package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.DSSASN1Utils;
import eu.europa.esig.dss.DSSDocument;
import eu.europa.esig.dss.DSSPKUtils;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.EncryptionAlgorithm;
import eu.europa.esig.dss.SignatureAlgorithm;
import eu.europa.esig.dss.SignatureLevel;
import eu.europa.esig.dss.jaxb.diagnostic.DiagnosticData;
import eu.europa.esig.dss.jaxb.diagnostic.XmlBasicSignature;
import eu.europa.esig.dss.jaxb.diagnostic.XmlCertificate;
import eu.europa.esig.dss.jaxb.diagnostic.XmlCertifiedRole;
import eu.europa.esig.dss.jaxb.diagnostic.XmlChainItem;
import eu.europa.esig.dss.jaxb.diagnostic.XmlContainerInfo;
import eu.europa.esig.dss.jaxb.diagnostic.XmlDigestAlgoAndValue;
import eu.europa.esig.dss.jaxb.diagnostic.XmlDistinguishedName;
import eu.europa.esig.dss.jaxb.diagnostic.XmlManifestFile;
import eu.europa.esig.dss.jaxb.diagnostic.XmlMessage;
import eu.europa.esig.dss.jaxb.diagnostic.XmlOID;
import eu.europa.esig.dss.jaxb.diagnostic.XmlPolicy;
import eu.europa.esig.dss.jaxb.diagnostic.XmlRevocation;
import eu.europa.esig.dss.jaxb.diagnostic.XmlSignature;
import eu.europa.esig.dss.jaxb.diagnostic.XmlSignatureProductionPlace;
import eu.europa.esig.dss.jaxb.diagnostic.XmlSignatureScope;
import eu.europa.esig.dss.jaxb.diagnostic.XmlSignedObjects;
import eu.europa.esig.dss.jaxb.diagnostic.XmlSignedSignature;
import eu.europa.esig.dss.jaxb.diagnostic.XmlSigningCertificate;
import eu.europa.esig.dss.jaxb.diagnostic.XmlStructuralValidation;
import eu.europa.esig.dss.jaxb.diagnostic.XmlTimestamp;
import eu.europa.esig.dss.jaxb.diagnostic.XmlTimestampedTimestamp;
import eu.europa.esig.dss.jaxb.diagnostic.XmlTrustedList;
import eu.europa.esig.dss.jaxb.diagnostic.XmlTrustedService;
import eu.europa.esig.dss.jaxb.diagnostic.XmlTrustedServiceProvider;
import eu.europa.esig.dss.tsl.Condition;
import eu.europa.esig.dss.tsl.KeyUsageBit;
import eu.europa.esig.dss.tsl.ServiceInfo;
import eu.europa.esig.dss.tsl.ServiceInfoStatus;
import eu.europa.esig.dss.tsl.TLInfo;
import eu.europa.esig.dss.tsl.TrustedListsCertificateSource;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.x509.CertificateSource;
import eu.europa.esig.dss.x509.CertificateSourceType;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.RevocationToken;
import eu.europa.esig.dss.x509.SignaturePolicy;
import eu.europa.esig.dss.x509.Token;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/DiagnosticDataBuilder.class */
public class DiagnosticDataBuilder {
    private static final Logger LOG = LoggerFactory.getLogger(DiagnosticDataBuilder.class);
    private DSSDocument signedDocument;
    private ContainerInfo containerInfo;
    private List<AdvancedSignature> signatures;
    private Set<CertificateToken> usedCertificates;
    private TrustedListsCertificateSource trustedListCertSource;
    private Date validationDate;

    public DiagnosticDataBuilder document(DSSDocument dSSDocument) {
        this.signedDocument = dSSDocument;
        return this;
    }

    public DiagnosticDataBuilder containerInfo(ContainerInfo containerInfo) {
        this.containerInfo = containerInfo;
        return this;
    }

    public DiagnosticDataBuilder foundSignatures(List<AdvancedSignature> list) {
        this.signatures = list;
        return this;
    }

    public DiagnosticDataBuilder usedCertificates(Set<CertificateToken> set) {
        this.usedCertificates = set;
        return this;
    }

    public DiagnosticDataBuilder trustedListsCertificateSource(CertificateSource certificateSource) {
        if (certificateSource instanceof TrustedListsCertificateSource) {
            this.trustedListCertSource = (TrustedListsCertificateSource) certificateSource;
        }
        return this;
    }

    public DiagnosticDataBuilder validationDate(Date date) {
        this.validationDate = date;
        return this;
    }

