package eu.europa.esig.dss.signature;

import eu.europa.esig.dss.AbstractSignatureParameters;
import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.x509.CertificateSource;
import eu.europa.esig.dss.x509.CertificateToken;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/signature/BaselineBCertificateSelector.class */
public class BaselineBCertificateSelector {
    private static final Logger LOG = LoggerFactory.getLogger(BaselineBCertificateSelector.class);
    private final CertificateVerifier certificateVerifier;
    private final AbstractSignatureParameters parameters;

    public BaselineBCertificateSelector(CertificateVerifier certificateVerifier, AbstractSignatureParameters abstractSignatureParameters) {
        this.certificateVerifier = certificateVerifier;
        this.parameters = abstractSignatureParameters;
    }

    public List<CertificateToken> getCertificates() {
        List<CertificateToken> order = order(getAllCertificatesOnce());
        CertificateSource trustedCertSource = this.certificateVerifier.getTrustedCertSource();
        if (!this.parameters.bLevel().isTrustAnchorBPPolicy() || trustedCertSource == null) {
            return order;
        }
        LinkedList linkedList = new LinkedList();
        for (CertificateToken certificateToken : order) {
            if (!trustedCertSource.get(certificateToken.getSubjectX500Principal()).isEmpty()) {
                break;
            }
            linkedList.add(certificateToken);
        }
        return linkedList;
    }

    private List<CertificateToken> getAllCertificatesOnce() {
        ArrayList arrayList = new ArrayList();
        CertificateToken signingCertificate = this.parameters.getSigningCertificate();
        if (signingCertificate != null) {
            arrayList.add(signingCertificate);
        }
        List<CertificateToken> certificateChain = this.parameters.getCertificateChain();
        if (Utils.isCollectionNotEmpty(certificateChain)) {
            for (CertificateToken certificateToken : certificateChain) {
                if (certificateToken != null && !arrayList.contains(certificateToken)) {
                    arrayList.add(certificateToken);
                }
            }
        }
        return arrayList;
    }

    private List<CertificateToken> order(List<CertificateToken> list) {
        for (CertificateToken certificateToken : list) {
            if (!certificateToken.isSelfSigned() && certificateToken.getIssuerToken() == null) {
                Iterator<CertificateToken> it = list.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    CertificateToken next = it.next();
                    if (certificateToken.isSignedBy(next)) {
                        LOG.debug("{} is signed by {}", certificateToken.getDSSIdAsString(), next.getDSSIdAsString());
                        break;
                    }
                }
                if (!certificateToken.isSelfSigned() && certificateToken.getIssuerToken() == null) {
                    LOG.warn("Issuer not found for certificate {}", certificateToken.getDSSIdAsString());
                }
            }
        }
        LinkedList linkedList = new LinkedList();
        CertificateToken signingCertificate = getSigningCertificate(list);
        while (true) {
            CertificateToken certificateToken2 = signingCertificate;
            if (certificateToken2 == null) {
                break;
            }
            linkedList.add(certificateToken2);
            signingCertificate = certificateToken2.getIssuerToken();
        }
        if (list.size() != linkedList.size()) {
            LOG.warn("Some certificates are ignored");
            LOG.warn("Before : {}", list);
            LOG.warn("After : {}", linkedList);
        }
        return linkedList;
    }

    private CertificateToken getSigningCertificate(List<CertificateToken> list) {
        ArrayList arrayList = new ArrayList();
        for (CertificateToken certificateToken : list) {
            boolean z = false;
            Iterator<CertificateToken> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (certificateToken.equals(it.next().getIssuerToken())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                arrayList.add(certificateToken);
            }
        }
        if (Utils.isCollectionEmpty(arrayList)) {
            throw new DSSException("No signing certificate found");
        }
        if (Utils.collectionSize(arrayList) != 1) {
            LOG.warn("More than one identified signers");
            CertificateToken signingCertificate = this.parameters.getSigningCertificate();
            return (signingCertificate == null || !arrayList.contains(signingCertificate)) ? (CertificateToken) arrayList.get(0) : signingCertificate;
        }
        CertificateToken certificateToken2 = (CertificateToken) arrayList.get(0);
        CertificateToken signingCertificate2 = this.parameters.getSigningCertificate();
        if (signingCertificate2 != null && !signingCertificate2.equals(certificateToken2)) {
            LOG.warn("Identified signer is different than parameter");
        }
        return certificateToken2;
    }
}
