package crysec.SSL;

import crysec.X509;

/* loaded from: input_file:crysec/SSL/SSLCertificateVerifier.class */
public class SSLCertificateVerifier {
    public static final int OK = 0;
    public static final int BAD = 1;
    public static final int UNSUPPORTED = 2;
    public static final int REVOKED = 3;
    public static final int EXPIRED = 4;
    public static final int UNKNOWN_ERROR = 5;
    private boolean requireKnownCA;

    public SSLCertificateVerifier() {
        this(true);
    }

    public SSLCertificateVerifier(boolean z) {
        this.requireKnownCA = z;
    }

    public int verifyCertificate(boolean z, SSLCertificate sSLCertificate, SSLSocket sSLSocket) {
        int size = sSLCertificate.certificateList.size();
        for (int i = 0; i < size; i++) {
            X509 x509 = (X509) sSLCertificate.certificateList.elementAt(i);
            if (i != size - 1) {
                x509.setIssuerCertificate((X509) sSLCertificate.certificateList.elementAt(i + 1));
                if (!x509.verify()) {
                    return !x509.verifyCertDate() ? 4 : 1;
                }
            } else if (!x509.verifyCertDate()) {
                return 4;
            }
        }
        return (!this.requireKnownCA || sSLCertificate.rootCAvalid()) ? 0 : 1;
    }
}