    public DiagnosticData build() {
        DiagnosticData diagnosticData = new DiagnosticData();
        diagnosticData.setDocumentName(removeSpecialCharsForXml(this.signedDocument.getName()));
        diagnosticData.setValidationDate(this.validationDate);
        diagnosticData.setContainerInfo(getXmlContainerInfo());
        HashSet hashSet = new HashSet();
        for (AdvancedSignature advancedSignature : this.signatures) {
            hashSet.addAll(advancedSignature.getUsedCertificatesDigestAlgorithms());
            diagnosticData.getSignatures().add(getXmlSignature(advancedSignature));
        }
        ArrayList arrayList = new ArrayList();
        HashSet<String> hashSet2 = new HashSet();
        for (CertificateToken certificateToken : this.usedCertificates) {
            arrayList.add(getXmlCertificate(hashSet, certificateToken));
            Set associatedTSPS = certificateToken.getAssociatedTSPS();
            if (Utils.isCollectionNotEmpty(associatedTSPS)) {
                Iterator it = associatedTSPS.iterator();
                while (it.hasNext()) {
                    hashSet2.add(((ServiceInfo) it.next()).getTlCountryCode());
                }
            }
        }
        diagnosticData.setUsedCertificates(Collections.unmodifiableList(arrayList));
        if (this.trustedListCertSource != null) {
            boolean z = false;
            for (String str : hashSet2) {
                TLInfo tlInfo = this.trustedListCertSource.getTlInfo(str);
                if (tlInfo != null) {
                    diagnosticData.getTrustedLists().add(getXmlTrustedList(str, tlInfo));
                    z = true;
                }
            }
            if (z) {
                diagnosticData.setListOfTrustedLists(getXmlTrustedList("LOTL", this.trustedListCertSource.getLotlInfo()));
            }
        }
        return diagnosticData;
    }

    private XmlTrustedList getXmlTrustedList(String str, TLInfo tLInfo) {
        if (tLInfo == null) {
            LOG.warn("Not info found for country " + str);
            return null;
        }
        XmlTrustedList xmlTrustedList = new XmlTrustedList();
        xmlTrustedList.setCountryCode(tLInfo.getCountryCode());
        xmlTrustedList.setUrl(tLInfo.getUrl());
        xmlTrustedList.setIssueDate(tLInfo.getIssueDate());
        xmlTrustedList.setNextUpdate(tLInfo.getNextUpdate());
        xmlTrustedList.setLastLoading(tLInfo.getLastLoading());
        xmlTrustedList.setSequenceNumber(Integer.valueOf(tLInfo.getSequenceNumber()));
        xmlTrustedList.setVersion(Integer.valueOf(tLInfo.getVersion()));
        xmlTrustedList.setWellSigned(tLInfo.isWellSigned());
        return xmlTrustedList;
    }

    private XmlContainerInfo getXmlContainerInfo() {
        if (this.containerInfo == null) {
            return null;
        }
        XmlContainerInfo xmlContainerInfo = new XmlContainerInfo();
        xmlContainerInfo.setContainerType(this.containerInfo.getContainerType().getReadable());
        String zipComment = this.containerInfo.getZipComment();
        if (Utils.isStringNotBlank(zipComment)) {
            xmlContainerInfo.setZipComment(zipComment);
        }
        xmlContainerInfo.setMimeTypeFilePresent(Boolean.valueOf(this.containerInfo.isMimeTypeFilePresent()));
        xmlContainerInfo.setMimeTypeContent(this.containerInfo.getMimeTypeContent());
        xmlContainerInfo.setContentFiles(this.containerInfo.getSignedDocumentFilenames());
        xmlContainerInfo.setManifestFiles(getXmlManifests(this.containerInfo.getManifestFiles()));
        return xmlContainerInfo;
    }

    private List<XmlManifestFile> getXmlManifests(List<ManifestFile> list) {
        if (!Utils.isCollectionNotEmpty(list)) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (ManifestFile manifestFile : list) {
            XmlManifestFile xmlManifestFile = new XmlManifestFile();
            xmlManifestFile.setFilename(manifestFile.getFilename());
            xmlManifestFile.setSignatureFilename(manifestFile.getSignatureFilename());
            xmlManifestFile.getEntries().addAll(manifestFile.getEntries());
            arrayList.add(xmlManifestFile);
        }
        return arrayList;
    }

    private XmlSignature getXmlSignature(AdvancedSignature advancedSignature) {
        XmlSignature xmlSignature = new XmlSignature();
        xmlSignature.setSignatureFilename(removeSpecialCharsForXml(advancedSignature.getSignatureFilename()));
        AdvancedSignature masterSignature = advancedSignature.getMasterSignature();
        if (masterSignature != null) {
            xmlSignature.setType("COUNTERSIGNATURE");
            xmlSignature.setParentId(masterSignature.getId());
        }
        xmlSignature.setId(advancedSignature.getId());
        xmlSignature.setDateTime(advancedSignature.getSigningTime());
        xmlSignature.setStructuralValidation(getXmlStructuralValidation(advancedSignature));
        xmlSignature.setSignatureFormat(getXmlSignatureFormat(advancedSignature.getDataFoundUpToLevel()));
        xmlSignature.setSignatureProductionPlace(getXmlSignatureProductionPlace(advancedSignature.getSignatureProductionPlace()));
        xmlSignature.setCommitmentTypeIndication(getXmlCommitmentTypeIndication(advancedSignature.getCommitmentTypeIndication()));
        xmlSignature.setClaimedRoles(getXmlClaimedRole(advancedSignature.getClaimedSignerRoles()));
        xmlSignature.getCertifiedRoles().addAll(getXmlCertifiedRoles(advancedSignature.getCertifiedSignerRoles()));
        xmlSignature.setContentType(advancedSignature.getContentType());
        xmlSignature.setContentIdentifier(advancedSignature.getContentIdentifier());
        xmlSignature.setContentHints(advancedSignature.getContentHints());
        CertificateToken certificateToken = null;
        CertificateValidity theCertificateValidity = advancedSignature.getCandidatesForSigningCertificate().getTheCertificateValidity();
        if (theCertificateValidity != null) {
            xmlSignature.setSigningCertificate(getXmlSigningCertificate(theCertificateValidity));
            certificateToken = theCertificateValidity.getCertificateToken();
        }
        xmlSignature.setCertificateChain(getXmlForCertificateChain(certificateToken));
        xmlSignature.setBasicSignature(getXmlBasicSignature(advancedSignature, certificateToken));
        xmlSignature.setPolicy(getXmlPolicy(advancedSignature.getPolicyId()));
        xmlSignature.setTimestamps(getXmlTimestamps(advancedSignature));
        xmlSignature.setSignatureScopes(getXmlSignatureScopes(advancedSignature.getSignatureScopes()));
        return xmlSignature;
    }

