package asia.dbt.thundercrypt.core.verificators;

import asia.dbt.thundercrypt.core.Issuers;
import asia.dbt.thundercrypt.core.exceptions.verification.CertificateForAuthenticationException;
import asia.dbt.thundercrypt.core.exceptions.verification.CertificateNoHavePermissionsForSignException;
import asia.dbt.thundercrypt.core.exceptions.verification.CertificatePermissionException;
import asia.dbt.thundercrypt.core.utils.CertificatePermission;
import asia.dbt.thundercrypt.core.utils.CertificatePermissionUtil;
import asia.dbt.thundercrypt.core.utils.CertificatePolicy;
import asia.dbt.thundercrypt.core.utils.CertificateUtil;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.function.Consumer;

/* loaded from: input_file:asia/dbt/thundercrypt/core/verificators/SignVerification.class */
abstract class SignVerification {
    private Consumer<X509Certificate> action = null;
    private List<CertificatePermission> permissions = null;
    private List<CertificatePolicy> allowedPolicies = null;

    public void setCheckCertificatePermissionHandler(Consumer<X509Certificate> consumer) {
        this.action = consumer;
    }

    public void setPermissionsForCheck(List<CertificatePermission> list) {
        this.permissions = list;
    }

    public void setAllowedCertificatePolicies(List<CertificatePolicy> list) {
        this.allowedPolicies = list;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkCertificatePermissions(X509Certificate x509Certificate) throws CertificatePermissionException {
        if (this.action != null) {
            this.action.accept(x509Certificate);
        } else {
            checkPolicies(x509Certificate);
            checkPermissions(x509Certificate);
        }
    }

    private void checkPolicies(X509Certificate x509Certificate) throws CertificatePermissionException {
        if (this.allowedPolicies != null) {
            CertificatePermissionUtil.checkPolicies(x509Certificate, (CertificatePolicy[]) this.allowedPolicies.toArray(new CertificatePolicy[0]));
        } else if (!CertificatePermissionUtil.isKeyForSign(x509Certificate)) {
            throw new CertificateForAuthenticationException();
        }
    }

    private void checkPermissions(X509Certificate x509Certificate) throws CertificatePermissionException {
        if (CertificateUtil.checkCertficateIssuer(x509Certificate, Issuers.PKI_TTC) || CertificateUtil.checkCertficateIssuer(x509Certificate, Issuers.PKI_UCGO)) {
            return;
        }
        if (this.permissions == null) {
            if (!CertificatePermissionUtil.isHavePermissionsForSign(x509Certificate)) {
                throw new CertificateNoHavePermissionsForSignException();
            }
        } else {
            try {
                CertificatePermissionUtil.checkExtensionPermissions(x509Certificate, (CertificatePermission[]) this.permissions.toArray(new CertificatePermission[0]));
            } catch (Exception e) {
                throw new CertificateNoHavePermissionsForSignException();
            }
        }
    }
}
