package de.mtg.jlint.lints.cabf_br;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaCRLLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.CRLUtils;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.util.Set;
import org.bouncycastle.asn1.x509.Extension;

@Lint(name = "e_crl_entry_reason_code_ext_not_critical", description = "Check if a CRL entry of a CRL contains a critical reasonCode extension", citation = "BRs: 7.2.2 CRL and CRL entry extensions", source = Source.CABF_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.CRL_REASON_CODE_UPDATE)
/* loaded from: input_file:BOOT-INF/lib/jlint-ext-1.0.0.jar:de/mtg/jlint/lints/cabf_br/CrlEntryReasonCodeExtNotCritical.class */
public class CrlEntryReasonCodeExtNotCritical implements JavaCRLLint {
    @Override // de.mtg.jzlint.JavaCRLLint
    public LintResult execute(X509CRL x509crl) {
        Set<? extends X509CRLEntry> revokedCertificates = x509crl.getRevokedCertificates();
        if (revokedCertificates == null || revokedCertificates.isEmpty()) {
            return LintResult.of(Status.PASS);
        }
        for (X509CRLEntry x509CRLEntry : revokedCertificates) {
            if (x509CRLEntry.getCriticalExtensionOIDs().stream().anyMatch(str -> {
                return str.equals(Extension.reasonCode.getId());
            })) {
                return LintResult.of(Status.ERROR);
            }
        }
        return LintResult.of(Status.PASS);
    }

    @Override // de.mtg.jzlint.JavaCRLLint
    public boolean checkApplies(X509CRL x509crl) {
        return CRLUtils.atLeastOneCrlEntryHasExtension(x509crl, Extension.reasonCode.getId());
    }
}
