package net.shibboleth.metadata.validate.x509;

import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.ThreadSafe;
import net.shibboleth.metadata.Item;

@ThreadSafe
/* loaded from: input_file:net/shibboleth/metadata/validate/x509/X509RSAKeyLengthValidator.class */
public class X509RSAKeyLengthValidator extends AbstractX509Validator {
    private int errorBoundary = 2048;
    private int warningBoundary;

    public X509RSAKeyLengthValidator() {
        setId("RSAKeyLength");
    }

    public int getErrorBoundary() {
        return this.errorBoundary;
    }

    public void setErrorBoundary(int i) {
        this.errorBoundary = i;
    }

    public int getWarningBoundary() {
        return this.warningBoundary;
    }

    public void setWarningBoundary(int i) {
        this.warningBoundary = i;
    }

    @Override // net.shibboleth.metadata.validate.x509.AbstractX509Validator
    public void doValidate(@Nonnull X509Certificate x509Certificate, @Nonnull Item<?> item, @Nonnull String str) {
        PublicKey publicKey = x509Certificate.getPublicKey();
        if ("RSA".equals(publicKey.getAlgorithm())) {
            int bitLength = ((RSAPublicKey) publicKey).getModulus().bitLength();
            if (bitLength < this.errorBoundary) {
                addError("RSA key length of " + bitLength + " bits is less than required " + this.errorBoundary, item, str);
            } else if (bitLength < this.warningBoundary) {
                addWarning("RSA key length of " + bitLength + " bits is less than recommended " + this.warningBoundary, item, str);
            }
        }
    }
}
