package org.globus.gsi.proxy;

import COM.claymoresystems.cert.CertContext;
import COM.claymoresystems.cert.CertificateException;
import COM.claymoresystems.cert.X509Cert;
import COM.claymoresystems.sslg.CertVerifyPolicyInt;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.globus.common.CoGProperties;
import org.globus.gsi.CertUtil;
import org.globus.gsi.CertificateRevocationLists;
import org.globus.gsi.SigningPolicy;
import org.globus.gsi.TrustedCertificates;
import org.globus.gsi.bc.BouncyCastleUtil;
import org.globus.gsi.proxy.ext.ProxyCertInfo;
import org.globus.gsi.proxy.ext.ProxyPolicy;
import org.globus.gsi.ptls.PureTLSUtil;
import org.globus.util.I18n;

/* loaded from: input_file:org/globus/gsi/proxy/ProxyPathValidator.class */
public class ProxyPathValidator {
    private static I18n i18n = I18n.getI18n("org.globus.gsi.proxy.errors", ProxyPathValidator.class.getClassLoader());
    private static Log logger = LogFactory.getLog(ProxyPathValidator.class.getName());
    private boolean rejectLimitedProxyCheck = false;
    private boolean limited = false;
    private X509Certificate identityCert = null;
    private Hashtable proxyPolicyHandlers = null;

    public boolean isLimited() {
        return this.limited;
    }

    public X509Certificate getIdentityCertificate() {
        return this.identityCert;
    }

    public String getIdentity() {
        return BouncyCastleUtil.getIdentity(this.identityCert);
    }

    public ProxyPolicyHandler removeProxyPolicyHandler(String str) {
        if (str == null || this.proxyPolicyHandlers == null) {
            return null;
        }
        return (ProxyPolicyHandler) this.proxyPolicyHandlers.remove(str);
    }

    public ProxyPolicyHandler setProxyPolicyHandler(String str, ProxyPolicyHandler proxyPolicyHandler) {
        if (str == null) {
            throw new IllegalArgumentException(i18n.getMessage("proxyPolicyId"));
        }
        if (proxyPolicyHandler == null) {
            throw new IllegalArgumentException(i18n.getMessage("proxyPolicyHandler"));
        }
        if (this.proxyPolicyHandlers == null) {
            this.proxyPolicyHandlers = new Hashtable();
        }
        return (ProxyPolicyHandler) this.proxyPolicyHandlers.put(str, proxyPolicyHandler);
    }

    public ProxyPolicyHandler getProxyPolicyHandler(String str) {
        if (str == null || this.proxyPolicyHandlers == null) {
            return null;
        }
        return (ProxyPolicyHandler) this.proxyPolicyHandlers.get(str);
    }

    public void reset() {
        this.rejectLimitedProxyCheck = false;
        this.limited = false;
        this.identityCert = null;
    }

    public void setRejectLimitedProxyCheck(boolean z) {
        this.rejectLimitedProxyCheck = z;
    }

    public void validate(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2) throws ProxyPathValidatorException {
        validate(x509CertificateArr, x509CertificateArr2, (CertificateRevocationLists) null);
    }

    public void validate(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2, CertificateRevocationLists certificateRevocationLists) throws ProxyPathValidatorException {
        validate(x509CertificateArr, x509CertificateArr2, certificateRevocationLists, (SigningPolicy[]) null);
    }

    public void validate(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2, CertificateRevocationLists certificateRevocationLists, SigningPolicy[] signingPolicyArr) throws ProxyPathValidatorException {
        validate(x509CertificateArr, x509CertificateArr2, certificateRevocationLists, signingPolicyArr, null);
    }

