package de.mtg.jlintocsp.lints.cabf_br;

import de.mtg.jlintocsp.JavaOCSPResponseLint;
import de.mtg.jzlint.EffectiveDate;
import de.mtg.jzlint.Lint;
import de.mtg.jzlint.LintResult;
import de.mtg.jzlint.Source;
import de.mtg.jzlint.Status;
import java.util.Arrays;
import java.util.List;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.OCSPResponse;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;

@Lint(name = "e_ocsp_sign_sha1_prohibited", description = "Check if the OCSP response is signed with SHA1 after its sunset date.", citation = "BRs: 7.1.3.2.1", source = Source.CABF_BASELINE_REQUIREMENTS, effectiveDate = EffectiveDate.OCSP_SHA1_SUNSET)
/* loaded from: input_file:de/mtg/jlintocsp/lints/cabf_br/OcspSignSha1Prohibited.class */
public class OcspSignSha1Prohibited implements JavaOCSPResponseLint {
    @Override // de.mtg.jlintocsp.JavaOCSPResponseLint
    public LintResult execute(byte[] bArr) {
        AlgorithmIdentifier signatureAlgorithm = BasicOCSPResponse.getInstance(OCSPResponse.getInstance(bArr).getResponseBytes().getResponse().getOctets()).getSignatureAlgorithm();
        List asList = Arrays.asList(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), OIWObjectIdentifiers.dsaWithSHA1.getId(), X9ObjectIdentifiers.ecdsa_with_SHA1.getId());
        String id = signatureAlgorithm.getAlgorithm().getId();
        return asList.contains(id) ? LintResult.of(Status.ERROR, String.format("Disallowed signature algorithm %s in OCSP response.", id)) : LintResult.of(Status.PASS);
    }

    @Override // de.mtg.jlintocsp.JavaOCSPResponseLint
    public boolean checkApplies(byte[] bArr) {
        return true;
    }
}
