package com.ntko.app.pdf.signature;

import com.ntko.app.support.RhLogger;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.List;
import org.spongycastle.asn1.x509.KeyPurposeId;

/* loaded from: classes2.dex */
public class SigUtils {
    private SigUtils() {
    }

    public static void checkCertificateUsage(X509Certificate x509Certificate) throws CertificateParsingException {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && !keyUsage[0] && !keyUsage[1]) {
            RhLogger.error("Certificate key usage does not include digitalSignature nor nonRepudiation");
        }
        List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
        if (extendedKeyUsage == null || extendedKeyUsage.contains(KeyPurposeId.id_kp_emailProtection.toString()) || extendedKeyUsage.contains(KeyPurposeId.id_kp_codeSigning.toString()) || extendedKeyUsage.contains(KeyPurposeId.anyExtendedKeyUsage.toString()) || extendedKeyUsage.contains("1.2.840.113583.1.1.5") || extendedKeyUsage.contains("1.3.6.1.4.1.311.10.3.12")) {
            return;
        }
        RhLogger.error("Certificate extended key usage does not include emailProtection, nor codeSigning, nor anyExtendedKeyUsage, nor 'Adobe Authentic Documents Trust'");
    }

    public static void checkResponderCertificateUsage(X509Certificate x509Certificate) throws CertificateParsingException {
        List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
        if (extendedKeyUsage == null || extendedKeyUsage.contains(KeyPurposeId.id_kp_OCSPSigning.toString())) {
            return;
        }
        RhLogger.error("Certificate extended key usage does not include OCSP responding");
    }

    public static void checkTimeStampCertificateUsage(X509Certificate x509Certificate) throws CertificateParsingException {
        List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
        if (extendedKeyUsage == null || extendedKeyUsage.contains(KeyPurposeId.id_kp_timeStamping.toString())) {
            return;
        }
        RhLogger.error("Certificate extended key usage does not include timeStamping");
    }
}
