package org.bouncycastle.cert.path.validations;

import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.path.CertPathValidation;
import org.bouncycastle.cert.path.CertPathValidationContext;
import org.bouncycastle.cert.path.CertPathValidationException;
import org.bouncycastle.util.Memoable;

/* loaded from: classes5.dex */
public class KeyUsageValidation implements CertPathValidation {

    /* renamed from: a, reason: collision with root package name */
    private boolean f45101a;

    public KeyUsageValidation() {
        this(true);
    }

    public KeyUsageValidation(boolean z) {
        this.f45101a = z;
    }

    @Override // org.bouncycastle.util.Memoable
    public Memoable G() {
        return new KeyUsageValidation(this.f45101a);
    }

    @Override // org.bouncycastle.cert.path.CertPathValidation
    public void b(CertPathValidationContext certPathValidationContext, X509CertificateHolder x509CertificateHolder) throws CertPathValidationException {
        certPathValidationContext.a(Extension.f44498f);
        if (certPathValidationContext.d()) {
            return;
        }
        KeyUsage E = KeyUsage.E(x509CertificateHolder.d());
        if (E != null) {
            if (!E.H(4)) {
                throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
            }
        } else if (this.f45101a) {
            throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
        }
    }

    @Override // org.bouncycastle.util.Memoable
    public void g(Memoable memoable) {
        this.f45101a = ((KeyUsageValidation) memoable).f45101a;
    }
}
