package eu.europa.esig.dss.validation.policy;

import eu.europa.esig.dss.DSSNotApplicableMethodException;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.validation.policy.rules.AttributeName;
import eu.europa.esig.dss.validation.policy.rules.AttributeValue;
import eu.europa.esig.dss.validation.policy.rules.MessageTag;
import eu.europa.esig.dss.validation.policy.rules.NodeName;
import eu.europa.esig.dss.validation.policy.rules.NodeValue;
import eu.europa.esig.dss.validation.report.Conclusion;
import java.util.Date;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/policy/SignatureCryptographicConstraint.class */
public class SignatureCryptographicConstraint extends Constraint {
    private static final Logger LOG = LoggerFactory.getLogger(SignatureCryptographicConstraint.class);
    protected String context;
    private final String subContext;
    protected List<String> encryptionAlgorithms;
    protected List<String> digestAlgorithms;
    protected Map<String, String> minimumPublicKeySizes;
    protected Map<String, Date> algorithmExpirationDates;
    private String encryptionAlgorithm;
    private String digestAlgorithm;
    private String keyLength;
    protected Date currentTime;

    /* loaded from: input_file:eu/europa/esig/dss/validation/policy/SignatureCryptographicConstraint$Pair.class */
    public static class Pair {
        public final String first;
        public final String second;

        public Pair(String str, String str2) {
            this.first = str;
            this.second = str2;
        }
    }

    public SignatureCryptographicConstraint(String str, String str2, String str3) {
        super(str);
        this.context = str2;
        this.subContext = str3;
    }

    @Override // eu.europa.esig.dss.validation.policy.Constraint
    public void setValue(String str) {
        throw new DSSNotApplicableMethodException(getClass());
    }

    public String getEncryptionAlgorithm() {
        return this.encryptionAlgorithm;
    }

    public void setEncryptionAlgorithm(String str) {
        this.encryptionAlgorithm = str;
    }

    public String getDigestAlgorithm() {
        return this.digestAlgorithm;
    }

    public void setDigestAlgorithm(String str) {
        this.digestAlgorithm = RuleUtils.canonicalizeDigestAlgo(str);
    }

    public String getKeyLength() {
        return this.keyLength;
    }

    public void setKeyLength(String str) {
        this.keyLength = str;
    }

    public void setCurrentTime(Date date) {
        this.currentTime = date;
    }

    public List<String> getEncryptionAlgorithms() {
        return this.encryptionAlgorithms;
    }

    public void setEncryptionAlgorithms(List<String> list) {
        this.encryptionAlgorithms = list;
    }

    public List<String> getDigestAlgorithms() {
        return this.digestAlgorithms;
    }

    public void setDigestAlgorithms(List<String> list) {
        this.digestAlgorithms = list;
    }

    public Map<String, String> getMinimumPublicKeySizes() {
        return this.minimumPublicKeySizes;
    }

    public void setMinimumPublicKeySizes(Map<String, String> map) {
        this.minimumPublicKeySizes = map;
    }

    public Map<String, Date> getAlgorithmExpirationDates() {
        return this.algorithmExpirationDates;
    }

    public void setAlgorithmExpirationDates(Map<String, Date> map) {
        this.algorithmExpirationDates = map;
    }

    @Override // eu.europa.esig.dss.validation.policy.Constraint
    public boolean check() {
        if (ignore()) {
            this.node.addChild(NodeName.STATUS, NodeValue.IGNORED);
            return true;
        }
        if (inform()) {
            this.node.addChild(NodeName.STATUS, NodeValue.INFORMATION);
            this.node.addChild(NodeName.INFO).setAttribute(AttributeValue.ENCRYPTION_ALGORITHM, this.encryptionAlgorithm);
            this.node.addChild(NodeName.INFO).setAttribute(AttributeValue.DIGEST_ALGORITHM, this.digestAlgorithm);
            this.node.addChild(NodeName.INFO).setAttribute(AttributeValue.PUBLIC_KEY_SIZE, this.keyLength);
            return true;
        }
        if (!RuleUtils.contains1(this.encryptionAlgorithm, this.encryptionAlgorithms)) {
            if (fail(MessageTag.ASCCM_ANS_1, getParametersAnswer1())) {
                return false;
            }
        }
        if (!RuleUtils.contains1(this.digestAlgorithm, this.digestAlgorithms)) {
            if (fail(MessageTag.ASCCM_ANS_2, getParametersAnswer2())) {
                return false;
            }
        }
        String str = this.minimumPublicKeySizes.get(this.encryptionAlgorithm);
        int i = 0;
        try {
            i = (StringUtils.isBlank(this.keyLength) || "?".equals(this.keyLength)) ? 0 : Integer.valueOf(this.keyLength).intValue();
        } catch (NumberFormatException e) {
            LOG.debug("Unknown key length: '" + this.keyLength + "'");
        }
        if (!(str != null && Integer.valueOf(i).intValue() >= Integer.valueOf(str).intValue())) {
            if (fail(MessageTag.ASCCM_ANS_3, getParametersAnswer3(str))) {
                return false;
            }
        }
        if (!this.algorithmExpirationDates.isEmpty()) {
            String str2 = this.encryptionAlgorithm + this.keyLength;
            Date date = this.algorithmExpirationDates.get(str2);
            if (date == null) {
                if (fail(MessageTag.ASCCM_ANS_4, getParametersAnswer4(str2))) {
                    return false;
                }
            }
            if (date == null ? false : date.before(this.currentTime)) {
                if (fail(MessageTag.ASCCM_ANS_5, getParametersAnswer5(str2, date))) {
                    return false;
                }
            }
            Date date2 = this.algorithmExpirationDates.get(this.digestAlgorithm);
            if (date2 == null) {
                if (fail(MessageTag.ASCCM_ANS_4, getParametersAnswer4(this.digestAlgorithm))) {
                    return false;
                }
            }
            if (date2 == null ? false : date2.before(this.currentTime)) {
                if (fail(MessageTag.ASCCM_ANS_5, getParametersAnswer5(this.digestAlgorithm, date2))) {
                    return false;
                }
            }
        }
        this.node.addChild(NodeName.STATUS, NodeValue.OK);
        return true;
    }

