package de.mtg.jzlint.lints.cabf_br;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.ASN1CertificateUtils;
import de.mtg.jzlint.utils.Utils;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;

@Lint(name = "e_ec_improper_curves", description = "Only one of NIST P-256, P-384, or P-521 can be used", citation = "BRs: 6.1.5", source = Source.CABF_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.ZERO)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.1.0.jar:de/mtg/jzlint/lints/cabf_br/EcImproperCurves.class */
public class EcImproperCurves implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        try {
            ASN1Encodable objectAt = ASN1CertificateUtils.getPublicKeyAlgorithmIdentifier(x509Certificate).getObjectAt(1);
            if (objectAt instanceof ASN1ObjectIdentifier) {
                String id = ((ASN1ObjectIdentifier) objectAt).getId();
                if (id.equals("1.2.840.10045.3.1.7") || id.equals("1.3.132.0.34") || id.equals("1.3.132.0.35")) {
                    return LintResult.of(Status.PASS);
                }
            }
            return LintResult.of(Status.ERROR);
        } catch (CertificateEncodingException e) {
            return LintResult.of(Status.FATAL);
        }
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        return Utils.isPublicKeyECC(x509Certificate);
    }
}
