package com.ibm.ecc.connectivity;

import com.ibm.ecc.common.Config;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Set;

/* loaded from: input_file:lib/ecc_v3.2.0/ConnectivityServices.jar:com/ibm/ecc/connectivity/CertPathChecker.class */
public class CertPathChecker extends PKIXCertPathChecker {
    String _securityMode;

    public CertPathChecker(String str) {
        this._securityMode = str;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        if (certificate instanceof X509Certificate) {
            String sigAlgName = ((X509Certificate) certificate).getSigAlgName();
            if (this._securityMode.equals(Config.SP800_131A)) {
                if (!sigAlgName.equals("SHA224withRSA") && !sigAlgName.equals("SHA256withRSA") && !sigAlgName.equals("SHA384withRSA") && !sigAlgName.equals("SHA512withRSA") && !sigAlgName.equals("SHA256withDSA") && !sigAlgName.equals("SHA224withECDSA") && !sigAlgName.equals("SHA256withECDSA") && !sigAlgName.equals("SHA384withECDSA") && !sigAlgName.equals("SHA512withECDSA")) {
                    throw new CertPathValidatorException(sigAlgName + " is not allowed");
                }
                return;
            }
            if (this._securityMode.equals(Config.SUITEB_128)) {
                if (!sigAlgName.equals("SHA256withECDSA") && !sigAlgName.equals("SHA384withECDSA") && !sigAlgName.equals("SHA512withECDSA")) {
                    throw new CertPathValidatorException(sigAlgName + " is not allowed");
                }
                return;
            }
            if (this._securityMode.equals(Config.SUITEB_192) && !sigAlgName.equals("SHA384withECDSA") && !sigAlgName.equals("SHA512withECDSA")) {
                throw new CertPathValidatorException(sigAlgName + " is not allowed");
            }
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return true;
    }
}