    private Pair[] getParametersAnswer5(String str, Date date) {
        boolean isNotBlank = StringUtils.isNotBlank(this.subContext);
        Pair[] pairArr = new Pair[isNotBlank ? 4 : 3];
        pairArr[0] = new Pair(AttributeValue.ALGORITHM, str);
        pairArr[1] = new Pair(AttributeName.CONTEXT, this.context);
        pairArr[2] = new Pair(AttributeValue.ALGORITHM_EXPIRATION_DATE, date == null ? "?" : DSSUtils.formatDate(date));
        if (isNotBlank) {
            pairArr[3] = new Pair(AttributeName.SUB_CONTEXT, this.subContext);
        }
        return pairArr;
    }

    private Pair[] getParametersAnswer4(String str) {
        boolean isNotBlank = StringUtils.isNotBlank(this.subContext);
        Pair[] pairArr = new Pair[isNotBlank ? 3 : 2];
        pairArr[0] = new Pair(AttributeValue.ALGORITHM, str);
        pairArr[1] = new Pair(AttributeName.CONTEXT, this.context);
        if (isNotBlank) {
            pairArr[2] = new Pair(AttributeName.SUB_CONTEXT, this.subContext);
        }
        return pairArr;
    }

    private Pair[] getParametersAnswer3(String str) {
        boolean isNotBlank = StringUtils.isNotBlank(this.subContext);
        Pair[] pairArr = new Pair[isNotBlank ? 5 : 4];
        pairArr[0] = new Pair(AttributeValue.ENCRYPTION_ALGORITHM, this.encryptionAlgorithm);
        pairArr[1] = new Pair(AttributeValue.PUBLIC_KEY_SIZE, this.keyLength);
        pairArr[2] = new Pair(AttributeValue.MINIMUM_PUBLIC_KEY_SIZE, str);
        pairArr[3] = new Pair(AttributeName.CONTEXT, this.context);
        if (isNotBlank) {
            pairArr[4] = new Pair(AttributeName.SUB_CONTEXT, this.subContext);
        }
        return pairArr;
    }

    private Pair[] getParametersAnswer2() {
        boolean isNotBlank = StringUtils.isNotBlank(this.subContext);
        Pair[] pairArr = new Pair[isNotBlank ? 3 : 2];
        pairArr[0] = new Pair(AttributeValue.DIGEST_ALGORITHM, this.digestAlgorithm);
        pairArr[1] = new Pair(AttributeName.CONTEXT, this.context);
        if (isNotBlank) {
            pairArr[2] = new Pair(AttributeName.SUB_CONTEXT, this.subContext);
        }
        return pairArr;
    }

    private Pair[] getParametersAnswer1() {
        boolean isNotBlank = StringUtils.isNotBlank(this.subContext);
        Pair[] pairArr = new Pair[isNotBlank ? 3 : 2];
        pairArr[0] = new Pair(AttributeValue.ENCRYPTION_ALGORITHM, this.encryptionAlgorithm);
        pairArr[1] = new Pair(AttributeName.CONTEXT, this.context);
        if (isNotBlank) {
            pairArr[2] = new Pair(AttributeName.SUB_CONTEXT, this.subContext);
        }
        return pairArr;
    }

    private boolean fail(MessageTag messageTag, Pair[] pairArr) {
        if (warn()) {
            addWarning(messageTag, pairArr);
            return false;
        }
        addError(messageTag, pairArr);
        return true;
    }

    private void addError(MessageTag messageTag, Pair[] pairArr) {
        this.node.addChild(NodeName.STATUS, NodeValue.KO);
        this.conclusion.setIndication(this.indication, this.subIndication);
        Conclusion.Error addError = this.conclusion.addError(messageTag);
        for (Pair pair : pairArr) {
            addError.setAttribute(pair.first, pair.second);
        }
    }

    private void addWarning(MessageTag messageTag, Pair[] pairArr) {
        this.node.addChild(NodeName.STATUS, NodeValue.WARN);
        Conclusion.Warning addWarning = this.conclusion.addWarning(messageTag);
        for (Pair pair : pairArr) {
            addWarning.setAttribute(pair.first, pair.second);
        }
    }
}
