package cfca.sadk.tls.sun.security.validator;

import cfca.sadk.tls.java.security.CFCAAlgorithmConstraints;
import cfca.sadk.tls.sun.security.util.CFCASSLHelper;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509Certificate;
import java.util.Collection;

/* loaded from: input_file:cfca/sadk/tls/sun/security/validator/TLSValidator.class */
public abstract class TLSValidator {
    static final String OID_BASIC_CONSTRAINTS = "2.5.29.19";
    static final String OID_NETSCAPE_CERT_TYPE = "2.16.840.1.113730.1.1";
    static final String OID_KEY_USAGE = "2.5.29.15";
    static final String OID_EXTENDED_KEY_USAGE = "2.5.29.37";
    static final String OID_EKU_ANY_USAGE = "2.5.29.37.0";
    static final X509Certificate[] CHAIN0 = new X509Certificate[0];
    final TLSKeyUsageChecker endEntityChecker;
    final TLSValidatorVariant variant;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TLSValidator(TLSValidatorVariant tLSValidatorVariant) {
        this.variant = tLSValidatorVariant;
        this.endEntityChecker = TLSKeyUsageChecker.getInstance(tLSValidatorVariant);
    }

    public static TLSValidator getInstance(TLSValidatorVariant tLSValidatorVariant, KeyStore keyStore) {
        return getInstance(tLSValidatorVariant, CFCASSLHelper.getTrustedCerts(keyStore));
    }

    public static TLSValidator getInstance(TLSValidatorVariant tLSValidatorVariant, Collection<X509Certificate> collection) {
        return new TLSPKIXValidator(tLSValidatorVariant, collection);
    }

    public static TLSValidator getInstance(TLSValidatorVariant tLSValidatorVariant, PKIXBuilderParameters pKIXBuilderParameters) {
        return new TLSPKIXValidator(tLSValidatorVariant, pKIXBuilderParameters);
    }

    public final X509Certificate[] validate(X509Certificate[] x509CertificateArr) throws CertificateException {
        return validate(x509CertificateArr, null, null);
    }

    public final X509Certificate[] validate(X509Certificate[] x509CertificateArr, Collection<X509Certificate> collection) throws CertificateException {
        return validate(x509CertificateArr, collection, null);
    }

    public final X509Certificate[] validate(X509Certificate[] x509CertificateArr, Collection<X509Certificate> collection, Object obj) throws CertificateException {
        return validate(x509CertificateArr, collection, null, obj);
    }

    public final X509Certificate[] validate(X509Certificate[] x509CertificateArr, Collection<X509Certificate> collection, CFCAAlgorithmConstraints cFCAAlgorithmConstraints, Object obj) throws CertificateException {
        X509Certificate[] engineValidate = engineValidate(x509CertificateArr, collection, cFCAAlgorithmConstraints, obj);
        if (engineValidate != null && engineValidate.length > 1) {
            this.endEntityChecker.check(engineValidate[0], obj);
        }
        return engineValidate;
    }

    abstract X509Certificate[] engineValidate(X509Certificate[] x509CertificateArr, Collection<X509Certificate> collection, CFCAAlgorithmConstraints cFCAAlgorithmConstraints, Object obj) throws CertificateException;

    public abstract Collection<X509Certificate> getTrustedCertificates();
}
