package de.gematik.pki.gemlibpki.validators;

import de.gematik.pki.gemlibpki.certificate.CertificateProfile;
import de.gematik.pki.gemlibpki.error.ErrorCode;
import de.gematik.pki.gemlibpki.exception.GemPkiException;
import de.gematik.pki.gemlibpki.exception.GemPkiRuntimeException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.List;
import lombok.Generated;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gematik/pki/gemlibpki/validators/ExtendedKeyUsageValidator.class */
public class ExtendedKeyUsageValidator implements CertificateProfileValidator {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(ExtendedKeyUsageValidator.class);

    @NonNull
    private final String productType;

    @Override // de.gematik.pki.gemlibpki.validators.CertificateProfileValidator
    public void validateCertificate(@NonNull X509Certificate x509Certificate, @NonNull CertificateProfile certificateProfile) throws GemPkiException {
        if (x509Certificate == null) {
            throw new NullPointerException("x509EeCert is marked non-null but is null");
        }
        if (certificateProfile == null) {
            throw new NullPointerException("certificateProfile is marked non-null but is null");
        }
        List<String> oidOfIntendedExtendedKeyUsagesFromCertificateProfile = getOidOfIntendedExtendedKeyUsagesFromCertificateProfile(certificateProfile);
        if (oidOfIntendedExtendedKeyUsagesFromCertificateProfile.isEmpty() || !certificateProfile.isFailOnMissingEku()) {
            log.info("Skipping check of extendedKeyUsage, because of user request. CertProfile used: {}", certificateProfile.name());
            return;
        }
        List<String> extendedKeyUsagesOid = getExtendedKeyUsagesOid(x509Certificate);
        if (extendedKeyUsagesOid.stream().filter(str -> {
            return oidOfIntendedExtendedKeyUsagesFromCertificateProfile.stream().anyMatch(str -> {
                return str.equals(str);
            });
        }).toList().isEmpty() || extendedKeyUsagesOid.size() != oidOfIntendedExtendedKeyUsagesFromCertificateProfile.size()) {
            log.debug("{}", ErrorCode.SE_1017_WRONG_EXTENDEDKEYUSAGE.getErrorMessage(this.productType));
            throw new GemPkiException(this.productType, ErrorCode.SE_1017_WRONG_EXTENDEDKEYUSAGE);
        }
    }

    private List<String> getExtendedKeyUsagesOid(X509Certificate x509Certificate) throws GemPkiException {
        try {
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            if (extendedKeyUsage == null) {
                throw new GemPkiException(this.productType, ErrorCode.SE_1017_WRONG_EXTENDEDKEYUSAGE);
            }
            return extendedKeyUsage;
        } catch (CertificateParsingException e) {
            throw new GemPkiRuntimeException("Fehler beim Lesen der ExtendedKeyUsages des Zertifikats: " + x509Certificate.getSubjectX500Principal().getName(), e);
        }
    }

    private static List<String> getOidOfIntendedExtendedKeyUsagesFromCertificateProfile(CertificateProfile certificateProfile) {
        return CertificateProfile.valueOf(certificateProfile.name()).getExtKeyUsages().stream().map((v0) -> {
            return v0.getOid();
        }).toList();
    }

    @Generated
    public ExtendedKeyUsageValidator(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("productType is marked non-null but is null");
        }
        this.productType = str;
    }
}
