package eu.europa.esig.dss.validation.process.subprocess;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.XmlDom;
import eu.europa.esig.dss.validation.policy.CertificateExpirationConstraint;
import eu.europa.esig.dss.validation.policy.Constraint;
import eu.europa.esig.dss.validation.policy.ProcessParameters;
import eu.europa.esig.dss.validation.policy.SignatureCryptographicConstraint;
import eu.europa.esig.dss.validation.policy.ValidationPolicy;
import eu.europa.esig.dss.validation.policy.XmlNode;
import eu.europa.esig.dss.validation.policy.rules.AttributeName;
import eu.europa.esig.dss.validation.policy.rules.AttributeValue;
import eu.europa.esig.dss.validation.policy.rules.ExceptionMessage;
import eu.europa.esig.dss.validation.policy.rules.Indication;
import eu.europa.esig.dss.validation.policy.rules.MessageTag;
import eu.europa.esig.dss.validation.policy.rules.NodeName;
import eu.europa.esig.dss.validation.policy.rules.SubIndication;
import eu.europa.esig.dss.validation.process.ValidationXPathQueryHolder;
import eu.europa.esig.dss.validation.process.dss.ForLegalPerson;
import eu.europa.esig.dss.validation.process.dss.QualifiedCertificate;
import eu.europa.esig.dss.validation.process.dss.SSCD;
import eu.europa.esig.dss.validation.report.Conclusion;
import eu.europa.esig.dss.x509.CertificateSourceType;
import eu.europa.esig.dss.x509.crl.CRLReasonEnum;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/subprocess/X509CertificateValidation.class */
public class X509CertificateValidation {
    private XmlDom diagnosticData;
    protected ValidationPolicy constraintData;
    private Date currentTime;
    private XmlDom signatureContext;
    protected XmlDom contextElement;
    private String contextName;
    private String signingCertificateId;
    private XmlDom signingCertificate;
    protected XmlNode validationDataXmlNode;

    private void prepareParameters(ProcessParameters processParameters) {
        this.diagnosticData = processParameters.getDiagnosticData();
        this.constraintData = processParameters.getCurrentValidationPolicy();
        this.signatureContext = processParameters.getSignatureContext();
        this.contextElement = processParameters.getContextElement();
        this.currentTime = processParameters.getCurrentTime();
        this.signingCertificateId = processParameters.getSigningCertificateId();
        this.signingCertificate = processParameters.getSigningCertificate();
        isInitialised(processParameters);
    }

    private void isInitialised(ProcessParameters processParameters) {
        if (this.diagnosticData == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "diagnosticData"));
        }
        if (this.constraintData == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "validationPolicy"));
        }
        if (this.currentTime == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "currentTime"));
        }
        if (this.signatureContext == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "signatureContext"));
        }
        if (this.contextElement == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "contextElement"));
        }
    }

    public Conclusion run(ProcessParameters processParameters, String str) {
        this.contextName = str;
        prepareParameters(processParameters);
        this.validationDataXmlNode = new XmlNode(NodeName.XCV);
        this.validationDataXmlNode.setNameSpace("http://dss.esig.europa.eu/validation/diagnostic");
        Conclusion process = process(processParameters);
        process.setValidationData(this.validationDataXmlNode);
        return process;
    }

