package de.mtg.jzlint.lints.cabf_smime_br;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.SMIMEUtils;
import de.mtg.jzlint.utils.Utils;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;

@Lint(name = "e_mailbox_address_shall_contain_an_rfc822_name", description = "All Mailbox Addresses in the subject field or entries of type dirName of this extension SHALL be repeated as rfc822Name or otherName values of type id-on-SmtpUTF8Mailbox in this extension", citation = "SMIME BRs: 7.1.4.2.1", source = Source.CABF_SMIME_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.SMIME_BR_1_0_DATE)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.0.0.jar:de/mtg/jzlint/lints/cabf_smime_br/MailboxAddressShallContainAnRfc822Name.class */
public class MailboxAddressShallContainAnRfc822Name implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        try {
            List<String> mailboxAddresses = getMailboxAddresses(x509Certificate);
            List<String> emails = Utils.getEmails(x509Certificate);
            emails.addAll(SMIMEUtils.getSmtpUTF8Mailboxes(x509Certificate));
            Iterator<String> it = mailboxAddresses.iterator();
            while (it.hasNext()) {
                if (!emails.contains(it.next())) {
                    return LintResult.of(Status.ERROR, "all certificate mailbox addresses must be present in san:emailAddresses or san:otherNames in addition to any other field they may appear");
                }
            }
            return LintResult.of(Status.PASS);
        } catch (IOException e) {
            return LintResult.of(Status.FATAL);
        }
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        return SMIMEUtils.isSMIMEBRSubscriberCertificate(x509Certificate) && !getMailboxAddresses(x509Certificate).isEmpty();
    }

    private List<String> getMailboxAddresses(X509Certificate x509Certificate) {
        List<String> mailboxAddressesFromName = getMailboxAddressesFromName(x509Certificate.getSubjectX500Principal().getEncoded(), SMIMEUtils.isMailboxValidatedCertificate(x509Certificate));
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.subjectAlternativeName.getId());
        if (extensionValue != null) {
            try {
                GeneralName[] names = GeneralNames.getInstance(((ASN1OctetString) ASN1Primitive.fromByteArray(extensionValue)).getOctets()).getNames();
                ArrayList arrayList = new ArrayList();
                Stream map = Arrays.stream(names).filter(generalName -> {
                    return generalName.getTagNo() == 4;
                }).map(generalName2 -> {
                    return generalName2.getName();
                });
                Objects.requireNonNull(arrayList);
                map.forEach((v1) -> {
                    r1.add(v1);
                });
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    mailboxAddressesFromName.addAll(getMailboxAddressesFromName(((ASN1Encodable) it.next()).toASN1Primitive().getEncoded(), false));
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        return mailboxAddressesFromName;
    }

    private List<String> getMailboxAddressesFromName(byte[] bArr, boolean z) {
        ArrayList arrayList = new ArrayList();
        List<AttributeTypeAndValue> nameComponent = Utils.getNameComponent(X509ObjectIdentifiers.commonName.getId(), bArr);
        if (z) {
            Iterator<AttributeTypeAndValue> it = nameComponent.iterator();
            while (it.hasNext()) {
                String obj = it.next().getValue().toString();
                if (SMIMEUtils.isValidEmailAddress(obj)) {
                    arrayList.add(obj);
                }
            }
        }
        Iterator<AttributeTypeAndValue> it2 = Utils.getNameComponent(BCStyle.EmailAddress.getId(), bArr).iterator();
        while (it2.hasNext()) {
            String obj2 = it2.next().getValue().toString();
            if (SMIMEUtils.isValidEmailAddress(obj2)) {
                arrayList.add(obj2);
            }
        }
        return arrayList;
    }
}