    private XmlStructuralValidation getXmlStructuralValidation(AdvancedSignature advancedSignature) {
        String structureValidationResult = advancedSignature.getStructureValidationResult();
        XmlStructuralValidation xmlStructuralValidation = new XmlStructuralValidation();
        xmlStructuralValidation.setValid(Boolean.valueOf(Utils.isStringEmpty(structureValidationResult)));
        if (Utils.isStringNotEmpty(structureValidationResult)) {
            xmlStructuralValidation.setMessage(structureValidationResult);
        }
        return xmlStructuralValidation;
    }

    private String removeSpecialCharsForXml(String str) {
        return Utils.isStringNotEmpty(str) ? str.replaceAll("&", "") : "";
    }

    private XmlRevocation getXmlRevocation(RevocationToken revocationToken, String str, Set<DigestAlgorithm> set) {
        XmlRevocation xmlRevocation = new XmlRevocation();
        xmlRevocation.setId(str);
        xmlRevocation.setOrigin(revocationToken.getOrigin().name());
        Boolean status = revocationToken.getStatus();
        xmlRevocation.setStatus(status == null ? false : status.booleanValue());
        xmlRevocation.setProductionDate(revocationToken.getProductionDate());
        xmlRevocation.setThisUpdate(revocationToken.getThisUpdate());
        xmlRevocation.setNextUpdate(revocationToken.getNextUpdate());
        xmlRevocation.setRevocationDate(revocationToken.getRevocationDate());
        xmlRevocation.setExpiredCertsOnCRL(revocationToken.getExpiredCertsOnCRL());
        xmlRevocation.setArchiveCutOff(revocationToken.getArchiveCutOff());
        xmlRevocation.setReason(revocationToken.getReason());
        xmlRevocation.setSource(revocationToken.getClass().getSimpleName());
        String sourceURL = revocationToken.getSourceURL();
        if (Utils.isStringNotEmpty(sourceURL)) {
            xmlRevocation.setSourceAddress(sourceURL);
            xmlRevocation.setAvailable(Boolean.valueOf(revocationToken.isAvailable()));
        }
        xmlRevocation.setBasicSignature(getXmlBasicSignature(revocationToken));
        xmlRevocation.setDigestAlgoAndValues(getXmlDigestAlgoAndValues(set, revocationToken));
        CertificateToken issuerToken = revocationToken.getIssuerToken();
        xmlRevocation.setSigningCertificate(getXmlSigningCertificate(issuerToken));
        xmlRevocation.setCertificateChain(getXmlForCertificateChain(issuerToken));
        xmlRevocation.setInfo(getXmlInfo(revocationToken.getValidationInfo()));
        return xmlRevocation;
    }

    private List<XmlDigestAlgoAndValue> getXmlDigestAlgoAndValues(Set<DigestAlgorithm> set, Token token) {
        ArrayList arrayList = new ArrayList();
        for (DigestAlgorithm digestAlgorithm : set) {
            arrayList.add(getXmlDigestAlgoAndValue(digestAlgorithm, Utils.toBase64(token.getDigest(digestAlgorithm))));
        }
        return arrayList;
    }

    private List<XmlMessage> getXmlInfo(List<String> list) {
        ArrayList arrayList = new ArrayList();
        if (Utils.isCollectionNotEmpty(list)) {
            int i = 0;
            for (String str : list) {
                XmlMessage xmlMessage = new XmlMessage();
                xmlMessage.setId(i);
                xmlMessage.setValue(str);
                arrayList.add(xmlMessage);
                i++;
            }
        }
        return arrayList;
    }

    private List<XmlChainItem> getXmlForCertificateChain(CertificateToken certificateToken) {
        if (certificateToken == null) {
            return null;
        }
        CertificateToken certificateToken2 = certificateToken;
        ArrayList arrayList = new ArrayList();
        do {
            arrayList.add(getXmlChainItem(certificateToken2));
            if (certificateToken2.isTrusted() || certificateToken2.isSelfSigned()) {
                break;
            }
            certificateToken2 = certificateToken2.getIssuerToken();
        } while (certificateToken2 != null);
        return arrayList;
    }

    private XmlChainItem getXmlChainItem(CertificateToken certificateToken) {
        XmlChainItem xmlChainItem = new XmlChainItem();
        xmlChainItem.setId(certificateToken.getDSSIdAsString());
        xmlChainItem.setSource(getCertificateMainSourceType(certificateToken).name());
        return xmlChainItem;
    }