    private Conclusion process(ProcessParameters processParameters) {
        String str;
        Conclusion conclusion = new Conclusion();
        if (!checkCertificateExpirationConstraint(conclusion, this.contextName, NodeName.SIGNING_CERTIFICATE)) {
            return conclusion;
        }
        boolean isTrustedProspectiveCertificateChain = isTrustedProspectiveCertificateChain(processParameters);
        if (!checkProspectiveCertificateChainConstraint(conclusion, isTrustedProspectiveCertificateChain)) {
            return conclusion;
        }
        List elements = this.contextElement.getElements("./CertificateChain/ChainCertificate", new Object[0]);
        Iterator it = elements.iterator();
        while (it.hasNext()) {
            String value = ((XmlDom) it.next()).getValue("./@Id", new Object[0]);
            XmlDom certificate = processParameters.getCertificate(value);
            if (!certificate.getBoolValue("./Trusted/text()", new Object[0])) {
                if (this.signingCertificateId.equals(value)) {
                    str = NodeName.SIGNING_CERTIFICATE;
                    if (!checkKeyUsageConstraint(conclusion, value, certificate)) {
                        return conclusion;
                    }
                } else {
                    str = NodeName.CA_CERTIFICATE;
                    if (!checkCertificateExpirationConstraint(conclusion, this.contextName, str)) {
                        return conclusion;
                    }
                }
                if (checkCertificateSignatureConstraint(conclusion, value, certificate, str) && checkRevocationDataAvailableConstraint(conclusion, value, certificate, str) && checkRevocationDataIsTrustedConstraint(conclusion, value, certificate, str)) {
                    XmlDom element = certificate.getElement("./Revocation", new Object[0]);
                    String value2 = getValue(element, "./IssuingTime/text()");
                    boolean prepareRevocationFreshnessCheck = prepareRevocationFreshnessCheck(value2);
                    boolean boolValue = getBoolValue(element, "./Status/text()");
                    String value3 = getValue(element, "./NextUpdate/text()");
                    if (!checkRevocationFreshnessConstraint(conclusion, value, prepareRevocationFreshnessCheck, value3, value2, str)) {
                        return conclusion;
                    }
                    String value4 = getValue(element, "./Reason/text()");
                    String value5 = getValue(element, "./DateTime/text()");
                    if (this.signingCertificateId.equals(value)) {
                        if (!checkSigningCertificateRevokedConstraint(conclusion, value, boolValue, value4, value5, str)) {
                            return conclusion;
                        }
                        if (!checkSigningCertificateOnHoldConstraint(conclusion, value, boolValue, value4, value5, value3, str)) {
                            return conclusion;
                        }
                        if (!checkSigningCertificateTSLValidityConstraint(conclusion, value, certificate)) {
                            return conclusion;
                        }
                        if (!checkSigningCertificateTSLStatusConstraint(conclusion, value, certificate)) {
                            return conclusion;
                        }
                        if (!checkSigningCertificateTSLStatusAndValidityConstraint(conclusion, value, certificate)) {
                            return conclusion;
                        }
                    } else if (!checkIntermediateCertificateRevokedConstraint(conclusion, value, boolValue, value4, value5, str)) {
                        return conclusion;
                    }
                    if (!checkCertificateCryptographicConstraint(conclusion, element, AttributeValue.REVOCATION, str)) {
                        return conclusion;
                    }
                }
                return conclusion;
            }
        }
        if (!checkChainConstraint(conclusion)) {
            return conclusion;
        }
        if (!NodeName.MAIN_SIGNATURE.equals(this.contextName) || (checkSigningCertificateQualificationConstraint(conclusion, new QualifiedCertificate(this.constraintData).run(this.signingCertificate)) && checkSigningCertificateSupportedBySSCDConstraint(conclusion, Boolean.valueOf(new SSCD(this.constraintData).run(this.signingCertificate)).booleanValue()) && checkSigningCertificateIssuedToLegalPersonConstraint(conclusion, new ForLegalPerson(this.constraintData).run(this.signingCertificate).booleanValue()))) {
            String value6 = this.contextElement.getValue("./CertificateChain/ChainCertificate[last()]/@Id", new Object[0]);
            Iterator it2 = elements.iterator();
            while (it2.hasNext()) {
                String value7 = ((XmlDom) it2.next()).getValue("./@Id", new Object[0]);
                if (!value7.equals(value6) || !isTrustedProspectiveCertificateChain) {
                    if (!checkCertificateCryptographicConstraint(conclusion, processParameters.getCertificate(value7), this.contextName, value7.equals(this.signingCertificateId) ? NodeName.SIGNING_CERTIFICATE : NodeName.CA_CERTIFICATE)) {
                        return conclusion;
                    }
                }
            }
            conclusion.setIndication(Indication.VALID);
            return conclusion;
        }
        return conclusion;
    }

