package de.mtg.jzlint.lints.cabf_br;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaCRLLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.CRLUtils;
import java.math.BigInteger;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.asn1.x509.Extension;

@Lint(name = "e_cab_crl_has_valid_reason_code", description = "Only the following CRLReasons MAY be present: 1, 3, 4, 5, 9.", citation = "BRs: 7.2.2", source = Source.CABF_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.CABFBRs_1_8_7_Date)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.1.0.jar:de/mtg/jzlint/lints/cabf_br/CabCrlHasValidReasonCode.class */
public class CabCrlHasValidReasonCode implements JavaCRLLint {
    @Override // de.mtg.jzlint.JavaCRLLint
    public LintResult execute(X509CRL x509crl) {
        Iterator<? extends X509CRLEntry> it = x509crl.getRevokedCertificates().iterator();
        while (it.hasNext()) {
            byte[] extensionValue = it.next().getExtensionValue(Extension.reasonCode.getId());
            if (extensionValue != null) {
                BigInteger value = CRLReason.getInstance(ASN1OctetString.getInstance(extensionValue).getOctets()).getValue();
                if (value.equals(BigInteger.ZERO)) {
                    return LintResult.of(Status.ERROR, "The reason code CRL entry extension SHOULD be absent instead of using the unspecified (0) reasonCode value.");
                }
                if (!value.equals(BigInteger.valueOf(1L)) && !value.equals(BigInteger.valueOf(3L)) && !value.equals(BigInteger.valueOf(4L)) && !value.equals(BigInteger.valueOf(5L)) && !value.equals(BigInteger.valueOf(9L))) {
                    return LintResult.of(Status.ERROR, "Reason code not included in BR: 7.2.2");
                }
            }
        }
        return LintResult.of(Status.PASS);
    }

    @Override // de.mtg.jzlint.JavaCRLLint
    public boolean checkApplies(X509CRL x509crl) {
        return CRLUtils.containsRevokedCertificates(x509crl);
    }
}