    private CertificateSourceType getCertificateMainSourceType(CertificateToken certificateToken) {
        CertificateSourceType certificateSourceType = CertificateSourceType.UNKNOWN;
        Set sources = certificateToken.getSources();
        if (sources.size() > 0) {
            certificateSourceType = sources.contains(CertificateSourceType.TRUSTED_LIST) ? CertificateSourceType.TRUSTED_LIST : sources.contains(CertificateSourceType.TRUSTED_STORE) ? CertificateSourceType.TRUSTED_STORE : (CertificateSourceType) sources.iterator().next();
        }
        return certificateSourceType;
    }

    private XmlSigningCertificate getXmlSigningCertificate(CertificateToken certificateToken) {
        if (certificateToken == null) {
            return null;
        }
        XmlSigningCertificate xmlSigningCertificate = new XmlSigningCertificate();
        xmlSigningCertificate.setId(certificateToken.getDSSIdAsString());
        return xmlSigningCertificate;
    }

    private XmlSigningCertificate getXmlSigningCertificate(CertificateValidity certificateValidity) {
        XmlSigningCertificate xmlSigningCertificate = new XmlSigningCertificate();
        CertificateToken certificateToken = certificateValidity.getCertificateToken();
        if (certificateToken != null) {
            xmlSigningCertificate.setId(certificateToken.getDSSIdAsString());
        }
        xmlSigningCertificate.setAttributePresent(Boolean.valueOf(certificateValidity.isAttributePresent()));
        xmlSigningCertificate.setDigestValuePresent(Boolean.valueOf(certificateValidity.isDigestPresent()));
        xmlSigningCertificate.setDigestValueMatch(Boolean.valueOf(certificateValidity.isDigestEqual()));
        xmlSigningCertificate.setIssuerSerialMatch(Boolean.valueOf(certificateValidity.isSerialNumberEqual() && certificateValidity.isDistinguishedNameEqual()));
        xmlSigningCertificate.setSigned(certificateValidity.getSigned());
        return xmlSigningCertificate;
    }

    private XmlSignatureProductionPlace getXmlSignatureProductionPlace(SignatureProductionPlace signatureProductionPlace) {
        if (signatureProductionPlace == null) {
            return null;
        }
        XmlSignatureProductionPlace xmlSignatureProductionPlace = new XmlSignatureProductionPlace();
        xmlSignatureProductionPlace.setCountryName(signatureProductionPlace.getCountryName());
        xmlSignatureProductionPlace.setStateOrProvince(signatureProductionPlace.getStateOrProvince());
        xmlSignatureProductionPlace.setPostalCode(signatureProductionPlace.getPostalCode());
        xmlSignatureProductionPlace.setAddress(signatureProductionPlace.getStreetAddress());
        xmlSignatureProductionPlace.setCity(signatureProductionPlace.getCity());
        return xmlSignatureProductionPlace;
    }

    private List<XmlCertifiedRole> getXmlCertifiedRoles(List<CertifiedRole> list) {
        ArrayList arrayList = new ArrayList();
        if (Utils.isCollectionNotEmpty(list)) {
            for (CertifiedRole certifiedRole : list) {
                XmlCertifiedRole xmlCertifiedRole = new XmlCertifiedRole();
                xmlCertifiedRole.setCertifiedRole(certifiedRole.getRole());
                xmlCertifiedRole.setNotBefore(certifiedRole.getNotBefore());
                xmlCertifiedRole.setNotAfter(certifiedRole.getNotAfter());
                arrayList.add(xmlCertifiedRole);
            }
        }
        return Collections.emptyList();
    }

    private List<String> getXmlClaimedRole(String[] strArr) {
        return Utils.isArrayNotEmpty(strArr) ? Arrays.asList(strArr) : Collections.emptyList();
    }

    private List<String> getXmlCommitmentTypeIndication(CommitmentType commitmentType) {
        return commitmentType != null ? commitmentType.getIdentifiers() : Collections.emptyList();
    }

    private String getXmlSignatureFormat(SignatureLevel signatureLevel) {
        return signatureLevel == null ? "UNKNOWN" : signatureLevel.toString();
    }

    private XmlDistinguishedName getXmlDistinguishedName(String str, X500Principal x500Principal) {
        XmlDistinguishedName xmlDistinguishedName = new XmlDistinguishedName();
        xmlDistinguishedName.setFormat(str);
        xmlDistinguishedName.setValue(x500Principal.getName(str));
        return xmlDistinguishedName;
    }

    private List<XmlTimestamp> getXmlTimestamps(AdvancedSignature advancedSignature) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(getXmlTimestamps(advancedSignature.getContentTimestamps()));
        arrayList.addAll(getXmlTimestamps(advancedSignature.getSignatureTimestamps()));
        arrayList.addAll(getXmlTimestamps(advancedSignature.getTimestampsX1()));
        arrayList.addAll(getXmlTimestamps(advancedSignature.getTimestampsX2()));
        arrayList.addAll(getXmlTimestamps(advancedSignature.getArchiveTimestamps()));
        return arrayList;
    }