    private boolean prepareRevocationFreshnessCheck(String str) {
        boolean isRevocationFreshnessToBeChecked = this.constraintData.isRevocationFreshnessToBeChecked();
        boolean z = !isRevocationFreshnessToBeChecked;
        if (isRevocationFreshnessToBeChecked && !str.isEmpty()) {
            if (this.currentTime.getTime() - DSSUtils.parseDate(str).getTime() <= this.constraintData.getMaxRevocationFreshness().longValue()) {
                z = true;
            }
        }
        return z;
    }

    private boolean getBoolValue(XmlDom xmlDom, String str) {
        if (xmlDom == null) {
            return false;
        }
        return xmlDom.getBoolValue(str, new Object[0]);
    }

    private String getValue(XmlDom xmlDom, String str) {
        return xmlDom == null ? SubIndication.NONE : xmlDom.getValue(str, new Object[0]);
    }

    private boolean checkCertificateExpirationConstraint(Conclusion conclusion, String str, String str2) {
        CertificateExpirationConstraint signingCertificateExpirationConstraint = this.constraintData.getSigningCertificateExpirationConstraint(str, str2);
        if (signingCertificateExpirationConstraint == null) {
            return true;
        }
        signingCertificateExpirationConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_ICTIVRSC);
        signingCertificateExpirationConstraint.setCurrentTime(this.currentTime);
        signingCertificateExpirationConstraint.setNotAfter(getDate(this.signingCertificate, "./NotAfter"));
        signingCertificateExpirationConstraint.setNotBefore(getDate(this.signingCertificate, "./NotBefore"));
        signingCertificateExpirationConstraint.setExpiredCertsRevocationInfo(getDate(this.signingCertificate, "./TrustedServiceProvider/ExpiredCertsRevocationInfo"));
        signingCertificateExpirationConstraint.setIndications(Indication.INDETERMINATE, SubIndication.OUT_OF_BOUNDS_NO_POE, MessageTag.BBB_XCV_ICTIVRSC_ANS);
        signingCertificateExpirationConstraint.setConclusionReceiver(conclusion);
        return signingCertificateExpirationConstraint.check();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkProspectiveCertificateChainConstraint(Conclusion conclusion, boolean z) {
        Constraint prospectiveCertificateChainConstraint = this.constraintData.getProspectiveCertificateChainConstraint(this.contextName);
        if (prospectiveCertificateChainConstraint == null) {
            return true;
        }
        prospectiveCertificateChainConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_CCCBB);
        prospectiveCertificateChainConstraint.setValue(z);
        prospectiveCertificateChainConstraint.setIndications(Indication.INDETERMINATE, SubIndication.NO_CERTIFICATE_CHAIN_FOUND, MessageTag.BBB_XCV_CCCBB_ANS);
        prospectiveCertificateChainConstraint.setConclusionReceiver(conclusion);
        return prospectiveCertificateChainConstraint.check();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isTrustedProspectiveCertificateChain(ProcessParameters processParameters) {
        XmlDom certificate = processParameters.getCertificate(this.contextElement.getValue("./CertificateChain/ChainCertificate[last()]/@Id", new Object[0]));
        boolean z = false;
        if (certificate != null) {
            z = certificate.getBoolValue("./Trusted/text()", new Object[0]);
        }
        return z;
    }

    private Date getDate(XmlDom xmlDom, String str) {
        try {
            return DSSUtils.parseDate(xmlDom.getValue(str + "/text()", new Object[0]));
        } catch (DSSException e) {
            return null;
        }
    }

    private boolean checkCertificateSignatureConstraint(Conclusion conclusion, String str, XmlDom xmlDom, String str2) {
        Constraint certificateSignatureConstraint = this.constraintData.getCertificateSignatureConstraint(this.contextName, str2);
        if (certificateSignatureConstraint == null) {
            return true;
        }
        certificateSignatureConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_ICSI);
        certificateSignatureConstraint.setValue(xmlDom.getBoolValue(ValidationXPathQueryHolder.XP_SIGNATURE_VALID, new Object[0]));
        certificateSignatureConstraint.setIndications(Indication.INDETERMINATE, SubIndication.NO_CERTIFICATE_CHAIN_FOUND, MessageTag.BBB_XCV_ICSI_ANS);
        certificateSignatureConstraint.setAttribute(AttributeValue.CERTIFICATE_ID, str);
        certificateSignatureConstraint.setConclusionReceiver(conclusion);
        return certificateSignatureConstraint.check();
    }

