package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.DSSDocument;
import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSRevocationUtils;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.SignatureLevel;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.x509.CertificatePool;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.RevocationOrigin;
import eu.europa.esig.dss.x509.RevocationToken;
import eu.europa.esig.dss.x509.SignaturePolicy;
import eu.europa.esig.dss.x509.crl.CRLToken;
import eu.europa.esig.dss.x509.crl.ListCRLSource;
import eu.europa.esig.dss.x509.crl.OfflineCRLSource;
import eu.europa.esig.dss.x509.ocsp.ListOCSPSource;
import eu.europa.esig.dss.x509.ocsp.OCSPToken;
import eu.europa.esig.dss.x509.ocsp.OfflineOCSPSource;
import java.security.cert.X509CRL;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;

/* loaded from: input_file:eu/europa/esig/dss/validation/DefaultAdvancedSignature.class */
public abstract class DefaultAdvancedSignature implements AdvancedSignature {
    protected final CertificatePool certPool;
    protected CertificateToken providedSigningCertificateToken;
    protected List<DSSDocument> detachedContents;
    protected SignatureCryptographicVerification signatureCryptographicVerification;
    protected String structureValidation;
    protected CandidatesForSigningCertificate candidatesForSigningCertificate;
    protected List<TimestampToken> contentTimestamps;
    protected transient List<TimestampToken> signatureTimestamps;
    protected List<TimestampToken> sigAndRefsTimestamps;
    protected List<TimestampToken> refsOnlyTimestamps;
    protected List<TimestampToken> archiveTimestamps;
    protected OfflineCRLSource offlineCRLSource;
    protected OfflineOCSPSource offlineOCSPSource;
    private AdvancedSignature masterSignature;
    protected SignaturePolicy signaturePolicy;
    protected Set<DigestAlgorithm> usedCertificatesDigestAlgorithms = new HashSet();
    private List<SignatureScope> signatureScopes;
    private String signatureFilename;

    /* loaded from: input_file:eu/europa/esig/dss/validation/DefaultAdvancedSignature$RevocationDataForInclusion.class */
    public static class RevocationDataForInclusion {
        public final List<CRLToken> crlTokens;
        public final List<OCSPToken> ocspTokens;

        public RevocationDataForInclusion(List<CRLToken> list, List<OCSPToken> list2) {
            this.crlTokens = list;
            this.ocspTokens = list2;
        }

        public boolean isEmpty() {
            return this.crlTokens.isEmpty() && this.ocspTokens.isEmpty();
        }
    }

    protected DefaultAdvancedSignature(CertificatePool certificatePool) {
        this.certPool = certificatePool;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public String getSignatureFilename() {
        return this.signatureFilename;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public void setSignatureFilename(String str) {
        this.signatureFilename = str;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public List<DSSDocument> getDetachedContents() {
        return this.detachedContents;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public void setDetachedContents(List<DSSDocument> list) {
        this.detachedContents = list;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public SignatureLevel getDataFoundUpToLevel() {
        return getDataFoundUpToProfile(getSignatureLevels());
    }

    private SignatureLevel getDataFoundUpToProfile(SignatureLevel... signatureLevelArr) {
        for (int length = signatureLevelArr.length - 1; length >= 0; length--) {
            SignatureLevel signatureLevel = signatureLevelArr[length];
            if (isDataForSignatureLevelPresent(signatureLevel)) {
                return signatureLevel;
            }
        }
        return null;
    }

    public ValidationContext getSignatureValidationContext(CertificateVerifier certificateVerifier) {
        SignatureValidationContext signatureValidationContext = new SignatureValidationContext();
        Iterator<CertificateToken> it = getCertificates().iterator();
        while (it.hasNext()) {
            signatureValidationContext.addCertificateTokenForVerification(it.next());
        }
        prepareTimestamps(signatureValidationContext);
        certificateVerifier.setSignatureCRLSource(new ListCRLSource(getCRLSource()));
        certificateVerifier.setSignatureOCSPSource(new ListOCSPSource(getOCSPSource()));
        signatureValidationContext.initialize(certificateVerifier);
        signatureValidationContext.validate();
        return signatureValidationContext;
    }

