package de.rub.nds.tlsscanner.serverscanner.guideline.checks;

import de.rub.nds.scanner.core.constants.TestResults;
import de.rub.nds.tlsattacker.core.constants.SignatureAlgorithm;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomDhPublicKey;
import de.rub.nds.tlsscanner.core.guideline.GuidelineCheckCondition;
import de.rub.nds.tlsscanner.core.guideline.GuidelineCheckResult;
import de.rub.nds.tlsscanner.core.guideline.RequirementLevel;
import de.rub.nds.tlsscanner.serverscanner.guideline.results.KeyUsageCertificateCheckResult;
import de.rub.nds.tlsscanner.serverscanner.probe.certificate.CertificateChain;
import de.rub.nds.tlsscanner.serverscanner.probe.certificate.CertificateReport;
import java.util.Arrays;
import java.util.List;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.KeyUsage;

@XmlAccessorType(XmlAccessType.FIELD)
@XmlRootElement
/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/guideline/checks/KeyUsageCertificateCheck.class */
public class KeyUsageCertificateCheck extends CertificateGuidelineCheck {
    private static final List<SignatureAlgorithm> SIGNATURE_ALGORITHM_LIST = Arrays.asList(SignatureAlgorithm.RSA, SignatureAlgorithm.ECDSA, SignatureAlgorithm.DSA);

    private KeyUsageCertificateCheck() {
        super(null, null);
    }

    public KeyUsageCertificateCheck(String str, RequirementLevel requirementLevel) {
        super(str, requirementLevel);
    }

    public KeyUsageCertificateCheck(String str, RequirementLevel requirementLevel, boolean z) {
        super(str, requirementLevel, z);
    }

    public KeyUsageCertificateCheck(String str, RequirementLevel requirementLevel, GuidelineCheckCondition guidelineCheckCondition, boolean z) {
        super(str, requirementLevel, guidelineCheckCondition, z);
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.guideline.checks.CertificateGuidelineCheck
    public GuidelineCheckResult evaluateChain(CertificateChain certificateChain) {
        KeyUsage fromExtensions;
        CertificateReport certificateReport = certificateChain.getCertificateReportList().get(0);
        Extensions extensions = certificateReport.convertToCertificateHolder().getExtensions();
        if (extensions != null && (fromExtensions = KeyUsage.fromExtensions(extensions)) != null) {
            return (!SIGNATURE_ALGORITHM_LIST.contains(certificateReport.getSignatureAndHashAlgorithm().getSignatureAlgorithm()) || fromExtensions.hasUsages(128)) ? (!(certificateReport.getPublicKey() instanceof CustomDhPublicKey) || fromExtensions.hasUsages(8)) ? new KeyUsageCertificateCheckResult(TestResults.TRUE, true, null) : new KeyUsageCertificateCheckResult(TestResults.FALSE, false, "keyAgreement") : new KeyUsageCertificateCheckResult(TestResults.FALSE, false, "digitalSignature");
        }
        return new KeyUsageCertificateCheckResult(TestResults.FALSE, false, null);
    }

    public String getId() {
        return "KeyUsageCertificate_" + getRequirementLevel();
    }
}