    private XmlPolicy getXmlPolicy(SignaturePolicy signaturePolicy) {
        if (signaturePolicy == null) {
            return null;
        }
        XmlPolicy xmlPolicy = new XmlPolicy();
        String identifier = signaturePolicy.getIdentifier();
        xmlPolicy.setId(identifier);
        xmlPolicy.setUrl(signaturePolicy.getUrl());
        xmlPolicy.setNotice(signaturePolicy.getNotice());
        String digestValue = signaturePolicy.getDigestValue();
        DigestAlgorithm digestAlgorithm = signaturePolicy.getDigestAlgorithm();
        if (Utils.isStringNotEmpty(digestValue)) {
            xmlPolicy.setDigestAlgoAndValue(getXmlDigestAlgoAndValue(digestAlgorithm, digestValue));
        }
        DSSDocument policyContent = signaturePolicy.getPolicyContent();
        if (policyContent == null) {
            xmlPolicy.setIdentified(false);
            if (identifier.isEmpty()) {
                xmlPolicy.setStatus(true);
            } else {
                xmlPolicy.setStatus(false);
            }
            return xmlPolicy;
        }
        byte[] byteArray = DSSUtils.toByteArray(policyContent);
        xmlPolicy.setStatus(true);
        xmlPolicy.setIdentified(true);
        if (Utils.isArrayEmpty(byteArray)) {
            xmlPolicy.setIdentified(false);
            xmlPolicy.setProcessingError("Empty content for policy");
            return xmlPolicy;
        }
        ASN1Sequence aSN1Sequence = null;
        try {
            aSN1Sequence = (ASN1Sequence) DSSASN1Utils.toASN1Primitive(byteArray);
        } catch (Exception e) {
            LOG.info("Policy bytes are not asn1 processable : " + e.getMessage());
        }
        try {
            if (aSN1Sequence != null) {
                xmlPolicy.setAsn1Processable(true);
                DigestAlgorithm forOID = DigestAlgorithm.forOID(AlgorithmIdentifier.getInstance(aSN1Sequence.getObjectAt(0)).getAlgorithm().getId());
                if (!forOID.equals(digestAlgorithm)) {
                    xmlPolicy.setProcessingError("The digest algorithm indicated in the SignPolicyHashAlg from the resulting document (" + forOID + ") is not equal to the digest algorithm (" + digestAlgorithm + ").");
                    xmlPolicy.setDigestAlgorithmsEqual(false);
                    xmlPolicy.setStatus(false);
                    return xmlPolicy;
                }
                xmlPolicy.setDigestAlgorithmsEqual(true);
                String base64 = Utils.toBase64(DSSASN1Utils.getAsn1SignaturePolicyDigest(forOID, byteArray));
                boolean areStringsEqual = Utils.areStringsEqual(digestValue, base64);
                xmlPolicy.setStatus(Boolean.valueOf(areStringsEqual));
                if (!areStringsEqual) {
                    xmlPolicy.setProcessingError("The policy digest value (" + digestValue + ") does not match the re-calculated digest value (" + base64 + ").");
                    return xmlPolicy;
                }
                String base642 = Utils.toBase64(aSN1Sequence.getObjectAt(2).getOctets());
                boolean areStringsEqual2 = Utils.areStringsEqual(digestValue, base642);
                xmlPolicy.setStatus(Boolean.valueOf(areStringsEqual2));
                if (!areStringsEqual2) {
                    xmlPolicy.setProcessingError("The policy digest value (" + digestValue + ") does not match the digest value from the policy file (" + base642 + ").");
                }
            } else {
                String base643 = Utils.toBase64(DSSUtils.digest(digestAlgorithm, byteArray));
                boolean areStringsEqual3 = Utils.areStringsEqual(digestValue, base643);
                xmlPolicy.setStatus(Boolean.valueOf(areStringsEqual3));
                if (!areStringsEqual3) {
                    xmlPolicy.setProcessingError("The policy digest value (" + digestValue + ") does not match the re-calculated digest value (" + base643 + ").");
                }
            }
        } catch (Exception e2) {
            xmlPolicy.setStatus(false);
            xmlPolicy.setProcessingError(e2.getMessage());
            LOG.warn(e2.getMessage(), e2);
        }
        return xmlPolicy;
    }

    private List<XmlTimestamp> getXmlTimestamps(List<TimestampToken> list) {
        ArrayList arrayList = new ArrayList();
        if (Utils.isCollectionNotEmpty(list)) {
            Iterator<TimestampToken> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(getXmlTimestamp(it.next()));
            }
        }
        return arrayList;
    }

    private XmlTimestamp getXmlTimestamp(TimestampToken timestampToken) {
        XmlTimestamp xmlTimestamp = new XmlTimestamp();
        xmlTimestamp.setId(timestampToken.getDSSIdAsString());
        xmlTimestamp.setType(timestampToken.getTimeStampType().name());
        xmlTimestamp.setProductionTime(timestampToken.getGenerationTime());
        xmlTimestamp.setSignedDataDigestAlgo(timestampToken.getSignedDataDigestAlgo().getName());
        xmlTimestamp.setEncodedSignedDataDigestValue(timestampToken.getEncodedSignedDataDigestValue());
        xmlTimestamp.setMessageImprintDataFound(timestampToken.isMessageImprintDataFound().booleanValue());
        xmlTimestamp.setMessageImprintDataIntact(timestampToken.isMessageImprintDataIntact().booleanValue());
        xmlTimestamp.setCanonicalizationMethod(timestampToken.getCanonicalizationMethod());
        xmlTimestamp.setBasicSignature(getXmlBasicSignature(timestampToken));
        CertificateToken issuerToken = timestampToken.getIssuerToken();
        xmlTimestamp.setSigningCertificate(getXmlSigningCertificate(issuerToken));
        xmlTimestamp.setCertificateChain(getXmlForCertificateChain(issuerToken));
        xmlTimestamp.setSignedObjects(getXmlSignedObjects(timestampToken.getTimestampedReferences()));
        return xmlTimestamp;
    }