    public Set<CertificateToken> getCertificatesForInclusion(ValidationContext validationContext) {
        HashSet hashSet = new HashSet();
        List<CertificateToken> certificatesWithinSignatureAndTimestamps = getCertificatesWithinSignatureAndTimestamps();
        for (CertificateToken certificateToken : validationContext.getProcessedCertificates()) {
            if (!certificatesWithinSignatureAndTimestamps.contains(certificateToken)) {
                hashSet.add(certificateToken);
            }
        }
        return hashSet;
    }

    public List<CertificateToken> getCertificatesWithinSignatureAndTimestamps() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(getCertificates());
        Iterator<TimestampToken> it = getSignatureTimestamps().iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().getCertificates());
        }
        Iterator<TimestampToken> it2 = getArchiveTimestamps().iterator();
        while (it2.hasNext()) {
            arrayList.addAll(it2.next().getCertificates());
        }
        Iterator<TimestampToken> it3 = getContentTimestamps().iterator();
        while (it3.hasNext()) {
            arrayList.addAll(it3.next().getCertificates());
        }
        Iterator<TimestampToken> it4 = getTimestampsX1().iterator();
        while (it4.hasNext()) {
            arrayList.addAll(it4.next().getCertificates());
        }
        Iterator<TimestampToken> it5 = getTimestampsX2().iterator();
        while (it5.hasNext()) {
            arrayList.addAll(it5.next().getCertificates());
        }
        return arrayList;
    }

    public RevocationDataForInclusion getRevocationDataForInclusion(ValidationContext validationContext) {
        Set<RevocationToken> processedRevocations = validationContext.getProcessedRevocations();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<RevocationToken> it = processedRevocations.iterator();
        while (it.hasNext()) {
            OCSPToken oCSPToken = (RevocationToken) it.next();
            if (!RevocationOrigin.SIGNATURE.equals(oCSPToken.getOrigin())) {
                if (oCSPToken instanceof CRLToken) {
                    arrayList.add((CRLToken) oCSPToken);
                } else {
                    if (!(oCSPToken instanceof OCSPToken)) {
                        throw new DSSException("Unknown type for revocationToken: " + oCSPToken.getClass().getName());
                    }
                    arrayList2.add(oCSPToken);
                }
            }
        }
        return new RevocationDataForInclusion(arrayList, arrayList2);
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public void setMasterSignature(AdvancedSignature advancedSignature) {
        this.masterSignature = advancedSignature;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public AdvancedSignature getMasterSignature() {
        return this.masterSignature;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public SignatureCryptographicVerification getSignatureCryptographicVerification() {
        if (this.signatureCryptographicVerification == null) {
            checkSignatureIntegrity();
        }
        return this.signatureCryptographicVerification;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public CertificateToken getProvidedSigningCertificateToken() {
        return this.providedSigningCertificateToken;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public void setProvidedSigningCertificateToken(CertificateToken certificateToken) {
        this.providedSigningCertificateToken = certificateToken;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public CertificateToken getSigningCertificateToken() {
        this.candidatesForSigningCertificate = getCandidatesForSigningCertificate();
        checkSignatureIntegrity();
        this.signatureCryptographicVerification = getSignatureCryptographicVerification();
        CertificateValidity theCertificateValidity = this.candidatesForSigningCertificate.getTheCertificateValidity();
        if (theCertificateValidity != null && theCertificateValidity.isValid()) {
            return theCertificateValidity.getCertificateToken();
        }
        CertificateValidity theBestCandidate = this.candidatesForSigningCertificate.getTheBestCandidate();
        if (theBestCandidate == null) {
            return null;
        }
        return theBestCandidate.getCertificateToken();
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public void prepareTimestamps(ValidationContext validationContext) {
        Iterator<TimestampToken> it = getContentTimestamps().iterator();
        while (it.hasNext()) {
            validationContext.addTimestampTokenForVerification(it.next());
        }
        Iterator<TimestampToken> it2 = getSignatureTimestamps().iterator();
        while (it2.hasNext()) {
            validationContext.addTimestampTokenForVerification(it2.next());
        }
        Iterator<TimestampToken> it3 = getTimestampsX1().iterator();
        while (it3.hasNext()) {
            validationContext.addTimestampTokenForVerification(it3.next());
        }
        Iterator<TimestampToken> it4 = getTimestampsX2().iterator();
        while (it4.hasNext()) {
            validationContext.addTimestampTokenForVerification(it4.next());
        }
        Iterator<TimestampToken> it5 = getArchiveTimestamps().iterator();
        while (it5.hasNext()) {
            validationContext.addTimestampTokenForVerification(it5.next());
        }
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public void validateTimestamps() {
        for (TimestampToken timestampToken : getContentTimestamps()) {
            timestampToken.matchData(getContentTimestampData(timestampToken));
        }
        for (TimestampToken timestampToken2 : getSignatureTimestamps()) {
            timestampToken2.matchData(getSignatureTimestampData(timestampToken2, null));
        }
        for (TimestampToken timestampToken3 : getTimestampsX1()) {
            timestampToken3.matchData(getTimestampX1Data(timestampToken3, null));
        }
        for (TimestampToken timestampToken4 : getTimestampsX2()) {
            timestampToken4.matchData(getTimestampX2Data(timestampToken4, null));
        }
        for (TimestampToken timestampToken5 : getArchiveTimestamps()) {
            timestampToken5.matchData(getArchiveTimestampData(timestampToken5, null));
        }
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public void validateStructure() {
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public String getStructureValidationResult() {
        return this.structureValidation;
    }

