package de.mtg.jzlint.lints.rfc;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.Utils;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.PolicyInformation;

@Lint(name = "w_ext_policy_map_not_in_cert_policy", description = "Each issuerDomainPolicy named in the policy mappings extension should also be asserted in a certificate policies extension", citation = "RFC 5280: 4.2.1.5", source = Source.RFC5280, effectiveDate = EffectiveDate.RFC3280)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.0.0.jar:de/mtg/jzlint/lints/rfc/ExtPolicyMapNotInCertPolicy.class */
public class ExtPolicyMapNotInCertPolicy implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        List<String> issuerDomainPolicies = getIssuerDomainPolicies(x509Certificate);
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.certificatePolicies.getId());
        if (extensionValue == null) {
            return LintResult.of(Status.WARN);
        }
        for (PolicyInformation policyInformation : CertificatePolicies.getInstance(ASN1OctetString.getInstance(extensionValue).getOctets()).getPolicyInformation()) {
            if (!issuerDomainPolicies.contains(policyInformation.getPolicyIdentifier().getId())) {
                return LintResult.of(Status.WARN);
            }
        }
        return LintResult.of(Status.PASS);
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        return Utils.hasExtension(x509Certificate, Extension.policyMappings.getId());
    }

    private static List<String> getIssuerDomainPolicies(X509Certificate x509Certificate) {
        Iterator<ASN1Encodable> it = ASN1Sequence.getInstance(ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.policyMappings.getId())).getOctets()).iterator();
        ArrayList arrayList = new ArrayList();
        while (it.hasNext()) {
            arrayList.add(((ASN1ObjectIdentifier) ASN1Sequence.getInstance(it.next()).getObjectAt(0)).getId());
        }
        return arrayList;
    }
}
