package de.mtg.jlint.lints.smime;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.SMIMEUtils;
import de.mtg.jzlint.utils.Utils;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyQualifierId;

@Lint(name = "e_smime_certificate_policies_contain_http_url_qualifier", description = "Check if qualifier of type id_qt_cps in the certificate policies of a subscriber certificate points to an HTTP or HTTP URL", citation = "SMIME BR 7.1.2.3a", source = Source.CABF_SMIME_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.SMIME_BR_1_0_DATE)
/* loaded from: input_file:BOOT-INF/lib/jlint-ext-1.1.0.jar:de/mtg/jlint/lints/smime/SmimeCertificatePoliciesContainHttpUrlQualifier.class */
public class SmimeCertificatePoliciesContainHttpUrlQualifier implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        for (PolicyInformation policyInformation : CertificatePolicies.getInstance(ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.certificatePolicies.getId())).getOctets()).getPolicyInformation()) {
            ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();
            if (policyQualifiers != null) {
                for (ASN1Encodable aSN1Encodable : policyQualifiers.toArray()) {
                    ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1Encodable;
                    if (PolicyQualifierId.id_qt_cps.getId().equals(((ASN1ObjectIdentifier) aSN1Sequence.getObjectAt(0)).getId())) {
                        ASN1IA5String aSN1IA5String = (ASN1IA5String) aSN1Sequence.getObjectAt(1);
                        if (!aSN1IA5String.getString().startsWith("https://") && !aSN1IA5String.getString().startsWith("http://")) {
                            return LintResult.of(Status.ERROR);
                        }
                        try {
                            new URL(aSN1IA5String.getString()).toURI();
                        } catch (MalformedURLException | URISyntaxException e) {
                            return LintResult.of(Status.ERROR);
                        }
                    }
                }
            }
        }
        return LintResult.of(Status.PASS);
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        if (!SMIMEUtils.isSMIMEBRSubscriberCertificate(x509Certificate) || !Utils.hasCertificatePoliciesExtension(x509Certificate)) {
            return false;
        }
        for (PolicyInformation policyInformation : CertificatePolicies.getInstance(ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.certificatePolicies.getId())).getOctets()).getPolicyInformation()) {
            ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();
            if (policyQualifiers != null) {
                for (ASN1Encodable aSN1Encodable : policyQualifiers.toArray()) {
                    if (PolicyQualifierId.id_qt_cps.getId().equals(((ASN1ObjectIdentifier) ((ASN1Sequence) aSN1Encodable).getObjectAt(0)).getId())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }
}