    private boolean checkRevocationDataAvailableConstraint(Conclusion conclusion, String str, XmlDom xmlDom, String str2) {
        Constraint revocationDataAvailableConstraint = this.constraintData.getRevocationDataAvailableConstraint(this.contextName, str2);
        if (revocationDataAvailableConstraint == null) {
            return true;
        }
        revocationDataAvailableConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_IRDPFC);
        revocationDataAvailableConstraint.setValue(isRevocationDataAvailable(xmlDom));
        revocationDataAvailableConstraint.setIndications(Indication.INDETERMINATE, SubIndication.TRY_LATER, MessageTag.BBB_XCV_IRDPFC_ANS);
        revocationDataAvailableConstraint.setAttribute(AttributeValue.CERTIFICATE_ID, str);
        revocationDataAvailableConstraint.setConclusionReceiver(conclusion);
        return revocationDataAvailableConstraint.check();
    }

    private String isRevocationDataAvailable(XmlDom xmlDom) {
        return String.valueOf(xmlDom.getElement("./Revocation", new Object[0]) != null);
    }

    private boolean checkRevocationDataIsTrustedConstraint(Conclusion conclusion, String str, XmlDom xmlDom, String str2) {
        Constraint revocationDataIsTrustedConstraint = this.constraintData.getRevocationDataIsTrustedConstraint(this.contextName, str2);
        if (revocationDataIsTrustedConstraint == null) {
            return true;
        }
        revocationDataIsTrustedConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_IRDTFC);
        String value = xmlDom.getValue("./Revocation/CertificateChain/ChainCertificate[last()]/Source/text()", new Object[0]);
        revocationDataIsTrustedConstraint.setValue(isRevocationDataTrusted(StringUtils.isBlank(value) ? CertificateSourceType.UNKNOWN : CertificateSourceType.valueOf(value)));
        revocationDataIsTrustedConstraint.setIndications(Indication.INDETERMINATE, SubIndication.TRY_LATER, MessageTag.BBB_XCV_IRDTFC_ANS);
        revocationDataIsTrustedConstraint.setAttribute(AttributeValue.CERTIFICATE_ID, str);
        revocationDataIsTrustedConstraint.setAttribute(AttributeValue.CERTIFICATE_SOURCE, value);
        revocationDataIsTrustedConstraint.setConclusionReceiver(conclusion);
        return revocationDataIsTrustedConstraint.check();
    }

    private String isRevocationDataTrusted(CertificateSourceType certificateSourceType) {
        return String.valueOf(CertificateSourceType.TRUSTED_LIST.equals(certificateSourceType) || CertificateSourceType.TRUSTED_STORE.equals(certificateSourceType));
    }

    private boolean checkRevocationFreshnessConstraint(Conclusion conclusion, String str, boolean z, String str2, String str3, String str4) {
        Constraint revocationDataFreshnessConstraint;
        if (StringUtils.isBlank(str3) || (revocationDataFreshnessConstraint = this.constraintData.getRevocationDataFreshnessConstraint(this.contextName, str4)) == null) {
            return true;
        }
        revocationDataFreshnessConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_IRIF);
        revocationDataFreshnessConstraint.setValue(String.valueOf(z));
        revocationDataFreshnessConstraint.setIndications(Indication.INDETERMINATE, SubIndication.TRY_LATER, MessageTag.BBB_XCV_IRIF_ANS);
        revocationDataFreshnessConstraint.setAttribute(AttributeValue.CERTIFICATE_ID, str);
        revocationDataFreshnessConstraint.setAttribute(AttributeName.REVOCATION_NEXT_UPDATE, str2);
        revocationDataFreshnessConstraint.setAttribute(AttributeName.REVOCATION_ISSUING_TIME, str3);
        revocationDataFreshnessConstraint.setAttribute(AttributeName.MAXIMUM_REVOCATION_FRESHNESS, this.constraintData.getFormatedMaxRevocationFreshness());
        revocationDataFreshnessConstraint.setConclusionReceiver(conclusion);
        return revocationDataFreshnessConstraint.check();
    }

