package sun.security.provider.certpath;

import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import sun.security.util.Debug;
import sun.security.util.DerInputStream;
import sun.security.util.KnownOIDs;
import sun.security.x509.AuthorityKeyIdentifierExtension;
import sun.security.x509.SerialNumber;

/* loaded from: input_file:BOOT-INF/lib/java.base-2021-07-23.jar:META-INF/modules/java.base/classes/sun/security/provider/certpath/AdaptableX509CertSelector.class */
class AdaptableX509CertSelector extends X509CertSelector {
    private static final Debug debug = Debug.getInstance("certpath");
    private Date startDate;
    private Date endDate;
    private byte[] ski;
    private BigInteger serial;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setValidityPeriod(Date date, Date date2) {
        this.startDate = date;
        this.endDate = date2;
    }

    @Override // java.security.cert.X509CertSelector
    public void setSubjectKeyIdentifier(byte[] bArr) {
        throw new IllegalArgumentException();
    }

    @Override // java.security.cert.X509CertSelector
    public void setSerialNumber(BigInteger bigInteger) {
        throw new IllegalArgumentException();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension authorityKeyIdentifierExtension) throws IOException {
        this.ski = null;
        this.serial = null;
        if (authorityKeyIdentifierExtension != null) {
            this.ski = authorityKeyIdentifierExtension.getEncodedKeyIdentifier();
            SerialNumber serialNumber = (SerialNumber) authorityKeyIdentifierExtension.get(AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
            if (serialNumber != null) {
                this.serial = serialNumber.getNumber();
            }
        }
    }

    @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
    public boolean match(Certificate certificate) {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!matchSubjectKeyID(x509Certificate)) {
            return false;
        }
        int version = x509Certificate.getVersion();
        if (this.serial != null && version > 2 && !this.serial.equals(x509Certificate.getSerialNumber())) {
            return false;
        }
        if (version < 3) {
            if (this.startDate != null) {
                try {
                    x509Certificate.checkValidity(this.startDate);
                } catch (CertificateException e) {
                    return false;
                }
            }
            if (this.endDate != null) {
                try {
                    x509Certificate.checkValidity(this.endDate);
                } catch (CertificateException e2) {
                    return false;
                }
            }
        }
        return super.match(certificate);
    }

    private boolean matchSubjectKeyID(X509Certificate x509Certificate) {
        if (this.ski == null) {
            return true;
        }
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(KnownOIDs.SubjectKeyID.value());
            if (extensionValue == null) {
                if (debug == null || !Debug.isVerbose()) {
                    return true;
                }
                debug.println("AdaptableX509CertSelector.match: no subject key ID extension. Subject: " + ((Object) x509Certificate.getSubjectX500Principal()));
                return true;
            }
            byte[] octetString = new DerInputStream(extensionValue).getOctetString();
            if (octetString != null && Arrays.equals(this.ski, octetString)) {
                return true;
            }
            if (debug == null || !Debug.isVerbose()) {
                return false;
            }
            debug.println("AdaptableX509CertSelector.match: subject key IDs don't match. Expected: " + Arrays.toString(this.ski) + " Cert's: " + Arrays.toString(octetString));
            return false;
        } catch (IOException e) {
            if (debug == null || !Debug.isVerbose()) {
                return false;
            }
            debug.println("AdaptableX509CertSelector.match: exception in subject key ID check");
            return false;
        }
    }

    @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
    public Object clone() {
        AdaptableX509CertSelector adaptableX509CertSelector = (AdaptableX509CertSelector) super.clone();
        if (this.startDate != null) {
            adaptableX509CertSelector.startDate = (Date) this.startDate.clone();
        }
        if (this.endDate != null) {
            adaptableX509CertSelector.endDate = (Date) this.endDate.clone();
        }
        if (this.ski != null) {
            adaptableX509CertSelector.ski = (byte[]) this.ski.clone();
        }
        return adaptableX509CertSelector;
    }
}
