package no.difi.certvalidator.rule;

import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import no.difi.certvalidator.api.CertificateValidationException;
import no.difi.certvalidator.api.FailedValidationException;
import no.difi.certvalidator.api.ValidatorRule;

/* loaded from: input_file:WEB-INF/lib/commons-certvalidator-2.1.1.jar:no/difi/certvalidator/rule/CriticalExtensionRecognizedRule.class */
public class CriticalExtensionRecognizedRule implements ValidatorRule {
    private final List<String> recognizedExtensions;

    public CriticalExtensionRecognizedRule(String... strArr) {
        this.recognizedExtensions = Arrays.asList(strArr);
    }

    @Override // no.difi.certvalidator.api.ValidatorRule
    public void validate(X509Certificate x509Certificate) throws CertificateValidationException {
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return;
        }
        for (String str : criticalExtensionOIDs) {
            if (!this.recognizedExtensions.contains(str)) {
                throw new FailedValidationException(String.format("X509 certificate %s specifies a critical extension %s which is not recognized", x509Certificate.getSerialNumber(), str));
            }
        }
    }
}