    private boolean checkKeyUsageConstraint(Conclusion conclusion, String str, XmlDom xmlDom) {
        Constraint signingCertificateKeyUsageConstraint = this.constraintData.getSigningCertificateKeyUsageConstraint(this.contextName);
        if (signingCertificateKeyUsageConstraint == null) {
            return true;
        }
        signingCertificateKeyUsageConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_ISCGKU);
        signingCertificateKeyUsageConstraint.setValue(XmlDom.convertToStringList(xmlDom.getElements("./KeyUsageBits/KeyUsage", new Object[0])));
        signingCertificateKeyUsageConstraint.setIndications(Indication.INVALID, SubIndication.SIG_CONSTRAINTS_FAILURE, MessageTag.BBB_XCV_ISCGKU_ANS);
        signingCertificateKeyUsageConstraint.setAttribute(AttributeValue.CERTIFICATE_ID, str);
        signingCertificateKeyUsageConstraint.setConclusionReceiver(conclusion);
        return signingCertificateKeyUsageConstraint.checkInList();
    }

    private boolean checkSigningCertificateRevokedConstraint(Conclusion conclusion, String str, boolean z, String str2, String str3, String str4) {
        Constraint signingCertificateRevokedConstraint = this.constraintData.getSigningCertificateRevokedConstraint(this.contextName, str4);
        if (signingCertificateRevokedConstraint == null) {
            return true;
        }
        signingCertificateRevokedConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_ISCR);
        signingCertificateRevokedConstraint.setValue(String.valueOf((z || CRLReasonEnum.certificateHold.name().equals(str2)) ? false : true));
        signingCertificateRevokedConstraint.setIndications(Indication.INDETERMINATE, SubIndication.REVOKED_NO_POE, MessageTag.BBB_XCV_ISCR_ANS);
        signingCertificateRevokedConstraint.setAttribute(AttributeValue.CERTIFICATE_ID, str);
        if (StringUtils.isNotBlank(str3)) {
            signingCertificateRevokedConstraint.setAttribute(AttributeName.REVOCATION_TIME, str3);
        }
        if (StringUtils.isNotBlank(str2)) {
            signingCertificateRevokedConstraint.setAttribute(AttributeName.REVOCATION_REASON, str2);
        }
        signingCertificateRevokedConstraint.setConclusionReceiver(conclusion);
        return signingCertificateRevokedConstraint.check();
    }

    private boolean checkSigningCertificateOnHoldConstraint(Conclusion conclusion, String str, boolean z, String str2, String str3, String str4, String str5) {
        Constraint signingCertificateOnHoldConstraint = this.constraintData.getSigningCertificateOnHoldConstraint(this.contextName, str5);
        if (signingCertificateOnHoldConstraint == null) {
            return true;
        }
        signingCertificateOnHoldConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_ISCOH);
        signingCertificateOnHoldConstraint.setValue(String.valueOf(!z && CRLReasonEnum.certificateHold.name().equals(str2)));
        signingCertificateOnHoldConstraint.setIndications(Indication.INDETERMINATE, SubIndication.TRY_LATER, MessageTag.BBB_XCV_ISCOH_ANS);
        signingCertificateOnHoldConstraint.setAttribute(AttributeValue.CERTIFICATE_ID, str);
        if (StringUtils.isNotBlank(str3)) {
            signingCertificateOnHoldConstraint.setAttribute(AttributeName.REVOCATION_TIME, str3);
        }
        if (StringUtils.isNotBlank(str2)) {
            signingCertificateOnHoldConstraint.setAttribute(AttributeName.REVOCATION_NEXT_UPDATE, str4);
        }
        signingCertificateOnHoldConstraint.setConclusionReceiver(conclusion);
        return signingCertificateOnHoldConstraint.check();
    }

