package de.gematik.pki.gemlibpki.validators;

import de.gematik.pki.gemlibpki.certificate.CertificateProfile;
import de.gematik.pki.gemlibpki.error.ErrorCode;
import de.gematik.pki.gemlibpki.exception.GemPkiException;
import de.gematik.pki.gemlibpki.tsl.TspServiceSubset;
import eu.europa.esig.trustedlist.jaxb.tsl.ExtensionType;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Set;
import lombok.Generated;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Node;

/* loaded from: input_file:de/gematik/pki/gemlibpki/validators/CertificateTypeOidInIssuerTspServiceExtensionValidator.class */
public class CertificateTypeOidInIssuerTspServiceExtensionValidator implements CertificateProfileValidator {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CertificateTypeOidInIssuerTspServiceExtensionValidator.class);

    @NonNull
    private final String productType;

    @NonNull
    private final TspServiceSubset tspServiceSubset;

    @Override // de.gematik.pki.gemlibpki.validators.CertificateProfileValidator
    public void validateCertificate(@NonNull X509Certificate x509Certificate, @NonNull CertificateProfile certificateProfile) throws GemPkiException {
        if (x509Certificate == null) {
            throw new NullPointerException("x509EeCert is marked non-null but is null");
        }
        if (certificateProfile == null) {
            throw new NullPointerException("certificateProfile is marked non-null but is null");
        }
        if (certificateProfile.equals(CertificateProfile.CERT_PROFILE_C_TSL_SIG)) {
            return;
        }
        Set<String> certificatePolicyOids = getCertificatePolicyOids(x509Certificate, this.productType);
        log.debug("Prüfe CA Autorisierung für die Herausgabe des Zertifikatstyps {} ", certificateProfile.getCertificateType().getOidReference());
        Iterator<ExtensionType> it = this.tspServiceSubset.getExtensions().iterator();
        while (it.hasNext()) {
            for (Object obj : it.next().getContent()) {
                if ((obj instanceof Node) && certificatePolicyOids.contains(((Node) obj).getFirstChild().getNodeValue().trim())) {
                    return;
                }
            }
        }
        throw new GemPkiException(this.productType, ErrorCode.SE_1061_CERT_TYPE_CA_NOT_AUTHORIZED);
    }

    @Generated
    public CertificateTypeOidInIssuerTspServiceExtensionValidator(@NonNull String str, @NonNull TspServiceSubset tspServiceSubset) {
        if (str == null) {
            throw new NullPointerException("productType is marked non-null but is null");
        }
        if (tspServiceSubset == null) {
            throw new NullPointerException("tspServiceSubset is marked non-null but is null");
        }
        this.productType = str;
        this.tspServiceSubset = tspServiceSubset;
    }
}
