package de.mtg.jlintissuer.lints.rfc;

import de.mtg.jlintissuer.JavaIssuerLint;
import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

@Lint(name = "e_issuer_invalid_signature", description = "Check if the signature in the certificate validates correctly with the issuer's public key.", citation = "Sec. 4.1.1.3 RFC 5280", source = Source.RFC5280, effectiveDate = EffectiveDate.ZERO)
/* loaded from: input_file:de/mtg/jlintissuer/lints/rfc/IssuerLintInvalidSignature.class */
public class IssuerLintInvalidSignature implements JavaIssuerLint {
    @Override // de.mtg.jlintissuer.JavaIssuerLint
    public LintResult execute(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey(), (Provider) new BouncyCastleProvider());
            return LintResult.of(Status.PASS);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | CertificateException e) {
            return LintResult.of(Status.ERROR);
        }
    }

    @Override // de.mtg.jlintissuer.JavaIssuerLint
    public boolean checkApplies(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        return true;
    }
}