    private boolean checkSigningCertificateTSLValidityConstraint(Conclusion conclusion, String str, XmlDom xmlDom) {
        Constraint signingCertificateTSLValidityConstraint;
        if (CertificateSourceType.TRUSTED_STORE.name().equals(xmlDom.getValue("./CertificateChain/ChainCertificate[last()]/Source/text()", new Object[0])) || (signingCertificateTSLValidityConstraint = this.constraintData.getSigningCertificateTSLValidityConstraint(this.contextName)) == null) {
            return true;
        }
        signingCertificateTSLValidityConstraint.create(this.validationDataXmlNode, MessageTag.CTS_IIDOCWVPOTS);
        Date timeValueOrNull = xmlDom.getTimeValueOrNull("./NotBefore/text()", new Object[0]);
        boolean z = false;
        for (XmlDom xmlDom2 : xmlDom.getElements("./TrustedServiceProvider", new Object[0])) {
            if ("http://uri.etsi.org/TrstSvc/Svctype/CA/QC".equals(xmlDom2.getValue("./TSPServiceType/text()", new Object[0]))) {
                Date timeValueOrNull2 = xmlDom2.getTimeValueOrNull("./StartDate/text()", new Object[0]);
                Date timeValueOrNull3 = xmlDom2.getTimeValueOrNull("./EndDate/text()", new Object[0]);
                if (timeValueOrNull.after(timeValueOrNull2) && (timeValueOrNull3 == null || timeValueOrNull.before(timeValueOrNull3))) {
                    z = true;
                }
            }
        }
        signingCertificateTSLValidityConstraint.setValue(z);
        signingCertificateTSLValidityConstraint.setIndications(Indication.INDETERMINATE, SubIndication.TRY_LATER, MessageTag.CTS_IIDOCWVPOTS_ANS);
        signingCertificateTSLValidityConstraint.setAttribute(AttributeValue.CERTIFICATE_ID, str);
        signingCertificateTSLValidityConstraint.setConclusionReceiver(conclusion);
        return signingCertificateTSLValidityConstraint.check();
    }

    private boolean checkSigningCertificateTSLStatusConstraint(Conclusion conclusion, String str, XmlDom xmlDom) {
        Constraint signingCertificateTSLStatusConstraint;
        if (CertificateSourceType.TRUSTED_STORE.name().equals(xmlDom.getValue("./CertificateChain/ChainCertificate[last()]/Source/text()", new Object[0])) || (signingCertificateTSLStatusConstraint = this.constraintData.getSigningCertificateTSLStatusConstraint(this.contextName)) == null) {
            return true;
        }
        signingCertificateTSLStatusConstraint.create(this.validationDataXmlNode, MessageTag.CTS_WITSS);
        List<XmlDom> elements = xmlDom.getElements("./TrustedServiceProvider", new Object[0]);
        boolean z = false;
        String str2 = SubIndication.NONE;
        for (XmlDom xmlDom2 : elements) {
            str2 = xmlDom2 == null ? SubIndication.NONE : xmlDom2.getValue("./Status/text()", new Object[0]);
            z = "http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/undersupervision".equals(str2) || "http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/supervisionincessation".equals(str2) || "http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/accredited".equals(str2) || "http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision".equals(str2) || "http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/supervisionincessation".equals(str2) || "http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/accredited".equals(str2) || "http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted".equals(str2) || "http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/recognisedatnationallevel".equals(str2);
            if (z) {
                break;
            }
        }
        signingCertificateTSLStatusConstraint.setValue(z);
        signingCertificateTSLStatusConstraint.setIndications(Indication.INDETERMINATE, SubIndication.TRY_LATER, MessageTag.CTS_WITSS_ANS);
        signingCertificateTSLStatusConstraint.setAttribute(AttributeValue.CERTIFICATE_ID, str);
        signingCertificateTSLStatusConstraint.setAttribute(AttributeValue.TRUSTED_SERVICE_STATUS, str2);
        signingCertificateTSLStatusConstraint.setConclusionReceiver(conclusion);
        return signingCertificateTSLStatusConstraint.check();
    }