    public void validate(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2, CertificateRevocationLists certificateRevocationLists, SigningPolicy[] signingPolicyArr, Boolean bool) throws ProxyPathValidatorException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException(i18n.getMessage("certsNull"));
        }
        TrustedCertificates trustedCertificates = x509CertificateArr2 != null ? new TrustedCertificates(x509CertificateArr2, signingPolicyArr) : null;
        CertVerifyPolicyInt defaultCertVerifyPolicy = PureTLSUtil.getDefaultCertVerifyPolicy();
        try {
            Vector certificateChainToVector = PureTLSUtil.certificateChainToVector(x509CertificateArr);
            CertContext certContext = new CertContext();
            if (x509CertificateArr2 != null) {
                for (X509Certificate x509Certificate : x509CertificateArr2) {
                    certContext.addRoot(x509Certificate.getEncoded());
                }
            }
            Vector verifyCertChain = X509Cert.verifyCertChain(certContext, certificateChainToVector, defaultCertVerifyPolicy);
            if (verifyCertChain == null || verifyCertChain.size() < x509CertificateArr.length) {
                throw new ProxyPathValidatorException(4, (X509Certificate) null, i18n.getMessage("unknownCA"));
            }
            int size = verifyCertChain.size();
            if (size != x509CertificateArr.length) {
                X509Certificate[] x509CertificateArr3 = new X509Certificate[size];
                System.arraycopy(x509CertificateArr, 0, x509CertificateArr3, 0, x509CertificateArr.length);
                for (int i = 0; i < size - x509CertificateArr.length; i++) {
                    try {
                        x509CertificateArr3[i + x509CertificateArr.length] = CertUtil.loadCertificate(new ByteArrayInputStream(((X509Cert) verifyCertChain.elementAt(i)).getDER()));
                    } catch (GeneralSecurityException e) {
                        throw new ProxyPathValidatorException(-1, e);
                    }
                }
                x509CertificateArr = x509CertificateArr3;
            }
            validate(x509CertificateArr, trustedCertificates, certificateRevocationLists, bool);
        } catch (CertificateException e2) {
            throw new ProxyPathValidatorException(-1, e2);
        } catch (GeneralSecurityException e3) {
            throw new ProxyPathValidatorException(-1, e3);
        }
    }

    protected void validate(X509Certificate[] x509CertificateArr) throws ProxyPathValidatorException {
        validate(x509CertificateArr, (TrustedCertificates) null, (CertificateRevocationLists) null);
    }

    protected void validate(X509Certificate[] x509CertificateArr, TrustedCertificates trustedCertificates) throws ProxyPathValidatorException {
        validate(x509CertificateArr, trustedCertificates, (CertificateRevocationLists) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validate(X509Certificate[] x509CertificateArr, TrustedCertificates trustedCertificates, CertificateRevocationLists certificateRevocationLists) throws ProxyPathValidatorException {
        validate(x509CertificateArr, trustedCertificates, (CertificateRevocationLists) null, (Boolean) null);
    }

