package de.mtg.jzlint.lints.mozilla;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.ASN1CertificateUtils;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.util.encoders.Hex;

@Lint(name = "e_mp_rsassa-pss_parameters_encoding_in_signature_algorithm_correct", description = "The encoded AlgorithmIdentifier for RSASSA-PSS in the signature algorithm MUST match specific bytes", citation = "Mozilla Root Store Policy / Section 5.1.1", source = Source.MOZILLA_ROOT_STORE_POLICY, effectiveDate = EffectiveDate.MozillaPolicy27Date)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.1.0.jar:de/mtg/jzlint/lints/mozilla/PssParametersEncodingInSignatureAlgorithmCorrect.class */
public class PssParametersEncodingInSignatureAlgorithmCorrect implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        List asList = Arrays.asList("304106092a864886f70d01010a3034a00f300d06096086480165030402010500a11c301a06092a864886f70d010108300d06096086480165030402010500a203020120", "304106092a864886f70d01010a3034a00f300d06096086480165030402020500a11c301a06092a864886f70d010108300d06096086480165030402020500a203020130", "304106092a864886f70d01010a3034a00f300d06096086480165030402030500a11c301a06092a864886f70d010108300d06096086480165030402030500a203020140");
        try {
            byte[] encoded = ASN1CertificateUtils.getInnerSignature(x509Certificate).toASN1Primitive().getEncoded(ASN1Encoding.DER);
            return asList.contains(new String(Hex.encode(encoded))) ? LintResult.of(Status.PASS) : LintResult.of(Status.ERROR, String.format("RSASSA-PSS parameters are not properly encoded. %d presentations are allowed but got the unsupported %s", Integer.valueOf(asList.size()), new String(Hex.encode(encoded))));
        } catch (IOException | CertificateEncodingException e) {
            return LintResult.of(Status.FATAL);
        }
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        try {
            return PKCSObjectIdentifiers.id_RSASSA_PSS.getId().equals(ASN1CertificateUtils.getInnerSignatureOID(x509Certificate));
        } catch (CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }
}
