package eu.europa.esig.dss.validation.process.ltv;

import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.XmlDom;
import eu.europa.esig.dss.validation.policy.ProcessParameters;
import eu.europa.esig.dss.validation.policy.RuleUtils;
import eu.europa.esig.dss.validation.policy.ValidationPolicy;
import eu.europa.esig.dss.validation.policy.XmlNode;
import eu.europa.esig.dss.validation.policy.rules.AttributeName;
import eu.europa.esig.dss.validation.policy.rules.AttributeValue;
import eu.europa.esig.dss.validation.policy.rules.Indication;
import eu.europa.esig.dss.validation.policy.rules.MessageTag;
import eu.europa.esig.dss.validation.policy.rules.NodeName;
import eu.europa.esig.dss.validation.policy.rules.NodeValue;
import eu.europa.esig.dss.validation.policy.rules.SubIndication;
import eu.europa.esig.dss.validation.process.ValidationXPathQueryHolder;
import eu.europa.esig.dss.validation.process.dss.InvolvedServiceInfo;
import eu.europa.esig.dss.validation.process.subprocess.EtsiPOEExtraction;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/ltv/ControlTimeSliding.class */
public class ControlTimeSliding {
    private static final Logger LOG = LoggerFactory.getLogger(PastCertificateValidation.class);
    private ValidationPolicy constraintData;
    private Date controlTime;
    private EtsiPOEExtraction poe;
    private XmlNode controlTimeSlidingData;

    private void prepareParameters(ProcessParameters processParameters) {
        this.constraintData = processParameters.getCurrentValidationPolicy();
        this.poe = (EtsiPOEExtraction) processParameters.getPOE();
        isInitialised(processParameters);
    }

    private void isInitialised(ProcessParameters processParameters) {
        if (this.poe == null) {
            this.poe = new EtsiPOEExtraction();
            processParameters.setPOE(this.poe);
        }
    }

    public ControlTimeSlidingConclusion run(ProcessParameters processParameters, XmlDom xmlDom) {
        prepareParameters(processParameters);
        LOG.debug(getClass().getSimpleName() + ": start.");
        this.controlTimeSlidingData = new XmlNode(NodeName.CONTROL_TIME_SLIDING_DATA);
        this.controlTime = processParameters.getCurrentTime();
        ControlTimeSlidingConclusion process = process(processParameters, xmlDom);
        process.setControlTime(this.controlTime);
        process.setValidationData(this.controlTimeSlidingData);
        return process;
    }

    private String getCertificateId(XmlDom xmlDom) {
        return xmlDom.getValue("./@Id", new Object[0]);
    }

