package de.mtg.jzlint.lints.rfc;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.Utils;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyQualifierId;

@Lint(name = "w_ext_cert_policy_contains_noticeref", description = "Compliant certificates SHOULD NOT use the noticeRef option", citation = "RFC 5280: 4.2.1.4", source = Source.RFC5280, effectiveDate = EffectiveDate.RFC5280)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.1.0.jar:de/mtg/jzlint/lints/rfc/ExtCertPolicyContainsNoticeref.class */
public class ExtCertPolicyContainsNoticeref implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        ASN1Sequence policyQualifiers;
        PolicyInformation[] policyInformation = CertificatePolicies.getInstance(ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.certificatePolicies.getId())).getOctets()).getPolicyInformation();
        int length = policyInformation.length;
        for (int i = 0; i < length && (policyQualifiers = policyInformation[i].getPolicyQualifiers()) != null; i++) {
            for (ASN1Encodable aSN1Encodable : policyQualifiers.toArray()) {
                if (PolicyQualifierId.id_qt_unotice.getId().equals(((ASN1ObjectIdentifier) ((ASN1Sequence) aSN1Encodable).getObjectAt(0)).getId())) {
                    ASN1Encodable objectAt = ((ASN1Sequence) aSN1Encodable).getObjectAt(1);
                    if ((objectAt instanceof ASN1Sequence) && (((ASN1Sequence) objectAt).getObjectAt(0) instanceof ASN1Sequence)) {
                        return LintResult.of(Status.WARN);
                    }
                }
            }
        }
        return LintResult.of(Status.PASS);
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        return Utils.hasCertificatePoliciesExtension(x509Certificate);
    }
}
