package de.mtg.jzlint.lints.rfc;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.Utils;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;

@Lint(name = "w_ext_aia_access_location_missing", description = "When the id-ad-caIssuers accessMethod is used, at least one instance SHOULD specify an accessLocation that is an HTTP or LDAP URI", citation = "RFC 5280: 4.2.2.1", source = Source.RFC5280, effectiveDate = EffectiveDate.RFC5280)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.1.0.jar:de/mtg/jzlint/lints/rfc/ExtAiaAccessLocationMissing.class */
public class ExtAiaAccessLocationMissing implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        for (AccessDescription accessDescription : getAccessDescriptions(x509Certificate)) {
            if (AccessDescription.id_ad_caIssuers.getId().equalsIgnoreCase(accessDescription.getAccessMethod().getId()) && startsWithCorrectPrefix(accessDescription.getAccessLocation())) {
                return LintResult.of(Status.PASS);
            }
        }
        return LintResult.of(Status.WARN);
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        if (Utils.hasAuthorityInformationAccessExtension(x509Certificate)) {
            return Arrays.stream(getAccessDescriptions(x509Certificate)).anyMatch(accessDescription -> {
                return AccessDescription.id_ad_caIssuers.getId().equalsIgnoreCase(accessDescription.getAccessMethod().getId());
            });
        }
        return false;
    }

    private AccessDescription[] getAccessDescriptions(X509Certificate x509Certificate) {
        return AuthorityInformationAccess.getInstance(ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.authorityInfoAccess.getId())).getOctets()).getAccessDescriptions();
    }

    private boolean startsWithCorrectPrefix(GeneralName generalName) {
        boolean z = false;
        if (generalName.getTagNo() == 6) {
            ASN1IA5String aSN1IA5String = (ASN1IA5String) generalName.getName();
            if (aSN1IA5String.getString().startsWith("http://") || aSN1IA5String.getString().startsWith("ldap://")) {
                z = true;
            }
        }
        return z;
    }
}
