package network.oxalis.commons.certvalidator.rule;

import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import network.oxalis.commons.certvalidator.api.CertificateValidationException;
import network.oxalis.commons.certvalidator.api.FailedValidationException;

/* loaded from: input_file:WEB-INF/lib/commons-certvalidator-4.0.0.jar:network/oxalis/commons/certvalidator/rule/CriticalExtensionRequiredRule.class */
public class CriticalExtensionRequiredRule extends AbstractRule {
    private List<String> requiredExtensions;

    public CriticalExtensionRequiredRule(String... strArr) {
        this.requiredExtensions = Arrays.asList(strArr);
    }

    @Override // network.oxalis.commons.certvalidator.rule.AbstractRule, network.oxalis.commons.certvalidator.api.ValidatorRule
    public void validate(X509Certificate x509Certificate) throws CertificateValidationException {
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            throw new FailedValidationException("Certificate doesn't contain critical OIDs.");
        }
        for (String str : this.requiredExtensions) {
            if (!criticalExtensionOIDs.contains(str)) {
                throw new FailedValidationException(String.format("Certificate doesn't contain critical OID '%s'.", str));
            }
        }
    }
}