    protected void addReferencesFromOfflineOCSPSource(List<TimestampReference> list) {
        OfflineOCSPSource oCSPSource = getOCSPSource();
        if (oCSPSource != null) {
            List containedOCSPResponses = oCSPSource.getContainedOCSPResponses();
            if (Utils.isCollectionNotEmpty(containedOCSPResponses)) {
                this.usedCertificatesDigestAlgorithms.add(DigestAlgorithm.SHA1);
                Iterator it = containedOCSPResponses.iterator();
                while (it.hasNext()) {
                    list.add(new TimestampReference(DigestAlgorithm.SHA1, Utils.toBase64(DSSUtils.digest(DigestAlgorithm.SHA1, DSSUtils.getEncoded(DSSRevocationUtils.fromBasicToResp((BasicOCSPResp) it.next())))), TimestampReferenceCategory.REVOCATION));
                }
            }
        }
    }

    protected void addReferencesFromOfflineCRLSource(List<TimestampReference> list) {
        OfflineCRLSource cRLSource = getCRLSource();
        if (cRLSource != null) {
            List containedX509CRLs = cRLSource.getContainedX509CRLs();
            if (Utils.isCollectionNotEmpty(containedX509CRLs)) {
                this.usedCertificatesDigestAlgorithms.add(DigestAlgorithm.SHA1);
                Iterator it = containedX509CRLs.iterator();
                while (it.hasNext()) {
                    list.add(new TimestampReference(DigestAlgorithm.SHA1, Utils.toBase64(DSSUtils.digest(DigestAlgorithm.SHA1, DSSUtils.getEncoded((X509CRL) it.next()))), TimestampReferenceCategory.REVOCATION));
                }
            }
        }
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public Set<DigestAlgorithm> getUsedCertificatesDigestAlgorithms() {
        return this.usedCertificatesDigestAlgorithms;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public SignaturePolicy getPolicyId() {
        return this.signaturePolicy;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public void checkSignaturePolicy(SignaturePolicyProvider signaturePolicyProvider) {
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public void findSignatureScope(SignatureScopeFinder signatureScopeFinder) {
        this.signatureScopes = signatureScopeFinder.findSignatureScope(this);
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public List<SignatureScope> getSignatureScopes() {
        return this.signatureScopes;
    }
}
