package de.mtg.jzlint.lints.cabf_ev;

import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.JavaLint;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import de.mtg.jzlint.utils.DateUtils;
import de.mtg.jzlint.utils.Utils;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;

@Lint(name = "e_onion_subject_validity_time_too_large", description = "certificates with .onion names can not be valid for more than 15 months", citation = "EVGs: Appendix F", source = Source.CABF_EV_GUIDELINES, effectiveDate = EffectiveDate.OnionOnlyEVDate)
/* loaded from: input_file:BOOT-INF/lib/jzlint-1.1.0.jar:de/mtg/jzlint/lints/cabf_ev/EOnionSubjectValidityTimeTooLarge.class */
public class EOnionSubjectValidityTimeTooLarge implements JavaLint {
    @Override // de.mtg.jzlint.JavaLint
    public LintResult execute(X509Certificate x509Certificate) {
        return DateUtils.getValidityInMonths(x509Certificate) > 15 ? LintResult.of(Status.ERROR) : LintResult.of(Status.PASS);
    }

    @Override // de.mtg.jzlint.JavaLint
    public boolean checkApplies(X509Certificate x509Certificate) {
        if (!Utils.isSubscriberCert(x509Certificate)) {
            return false;
        }
        try {
            List<String> allAttributeValuesInSubject = Utils.getAllAttributeValuesInSubject(x509Certificate, X509ObjectIdentifiers.commonName.getId());
            allAttributeValuesInSubject.addAll(Utils.getDNSNames(x509Certificate));
            Iterator<String> it = allAttributeValuesInSubject.iterator();
            while (it.hasNext()) {
                if (it.next().endsWith(".onion")) {
                    return true;
                }
            }
            return false;
        } catch (IOException | CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }
}
