package de.gematik.pki.gemlibpki.certificate;

import de.gematik.pki.gemlibpki.utils.GemLibPkiUtils;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.NonNull;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.cert.X509CertificateHolder;

/* loaded from: input_file:de/gematik/pki/gemlibpki/certificate/Policies.class */
public class Policies {
    private static final String GENERAL_CERTIFICATE_POLICY_OID = "1.2.276.0.76.4.163";
    private static final String TSL_SIGNER_POLICY_OID = "1.2.276.0.76.4.176";
    private static final Set<String> FILTER_OUT_NOT_DESIRED_POLICY_OID = Set.of(GENERAL_CERTIFICATE_POLICY_OID, TSL_SIGNER_POLICY_OID);
    private final PolicyInformation[] policyExtensions;

    public Policies(@NonNull X509Certificate x509Certificate) throws IOException {
        if (x509Certificate == null) {
            throw new NullPointerException("x509EeCert is marked non-null but is null");
        }
        this.policyExtensions = CertificatePolicies.fromExtensions(new X509CertificateHolder(GemLibPkiUtils.certToBytes(x509Certificate)).getExtensions()).getPolicyInformation();
    }

    public Set<String> getPolicyOids() {
        return (Set) Arrays.stream(this.policyExtensions).filter(policyInformation -> {
            return !FILTER_OUT_NOT_DESIRED_POLICY_OID.contains(policyInformation.getPolicyIdentifier().getId());
        }).map(policyInformation2 -> {
            return policyInformation2.getPolicyIdentifier().getId();
        }).collect(Collectors.toSet());
    }
}
