package de.mtg.jzlint.lints.rfc;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.Utils;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;

@Lint(name = "e_rsa_allowed_ku_ee", description = "Key usage values digitalSignature, nonRepudiation, keyEncipherment, and dataEncipherment may only be present in an end entity certificate with an RSA key", citation = "RFC 3279: 2.3.1", source = Source.RFC3279, effectiveDate = EffectiveDate.RFC3279)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.1.0.jar:de/mtg/jzlint/lints/rfc/RsaAllowedKuEe.class */
public class RsaAllowedKuEe implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        KeyUsage keyUsage = KeyUsage.getInstance(ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.keyUsage.getId())).getOctets());
        ArrayList arrayList = new ArrayList();
        checkKeyUsage(keyUsage, arrayList, 8, "keyAgreement");
        checkKeyUsage(keyUsage, arrayList, 4, "keyCertSign");
        checkKeyUsage(keyUsage, arrayList, 2, "cRLSign");
        checkKeyUsage(keyUsage, arrayList, 1, "encipherOnly");
        checkKeyUsage(keyUsage, arrayList, 32768, "decipherOnly");
        return !arrayList.isEmpty() ? LintResult.of(Status.ERROR, String.format("Subscriber certificate with an RSA key contains invalid key usage(s): %s", String.join(", ", arrayList))) : LintResult.of(Status.PASS);
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        return Utils.hasKeyUsageExtension(x509Certificate) && Utils.isPublicKeyRSA(x509Certificate) && Utils.isSubscriberCert(x509Certificate);
    }

    private void checkKeyUsage(KeyUsage keyUsage, List<String> list, int i, String str) {
        if (keyUsage.hasUsages(i)) {
            list.add(str);
        }
    }
}
