package de.mtg.jzlint.lints.cabf_smime_br;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.SMIMEUtils;
import de.mtg.jzlint.utils.Utils;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;

@Lint(name = "e_legal_entity_identifier", description = "Mailbox/individual: prohibited. Organization/sponsor: may be present", citation = "7.1.2.3.l", source = Source.CABF_SMIME_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.SMIME_BR_1_0_DATE)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.1.0.jar:de/mtg/jzlint/lints/cabf_smime_br/LegalEntityIdentifier.class */
public class LegalEntityIdentifier implements JavaLint {
    private static final ASN1ObjectIdentifier LEGAL_ENTITY_IDENTIFIER_OID = new ASN1ObjectIdentifier("1.3.6.1.4.1.52266.1");
    private static final ASN1ObjectIdentifier LEGAL_ENTITY_IDENTIFIER_ROLE_OID = new ASN1ObjectIdentifier("1.3.6.1.4.1.52266.2");

    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        boolean hasExtension = Utils.hasExtension(x509Certificate, LEGAL_ENTITY_IDENTIFIER_OID.getId());
        boolean isExtensionCritical = Utils.isExtensionCritical(x509Certificate, LEGAL_ENTITY_IDENTIFIER_OID.getId());
        boolean hasExtension2 = Utils.hasExtension(x509Certificate, LEGAL_ENTITY_IDENTIFIER_ROLE_OID.getId());
        boolean isExtensionCritical2 = Utils.isExtensionCritical(x509Certificate, LEGAL_ENTITY_IDENTIFIER_ROLE_OID.getId());
        if ((SMIMEUtils.isMailboxValidatedCertificate(x509Certificate) || SMIMEUtils.isIndividualValidatedCertificate(x509Certificate)) && hasExtension) {
            return LintResult.of(Status.ERROR, "Legal Entity Identifier extension present");
        }
        if (SMIMEUtils.isOrganizationValidatedCertificate(x509Certificate)) {
            if (hasExtension && isExtensionCritical) {
                return LintResult.of(Status.ERROR, "Legal Entity Identifier extension present and critical");
            }
            if (hasExtension2) {
                return LintResult.of(Status.ERROR, "Legal Entity Identifier Role extension present");
            }
        }
        if (SMIMEUtils.isSponsorValidatedCertificate(x509Certificate)) {
            if (hasExtension && isExtensionCritical) {
                return LintResult.of(Status.ERROR, "Legal Entity Identifier extension present and critical");
            }
            if (hasExtension2 && isExtensionCritical2) {
                return LintResult.of(Status.ERROR, "Legal Entity Identifier Role extension present and critical");
            }
        }
        return LintResult.of(Status.PASS);
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        return Utils.isSubscriberCert(x509Certificate) && SMIMEUtils.isSMIMEBRCertificate(x509Certificate);
    }
}
