package de.mtg.jzlint.lints.cabf_br;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.DateUtils;
import de.mtg.jzlint.utils.GTLDUtils;
import de.mtg.jzlint.utils.Utils;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.time.ZonedDateTime;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;

@Lint(name = "e_dnsname_not_valid_tld", description = "DNSNames must have a valid TLD.", citation = "BRs: 3.2.2.4", source = Source.CABF_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.CABEffectiveDate)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.1.0.jar:de/mtg/jzlint/lints/cabf_br/DnsnameNotValidTld.class */
public class DnsnameNotValidTld implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        try {
            List<AttributeTypeAndValue> subjectDNNameComponent = Utils.getSubjectDNNameComponent(x509Certificate, X509ObjectIdentifiers.commonName.getId());
            ZonedDateTime notBefore = DateUtils.getNotBefore(x509Certificate);
            List list = (List) subjectDNNameComponent.stream().map(attributeTypeAndValue -> {
                return attributeTypeAndValue.getValue().toString();
            }).filter(str -> {
                return !Utils.isIPAddress(str);
            }).collect(Collectors.toList());
            List<String> dNSNames = Utils.getDNSNames(x509Certificate);
            dNSNames.addAll(list);
            Iterator<String> it = dNSNames.iterator();
            while (it.hasNext()) {
                if (GTLDUtils.gtldDidnotExist(it.next(), notBefore)) {
                    return LintResult.of(Status.ERROR);
                }
            }
            return LintResult.of(Status.PASS);
        } catch (IOException | ParseException e) {
            return LintResult.of(Status.FATAL);
        }
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        try {
            if (Utils.isSubscriberCert(x509Certificate)) {
                if (Utils.hasDNSNamesInSANOrSubjectDN(x509Certificate)) {
                    return true;
                }
            }
            return false;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}
