package de.mtg.jzlint.lints.cabf_br;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.IneffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.DateUtils;
import de.mtg.jzlint.utils.Utils;
import java.io.IOException;
import java.security.cert.X509Certificate;

@Lint(name = "e_underscore_present_with_too_long_validity", description = "From 2018-12-10 to 2019-04-01, DNSNames may contain underscores if-and-only-if the certificate is valid for less than thirty days.", citation = "BR 7.1.4.2.1", source = Source.CABF_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.CABFBRs_1_6_2_Date, ineffectiveDate = IneffectiveDate.CABFBRS_1_6_2_UNDERSCORE_PERMISSIBILITY_SUNSET_DATE)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.0.0.jar:de/mtg/jzlint/lints/cabf_br/UnderscorePresentWithTooLongValidity.class */
public class UnderscorePresentWithTooLongValidity implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        try {
            for (String str : Utils.getDNSNames(x509Certificate)) {
                if (str.contains("_")) {
                    return LintResult.of(Status.ERROR, String.format("The DNSName %s contains an underscore character which is only permissible if the certificate is valid for less than 30 days (this certificate is valid for %d days)", str, Integer.valueOf(DateUtils.getValidityInDaysBeforeSC31(x509Certificate))));
                }
            }
            return LintResult.of(Status.PASS);
        } catch (IOException e) {
            return LintResult.of(Status.FATAL);
        }
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        try {
            int validityInDaysBeforeSC31 = DateUtils.getValidityInDaysBeforeSC31(x509Certificate);
            if (Utils.isSubscriberCert(x509Certificate)) {
                if (Utils.dnsNamesExist(x509Certificate) && validityInDaysBeforeSC31 > 30) {
                    return true;
                }
            }
            return false;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}
