package com.bea.common.security.internal.utils;

import com.bea.common.security.internal.service.ServiceLogger;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;

/* loaded from: input_file:com/bea/common/security/internal/utils/X509Utils.class */
public class X509Utils {
    public static boolean isEmpty(CertPath certPath) {
        return certPath == null || certPath.getCertificates().size() == 0;
    }

    public static void validateOrdered(CertPath certPath) throws CertificateException {
        if (!certPath.getType().equals("X.509")) {
            throw new IllegalArgumentException(ServiceLogger.getNonX509CertPath());
        }
        Iterator<? extends Certificate> it = certPath.getCertificates().iterator();
        if (!it.hasNext()) {
            return;
        }
        X509Certificate x509Certificate = (X509Certificate) it.next();
        while (true) {
            X509Certificate x509Certificate2 = x509Certificate;
            if (!it.hasNext()) {
                return;
            }
            if (isSelfSigned(x509Certificate2)) {
                throw new CertificateException(ServiceLogger.getSelfSignedCertificateInChain(x509Certificate2.toString()));
            }
            X509Certificate x509Certificate3 = (X509Certificate) it.next();
            validateIssuedBy(x509Certificate2, x509Certificate3);
            x509Certificate = x509Certificate3;
        }
    }

    public static void validateIssuedBy(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertificateException {
        if (!x509Certificate.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal())) {
            throw new CertificateException(ServiceLogger.getIssuerDNMismatch(x509Certificate.toString(), x509Certificate2.toString()));
        }
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
        } catch (Exception e) {
            throw new CertificateException(ServiceLogger.getCertificateNotSignedByIssuer(x509Certificate.toString(), x509Certificate2.toString()));
        }
    }

    public static boolean isIssuedBy(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (!x509Certificate.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal())) {
            return false;
        }
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) {
        return isIssuedBy(x509Certificate, x509Certificate);
    }
}