    private XmlSignedObjects getXmlSignedObjects(List<TimestampReference> list) {
        if (!Utils.isCollectionNotEmpty(list)) {
            return null;
        }
        XmlSignedObjects xmlSignedObjects = new XmlSignedObjects();
        List digestAlgoAndValues = xmlSignedObjects.getDigestAlgoAndValues();
        for (TimestampReference timestampReference : list) {
            TimestampReferenceCategory category = timestampReference.getCategory();
            if (TimestampReferenceCategory.SIGNATURE.equals(category)) {
                XmlSignedSignature xmlSignedSignature = new XmlSignedSignature();
                xmlSignedSignature.setId(timestampReference.getSignatureId());
                xmlSignedObjects.getSignedSignature().add(xmlSignedSignature);
            } else if (TimestampReferenceCategory.TIMESTAMP.equals(category)) {
                XmlTimestampedTimestamp xmlTimestampedTimestamp = new XmlTimestampedTimestamp();
                xmlTimestampedTimestamp.setId(timestampReference.getSignatureId());
                xmlSignedObjects.getTimestampedTimestamp().add(xmlTimestampedTimestamp);
            } else {
                XmlDigestAlgoAndValue xmlDigestAlgoAndValue = getXmlDigestAlgoAndValue(timestampReference.getDigestAlgorithm(), timestampReference.getDigestValue());
                xmlDigestAlgoAndValue.setCategory(category.name());
                digestAlgoAndValues.add(xmlDigestAlgoAndValue);
            }
        }
        return xmlSignedObjects;
    }

    private XmlBasicSignature getXmlBasicSignature(Token token) {
        XmlBasicSignature xmlBasicSignature = new XmlBasicSignature();
        SignatureAlgorithm signatureAlgorithm = token.getSignatureAlgorithm();
        if (signatureAlgorithm != null) {
            xmlBasicSignature.setEncryptionAlgoUsedToSignThisToken(signatureAlgorithm.getEncryptionAlgorithm().getName());
            xmlBasicSignature.setDigestAlgoUsedToSignThisToken(signatureAlgorithm.getDigestAlgorithm().getName());
        }
        xmlBasicSignature.setKeyLengthUsedToSignThisToken(DSSPKUtils.getPublicKeySize(token));
        boolean isSignatureValid = token.isSignatureValid();
        xmlBasicSignature.setReferenceDataFound(isSignatureValid);
        xmlBasicSignature.setReferenceDataIntact(isSignatureValid);
        xmlBasicSignature.setSignatureIntact(isSignatureValid);
        xmlBasicSignature.setSignatureValid(isSignatureValid);
        return xmlBasicSignature;
    }

    private List<String> getXmlKeyUsages(Set<KeyUsageBit> set) {
        ArrayList arrayList = new ArrayList();
        if (Utils.isCollectionNotEmpty(set)) {
            Iterator<KeyUsageBit> it = set.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().name());
            }
        }
        return arrayList;
    }

    private XmlBasicSignature getXmlBasicSignature(AdvancedSignature advancedSignature, CertificateToken certificateToken) {
        XmlBasicSignature xmlBasicSignature = new XmlBasicSignature();
        EncryptionAlgorithm encryptionAlgorithm = advancedSignature.getEncryptionAlgorithm();
        xmlBasicSignature.setEncryptionAlgoUsedToSignThisToken(encryptionAlgorithm == null ? "?" : encryptionAlgorithm.getName());
        xmlBasicSignature.setKeyLengthUsedToSignThisToken(String.valueOf(certificateToken == null ? 0 : DSSPKUtils.getPublicKeySize(certificateToken.getPublicKey())));
        DigestAlgorithm digestAlgorithm = getDigestAlgorithm(advancedSignature);
        xmlBasicSignature.setDigestAlgoUsedToSignThisToken(digestAlgorithm == null ? "?" : digestAlgorithm.getName());
        SignatureCryptographicVerification signatureCryptographicVerification = advancedSignature.getSignatureCryptographicVerification();
        xmlBasicSignature.setReferenceDataFound(signatureCryptographicVerification.isReferenceDataFound());
        xmlBasicSignature.setReferenceDataIntact(signatureCryptographicVerification.isReferenceDataIntact());
        xmlBasicSignature.setSignatureIntact(signatureCryptographicVerification.isSignatureIntact());
        xmlBasicSignature.setSignatureValid(signatureCryptographicVerification.isSignatureValid());
        return xmlBasicSignature;
    }