    protected void validate(X509Certificate[] x509CertificateArr, TrustedCertificates trustedCertificates, CertificateRevocationLists certificateRevocationLists, Boolean bool) throws ProxyPathValidatorException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException(i18n.getMessage("certsNull"));
        }
        if (certificateRevocationLists == null) {
            certificateRevocationLists = CertificateRevocationLists.getDefaultCertificateRevocationLists();
        }
        if (trustedCertificates == null) {
            trustedCertificates = TrustedCertificates.getDefaultTrustedCertificates();
        }
        try {
            X509Certificate x509Certificate = x509CertificateArr[0];
            TBSCertificateStructure tBSCertificateStructure = BouncyCastleUtil.getTBSCertificateStructure(x509Certificate);
            int certificateType = BouncyCastleUtil.getCertificateType(tBSCertificateStructure, trustedCertificates);
            if (logger.isDebugEnabled()) {
                logger.debug("Found cert: " + certificateType);
            }
            if (logger.isTraceEnabled()) {
                logger.debug(x509Certificate);
            }
            checkValidity(x509Certificate);
            checkUnsupportedCriticalExtensions(tBSCertificateStructure, certificateType, x509Certificate);
            checkIdentity(x509Certificate, certificateType);
            checkCRL(x509Certificate, certificateRevocationLists, trustedCertificates);
            if (requireSigningPolicyCheck(certificateType)) {
                checkSigningPolicy(x509Certificate, trustedCertificates, bool);
            }
            int i = CertUtil.isProxy(certificateType) ? 0 + 1 : 0;
            for (int i2 = 1; i2 < x509CertificateArr.length; i2++) {
                X509Certificate x509Certificate2 = x509CertificateArr[i2];
                TBSCertificateStructure tBSCertificateStructure2 = BouncyCastleUtil.getTBSCertificateStructure(x509Certificate2);
                int certificateType2 = BouncyCastleUtil.getCertificateType(tBSCertificateStructure2, trustedCertificates);
                if (logger.isDebugEnabled()) {
                    logger.debug("Found cert: " + certificateType2);
                }
                if (logger.isTraceEnabled()) {
                    logger.debug(x509Certificate2);
                }
                if (certificateType2 == 4) {
                    if (CertUtil.isProxy(certificateType)) {
                        throw new ProxyPathValidatorException(-1, x509Certificate2, i18n.getMessage("proxyErr00"));
                    }
                    int cAPathConstraint = getCAPathConstraint(tBSCertificateStructure2);
                    if (cAPathConstraint >= 0 && cAPathConstraint < Integer.MAX_VALUE && (i2 - i) - 1 > cAPathConstraint) {
                        throw new ProxyPathValidatorException(3, x509Certificate2, i18n.getMessage("proxyErr01", (Object[]) new String[]{Integer.toString(cAPathConstraint), Integer.toString((i2 - i) - 1)}));
                    }
                } else if (CertUtil.isGsi3Proxy(certificateType2) || CertUtil.isGsi4Proxy(certificateType2)) {
                    String message = i18n.getMessage("proxyErr02");
                    if (CertUtil.isGsi3Proxy(certificateType2)) {
                        if (!CertUtil.isGsi3Proxy(certificateType)) {
                            throw new ProxyPathValidatorException(-1, x509Certificate2, message);
                        }
                    } else if (CertUtil.isGsi4Proxy(certificateType2) && !CertUtil.isGsi4Proxy(certificateType)) {
                        throw new ProxyPathValidatorException(-1, x509Certificate2, message);
                    }
                    int proxyPathConstraint = BouncyCastleUtil.getProxyPathConstraint(tBSCertificateStructure2);
                    if (proxyPathConstraint == 0) {
                        throw new ProxyPathValidatorException(-1, x509Certificate2, i18n.getMessage("proxyErr03"));
                    }
                    if (proxyPathConstraint < Integer.MAX_VALUE && i > proxyPathConstraint) {
                        throw new ProxyPathValidatorException(3, x509Certificate2, i18n.getMessage("proxyErr04", (Object[]) new String[]{Integer.toString(proxyPathConstraint), Integer.toString(i)}));
                    }
                    i++;
                } else if (CertUtil.isGsi2Proxy(certificateType2)) {
                    if (!CertUtil.isGsi2Proxy(certificateType)) {
                        throw new ProxyPathValidatorException(-1, x509Certificate2, i18n.getMessage("proxyErr02"));
                    }
                    i++;
                } else {
                    if (certificateType2 != 3) {
                        throw new ProxyPathValidatorException(-1, x509Certificate2, i18n.getMessage("proxyErr06", Integer.toString(certificateType2)));
                    }
                    if (!CertUtil.isProxy(certificateType)) {
                        throw new ProxyPathValidatorException(-1, x509Certificate2, i18n.getMessage("proxyErr05"));
                    }
                }
                if (!CertUtil.isProxy(certificateType)) {
                    checkKeyUsage(tBSCertificateStructure2, x509CertificateArr, i2);
                } else if (CertUtil.isGsi3Proxy(certificateType) || CertUtil.isGsi4Proxy(certificateType)) {
                    checkProxyConstraints(tBSCertificateStructure, tBSCertificateStructure2, x509Certificate);
                    if (certificateType == 12 || certificateType == 16) {
                        checkRestrictedProxy(tBSCertificateStructure, x509CertificateArr, i2 - 1);
                    }
                }
                checkValidity(x509Certificate2);
                checkUnsupportedCriticalExtensions(tBSCertificateStructure2, certificateType2, x509Certificate2);
                checkIdentity(x509Certificate2, certificateType2);
                checkCRL(x509Certificate, certificateRevocationLists, trustedCertificates);
                if (requireSigningPolicyCheck(certificateType)) {
                    checkSigningPolicy(x509Certificate, trustedCertificates, bool);
                }
                x509Certificate = x509Certificate2;
                certificateType = certificateType2;
                tBSCertificateStructure = tBSCertificateStructure2;
            }
        } catch (IOException e) {
            throw new ProxyPathValidatorException(-1, e);
        } catch (CertificateEncodingException e2) {
            throw new ProxyPathValidatorException(-1, e2);
        } catch (ProxyPathValidatorException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new ProxyPathValidatorException(-1, e4);
        }
    }