    private ControlTimeSlidingConclusion process(ProcessParameters processParameters, XmlDom xmlDom) {
        ControlTimeSlidingConclusion controlTimeSlidingConclusion = new ControlTimeSlidingConclusion();
        String value = xmlDom.getValue("./ChainCertificate[1]/@Id", new Object[0]);
        List elements = xmlDom.getElements("./ChainCertificate", new Object[0]);
        Collections.reverse(elements);
        Iterator it = elements.iterator();
        while (it.hasNext()) {
            String certificateId = getCertificateId((XmlDom) it.next());
            this.controlTimeSlidingData.addChild(AttributeValue.CERTIFICATE, SubIndication.NONE).setAttribute(AttributeValue.CERTIFICATE_ID, String.valueOf(certificateId));
            XmlDom certificate = processParameters.getCertificate(certificateId);
            if (!certificate.getBoolValue("./Trusted/text()", new Object[0])) {
                if (StringUtils.equals(value, certificateId)) {
                    XmlNode addConstraint = addConstraint(MessageTag.CTS_WITSS);
                    String status = InvolvedServiceInfo.getStatus(certificate);
                    addConstraint.addChild(NodeName.STATUS, NodeValue.OK);
                    addConstraint.addChild(NodeName.INFO).setAttribute(AttributeValue.TRUSTED_SERVICE_STATUS, status);
                    boolean isSERVICE_STATUS_UNDERSUPERVISION = InvolvedServiceInfo.isSERVICE_STATUS_UNDERSUPERVISION(status);
                    boolean isSERVICE_STATUS_SUPERVISIONINCESSATION = InvolvedServiceInfo.isSERVICE_STATUS_SUPERVISIONINCESSATION(status);
                    boolean isSERVICE_STATUS_ACCREDITED = InvolvedServiceInfo.isSERVICE_STATUS_ACCREDITED(status);
                    if (!isSERVICE_STATUS_UNDERSUPERVISION && !isSERVICE_STATUS_SUPERVISIONINCESSATION && !isSERVICE_STATUS_ACCREDITED) {
                        if (status.isEmpty()) {
                            LOG.warn("The status of the service is unknown: (serviceName: " + InvolvedServiceInfo.getServiceName(certificate) + ")");
                        } else {
                            this.controlTime = InvolvedServiceInfo.getEndDate(certificate);
                            addControlTime(addConstraint);
                        }
                    }
                }
                XmlNode addConstraint2 = addConstraint(MessageTag.CTS_DRIE);
                if (!certificate.exists("./Revocation", new Object[0])) {
                    addConstraint2.addChild(NodeName.STATUS, NodeValue.KO);
                    controlTimeSlidingConclusion.setIndication(Indication.INDETERMINATE);
                    controlTimeSlidingConclusion.setSubIndication(SubIndication.NO_POE);
                    return controlTimeSlidingConclusion;
                }
                Date timeValue = certificate.getTimeValue("./Revocation/IssuingTime/text()", new Object[0]);
                String formatDate = DSSUtils.formatDate(timeValue);
                addConstraint2.addChild(NodeName.STATUS, NodeValue.OK);
                addConstraint2.addChild(NodeName.INFO).setAttribute(AttributeName.REVOCATION_ISSUING_TIME, formatDate);
                Date timeValue2 = certificate.getTimeValue("./NotAfter/text()", new Object[0]);
                Date timeValue3 = certificate.getTimeValue("./NotBefore/text()", new Object[0]);
                XmlNode addConstraint3 = addConstraint(MessageTag.CTS_ICNEAIDORSI);
                if (timeValue.before(timeValue3) || timeValue.after(timeValue2)) {
                    addConstraint3.addChild(NodeName.STATUS, NodeValue.KO);
                    controlTimeSlidingConclusion.setIndication(Indication.INDETERMINATE);
                    controlTimeSlidingConclusion.setSubIndication(SubIndication.NO_POE);
                    return controlTimeSlidingConclusion;
                }
                addConstraint3.addChild(NodeName.STATUS, NodeValue.OK);
                XmlNode addConstraint4 = addConstraint(MessageTag.CTS_IIDORSIBCT);
                if (!timeValue.before(this.controlTime)) {
                    addConstraint4.addChild(NodeName.STATUS, NodeValue.KO);
                    addControlTime(addConstraint4);
                    controlTimeSlidingConclusion.setIndication(Indication.INDETERMINATE);
                    controlTimeSlidingConclusion.setSubIndication(SubIndication.NO_POE);
                    return controlTimeSlidingConclusion;
                }
                addConstraint4.addChild(NodeName.STATUS, NodeValue.OK);
                XmlNode addConstraint5 = addConstraint(MessageTag.CTS_DSOPCPOEOC);
                if (!this.poe.getCertificatePOE(certificateId, this.controlTime) || timeValue.compareTo(this.controlTime) > 0) {
                    addConstraint5.addChild(NodeName.STATUS, NodeValue.KO);
                    controlTimeSlidingConclusion.setIndication(Indication.INDETERMINATE);
                    controlTimeSlidingConclusion.setSubIndication(SubIndication.NO_POE);
                    return controlTimeSlidingConclusion;
                }
                addConstraint5.addChild(NodeName.STATUS, NodeValue.OK);
                XmlNode addConstraint6 = addConstraint(MessageTag.CTS_SCT);
                addControlTime(addConstraint6);
                if (!certificate.getBoolValue("./Revocation/Status/text()", new Object[0])) {
                    Date timeValue4 = certificate.getTimeValue("./Revocation/DateTime/text()", new Object[0]);
                    this.controlTime = timeValue4;
                    String formatDate2 = DSSUtils.formatDate(timeValue4);
                    addConstraint6.addChild(NodeName.INFO, NodeValue.CTS_CTSTRT_LABEL);
                    addConstraint6.addChild(NodeName.INFO).setAttribute(AttributeName.REVOCATION_TIME, formatDate2);
                } else if (this.controlTime.getTime() - timeValue.getTime() > this.constraintData.getMaxRevocationFreshness().longValue()) {
                    this.controlTime = timeValue;
                    addConstraint6.addChild(NodeName.INFO, NodeValue.CTS_CTSTRIT_LABEL);
                    addConstraint6.addChild(NodeName.INFO, MessageTag.BBB_XCV_IRIF_ANS).setAttribute(AttributeValue.CERTIFICATE_ID, String.valueOf(certificateId)).setAttribute(AttributeName.REVOCATION_ISSUING_TIME, formatDate);
                }
                checkDigestAlgoExpirationDate(certificate, addConstraint6, NodeValue.CTS_CTSTETOCSA_LABEL);
                checkEncryptionAlgoExpirationDate(certificate, addConstraint6, NodeValue.CTS_CTSTETOCSA_LABEL);
                XmlDom element = certificate.getElement("./Revocation", new Object[0]);
                checkDigestAlgoExpirationDate(element, addConstraint6, NodeValue.CTS_CTSTETORSA_LABEL);
                checkEncryptionAlgoExpirationDate(element, addConstraint6, NodeValue.CTS_CTSTETORSA_LABEL);
            }
        }
        controlTimeSlidingConclusion.setIndication(Indication.VALID);
        controlTimeSlidingConclusion.addInfo().setAttribute(AttributeValue.CONTROL_TIME, DSSUtils.formatDate(this.controlTime));
        return controlTimeSlidingConclusion;
    }

