package com.digt.trusted.tsp;

import com.digt.trusted.asn1.ASN1InputStream;
import com.digt.trusted.asn1.ASN1OctetString;
import com.digt.trusted.asn1.x509.ExtendedKeyUsage;
import com.digt.trusted.asn1.x509.KeyPurposeId;
import com.digt.trusted.asn1.x509.X509Extensions;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;

/* loaded from: input_file:com/digt/trusted/tsp/TSPUtil.class */
public class TSPUtil {
    public static void validateCertificate(X509Certificate x509Certificate) throws TSPValidationException {
        if (x509Certificate.getVersion() != 3) {
            throw new IllegalArgumentException("Certificate must have an ExtendedKeyUsage extension.");
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.ExtendedKeyUsage.getId());
        if (extensionValue == null) {
            throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension.");
        }
        try {
            ExtendedKeyUsage extendedKeyUsage = ExtendedKeyUsage.getInstance(new ASN1InputStream(new ByteArrayInputStream(((ASN1OctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets())).readObject());
            if (extendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_timeStamping) && extendedKeyUsage.size() == 1) {
            } else {
                throw new TSPValidationException("ExtendedKeyUsage not solely time stamping.");
            }
        } catch (IOException e) {
            throw new TSPValidationException("cannot process ExtendedKeyUsage extension");
        }
    }
}
