package de.mtg.jlintissuer.lints.rfc;

import de.mtg.jlintissuer.JavaCRLIssuerLint;
import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

@Lint(name = "e_crl_issuer_invalid_signature", description = "Check if the signature in the CRL validates correctly with the issuer's public key.", citation = "Sec. 5.1 RFC 5280", source = Source.RFC5280, effectiveDate = EffectiveDate.ZERO)
/* loaded from: input_file:BOOT-INF/lib/jlint-issuer-1.0.0.jar:de/mtg/jlintissuer/lints/rfc/CRLIssuerLintInvalidSignature.class */
public class CRLIssuerLintInvalidSignature implements JavaCRLIssuerLint {
    @Override // de.mtg.jlintissuer.JavaCRLIssuerLint
    public LintResult execute(X509CRL x509crl, X509Certificate x509Certificate) {
        try {
            x509crl.verify(x509Certificate.getPublicKey(), new BouncyCastleProvider());
            return LintResult.of(Status.PASS);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | CRLException e) {
            return LintResult.of(Status.ERROR);
        }
    }

    @Override // de.mtg.jlintissuer.JavaCRLIssuerLint
    public boolean checkApplies(X509CRL x509crl, X509Certificate x509Certificate) {
        return true;
    }
}
