package de.mtg.jlint.lints.smime;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.SMIMEUtils;
import de.mtg.jzlint.utils.Utils;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1BMPString;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1UTF8String;
import org.bouncycastle.asn1.ASN1VisibleString;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyQualifierId;

@Lint(name = "e_smime_certificate_policies_contain_explicittext_unotice", description = "Check if qualifier of type id_qt_unotice in the certificate policies of a subscriber certificate contains explicitText rather than noticeRef", citation = "SMIME BR 7.1.2.3a", source = Source.CABF_SMIME_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.SMIME_BR_1_0_DATE)
/* loaded from: input_file:BOOT-INF/lib/jlint-ext-1.1.0.jar:de/mtg/jlint/lints/smime/SmimeCertificatePoliciesContainExplicitTextUnotice.class */
public class SmimeCertificatePoliciesContainExplicitTextUnotice implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        for (PolicyInformation policyInformation : CertificatePolicies.getInstance(ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.certificatePolicies.getId())).getOctets()).getPolicyInformation()) {
            ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();
            if (policyQualifiers != null) {
                for (ASN1Encodable aSN1Encodable : policyQualifiers.toArray()) {
                    ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1Encodable;
                    if (PolicyQualifierId.id_qt_unotice.getId().equals(((ASN1ObjectIdentifier) aSN1Sequence.getObjectAt(0)).getId())) {
                        ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1Sequence.getObjectAt(1);
                        if (aSN1Sequence2 == null || aSN1Sequence2.size() == 0) {
                            return LintResult.of(Status.ERROR, "userNotice is empty");
                        }
                        if (aSN1Sequence2.size() == 2) {
                            return LintResult.of(Status.ERROR, "userNotice contains both noticeRef and explicitText");
                        }
                        if (aSN1Sequence2.size() == 1) {
                            ASN1Encodable objectAt = aSN1Sequence2.getObjectAt(0);
                            if (objectAt instanceof ASN1Sequence) {
                                return LintResult.of(Status.ERROR, "userNotice contains noticeRef");
                            }
                            boolean z = objectAt instanceof ASN1IA5String;
                            boolean z2 = objectAt instanceof ASN1VisibleString;
                            boolean z3 = objectAt instanceof ASN1BMPString;
                            boolean z4 = objectAt instanceof ASN1UTF8String;
                            if (!z && !z2 && !z3 && !z4) {
                                return LintResult.of(Status.ERROR, "userNotice does not contain explicitText");
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
        }
        return LintResult.of(Status.PASS);
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        if (!SMIMEUtils.isSMIMEBRSubscriberCertificate(x509Certificate) || !Utils.hasCertificatePoliciesExtension(x509Certificate)) {
            return false;
        }
        for (PolicyInformation policyInformation : CertificatePolicies.getInstance(ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.certificatePolicies.getId())).getOctets()).getPolicyInformation()) {
            ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();
            if (policyQualifiers != null) {
                for (ASN1Encodable aSN1Encodable : policyQualifiers.toArray()) {
                    if (PolicyQualifierId.id_qt_unotice.getId().equals(((ASN1ObjectIdentifier) ((ASN1Sequence) aSN1Encodable).getObjectAt(0)).getId())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }
}
