package eu.europa.esig.dss.validation.process.bbb.xcv.sub;

import eu.europa.esig.dss.detailedreport.jaxb.XmlRAC;
import eu.europa.esig.dss.detailedreport.jaxb.XmlRFC;
import eu.europa.esig.dss.detailedreport.jaxb.XmlRevocationInformation;
import eu.europa.esig.dss.detailedreport.jaxb.XmlSubXCV;
import eu.europa.esig.dss.diagnostic.CertificateRevocationWrapper;
import eu.europa.esig.dss.diagnostic.CertificateWrapper;
import eu.europa.esig.dss.enumerations.Context;
import eu.europa.esig.dss.i18n.I18nProvider;
import eu.europa.esig.dss.i18n.MessageTag;
import eu.europa.esig.dss.policy.SubContext;
import eu.europa.esig.dss.policy.ValidationPolicy;
import eu.europa.esig.dss.validation.process.Chain;
import eu.europa.esig.dss.validation.process.ChainItem;
import eu.europa.esig.dss.validation.process.ValidationProcessUtils;
import eu.europa.esig.dss.validation.process.bbb.xcv.rac.RevocationAcceptanceChecker;
import eu.europa.esig.dss.validation.process.bbb.xcv.rac.checks.LatestRevocationAcceptanceCheckerResultCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.rac.checks.RevocationAcceptanceCheckerResultCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.rfc.RevocationFreshnessChecker;
import eu.europa.esig.dss.validation.process.bbb.xcv.rfc.checks.RevocationDataAvailableCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.AuthorityInfoAccessPresentCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateCryptographicCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateExpirationCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateIssuedToLegalPersonCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateIssuedToNaturalPersonCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateNotSelfSignedCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateOnHoldCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificatePolicyIdsCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateQCStatementIdsCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateQualifiedCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateRevokedCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateSelfSignedCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateSignatureValidCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateSupportedByQSCDCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CommonNameCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CountryCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.ExtendedKeyUsageCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.GivenNameCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.IdPkixOcspNoCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.KeyUsageCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.OrganizationNameCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.OrganizationUnitCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.PseudoUsageCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.PseudonymCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.RevocationFreshnessCheckerResultCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.RevocationInfoAccessPresentCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.SerialNumberCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.SurnameCheck;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/bbb/xcv/sub/SubX509CertificateValidation.class */
public class SubX509CertificateValidation extends Chain<XmlSubXCV> {
    private final CertificateWrapper currentCertificate;
    private final Date currentTime;
    private final Context context;
    private final SubContext subContext;
    private final ValidationPolicy validationPolicy;

