package iaik.pki.pathvalidation;

import iaik.asn1.structures.GeneralSubtree;
import iaik.logging.TransactionId;
import iaik.x509.V3Extension;
import iaik.x509.X509Certificate;
import iaik.x509.extensions.NameConstraints;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_pki-2.00-MOA-MOCCA.jar:iaik/pki/pathvalidation/T.class */
public class T extends ExtensionHandler {
    @Override // iaik.pki.pathvalidation.ExtensionHandler, iaik.pki.pathvalidation.ExtensionHandlerInterface
    public boolean handleExtension(ValidationStatus validationStatus, X509Certificate x509Certificate, V3Extension v3Extension, TransactionId transactionId) throws ValidationException {
        if (v3Extension == null) {
            return true;
        }
        log_.debug(transactionId, "Processing NameConstraints extension.", null);
        NameConstraints nameConstraints = (NameConstraints) v3Extension;
        GeneralSubtree[] permittedSubtrees = nameConstraints.getPermittedSubtrees();
        GeneralSubtree[] excludedSubtrees = nameConstraints.getExcludedSubtrees();
        boolean isCritical = nameConstraints.isCritical();
        if (!isCritical) {
            log_.warn(transactionId, "NameConstriants extension is not marked as critical. Processing anyway.", null);
        }
        if (permittedSubtrees == null && excludedSubtrees == null) {
            log_.info(transactionId, "NameConstraintsExtension present, but empty.", null);
            return false;
        }
        if (permittedSubtrees == null || validationStatus.getPermittedSubtrees().A(permittedSubtrees, isCritical, transactionId)) {
            return excludedSubtrees == null || validationStatus.getExcludedSubtrees().A(excludedSubtrees, isCritical, transactionId);
        }
        return false;
    }
}
