package de.mtg.jzlint.lints.rfc;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.ASN1CertificateUtils;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1Encoding;

@Lint(name = "e_serial_number_longer_than_20_octets", description = "Certificates must not have a DER encoded serial number longer than 20 octets", citation = "RFC 5280: 4.1.2.2", source = Source.RFC5280, effectiveDate = EffectiveDate.RFC3280)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.0.0.jar:de/mtg/jzlint/lints/rfc/SerialNumberLongerThan20Octets.class */
public class SerialNumberLongerThan20Octets implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        try {
            return ASN1CertificateUtils.getSerialNumber(x509Certificate).getEncoded(ASN1Encoding.DER).length > 22 ? LintResult.of(Status.ERROR) : LintResult.of(Status.PASS);
        } catch (IOException | CertificateEncodingException e) {
            return LintResult.of(Status.FATAL);
        }
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        return true;
    }
}