    private boolean checkSigningCertificateTSLStatusAndValidityConstraint(Conclusion conclusion, String str, XmlDom xmlDom) {
        Constraint signingCertificateTSLStatusAndValidityConstraint;
        if (CertificateSourceType.TRUSTED_STORE.name().equals(xmlDom.getValue("./CertificateChain/ChainCertificate[last()]/Source/text()", new Object[0])) || (signingCertificateTSLStatusAndValidityConstraint = this.constraintData.getSigningCertificateTSLStatusAndValidityConstraint(this.contextName)) == null) {
            return true;
        }
        signingCertificateTSLStatusAndValidityConstraint.create(this.validationDataXmlNode, MessageTag.CTS_ITACBT);
        Date timeValueOrNull = xmlDom.getTimeValueOrNull("./NotBefore/text()", new Object[0]);
        boolean z = false;
        for (XmlDom xmlDom2 : xmlDom.getElements("./TrustedServiceProvider", new Object[0])) {
            if ("http://uri.etsi.org/TrstSvc/Svctype/CA/QC".equals(xmlDom2.getValue("./TSPServiceType/text()", new Object[0]))) {
                Date timeValueOrNull2 = xmlDom2.getTimeValueOrNull("./StartDate/text()", new Object[0]);
                Date timeValueOrNull3 = xmlDom2.getTimeValueOrNull("./EndDate/text()", new Object[0]);
                if (timeValueOrNull.after(timeValueOrNull2) && (timeValueOrNull3 == null || timeValueOrNull.before(timeValueOrNull3))) {
                    String value = xmlDom2 == null ? SubIndication.NONE : xmlDom2.getValue("./Status/text()", new Object[0]);
                    z = "http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/undersupervision".equals(value) || "http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/supervisionincessation".equals(value) || "http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/accredited".equals(value) || "http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision".equals(value) || "http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/supervisionincessation".equals(value) || "http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/accredited".equals(value) || "http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted".equals(value) || "http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/recognisedatnationallevel".equals(value);
                    if (z) {
                        break;
                    }
                }
            }
        }
        signingCertificateTSLStatusAndValidityConstraint.setValue(z);
        signingCertificateTSLStatusAndValidityConstraint.setIndications(Indication.INDETERMINATE, SubIndication.TRY_LATER, MessageTag.CTS_ITACBT_ANS);
        signingCertificateTSLStatusAndValidityConstraint.setAttribute(AttributeValue.CERTIFICATE_ID, str);
        signingCertificateTSLStatusAndValidityConstraint.setConclusionReceiver(conclusion);
        return signingCertificateTSLStatusAndValidityConstraint.check();
    }

    private boolean checkIntermediateCertificateRevokedConstraint(Conclusion conclusion, String str, boolean z, String str2, String str3, String str4) {
        Constraint intermediateCertificateRevokedConstraint = this.constraintData.getIntermediateCertificateRevokedConstraint(this.contextName);
        if (intermediateCertificateRevokedConstraint == null) {
            return true;
        }
        intermediateCertificateRevokedConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_IICR, str);
        intermediateCertificateRevokedConstraint.setValue(String.valueOf(!z));
        intermediateCertificateRevokedConstraint.setIndications(Indication.INDETERMINATE, SubIndication.REVOKED_CA_NO_POE, MessageTag.BBB_XCV_IICR_ANS);
        intermediateCertificateRevokedConstraint.setAttribute(AttributeValue.CERTIFICATE_ID, str);
        if (StringUtils.isNotBlank(str3)) {
            intermediateCertificateRevokedConstraint.setAttribute(AttributeName.REVOCATION_TIME, str3);
        }
        if (StringUtils.isNotBlank(str2)) {
            intermediateCertificateRevokedConstraint.setAttribute(AttributeName.REVOCATION_REASON, str2);
        }
        intermediateCertificateRevokedConstraint.setConclusionReceiver(conclusion);
        return intermediateCertificateRevokedConstraint.check();
    }