    protected void checkIdentity(X509Certificate x509Certificate, int i) throws ProxyPathValidatorException {
        if (this.identityCert == null) {
            if (CertUtil.isLimitedProxy(i)) {
                this.limited = true;
                if (this.rejectLimitedProxyCheck) {
                    throw new ProxyPathValidatorException(7, x509Certificate, i18n.getMessage("limitedProxy"));
                }
            }
            if (CertUtil.isImpersonationProxy(i)) {
                return;
            }
            this.identityCert = x509Certificate;
        }
    }

    protected void checkRestrictedProxy(TBSCertificateStructure tBSCertificateStructure, X509Certificate[] x509CertificateArr, int i) throws ProxyPathValidatorException, IOException {
        logger.debug("enter: checkRestrictedProxy");
        ProxyCertInfo proxyCertInfo = BouncyCastleUtil.getProxyCertInfo(tBSCertificateStructure);
        if (proxyCertInfo == null) {
            throw new ProxyPathValidatorException(-1, x509CertificateArr[i], i18n.getMessage("proxyErr07"));
        }
        ProxyPolicy proxyPolicy = proxyCertInfo.getProxyPolicy();
        if (proxyPolicy == null) {
            throw new ProxyPathValidatorException(-1, x509CertificateArr[i], i18n.getMessage("proxyErr08"));
        }
        String id = proxyPolicy.getPolicyLanguage().getId();
        ProxyPolicyHandler proxyPolicyHandler = getProxyPolicyHandler(id);
        if (proxyPolicyHandler == null) {
            throw new ProxyPathValidatorException(5, x509CertificateArr[i], i18n.getMessage("proxyErr09", id));
        }
        proxyPolicyHandler.validate(proxyCertInfo, x509CertificateArr, i);
        logger.debug("exit: checkRestrictedProxy");
    }

    protected void checkKeyUsage(TBSCertificateStructure tBSCertificateStructure, X509Certificate[] x509CertificateArr, int i) throws ProxyPathValidatorException, IOException {
        logger.debug("enter: checkKeyUsage");
        boolean[] keyUsage = getKeyUsage(tBSCertificateStructure);
        if (keyUsage != null && !keyUsage[5]) {
            throw new ProxyPathValidatorException(-1, x509CertificateArr[i], i18n.getMessage("proxyErr10"));
        }
        logger.debug("exit: checkKeyUsage");
    }

