package eu.europa.esig.dss.pki.x509.aia;

import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.pki.exception.PKIException;
import eu.europa.esig.dss.pki.model.CertEntity;
import eu.europa.esig.dss.pki.model.CertEntityRepository;
import eu.europa.esig.dss.spi.CertificateExtensionsUtils;
import eu.europa.esig.dss.spi.x509.aia.AIASource;
import eu.europa.esig.dss.utils.Utils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/pki/x509/aia/PKIAIASource.class */
public class PKIAIASource implements AIASource {
    private static final long serialVersionUID = 6081957919058132853L;
    private static final Logger LOG = LoggerFactory.getLogger(PKIAIASource.class);
    private final CertEntityRepository certEntityRepository;
    private boolean completeCertificateChain = true;

    public PKIAIASource(CertEntityRepository<? extends CertEntity> certEntityRepository) {
        Objects.requireNonNull(certEntityRepository, "Certificate repository shall be provided!");
        this.certEntityRepository = certEntityRepository;
    }

    public void setCompleteCertificateChain(boolean z) {
        this.completeCertificateChain = z;
    }

    public Set<CertificateToken> getCertificatesByAIA(CertificateToken certificateToken) {
        Objects.requireNonNull(certificateToken, "Certificate Token parameter is not provided!");
        if (!canGenerate(certificateToken)) {
            return new HashSet();
        }
        if (this.completeCertificateChain) {
            List<CertificateToken> certificateChain = getCertificateChain(certificateToken);
            if (Utils.isCollectionNotEmpty(certificateChain)) {
                return new HashSet(certificateChain);
            }
        } else {
            CertificateToken certificateIssuer = getCertificateIssuer(certificateToken);
            if (certificateIssuer != null) {
                return new HashSet(Collections.singleton(certificateIssuer));
            }
        }
        return new HashSet();
    }

    protected boolean canGenerate(CertificateToken certificateToken) {
        if (!Utils.isCollectionEmpty(CertificateExtensionsUtils.getCAIssuersAccessUrls(certificateToken))) {
            return true;
        }
        LOG.debug("No AIA.caIssuers location found for {}", certificateToken.getDSSIdAsString());
        return false;
    }

    protected List<CertificateToken> getCertificateChain(CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList(getCertEntity(certificateToken).getCertificateChain());
        arrayList.remove(certificateToken);
        return arrayList;
    }

    protected CertificateToken getCertificateIssuer(CertificateToken certificateToken) {
        CertEntity issuer = this.certEntityRepository.getIssuer(getCertEntity(certificateToken));
        if (issuer != null) {
            return issuer.getCertificateToken();
        }
        return null;
    }

    protected CertEntity getCertEntity(CertificateToken certificateToken) {
        CertEntity byCertificateToken = this.certEntityRepository.getByCertificateToken(certificateToken);
        if (byCertificateToken == null) {
            throw new PKIException(String.format("CertEntity for certificate token with Id '%s' not found in the repository!", certificateToken.getDSSIdAsString()));
        }
        return byCertificateToken;
    }
}
