package de.gematik.idp.crypto;

import de.gematik.idp.crypto.exceptions.IdpCryptoException;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.stream.Stream;
import lombok.Generated;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;

/* loaded from: input_file:de/gematik/idp/crypto/CertificateAnalysis.class */
public class CertificateAnalysis {
    private static final String OID_HBA_AUT = "1.2.276.0.76.4.75";
    private static final String OID_SMC_B_AUT = "1.2.276.0.76.4.77";
    private static final String OID_EGK_AUT = "1.2.276.0.76.4.70";

    public static boolean doesCertificateContainPolicyExtensionOid(X509Certificate x509Certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(Extension.certificatePolicies.toString());
            if (extensionValue == null) {
                return false;
            }
            return Stream.of((Object[]) CertificatePolicies.getInstance(JcaX509ExtensionUtils.parseExtensionValue(extensionValue)).getPolicyInformation()).map((v0) -> {
                return v0.getPolicyIdentifier();
            }).anyMatch(aSN1ObjectIdentifier2 -> {
                return aSN1ObjectIdentifier2.equals(aSN1ObjectIdentifier);
            });
        } catch (IOException e) {
            throw new IdpCryptoException("Error while checking Policy-Extension!", e);
        }
    }

    public static TiCertificateType determineCertificateType(X509Certificate x509Certificate) {
        return doesCertificateContainPolicyExtensionOid(x509Certificate, new ASN1ObjectIdentifier(OID_HBA_AUT)) ? TiCertificateType.HBA : doesCertificateContainPolicyExtensionOid(x509Certificate, new ASN1ObjectIdentifier(OID_SMC_B_AUT)) ? TiCertificateType.SMCB : doesCertificateContainPolicyExtensionOid(x509Certificate, new ASN1ObjectIdentifier(OID_EGK_AUT)) ? TiCertificateType.EGK : TiCertificateType.UNKNOWN;
    }

    @Generated
    private CertificateAnalysis() {
    }
}
