package com.amazon.coral.internal.org.bouncycastle.cert.path.validations;

import com.amazon.coral.internal.org.bouncycastle.asn1.x509.C$Extension;
import com.amazon.coral.internal.org.bouncycastle.asn1.x509.C$KeyUsage;
import com.amazon.coral.internal.org.bouncycastle.cert.C$X509CertificateHolder;
import com.amazon.coral.internal.org.bouncycastle.cert.path.C$CertPathValidation;
import com.amazon.coral.internal.org.bouncycastle.cert.path.C$CertPathValidationContext;
import com.amazon.coral.internal.org.bouncycastle.cert.path.C$CertPathValidationException;
import com.amazon.coral.internal.org.bouncycastle.util.C$Memoable;

/* renamed from: com.amazon.coral.internal.org.bouncycastle.cert.path.validations.$KeyUsageValidation, reason: invalid class name */
/* loaded from: classes3.dex */
public class C$KeyUsageValidation implements C$CertPathValidation {
    private boolean isMandatory;

    public C$KeyUsageValidation() {
        this(true);
    }

    public C$KeyUsageValidation(boolean z) {
        this.isMandatory = z;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.util.C$Memoable
    public C$Memoable copy() {
        return new C$KeyUsageValidation(this.isMandatory);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.util.C$Memoable
    public void reset(C$Memoable c$Memoable) {
        this.isMandatory = ((C$KeyUsageValidation) c$Memoable).isMandatory;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.cert.path.C$CertPathValidation
    public void validate(C$CertPathValidationContext c$CertPathValidationContext, C$X509CertificateHolder c$X509CertificateHolder) throws C$CertPathValidationException {
        c$CertPathValidationContext.addHandledExtension(C$Extension.keyUsage);
        if (c$CertPathValidationContext.isEndEntity()) {
            return;
        }
        C$KeyUsage fromExtensions = C$KeyUsage.fromExtensions(c$X509CertificateHolder.getExtensions());
        if (fromExtensions != null) {
            if (!fromExtensions.hasUsages(4)) {
                throw new C$CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
            }
        } else if (this.isMandatory) {
            throw new C$CertPathValidationException("KeyUsage extension not present in CA certificate");
        }
    }
}
