package org.xipki.scep.message;

import org.xipki.security.KeyUsage;
import org.xipki.security.X509Cert;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/scep-client-6.4.0.jar:org/xipki/scep/message/AuthorityCertStore.class */
public class AuthorityCertStore {
    private final X509Cert caCert;
    private final X509Cert signatureCert;
    private final X509Cert encryptionCert;

    private AuthorityCertStore(X509Cert x509Cert, X509Cert x509Cert2, X509Cert x509Cert3) {
        this.caCert = x509Cert;
        this.signatureCert = x509Cert2;
        this.encryptionCert = x509Cert3;
    }

    public X509Cert getSignatureCert() {
        return this.signatureCert;
    }

    public X509Cert getEncryptionCert() {
        return this.encryptionCert;
    }

    public X509Cert getCaCert() {
        return this.caCert;
    }

    public static AuthorityCertStore getInstance(X509Cert x509Cert, X509Cert... x509CertArr) {
        Args.notNull(x509Cert, "caCert");
        X509Cert x509Cert2 = null;
        X509Cert x509Cert3 = null;
        if (x509CertArr == null || x509CertArr.length == 0) {
            x509Cert3 = x509Cert;
            x509Cert2 = x509Cert;
        } else {
            for (X509Cert x509Cert4 : x509CertArr) {
                if (x509Cert4.hasKeyusage(KeyUsage.keyEncipherment)) {
                    if (x509Cert2 != null) {
                        throw new IllegalArgumentException("Could not determine RA certificate for encryption");
                    }
                    x509Cert2 = x509Cert4;
                }
                if (x509Cert4.hasKeyusage(KeyUsage.digitalSignature) || x509Cert4.hasKeyusage(KeyUsage.contentCommitment)) {
                    if (x509Cert3 != null) {
                        throw new IllegalArgumentException("Could not determine RA certificate for signature");
                    }
                    x509Cert3 = x509Cert4;
                }
            }
            if (x509Cert2 == null) {
                throw new IllegalArgumentException("Could not determine RA certificate for encryption");
            }
            if (x509Cert3 == null) {
                throw new IllegalArgumentException("Could not determine RA certificate for signature");
            }
        }
        return new AuthorityCertStore(x509Cert, x509Cert3, x509Cert2);
    }
}
