package java.security.cert;

import com.ibm.misc.Debug;
import com.ibm.security.x509.NameConstraintsExtension;
import java.io.IOException;
import java.security.PublicKey;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:jre/lib/ibmcertpathfw.jar:java/security/cert/TrustAnchor.class */
public class TrustAnchor {
    private static final Debug debug = Debug.getInstance("certpath");
    private byte[] nameConstraints;
    private final X509Certificate trustedCert;
    private final String caName;
    private final X500Principal caPrincipal;
    private final PublicKey pubKey;

    public TrustAnchor(X509Certificate x509Certificate, byte[] bArr) {
        if (x509Certificate == null) {
            throw new NullPointerException("the trustedCert parameter must be non-null");
        }
        setNameConstraints(bArr);
        this.trustedCert = x509Certificate;
        this.caName = null;
        this.caPrincipal = null;
        this.pubKey = null;
    }

    public TrustAnchor(X500Principal x500Principal, PublicKey publicKey, byte[] bArr) {
        if (x500Principal == null || publicKey == null) {
            throw new NullPointerException();
        }
        this.trustedCert = null;
        this.caPrincipal = x500Principal;
        this.caName = x500Principal.getName();
        this.pubKey = publicKey;
        setNameConstraints(bArr);
    }

    public TrustAnchor(String str, PublicKey publicKey, byte[] bArr) {
        if (str == null) {
            throw new NullPointerException("the caName parameter must be non-null");
        }
        if (publicKey == null) {
            throw new NullPointerException("the pubKey parameter must be non-null");
        }
        if (str.length() == 0) {
            throw new IllegalArgumentException("the caName parameter must be a non-empty String");
        }
        this.caPrincipal = new X500Principal(str);
        this.caName = this.caPrincipal.getName(X500Principal.RFC2253);
        this.pubKey = publicKey;
        this.trustedCert = null;
        setNameConstraints(bArr);
    }

    public final X509Certificate getTrustedCert() {
        return this.trustedCert;
    }

    public final X500Principal getCA() {
        return this.caPrincipal;
    }

    public final String getCAName() {
        return this.caName;
    }

    public final PublicKey getCAPublicKey() {
        return this.pubKey;
    }

    public final byte[] getNameConstraints() {
        if (this.nameConstraints != null) {
            return (byte[]) this.nameConstraints.clone();
        }
        return null;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("TrustAnchor: \n");
        if (this.trustedCert != null) {
            stringBuffer.append("\tTrusted certificate: " + this.trustedCert.toString());
        } else {
            stringBuffer.append("\tTrusted ca: " + this.caName);
            stringBuffer.append("\tTrusted ca public key: " + this.pubKey.toString());
        }
        if (this.nameConstraints != null) {
            try {
                stringBuffer.append("\t" + new NameConstraintsExtension(Boolean.TRUE, this.nameConstraints).toString());
            } catch (IOException e) {
            }
        }
        return stringBuffer.toString();
    }

    private void setNameConstraints(byte[] bArr) throws IllegalArgumentException {
        if (bArr == null) {
            this.nameConstraints = null;
            return;
        }
        this.nameConstraints = (byte[]) bArr.clone();
        try {
            new NameConstraintsExtension(Boolean.TRUE, this.nameConstraints);
        } catch (IOException e) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException(e.getMessage());
            illegalArgumentException.initCause(e);
            throw illegalArgumentException;
        }
    }
}
