package de.gematik.pki.gemlibpki.validators;

import de.gematik.pki.gemlibpki.certificate.CertificateProfile;
import de.gematik.pki.gemlibpki.error.ErrorCode;
import de.gematik.pki.gemlibpki.exception.GemPkiException;
import java.security.cert.X509Certificate;
import java.util.Set;
import java.util.TreeSet;
import lombok.Generated;
import lombok.NonNull;
import org.bouncycastle.asn1.x509.Extension;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gematik/pki/gemlibpki/validators/CriticalExtensionsValidator.class */
public class CriticalExtensionsValidator implements CertificateProfileValidator {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CriticalExtensionsValidator.class);

    @NonNull
    private final String productType;

    @Override // de.gematik.pki.gemlibpki.validators.CertificateProfileValidator
    public void validateCertificate(@NonNull X509Certificate x509Certificate, @NonNull CertificateProfile certificateProfile) throws GemPkiException {
        if (x509Certificate == null) {
            throw new NullPointerException("x509EeCert is marked non-null but is null");
        }
        if (certificateProfile == null) {
            throw new NullPointerException("certificateProfile is marked non-null but is null");
        }
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        Set of = Set.of(Extension.basicConstraints.getId(), Extension.keyUsage.getId());
        if (of.equals(criticalExtensionOIDs)) {
            return;
        }
        log.error("Detected unknown / missing critical extensions in certificate {} vs expected {}", new TreeSet(criticalExtensionOIDs), new TreeSet(of));
        throw new GemPkiException(this.productType, ErrorCode.CUSTOM_CERTIFICATE_EXCEPTION);
    }

    @Generated
    public CriticalExtensionsValidator(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("productType is marked non-null but is null");
        }
        this.productType = str;
    }
}
