package org.globus.gsi.trustmanager;

import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Set;
import org.globus.gsi.GSIConstants;
import org.globus.gsi.proxy.ext.ProxyCertInfo;
import org.globus.gsi.util.ProxyCertificateUtil;

/* loaded from: input_file:BOOT-INF/lib/ssl-proxies-2.1.0.jar:org/globus/gsi/trustmanager/UnsupportedCriticalExtensionChecker.class */
public class UnsupportedCriticalExtensionChecker implements CertificateChecker {
    @Override // org.globus.gsi.trustmanager.CertificateChecker
    public void invoke(X509Certificate x509Certificate, GSIConstants.CertificateType certificateType) throws CertPathValidatorException {
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return;
        }
        Iterator<String> it = criticalExtensionOIDs.iterator();
        while (it.hasNext()) {
            isUnsupported(certificateType, it.next());
        }
    }

    private void isUnsupported(GSIConstants.CertificateType certificateType, String str) throws CertPathValidatorException {
        if (!(((str.equals(X509ProxyCertPathValidator.BASIC_CONSTRAINT_OID) || str.equals(X509ProxyCertPathValidator.KEY_USAGE_OID)) || (str.equals(ProxyCertInfo.OID.toString()) && ProxyCertificateUtil.isGsi4Proxy(certificateType))) || (str.equals(ProxyCertInfo.OLD_OID.toString()) && ProxyCertificateUtil.isGsi3Proxy(certificateType)))) {
            throw new CertPathValidatorException("Critical extension with unsupported OID " + str);
        }
    }
}
