package java.security.cert;

import com.ibm.misc.Debug;
import com.ibm.security.x509.NameConstraintsExtension;
import com.ibm.security.x509.X500Name;
import java.io.IOException;
import java.security.PublicKey;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:cx390142-20050929-sdk.jar:sdk/jre/lib/core.jar:java/security/cert/TrustAnchor.class */
public class TrustAnchor {
    private static final Debug debug = Debug.getInstance("certpath");
    private byte[] nameConstraints;
    private X509Certificate trustedCert;
    private String caName;
    private X500Name caX500Name;
    private PublicKey pubKey;

    public TrustAnchor(X509Certificate x509Certificate, byte[] bArr) {
        if (x509Certificate == null) {
            throw new NullPointerException("the trustedCert parameter must be non-null");
        }
        setNameConstraints(bArr);
        this.trustedCert = x509Certificate;
        this.caName = null;
        this.caX500Name = null;
        this.pubKey = null;
    }

    public TrustAnchor(String str, PublicKey publicKey, byte[] bArr) {
        if (str == null) {
            throw new NullPointerException("the caName parameter must be non-null");
        }
        if (publicKey == null) {
            throw new NullPointerException("the pubKey parameter must be non-null");
        }
        if (str.length() == 0) {
            throw new IllegalArgumentException("the caName parameter must be a non-empty String");
        }
        try {
            this.caX500Name = new X500Name(str);
            this.caName = this.caX500Name.getRFC2253Name();
            this.pubKey = publicKey;
            this.trustedCert = null;
            setNameConstraints(bArr);
        } catch (IOException e) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException(e.getMessage());
            illegalArgumentException.initCause(e);
            throw illegalArgumentException;
        }
    }

    public final X509Certificate getTrustedCert() {
        return this.trustedCert;
    }

    public final String getCAName() {
        return this.caName;
    }

    public final PublicKey getCAPublicKey() {
        return this.pubKey;
    }

    public final byte[] getNameConstraints() {
        if (this.nameConstraints != null) {
            return (byte[]) this.nameConstraints.clone();
        }
        return null;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("TrustAnchor: \n");
        if (this.trustedCert != null) {
            stringBuffer.append(new StringBuffer().append("\tTrusted certificate: ").append(this.trustedCert.toString()).toString());
        } else {
            stringBuffer.append(new StringBuffer().append("\tTrusted ca: ").append(this.caName).toString());
            stringBuffer.append(new StringBuffer().append("\tTrusted ca public key: ").append(this.pubKey.toString()).toString());
        }
        if (this.nameConstraints != null) {
            try {
                stringBuffer.append(new StringBuffer().append("\t").append(new NameConstraintsExtension(Boolean.TRUE, this.nameConstraints).toString()).toString());
            } catch (IOException e) {
            }
        }
        return stringBuffer.toString();
    }

    private void setNameConstraints(byte[] bArr) throws IllegalArgumentException {
        if (bArr == null) {
            this.nameConstraints = null;
            return;
        }
        this.nameConstraints = (byte[]) bArr.clone();
        try {
            new NameConstraintsExtension(Boolean.TRUE, this.nameConstraints);
        } catch (IOException e) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException(e.getMessage());
            illegalArgumentException.initCause(e);
            throw illegalArgumentException;
        }
    }

    X500Principal getCA() {
        return this.trustedCert != null ? this.trustedCert.getSubjectX500Principal() : new X500Principal(this.caName);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X500Name getCAX500Name() {
        return this.caX500Name;
    }

    static {
        if (CertPathHelperInitializer.isInitialized()) {
            return;
        }
        CertPathHelperInitializer.init();
    }
}
