package de.mtg.jzlint.lints.rfc;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.Utils;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x509.Extension;

@Lint(name = "e_superfluous_ku_encoding", description = "RFC 5280 Section 4.2.1.3 describes the value of a KeyUsage to be a DER encoded BitString, which itself must not have unnecessary trailing 00 bytes.", citation = "1.2.2 Where Rec. ITU-T X.680 | ISO/IEC 8824-1, 22.7, applies, the bitstring shall have all trailing 0 bits removed before it is encoded.", source = Source.RFC5280, effectiveDate = EffectiveDate.ZERO)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.0.0.jar:de/mtg/jzlint/lints/rfc/SuperfluousKuEncoding.class */
public class SuperfluousKuEncoding implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        byte[] octets = ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.keyUsage.getId())).getOctets();
        return octets[octets.length - 1] != 0 ? LintResult.of(Status.PASS) : LintResult.of(Status.ERROR, String.format("KeyUsage contains superfluous trailing 00 byte.", new Object[0]));
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        return Utils.hasKeyUsageExtension(x509Certificate);
    }
}
