package de.mtg.jzlint.lints.cabf_br;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.Utils;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;

@Lint(name = "e_ca_country_name_invalid", description = "Root and Subordinate CA certificates MUST have a two-letter country code specified in ISO 3166-1", citation = "BRs: 7.1.2.1", source = Source.CABF_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.CABEffectiveDate)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.0.0.jar:de/mtg/jzlint/lints/cabf_br/CaCountryNameInvalid.class */
public class CaCountryNameInvalid implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        List<AttributeTypeAndValue> subjectDNNameComponent = Utils.getSubjectDNNameComponent(x509Certificate, X509ObjectIdentifiers.countryName.getId());
        String[] iSOCountries = Locale.getISOCountries();
        Iterator<AttributeTypeAndValue> it = subjectDNNameComponent.iterator();
        while (it.hasNext()) {
            String obj = it.next().getValue().toString();
            if (Arrays.stream(iSOCountries).noneMatch(str -> {
                return str.equals(obj);
            })) {
                return LintResult.of(Status.ERROR);
            }
        }
        return LintResult.of(Status.PASS);
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        if (Utils.getSubjectDNNameComponent(x509Certificate, X509ObjectIdentifiers.countryName.getId()).isEmpty()) {
            return false;
        }
        return Utils.isCA(x509Certificate);
    }
}