    private boolean checkChainConstraint(Conclusion conclusion) {
        Constraint chainConstraint = this.constraintData.getChainConstraint();
        if (chainConstraint == null) {
            return true;
        }
        chainConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_ACCM);
        chainConstraint.setValue("TO BE IMPLEMENTED");
        chainConstraint.setIndications(Indication.INVALID, SubIndication.CHAIN_CONSTRAINTS_FAILURE, MessageTag.EMPTY);
        chainConstraint.setConclusionReceiver(conclusion);
        return chainConstraint.check();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkSigningCertificateQualificationConstraint(Conclusion conclusion, boolean z) {
        Constraint signingCertificateQualificationConstraint = this.constraintData.getSigningCertificateQualificationConstraint();
        if (signingCertificateQualificationConstraint == null) {
            return true;
        }
        signingCertificateQualificationConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_CMDCIQC);
        signingCertificateQualificationConstraint.setValue(String.valueOf(z));
        signingCertificateQualificationConstraint.setIndications(Indication.INVALID, SubIndication.CHAIN_CONSTRAINTS_FAILURE, MessageTag.BBB_XCV_CMDCIQC_ANS);
        signingCertificateQualificationConstraint.setConclusionReceiver(conclusion);
        return signingCertificateQualificationConstraint.check();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkSigningCertificateSupportedBySSCDConstraint(Conclusion conclusion, boolean z) {
        Constraint signingCertificateSupportedBySSCDConstraint = this.constraintData.getSigningCertificateSupportedBySSCDConstraint();
        if (signingCertificateSupportedBySSCDConstraint == null) {
            return true;
        }
        signingCertificateSupportedBySSCDConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_CMDCISSCD);
        signingCertificateSupportedBySSCDConstraint.setValue(String.valueOf(z));
        signingCertificateSupportedBySSCDConstraint.setIndications(Indication.INVALID, SubIndication.CHAIN_CONSTRAINTS_FAILURE, MessageTag.BBB_XCV_CMDCISSCD_ANS);
        signingCertificateSupportedBySSCDConstraint.setConclusionReceiver(conclusion);
        return signingCertificateSupportedBySSCDConstraint.check();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkSigningCertificateIssuedToLegalPersonConstraint(Conclusion conclusion, boolean z) {
        Constraint signingCertificateIssuedToLegalPersonConstraint = this.constraintData.getSigningCertificateIssuedToLegalPersonConstraint();
        if (signingCertificateIssuedToLegalPersonConstraint == null) {
            return true;
        }
        signingCertificateIssuedToLegalPersonConstraint.create(this.validationDataXmlNode, MessageTag.BBB_XCV_CMDCIITLP);
        signingCertificateIssuedToLegalPersonConstraint.setValue(String.valueOf(z));
        signingCertificateIssuedToLegalPersonConstraint.setIndications(Indication.INVALID, SubIndication.CHAIN_CONSTRAINTS_FAILURE, MessageTag.BBB_XCV_CMDCIITLP_ANS);
        signingCertificateIssuedToLegalPersonConstraint.setConclusionReceiver(conclusion);
        return signingCertificateIssuedToLegalPersonConstraint.check();
    }

    private boolean checkCertificateCryptographicConstraint(Conclusion conclusion, XmlDom xmlDom, String str, String str2) {
        SignatureCryptographicConstraint signatureCryptographicConstraint;
        if (xmlDom == null || (signatureCryptographicConstraint = this.constraintData.getSignatureCryptographicConstraint(str, str2)) == null) {
            return true;
        }
        signatureCryptographicConstraint.create(this.validationDataXmlNode, MessageTag.ASCCM);
        signatureCryptographicConstraint.setCurrentTime(this.currentTime);
        signatureCryptographicConstraint.setEncryptionAlgorithm(getValue(xmlDom, ValidationXPathQueryHolder.XP_ENCRYPTION_ALGO_USED_TO_SIGN_THIS_TOKEN));
        signatureCryptographicConstraint.setDigestAlgorithm(getValue(xmlDom, ValidationXPathQueryHolder.XP_DIGEST_ALGO_USED_TO_SIGN_THIS_TOKEN));
        signatureCryptographicConstraint.setKeyLength(getValue(xmlDom, ValidationXPathQueryHolder.XP_KEY_LENGTH_USED_TO_SIGN_THIS_TOKEN));
        signatureCryptographicConstraint.setIndications(Indication.INDETERMINATE, SubIndication.CRYPTO_CONSTRAINTS_FAILURE_NO_POE, MessageTag.EMPTY);
        signatureCryptographicConstraint.setConclusionReceiver(conclusion);
        return signatureCryptographicConstraint.check();
    }
}