    public SubX509CertificateValidation(I18nProvider i18nProvider, CertificateWrapper certificateWrapper, Date date, Context context, SubContext subContext, ValidationPolicy validationPolicy) {
        super(i18nProvider, new XmlSubXCV());
        this.result.setId(certificateWrapper.getId());
        this.result.setTrustAnchor(Boolean.valueOf(certificateWrapper.isTrusted()));
        this.result.setSelfSigned(Boolean.valueOf(certificateWrapper.isSelfSigned()));
        this.currentCertificate = certificateWrapper;
        this.currentTime = date;
        this.context = context;
        this.subContext = subContext;
        this.validationPolicy = validationPolicy;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected MessageTag getTitle() {
        return MessageTag.SUB_XCV;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void initChain() {
        if (this.currentCertificate.isTrusted()) {
            return;
        }
        ChainItem<XmlSubXCV> serialNumber = serialNumber(this.currentCertificate, this.subContext);
        this.firstItem = serialNumber;
        ChainItem<XmlSubXCV> nextItem = serialNumber.setNextItem(surname(this.currentCertificate, this.subContext)).setNextItem(givenName(this.currentCertificate, this.subContext)).setNextItem(commonName(this.currentCertificate, this.subContext)).setNextItem(pseudoUsage(this.currentCertificate, this.subContext)).setNextItem(pseudonym(this.currentCertificate, this.subContext)).setNextItem(country(this.currentCertificate, this.subContext)).setNextItem(organizationUnit(this.currentCertificate, this.subContext)).setNextItem(organizationName(this.currentCertificate, this.subContext)).setNextItem(selfSigned(this.currentCertificate, this.subContext)).setNextItem(notSelfSigned(this.currentCertificate, this.subContext)).setNextItem(certificatePolicyIds(this.currentCertificate, this.subContext)).setNextItem(certificateQCStatementIds(this.currentCertificate, this.subContext)).setNextItem(certificateQualified(this.currentCertificate, this.subContext)).setNextItem(certificateSupportedByQSCD(this.currentCertificate, this.subContext)).setNextItem(certificateIssuedToLegalPerson(this.currentCertificate, this.subContext)).setNextItem(certificateIssuedToNaturalPerson(this.currentCertificate, this.subContext)).setNextItem(certificateSignatureValid(this.currentCertificate, this.subContext)).setNextItem(keyUsage(this.currentCertificate, this.subContext)).setNextItem(extendedKeyUsage(this.currentCertificate, this.subContext)).setNextItem(aiaPresent(this.currentCertificate, this.subContext));
        CertificateRevocationWrapper certificateRevocationWrapper = null;
        if (this.currentCertificate.isIdPkixOcspNoCheck()) {
            nextItem = nextItem.setNextItem(idPkixOcspNoCheck(this.currentCertificate));
        }
        if (ValidationProcessUtils.isRevocationCheckRequired(this.currentCertificate, this.currentTime)) {
            ChainItem<XmlSubXCV> nextItem2 = nextItem.setNextItem(revocationInfoAccessPresent(this.currentCertificate, this.subContext)).setNextItem(revocationDataPresent(this.currentCertificate, this.subContext));
            Map<CertificateRevocationWrapper, XmlRAC> revocationAcceptanceResult = getRevocationAcceptanceResult(this.currentCertificate);
            for (Map.Entry<CertificateRevocationWrapper, XmlRAC> entry : revocationAcceptanceResult.entrySet()) {
                CertificateRevocationWrapper key = entry.getKey();
                XmlRAC value = entry.getValue();
                this.result.getRAC().add(value);
                nextItem2 = nextItem2.setNextItem(revocationAcceptable(value));
                if (isValid(value) && (certificateRevocationWrapper == null || key.getProductionDate().after(certificateRevocationWrapper.getProductionDate()))) {
                    certificateRevocationWrapper = key;
                }
            }
            if (certificateRevocationWrapper != null && certificateRevocationWrapper.isRevoked()) {
                attachRevocationInformation(certificateRevocationWrapper);
            }
            if (certificateRevocationWrapper != null) {
                nextItem2 = nextItem2.setNextItem(latestRevocationAcceptable(revocationAcceptanceResult.get(certificateRevocationWrapper)));
            }
            XmlRFC execute = new RevocationFreshnessChecker(this.i18nProvider, certificateRevocationWrapper, this.currentTime, this.context, this.subContext, this.validationPolicy).execute();
            this.result.setRFC(execute);
            nextItem = nextItem2.setNextItem(checkRevocationFreshnessCheckerResult(execute)).setNextItem(certificateRevoked(certificateRevocationWrapper, this.subContext)).setNextItem(certificateOnHold(certificateRevocationWrapper, this.subContext));
        }
        ChainItem<XmlSubXCV> nextItem3 = nextItem.setNextItem(certificateCryptographic(this.currentCertificate, this.context, this.subContext));
        if (SubContext.SIGNING_CERT == this.subContext) {
            nextItem3.setNextItem(certificateExpiration(this.currentCertificate, certificateRevocationWrapper, this.subContext));
        }
    }

    private void attachRevocationInformation(CertificateRevocationWrapper certificateRevocationWrapper) {
        XmlRevocationInformation xmlRevocationInformation = new XmlRevocationInformation();
        xmlRevocationInformation.setCertificateId(this.currentCertificate.getId());
        xmlRevocationInformation.setRevocationId(certificateRevocationWrapper.getId());
        xmlRevocationInformation.setRevocationDate(certificateRevocationWrapper.getRevocationDate());
        xmlRevocationInformation.setReason(certificateRevocationWrapper.getReason());
        this.result.setRevocationInfo(xmlRevocationInformation);
    }

    private ChainItem<XmlSubXCV> certificateExpiration(CertificateWrapper certificateWrapper, CertificateRevocationWrapper certificateRevocationWrapper, SubContext subContext) {
        return new CertificateExpirationCheck(this.i18nProvider, this.result, certificateWrapper, certificateRevocationWrapper, this.currentTime, this.validationPolicy.getCertificateNotExpiredConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> keyUsage(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new KeyUsageCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateKeyUsageConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> extendedKeyUsage(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new ExtendedKeyUsageCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateExtendedKeyUsageConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> aiaPresent(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new AuthorityInfoAccessPresentCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateAuthorityInfoAccessPresentConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> revocationInfoAccessPresent(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new RevocationInfoAccessPresentCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateRevocationInfoAccessPresentConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> revocationDataPresent(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new RevocationDataAvailableCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getRevocationDataAvailableConstraint(this.context, subContext));
    }