    protected void checkProxyConstraints(TBSCertificateStructure tBSCertificateStructure, TBSCertificateStructure tBSCertificateStructure2, X509Certificate x509Certificate) throws ProxyPathValidatorException, IOException {
        logger.debug("enter: checkProxyConstraints");
        X509Extension x509Extension = null;
        X509Extensions extensions = tBSCertificateStructure.getExtensions();
        if (extensions != null) {
            Enumeration oids = extensions.oids();
            while (oids.hasMoreElements()) {
                DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) oids.nextElement();
                X509Extension extension = extensions.getExtension(dERObjectIdentifier);
                if (dERObjectIdentifier.equals(X509Extensions.SubjectAlternativeName) || dERObjectIdentifier.equals(X509Extensions.IssuerAlternativeName)) {
                    throw new ProxyPathValidatorException(1, x509Certificate, i18n.getMessage("proxyErr11"));
                }
                if (dERObjectIdentifier.equals(X509Extensions.BasicConstraints)) {
                    if (BouncyCastleUtil.getBasicConstraints(extension).isCA()) {
                        throw new ProxyPathValidatorException(1, x509Certificate, i18n.getMessage("proxyErr12"));
                    }
                } else if (dERObjectIdentifier.equals(X509Extensions.KeyUsage)) {
                    x509Extension = extension;
                    boolean[] keyUsage = BouncyCastleUtil.getKeyUsage(extension);
                    if (keyUsage[1] || keyUsage[5]) {
                        throw new ProxyPathValidatorException(1, x509Certificate, i18n.getMessage("proxyErr13"));
                    }
                    boolean[] keyUsage2 = getKeyUsage(tBSCertificateStructure2);
                    if (keyUsage2 != null) {
                        for (int i = 0; i < 9; i++) {
                            if (i != 1 && i != 5 && !keyUsage2[i] && keyUsage[i]) {
                                throw new ProxyPathValidatorException(1, x509Certificate, i18n.getMessage("proxyErr14"));
                            }
                        }
                    } else {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        X509Extensions extensions2 = tBSCertificateStructure2.getExtensions();
        if (extensions2 != null) {
            Enumeration oids2 = extensions2.oids();
            while (oids2.hasMoreElements()) {
                DERObjectIdentifier dERObjectIdentifier2 = (DERObjectIdentifier) oids2.nextElement();
                X509Extension extension2 = extensions2.getExtension(dERObjectIdentifier2);
                if (dERObjectIdentifier2.equals(X509Extensions.KeyUsage)) {
                    if (x509Extension == null) {
                        throw new ProxyPathValidatorException(1, x509Certificate, i18n.getMessage("proxyErr14"));
                    }
                    if (extension2.isCritical() && !x509Extension.isCritical()) {
                        throw new ProxyPathValidatorException(1, x509Certificate, i18n.getMessage("proxy15"));
                    }
                }
            }
        }
        logger.debug("exit: checkProxyConstraints");
    }

    protected void checkUnsupportedCriticalExtensions(TBSCertificateStructure tBSCertificateStructure, int i, X509Certificate x509Certificate) throws ProxyPathValidatorException {
        logger.debug("enter: checkUnsupportedCriticalExtensions");
        X509Extensions extensions = tBSCertificateStructure.getExtensions();
        if (extensions != null) {
            Enumeration oids = extensions.oids();
            while (oids.hasMoreElements()) {
                DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) oids.nextElement();
                if (extensions.getExtension(dERObjectIdentifier).isCritical() && !dERObjectIdentifier.equals(X509Extensions.BasicConstraints) && !dERObjectIdentifier.equals(X509Extensions.KeyUsage) && (!dERObjectIdentifier.equals(ProxyCertInfo.OID) || !CertUtil.isGsi4Proxy(i))) {
                    if (!dERObjectIdentifier.equals(ProxyCertInfo.OLD_OID) || !CertUtil.isGsi3Proxy(i)) {
                        throw new ProxyPathValidatorException(2, x509Certificate, i18n.getMessage("proxyErr16", dERObjectIdentifier.getId()));
                    }
                }
            }
        }
        logger.debug("exit: checkUnsupportedCriticalExtensions");
    }

    protected void checkValidity(X509Certificate x509Certificate) throws ProxyPathValidatorException {
        try {
            x509Certificate.checkValidity();
        } catch (CertificateExpiredException e) {
            throw new ProxyPathValidatorException(-1, x509Certificate, i18n.getMessage("proxyErr17", new Object[]{x509Certificate.getSubjectDN().getName(), ProxyPathValidatorException.getDateAsString(x509Certificate.getNotAfter()), ProxyPathValidatorException.getDateAsString(new Date())}));
        } catch (CertificateNotYetValidException e2) {
            new Date();
            throw new ProxyPathValidatorException(-1, x509Certificate, i18n.getMessage("proxyErr18", new Object[]{x509Certificate.getSubjectDN().getName(), ProxyPathValidatorException.getDateAsString(x509Certificate.getNotBefore()), ProxyPathValidatorException.getDateAsString(new Date())}));
        }
    }