    private void addControlTime(XmlNode xmlNode) {
        xmlNode.addChild(NodeName.INFO).setAttribute(AttributeValue.CONTROL_TIME, DSSUtils.formatDate(this.controlTime));
    }

    private XmlNode addConstraint(MessageTag messageTag) {
        XmlNode addChild = this.controlTimeSlidingData.addChild(NodeName.CONSTRAINT);
        addChild.addChild(NodeName.NAME, messageTag.getMessage()).setAttribute("NameId", messageTag.name());
        return addChild;
    }

    private void checkEncryptionAlgoExpirationDate(XmlDom xmlDom, XmlNode xmlNode, String str) {
        Date algorithmExpirationDate = this.constraintData.getAlgorithmExpirationDate(RuleUtils.canonicalizeEncryptionAlgo(xmlDom.getValue(ValidationXPathQueryHolder.XP_ENCRYPTION_ALGO_USED_TO_SIGN_THIS_TOKEN, new Object[0])) + xmlDom.getValue(ValidationXPathQueryHolder.XP_KEY_LENGTH_USED_TO_SIGN_THIS_TOKEN, new Object[0]));
        if (algorithmExpirationDate == null || !this.controlTime.after(algorithmExpirationDate)) {
            return;
        }
        this.controlTime = algorithmExpirationDate;
        String formatDate = DSSUtils.formatDate(algorithmExpirationDate);
        xmlNode.addChild(NodeName.INFO, str);
        xmlNode.addChild(NodeName.INFO).setAttribute(AttributeValue.ALGORITHM_EXPIRATION_DATE, formatDate);
    }

    private void checkDigestAlgoExpirationDate(XmlDom xmlDom, XmlNode xmlNode, String str) {
        Date algorithmExpirationDate = this.constraintData.getAlgorithmExpirationDate(RuleUtils.canonicalizeSignatureAlgo(xmlDom.getValue(ValidationXPathQueryHolder.XP_DIGEST_ALGO_USED_TO_SIGN_THIS_TOKEN, new Object[0])));
        if (algorithmExpirationDate == null || !this.controlTime.after(algorithmExpirationDate)) {
            return;
        }
        this.controlTime = algorithmExpirationDate;
        String formatDate = DSSUtils.formatDate(algorithmExpirationDate);
        xmlNode.addChild(NodeName.INFO, str);
        xmlNode.addChild(NodeName.INFO).setAttribute(AttributeValue.ALGORITHM_EXPIRATION_DATE, formatDate);
    }
}
