package de.mtg.jzlint.lints.cabf_smime_br;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.SMIMEUtils;
import de.mtg.jzlint.utils.Utils;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;

@Lint(name = "e_mailbox_validated_enforce_subject_field_restrictions", description = "SMIME certificates complying to mailbox validated profiles MAY only contain commonName, serialNumber or emailAddress attributes in the Subject DN", citation = "SMIME BRs: 7.1.4.2.3", source = Source.CABF_SMIME_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.SMIME_BR_1_0_DATE)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.1.0.jar:de/mtg/jzlint/lints/cabf_smime_br/MailboxValidatedEnforceSubjectFieldRestrictions.class */
public class MailboxValidatedEnforceSubjectFieldRestrictions implements JavaLint {
    private static final List<String> ALLOWED_OIDS = Arrays.asList(BCStyle.EmailAddress.getId(), X509ObjectIdentifiers.commonName.getId(), BCStyle.SERIALNUMBER.getId());
    private static final Map<String, String> OID_NAMES = new HashMap();

    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        try {
            Optional<String> findAny = Utils.getAllAttributeTypesInSubject(x509Certificate).stream().filter(str -> {
                return !ALLOWED_OIDS.contains(str);
            }).findAny();
            if (!findAny.isPresent()) {
                return LintResult.of(Status.PASS);
            }
            String str2 = findAny.get();
            return OID_NAMES.containsKey(str2) ? LintResult.of(Status.ERROR, String.format("subject DN contains forbidden field: %s (%s)", OID_NAMES.get(str2), findAny.get())) : LintResult.of(Status.ERROR, String.format("subject DN contains forbidden field: %s", str2));
        } catch (CertificateEncodingException e) {
            return LintResult.of(Status.FATAL);
        }
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        return SMIMEUtils.isMailboxValidatedCertificate(x509Certificate) && Utils.isSubscriberCert(x509Certificate);
    }

    static {
        OID_NAMES.put(BCStyle.DC.getId(), "subject:domainComponent");
        OID_NAMES.put("1.3.6.1.4.1.311.60.2.1.1", "subject:jurisdictionLocality");
        OID_NAMES.put("1.3.6.1.4.1.311.60.2.1.2", "subject:jurisdictionProvince");
        OID_NAMES.put("1.3.6.1.4.1.311.60.2.1.3", "subject:jurisdictionCountry");
        OID_NAMES.put(BCStyle.SURNAME.getId(), "subject:surname");
        OID_NAMES.put(X509ObjectIdentifiers.countryName.getId(), "subject:countryName");
        OID_NAMES.put(X509ObjectIdentifiers.localityName.getId(), "subject:localityName");
        OID_NAMES.put(X509ObjectIdentifiers.stateOrProvinceName.getId(), "subject:stateOrProvinceName");
        OID_NAMES.put(BCStyle.STREET.getId(), "subject:streetAddress");
        OID_NAMES.put(X509ObjectIdentifiers.organization.getId(), "subject:organizationName");
        OID_NAMES.put(X509ObjectIdentifiers.organizationalUnitName.getId(), "subject:organizationalUnitName");
        OID_NAMES.put(BCStyle.T.getId(), "subject:title");
        OID_NAMES.put(BCStyle.POSTAL_CODE.getId(), "subject:postalCode");
        OID_NAMES.put(BCStyle.GIVENNAME.getId(), "subject:givenName");
        OID_NAMES.put(BCStyle.PSEUDONYM.getId(), "subject:pseudonym");
        OID_NAMES.put(BCStyle.ORGANIZATION_IDENTIFIER.getId(), "subject:organizationIdentifier");
    }
}