    protected int getCAPathConstraint(TBSCertificateStructure tBSCertificateStructure) throws IOException {
        X509Extension extension;
        X509Extensions extensions = tBSCertificateStructure.getExtensions();
        if (extensions == null || (extension = extensions.getExtension(X509Extensions.BasicConstraints)) == null) {
            return -1;
        }
        BasicConstraints basicConstraints = BouncyCastleUtil.getBasicConstraints(extension);
        if (!basicConstraints.isCA()) {
            return -1;
        }
        BigInteger pathLenConstraint = basicConstraints.getPathLenConstraint();
        if (pathLenConstraint == null) {
            return Integer.MAX_VALUE;
        }
        return pathLenConstraint.intValue();
    }

    protected boolean[] getKeyUsage(TBSCertificateStructure tBSCertificateStructure) throws IOException {
        X509Extension extension;
        X509Extensions extensions = tBSCertificateStructure.getExtensions();
        if (extensions == null || (extension = extensions.getExtension(X509Extensions.KeyUsage)) == null) {
            return null;
        }
        return BouncyCastleUtil.getKeyUsage(extension);
    }

    protected void checkCRL(X509Certificate x509Certificate, CertificateRevocationLists certificateRevocationLists, TrustedCertificates trustedCertificates) throws ProxyPathValidatorException {
        if (certificateRevocationLists == null) {
            return;
        }
        logger.debug("checkCRLs: enter");
        if (trustedCertificates == null) {
            String message = i18n.getMessage("proxyErr19");
            logger.error(message);
            throw new ProxyPathValidatorException(-1, (X509Certificate) null, message);
        }
        String name = x509Certificate.getIssuerDN().getName();
        X509CRL crl = certificateRevocationLists.getCrl(name);
        if (crl == null) {
            logger.debug("No CRL for certificate");
            return;
        }
        X509Certificate certificate = trustedCertificates.getCertificate(name);
        if (certificate == null) {
            logger.debug("No trusted cert with this CA signature");
            return;
        }
        try {
            crl.verify(certificate.getPublicKey());
            if (!checkCRLValidity(crl)) {
                throw new ProxyPathValidatorException(8, x509Certificate, i18n.getMessage("proxyErr36", name));
            }
            synchronized (crl) {
                if (crl.isRevoked(x509Certificate)) {
                    throw new ProxyPathValidatorException(6, x509Certificate, i18n.getMessage("proxyErr21", x509Certificate.getSubjectDN().getName()));
                }
            }
            logger.debug("checkCRLs: exit");
        } catch (Exception e) {
            String message2 = i18n.getMessage("proxyErr20");
            logger.error(message2);
            throw new ProxyPathValidatorException(-1, message2, e);
        }
    }

    protected boolean checkCRLValidity(X509CRL x509crl) {
        Date date = new Date();
        return x509crl.getThisUpdate().before(date) && x509crl.getNextUpdate() != null && x509crl.getNextUpdate().after(date);
    }

    protected void checkSigningPolicy(X509Certificate x509Certificate, TrustedCertificates trustedCertificates, Boolean bool) throws ProxyPathValidatorException {
        if (bool != null ? bool.booleanValue() : CoGProperties.getDefault().enforceSigningPolicy()) {
            String globusID = CertUtil.toGlobusID(x509Certificate.getIssuerDN().getName(), true);
            SigningPolicy signingPolicy = trustedCertificates.getSigningPolicy(globusID);
            if (signingPolicy == null) {
                throw new ProxyPathValidatorException(9, i18n.getMessage("proxyErr33", globusID), (Throwable) null);
            }
            String globusID2 = CertUtil.toGlobusID(x509Certificate.getSubjectDN().toString(), true);
            if (!signingPolicy.isPolicyAvailable()) {
                throw new ProxyPathValidatorException(10, i18n.getMessage("proxyErr35", new Object[]{globusID, signingPolicy.getFileName()}), (Throwable) null);
            }
            if (!signingPolicy.isValidSubject(globusID2)) {
                throw new ProxyPathValidatorException(11, i18n.getMessage("proxyErr34", new Object[]{globusID2, globusID, signingPolicy.getFileName()}), (Throwable) null);
            }
        }
    }

    private boolean requireSigningPolicyCheck(int i) {
        return (CertUtil.isProxy(i) || i == 4) ? false : true;
    }
}
