package org.spongycastle.cert.path.validations;

import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.path.CertPathValidation;
import org.spongycastle.cert.path.CertPathValidationContext;
import org.spongycastle.cert.path.CertPathValidationException;
import org.spongycastle.util.Memoable;

/* loaded from: classes2.dex */
public class KeyUsageValidation implements CertPathValidation {

    /* renamed from: b, reason: collision with root package name */
    public boolean f17325b;

    public KeyUsageValidation() {
        this(true);
    }

    public KeyUsageValidation(boolean z) {
        this.f17325b = z;
    }

    @Override // org.spongycastle.cert.path.CertPathValidation
    public void a(CertPathValidationContext certPathValidationContext, X509CertificateHolder x509CertificateHolder) {
        certPathValidationContext.g(Extension.f16774c);
        if (certPathValidationContext.j()) {
            return;
        }
        KeyUsage l = KeyUsage.l(x509CertificateHolder.m());
        if (l != null) {
            if (!l.m(4)) {
                throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
            }
        } else if (this.f17325b) {
            throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
        }
    }

    @Override // org.spongycastle.util.Memoable
    public Memoable f() {
        return new KeyUsageValidation(this.f17325b);
    }

    @Override // org.spongycastle.util.Memoable
    public void h(Memoable memoable) {
        this.f17325b = ((KeyUsageValidation) memoable).f17325b;
    }
}