    private DigestAlgorithm getDigestAlgorithm(AdvancedSignature advancedSignature) {
        DigestAlgorithm digestAlgorithm = null;
        try {
            digestAlgorithm = advancedSignature.getDigestAlgorithm();
        } catch (Exception e) {
            LOG.error("Unable to retrieve digest algorithm : " + e.getMessage());
        }
        return digestAlgorithm;
    }

    private List<XmlSignatureScope> getXmlSignatureScopes(List<SignatureScope> list) {
        ArrayList arrayList = new ArrayList();
        if (Utils.isCollectionNotEmpty(list)) {
            Iterator<SignatureScope> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(getXmlSignatureScope(it.next()));
            }
        }
        return arrayList;
    }

    private XmlSignatureScope getXmlSignatureScope(SignatureScope signatureScope) {
        XmlSignatureScope xmlSignatureScope = new XmlSignatureScope();
        xmlSignatureScope.setName(signatureScope.getName());
        xmlSignatureScope.setScope(signatureScope.getType());
        xmlSignatureScope.setValue(signatureScope.getDescription());
        return xmlSignatureScope;
    }

    private XmlCertificate getXmlCertificate(Set<DigestAlgorithm> set, CertificateToken certificateToken) {
        XmlCertificate xmlCertificate = new XmlCertificate();
        xmlCertificate.setId(certificateToken.getDSSIdAsString());
        xmlCertificate.getSubjectDistinguishedName().add(getXmlDistinguishedName("CANONICAL", certificateToken.getSubjectX500Principal()));
        xmlCertificate.getSubjectDistinguishedName().add(getXmlDistinguishedName("RFC2253", certificateToken.getSubjectX500Principal()));
        xmlCertificate.getIssuerDistinguishedName().add(getXmlDistinguishedName("CANONICAL", certificateToken.getIssuerX500Principal()));
        xmlCertificate.getIssuerDistinguishedName().add(getXmlDistinguishedName("RFC2253", certificateToken.getIssuerX500Principal()));
        xmlCertificate.setSerialNumber(certificateToken.getSerialNumber());
        X500Principal subjectX500Principal = certificateToken.getSubjectX500Principal();
        xmlCertificate.setCommonName(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.CN, subjectX500Principal));
        xmlCertificate.setCountryName(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.C, subjectX500Principal));
        xmlCertificate.setOrganizationName(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.O, subjectX500Principal));
        xmlCertificate.setGivenName(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.GIVENNAME, subjectX500Principal));
        xmlCertificate.setOrganizationalUnit(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.OU, subjectX500Principal));
        xmlCertificate.setSurname(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.SURNAME, subjectX500Principal));
        xmlCertificate.setPseudonym(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.PSEUDONYM, subjectX500Principal));
        xmlCertificate.setAuthorityInformationAccessUrls(DSSASN1Utils.getCAAccessLocations(certificateToken));
        xmlCertificate.setOCSPAccessUrls(DSSASN1Utils.getOCSPAccessLocations(certificateToken));
        xmlCertificate.setCRLDistributionPoints(DSSASN1Utils.getCrlUrls(certificateToken));
        xmlCertificate.setDigestAlgoAndValues(getXmlDigestAlgoAndValues(set, certificateToken));
        xmlCertificate.setNotAfter(certificateToken.getNotAfter());
        xmlCertificate.setNotBefore(certificateToken.getNotBefore());
        PublicKey publicKey = certificateToken.getPublicKey();
        xmlCertificate.setPublicKeySize(DSSPKUtils.getPublicKeySize(publicKey));
        xmlCertificate.setPublicKeyEncryptionAlgo(DSSPKUtils.getPublicKeyEncryptionAlgo(publicKey));
        xmlCertificate.setKeyUsageBits(getXmlKeyUsages(certificateToken.getKeyUsageBits()));
        xmlCertificate.setIdKpOCSPSigning(Boolean.valueOf(DSSASN1Utils.isOCSPSigning(certificateToken)));
        xmlCertificate.setIdPkixOcspNoCheck(Boolean.valueOf(DSSASN1Utils.hasIdPkixOcspNoCheckExtension(certificateToken)));
        xmlCertificate.setBasicSignature(getXmlBasicSignature(certificateToken));
        CertificateToken issuerToken = certificateToken.getIssuerToken();
        xmlCertificate.setSigningCertificate(getXmlSigningCertificate(issuerToken));
        xmlCertificate.setCertificateChain(getXmlForCertificateChain(issuerToken));
        xmlCertificate.setQCStatementIds(getXmlOids(DSSASN1Utils.getQCStatementsIdList(certificateToken)));
        xmlCertificate.setQCTypes(getXmlOids(DSSASN1Utils.getQCTypesIdList(certificateToken)));
        xmlCertificate.setCertificatePolicyIds(getXmlOids(DSSASN1Utils.getPolicyIdentifiers(certificateToken)));
        xmlCertificate.setSelfSigned(certificateToken.isSelfSigned());
        xmlCertificate.setTrusted(certificateToken.isTrusted());
        xmlCertificate.setInfo(getXmlInfo(certificateToken.getValidationInfo()));
        Set<RevocationToken> revocationTokens = certificateToken.getRevocationTokens();
        if (Utils.isCollectionNotEmpty(revocationTokens)) {
            for (RevocationToken revocationToken : revocationTokens) {
                xmlCertificate.getRevocations().add(getXmlRevocation(revocationToken, Utils.toHex(certificateToken.getDigest(DigestAlgorithm.SHA256)) + Utils.toHex(revocationToken.getDigest(DigestAlgorithm.SHA256)), set));
            }
        }
        xmlCertificate.setTrustedServiceProviders(getXmlTrustedServiceProviders(certificateToken));
        return xmlCertificate;
    }

