package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.enumerations.CertificateSourceType;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.client.http.DataLoader;
import eu.europa.esig.dss.spi.x509.CommonCertificateSource;
import eu.europa.esig.dss.utils.Utils;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/AIACertificateSource.class */
public class AIACertificateSource extends CommonCertificateSource {
    private static final long serialVersionUID = -2604947158902474169L;
    private static final Logger LOG = LoggerFactory.getLogger(AIACertificateSource.class);
    private final CertificateToken certificate;
    private final DataLoader dataLoader;

    public AIACertificateSource(CertificateToken certificateToken, DataLoader dataLoader) {
        Objects.requireNonNull(certificateToken, "The certificate cannot be null");
        Objects.requireNonNull(dataLoader, "The data loader cannot be null");
        this.certificate = certificateToken;
        this.dataLoader = dataLoader;
    }

    public CertificateToken getIssuerFromAIA() {
        LOG.info("Retrieving {} certificate's issuer using AIA.", this.certificate.getAbbreviation());
        Collection<CertificateToken> loadPotentialIssuerCertificates = DSSUtils.loadPotentialIssuerCertificates(this.certificate, this.dataLoader);
        if (!Utils.isCollectionNotEmpty(loadPotentialIssuerCertificates)) {
            return null;
        }
        CertificateToken findBestBridgeCertificate = findBestBridgeCertificate(loadPotentialIssuerCertificates);
        if (findBestBridgeCertificate != null) {
            addCertificate(findBestBridgeCertificate);
            return findBestBridgeCertificate;
        }
        Iterator<CertificateToken> it = loadPotentialIssuerCertificates.iterator();
        while (it.hasNext()) {
            addCertificate(it.next());
        }
        for (CertificateToken certificateToken : loadPotentialIssuerCertificates) {
            if (this.certificate.isSignedBy(certificateToken)) {
                if (!this.certificate.getIssuerX500Principal().equals(certificateToken.getSubject().getPrincipal())) {
                    LOG.info("There is AIA extension, but the issuer subject name and subject name does not match.");
                    LOG.info("CERT ISSUER    : {}", this.certificate.getIssuer().getCanonical());
                    LOG.info("ISSUER SUBJECT : {}", certificateToken.getSubject().getCanonical());
                }
                return certificateToken;
            }
        }
        LOG.warn("The retrieved certificate(s) using AIA does not sign the certificate {}.", this.certificate.getAbbreviation());
        return null;
    }

    private CertificateToken findBestBridgeCertificate(Collection<CertificateToken> collection) {
        if (Utils.collectionSize(collection) <= 1) {
            return null;
        }
        Object obj = null;
        CertificateToken certificateToken = null;
        for (CertificateToken certificateToken2 : collection) {
            Object publicKey = certificateToken2.getPublicKey();
            if (obj == null) {
                if (!this.certificate.isSignedBy(certificateToken2)) {
                    return null;
                }
                obj = publicKey;
                certificateToken = certificateToken2;
            } else {
                if (!publicKey.equals(obj)) {
                    return null;
                }
                if (isTrusted(certificateToken)) {
                }
            }
        }
        return certificateToken;
    }

    public CertificateSourceType getCertificateSourceType() {
        return CertificateSourceType.AIA;
    }
}
