package xch.bouncycastle.cert.path.validations;

import xch.bouncycastle.asn1.x509.Extension;
import xch.bouncycastle.asn1.x509.KeyUsage;
import xch.bouncycastle.cert.X509CertificateHolder;
import xch.bouncycastle.cert.path.CertPathValidation;
import xch.bouncycastle.cert.path.CertPathValidationContext;
import xch.bouncycastle.cert.path.CertPathValidationException;
import xch.bouncycastle.util.Memoable;

/* loaded from: classes.dex */
public class KeyUsageValidation implements CertPathValidation {

    /* renamed from: a, reason: collision with root package name */
    private boolean f997a;

    public KeyUsageValidation() {
        this(true);
    }

    public KeyUsageValidation(boolean z) {
        this.f997a = z;
    }

    @Override // xch.bouncycastle.cert.path.CertPathValidation
    public void a(CertPathValidationContext certPathValidationContext, X509CertificateHolder x509CertificateHolder) {
        certPathValidationContext.a(Extension.A5);
        if (certPathValidationContext.b()) {
            return;
        }
        KeyUsage a2 = KeyUsage.a(x509CertificateHolder.f());
        if (a2 != null) {
            if (!a2.a(4)) {
                throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
            }
        } else if (this.f997a) {
            throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
        }
    }

    @Override // xch.bouncycastle.util.Memoable
    public void a(Memoable memoable) {
        this.f997a = ((KeyUsageValidation) memoable).f997a;
    }

    @Override // xch.bouncycastle.util.Memoable
    public Memoable c() {
        return new KeyUsageValidation(this.f997a);
    }
}