    private List<XmlOID> getXmlOids(List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            XmlOID xmlOID = new XmlOID();
            xmlOID.setValue(str);
            xmlOID.setDescription(OidRepository.getDescription(str));
            arrayList.add(xmlOID);
        }
        return arrayList;
    }

    private List<XmlTrustedServiceProvider> getXmlTrustedServiceProviders(CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        for (List<ServiceInfo> list : classifyByServiceProvider(getLinkedTrustedServices(certificateToken)).values()) {
            ServiceInfo serviceInfo = list.get(0);
            XmlTrustedServiceProvider xmlTrustedServiceProvider = new XmlTrustedServiceProvider();
            xmlTrustedServiceProvider.setCountryCode(serviceInfo.getTlCountryCode());
            xmlTrustedServiceProvider.setTSPName(serviceInfo.getTspName());
            xmlTrustedServiceProvider.setTSPServiceName(serviceInfo.getServiceName());
            xmlTrustedServiceProvider.setTrustedServices(getXmlTrustedServices(list, certificateToken));
            arrayList.add(xmlTrustedServiceProvider);
        }
        return Collections.unmodifiableList(arrayList);
    }

    private List<XmlTrustedService> getXmlTrustedServices(List<ServiceInfo> list, CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        Iterator<ServiceInfo> it = list.iterator();
        while (it.hasNext()) {
            List<ServiceInfoStatus> after = it.next().getStatus().getAfter(certificateToken.getNotBefore());
            if (Utils.isCollectionNotEmpty(after)) {
                for (ServiceInfoStatus serviceInfoStatus : after) {
                    XmlTrustedService xmlTrustedService = new XmlTrustedService();
                    xmlTrustedService.setServiceType(serviceInfoStatus.getType());
                    xmlTrustedService.setStatus(serviceInfoStatus.getStatus());
                    xmlTrustedService.setStartDate(serviceInfoStatus.getStartDate());
                    xmlTrustedService.setEndDate(serviceInfoStatus.getEndDate());
                    List<String> qualifiers = getQualifiers(serviceInfoStatus, certificateToken);
                    if (Utils.isCollectionNotEmpty(qualifiers)) {
                        xmlTrustedService.setCapturedQualifiers(qualifiers);
                    }
                    List additionalServiceInfoUris = serviceInfoStatus.getAdditionalServiceInfoUris();
                    if (Utils.isCollectionNotEmpty(additionalServiceInfoUris)) {
                        xmlTrustedService.setAdditionalServiceInfoUris(additionalServiceInfoUris);
                    }
                    xmlTrustedService.setExpiredCertsRevocationInfo(serviceInfoStatus.getExpiredCertsRevocationInfo());
                    arrayList.add(xmlTrustedService);
                }
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    private Map<String, List<ServiceInfo>> classifyByServiceProvider(Set<ServiceInfo> set) {
        HashMap hashMap = new HashMap();
        if (Utils.isCollectionNotEmpty(set)) {
            for (ServiceInfo serviceInfo : set) {
                String tspTradeName = serviceInfo.getTspTradeName();
                List list = (List) hashMap.get(tspTradeName);
                if (list == null) {
                    list = new ArrayList();
                    hashMap.put(tspTradeName, list);
                }
                list.add(serviceInfo);
            }
        }
        return hashMap;
    }

    private Set<ServiceInfo> getLinkedTrustedServices(CertificateToken certificateToken) {
        Set<ServiceInfo> set = null;
        if (certificateToken.isTrusted()) {
            set = certificateToken.getAssociatedTSPS();
        } else {
            CertificateToken trustAnchor = certificateToken.getTrustAnchor();
            if (trustAnchor != null) {
                set = trustAnchor.getAssociatedTSPS();
            }
        }
        return set;
    }

    private List<String> getQualifiers(ServiceInfoStatus serviceInfoStatus, CertificateToken certificateToken) {
        LOG.trace("--> GET_QUALIFIERS()");
        ArrayList arrayList = new ArrayList();
        for (Map.Entry entry : serviceInfoStatus.getQualifiersAndConditions().entrySet()) {
            List list = (List) entry.getValue();
            LOG.trace("  --> " + list);
            Iterator it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (((Condition) it.next()).check(certificateToken)) {
                    LOG.trace("    --> CONDITION TRUE / " + ((String) entry.getKey()));
                    arrayList.add(entry.getKey());
                    break;
                }
            }
        }
        return arrayList;
    }

    private XmlDigestAlgoAndValue getXmlDigestAlgoAndValue(DigestAlgorithm digestAlgorithm, String str) {
        XmlDigestAlgoAndValue xmlDigestAlgoAndValue = new XmlDigestAlgoAndValue();
        xmlDigestAlgoAndValue.setDigestMethod(digestAlgorithm == null ? "" : digestAlgorithm.getName());
        xmlDigestAlgoAndValue.setDigestValue(str);
        return xmlDigestAlgoAndValue;
    }
}
