package o;

import java.security.GeneralSecurityException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.x509.AdvancedCertificateVerifier;
import org.slf4j.Logger;

/* loaded from: classes7.dex */
public class kct implements AdvancedCertificateVerifier {
    private static final Logger e = keo.d(kct.class);
    private final X509Certificate[] b;

    public kct(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null) {
            throw new NullPointerException("root certificates must not be null!");
        }
        this.b = x509CertificateArr;
    }

    @Override // org.eclipse.californium.scandium.dtls.x509.CertificateVerifier
    public X509Certificate[] getAcceptedIssuers() {
        return this.b;
    }

    @Override // org.eclipse.californium.scandium.dtls.x509.AdvancedCertificateVerifier
    public CertPath verifyCertificate(Boolean bool, boolean z, kai kaiVar, kau kauVar) throws kbe {
        try {
            CertPath a2 = kaiVar.a();
            if (bool != null) {
                List<? extends Certificate> certificates = a2.getCertificates();
                if (!certificates.isEmpty()) {
                    Certificate certificate = certificates.get(0);
                    if ((certificate instanceof X509Certificate) && !jzx.a((X509Certificate) certificate, bool.booleanValue())) {
                        e.debug("Certificate validation failed: key usage doesn't match");
                        throw new kbe("Key Usage doesn't match!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, kauVar.y()));
                    }
                }
            }
            return jzx.c(z, a2, this.b);
        } catch (GeneralSecurityException e2) {
            if (e.isTraceEnabled()) {
                e.trace("Certificate validation failed", (Throwable) e2);
            } else if (e.isDebugEnabled()) {
                e.debug("Certificate validation failed due to {}", e2.getMessage());
            }
            throw new kbe("Certificate chain could not be validated", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, kauVar.y()), e2);
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.x509.CertificateVerifier
    public void verifyCertificate(kai kaiVar, kau kauVar) throws kbe {
        try {
            jzx.c(false, kaiVar.a(), this.b);
        } catch (GeneralSecurityException e2) {
            if (e.isTraceEnabled()) {
                e.trace("Certificate validation failed", (Throwable) e2);
            } else if (e.isDebugEnabled()) {
                e.debug("Certificate validation failed due to {}", e2.getMessage());
            }
            throw new kbe("Certificate chain could not be validated", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, kauVar.y()), e2);
        }
    }
}
