package de.mtg.jzlint.utils;

import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.function.Function;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.PolicyInformation;

/* loaded from: input_file:BOOT-INF/lib/jzlint-1.1.0.jar:de/mtg/jzlint/utils/CodeSigningUtils.class */
public final class CodeSigningUtils {
    public static final String CODE_SIGNING_CERTIFICATE_OID = "2.23.140.1.4.1";
    public static final String EV_CODE_SIGNING_CERTIFICATE_OID = "2.23.140.1.3";
    public static final String TIMESTAMP_CERTIFICATE_OID = "2.23.140.1.4.2";
    private static final Function<PolicyInformation, String> getOID = policyInformation -> {
        return policyInformation.getPolicyIdentifier().getId();
    };

    private CodeSigningUtils() {
    }

    public static boolean isCodeSigningCertificate(X509Certificate x509Certificate) {
        return isPolicy(x509Certificate, CODE_SIGNING_CERTIFICATE_OID);
    }

    public static boolean isEvCodeSigningCertificate(X509Certificate x509Certificate) {
        return isPolicy(x509Certificate, EV_CODE_SIGNING_CERTIFICATE_OID);
    }

    public static boolean isTimestampingCertificate(X509Certificate x509Certificate) {
        return isPolicy(x509Certificate, TIMESTAMP_CERTIFICATE_OID);
    }

    public static boolean isCodeSigningSubscriberCertificate(X509Certificate x509Certificate) {
        return isCodeSigningCertificate(x509Certificate) && Utils.isSubscriberCert(x509Certificate);
    }

    public static boolean isEvCodeSigningSubscriberCertificate(X509Certificate x509Certificate) {
        return isEvCodeSigningCertificate(x509Certificate) && Utils.isSubscriberCert(x509Certificate);
    }

    public static boolean isTimestampingSubscriberCertificate(X509Certificate x509Certificate) {
        return isTimestampingCertificate(x509Certificate) && Utils.isSubscriberCert(x509Certificate);
    }

    private static boolean isPolicy(X509Certificate x509Certificate, String str) {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.certificatePolicies.getId());
        if (extensionValue == null) {
            return false;
        }
        CertificatePolicies certificatePolicies = CertificatePolicies.getInstance(ASN1OctetString.getInstance(extensionValue).getOctets());
        return Arrays.stream(certificatePolicies.getPolicyInformation()).anyMatch(policyInformation -> {
            return str.equalsIgnoreCase(getOID.apply(policyInformation));
        });
    }
}
