;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.X509Extensions;

/* loaded from: input_file:be/fedict/trust/constraints/CertificatePoliciesCertificateConstraint.class */
public class CertificatePoliciesCertificateConstraint implements CertificateConstraint {
    private static final Log LOG = LogFactory.getLog(CertificatePoliciesCertificateConstraint.class);
    private Set<String> certificatePolicies = new HashSet();

    public void addCertificatePolicy(String str) {
        this.certificatePolicies.add(str);
    }

    @Override // be.fedict.trust.CertificateConstraint
    public boolean check(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.CertificatePolicies.getId());
        if (null == extensionValue) {
            return false;
        }
        try {
            Enumeration objects = ((ASN1Sequence) new ASN1InputStream(((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets()).readObject()).getObjects();
            while (objects.hasMoreElements()) {
                String id = PolicyInformation.getInstance(objects.nextElement()).getPolicyIdentifier().getId();
                LOG.debug("present policy OID: " + id);
                if (this.certificatePolicies.contains(id)) {
                    LOG.debug("matching certificate policy OID: " + id);
                    return true;
                }
            }
            return false;
        } catch (IOException e) {
            throw new RuntimeException("IO error: " + e.getMessage(), e);
        }
    }
}