    private Map<CertificateRevocationWrapper, XmlRAC> getRevocationAcceptanceResult(CertificateWrapper certificateWrapper) {
        HashMap hashMap = new HashMap();
        for (CertificateRevocationWrapper certificateRevocationWrapper : certificateWrapper.getCertificateRevocationData()) {
            hashMap.put(certificateRevocationWrapper, new RevocationAcceptanceChecker(this.i18nProvider, certificateWrapper, certificateRevocationWrapper, this.currentTime, this.validationPolicy).execute());
        }
        return hashMap;
    }

    private ChainItem<XmlSubXCV> revocationAcceptable(XmlRAC xmlRAC) {
        return new RevocationAcceptanceCheckerResultCheck(this.i18nProvider, this.result, xmlRAC, getWarnLevelConstraint());
    }

    private ChainItem<XmlSubXCV> latestRevocationAcceptable(XmlRAC xmlRAC) {
        return new LatestRevocationAcceptanceCheckerResultCheck(this.i18nProvider, this.result, xmlRAC, getFailLevelConstraint());
    }

    private ChainItem<XmlSubXCV> checkRevocationFreshnessCheckerResult(XmlRFC xmlRFC) {
        return new RevocationFreshnessCheckerResultCheck(this.i18nProvider, this.result, xmlRFC, this.validationPolicy.getCertificateRevocationFreshnessConstraint(this.context, this.subContext));
    }

    private ChainItem<XmlSubXCV> surname(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new SurnameCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateSurnameConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> givenName(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new GivenNameCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateGivenNameConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> commonName(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CommonNameCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateCommonNameConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> pseudonym(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new PseudonymCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificatePseudonymConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> country(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CountryCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateCountryConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> organizationName(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new OrganizationNameCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateOrganizationNameConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> organizationUnit(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new OrganizationUnitCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateOrganizationUnitConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> serialNumber(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new SerialNumberCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateSerialNumberConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> pseudoUsage(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new PseudoUsageCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificatePseudoUsageConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateSignatureValid(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateSignatureValidCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateSignatureConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateRevoked(CertificateRevocationWrapper certificateRevocationWrapper, SubContext subContext) {
        return new CertificateRevokedCheck(this.i18nProvider, this.result, certificateRevocationWrapper, this.currentTime, this.validationPolicy.getCertificateNotRevokedConstraint(this.context, subContext), subContext);
    }

    private ChainItem<XmlSubXCV> certificateOnHold(CertificateRevocationWrapper certificateRevocationWrapper, SubContext subContext) {
        return new CertificateOnHoldCheck(this.i18nProvider, this.result, certificateRevocationWrapper, this.currentTime, this.validationPolicy.getCertificateNotOnHoldConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> notSelfSigned(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateNotSelfSignedCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateNotSelfSignedConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> selfSigned(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateSelfSignedCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateSelfSignedConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificatePolicyIds(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificatePolicyIdsCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificatePolicyIdsConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateQCStatementIds(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateQCStatementIdsCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateQCStatementIdsConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateCryptographic(CertificateWrapper certificateWrapper, Context context, SubContext subContext) {
        return new CertificateCryptographicCheck(this.i18nProvider, this.result, certificateWrapper, this.currentTime, this.validationPolicy.getCertificateCryptographicConstraint(context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateQualified(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateQualifiedCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateQualificationConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateSupportedByQSCD(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateSupportedByQSCDCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateSupportedByQSCDConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateIssuedToLegalPerson(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateIssuedToLegalPersonCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateIssuedToLegalPersonConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateIssuedToNaturalPerson(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateIssuedToNaturalPersonCheck(this.i18nProvider, this.result, certificateWrapper, this.validationPolicy.getCertificateIssuedToNaturalPersonConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> idPkixOcspNoCheck(CertificateWrapper certificateWrapper) {
        return new IdPkixOcspNoCheck(this.i18nProvider, this.result, certificateWrapper, this.currentTime, getWarnLevelConstraint());
    }
}
