package de.mtg.jlint.lints.cabf_br;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.Utils;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.style.BCStyle;

@Lint(name = "e_subject_rdns_maximum_length", description = "CAs that include attributes in the Certificate subject field SHALL follow the specified maximum length requirements for the attribute.", citation = "BRs: 7.1.4.1", source = Source.CABF_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.SC62_EFFECTIVE_DATE)
/* loaded from: input_file:BOOT-INF/lib/jlint-ext-1.0.0.jar:de/mtg/jlint/lints/cabf_br/SubjectRdnsMaximumLength.class */
public class SubjectRdnsMaximumLength implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        Iterator<ASN1Encodable> it = ASN1Sequence.getInstance(x509Certificate.getSubjectX500Principal().getEncoded()).iterator();
        while (it.hasNext()) {
            Iterator<ASN1Encodable> it2 = ASN1Set.getInstance(it.next()).iterator();
            while (it2.hasNext()) {
                String id = AttributeTypeAndValue.getInstance(it2.next()).getType().getId();
                if ("0.9.2342.19200300.100.1.25".equals(id) && isSubjectComponentGreaterThan(x509Certificate, BCStyle.DC.getId(), 63)) {
                    return LintResult.of(Status.ERROR, "AVA of type 0.9.2342.19200300.100.1.25 has a value greater than 63");
                }
                if ("2.5.4.6".equals(id) && isSubjectComponentGreaterThan(x509Certificate, BCStyle.C.getId(), 2)) {
                    return LintResult.of(Status.ERROR, "AVA of type 2.5.4.6 has a value greater than 2");
                }
                if ("2.5.4.8".equals(id) && isSubjectComponentGreaterThan(x509Certificate, BCStyle.ST.getId(), 128)) {
                    return LintResult.of(Status.ERROR, "AVA of type 2.5.4.8 has a value greater than 128");
                }
                if ("2.5.4.7".equals(id) && isSubjectComponentGreaterThan(x509Certificate, BCStyle.L.getId(), 128)) {
                    return LintResult.of(Status.ERROR, "AVA of type 2.5.4.7 has a value greater than 128");
                }
                if ("2.5.4.17".equals(id) && isSubjectComponentGreaterThan(x509Certificate, BCStyle.POSTAL_CODE.getId(), 40)) {
                    return LintResult.of(Status.ERROR, "AVA of type 2.5.4.17 has a value greater than 40");
                }
                if ("2.5.4.9".equals(id) && isSubjectComponentGreaterThan(x509Certificate, BCStyle.STREET.getId(), 128)) {
                    return LintResult.of(Status.ERROR, "AVA of type 2.5.4.9 has a value greater than 128");
                }
                if ("2.5.4.10".equals(id) && isSubjectComponentGreaterThan(x509Certificate, BCStyle.O.getId(), 64)) {
                    return LintResult.of(Status.ERROR, "AVA of type 2.5.4.10 has a value greater than 64");
                }
                if ("2.5.4.4".equals(id) && isSubjectComponentGreaterThan(x509Certificate, BCStyle.SURNAME.getId(), 64)) {
                    return LintResult.of(Status.ERROR, "AVA of type 2.5.4.4 has a value greater than 64");
                }
                if ("2.5.4.42".equals(id) && isSubjectComponentGreaterThan(x509Certificate, BCStyle.GIVENNAME.getId(), 64)) {
                    return LintResult.of(Status.ERROR, "AVA of type 2.5.4.42 has a value greater than 64");
                }
                if ("2.5.4.11".equals(id) && isSubjectComponentGreaterThan(x509Certificate, BCStyle.OU.getId(), 64)) {
                    return LintResult.of(Status.ERROR, "AVA of type 2.5.4.11 has a value greater than 64");
                }
                if ("2.5.4.3".equals(id) && isSubjectComponentGreaterThan(x509Certificate, BCStyle.CN.getId(), 64)) {
                    return LintResult.of(Status.ERROR, "AVA of type 2.5.4.3 has a value greater than 64");
                }
            }
        }
        return LintResult.of(Status.PASS);
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        return Utils.isSubscriberCert(x509Certificate);
    }

    private static boolean isSubjectComponentGreaterThan(X509Certificate x509Certificate, String str, int i) {
        Iterator<AttributeTypeAndValue> it = Utils.getSubjectDNNameComponent(x509Certificate, str).iterator();
        while (it.hasNext()) {
            if (it.next().getValue().toString().length() > i) {
                return true;
            }
        }
        return false;
    }
}
