package eu.europa.esig.dss.xades.tsl;

import eu.europa.esig.dss.jaxb.common.XSDAbstractUtils;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.xml.common.definition.DSSElement;
import eu.europa.esig.dss.xml.utils.DomUtils;
import eu.europa.esig.trustedlist.TrustedList211Utils;
import eu.europa.esig.trustedlist.TrustedListUtils;
import eu.europa.esig.trustedlist.definition.TrustedListNamespace;
import eu.europa.esig.xades.definition.XAdESElement;
import eu.europa.esig.xades.definition.xades132.XAdES132Element;
import eu.europa.esig.xmldsig.definition.XMLDSigElement;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.xml.transform.dom.DOMSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:eu/europa/esig/dss/xades/tsl/TLStructureVerifier.class */
public class TLStructureVerifier {
    private static final Logger LOG = LoggerFactory.getLogger(TLStructureVerifier.class);
    private static final String TRUSTED_LIST_PARENT_ELEMENT = "TrustServiceStatusList";
    private List<Integer> acceptedTLVersions;
    private boolean signingMode;

    public TLStructureVerifier setAcceptedTLVersions(List<Integer> list) {
        this.acceptedTLVersions = list;
        return this;
    }

    public TLStructureVerifier setSigningMode(boolean z) {
        this.signingMode = z;
        return this;
    }

    public List<String> validate(DSSDocument dSSDocument, Integer num) {
        Objects.requireNonNull(dSSDocument, "Document to be validated cannot be null!");
        return validate(DomUtils.buildDOM(dSSDocument), num);
    }

    public List<String> validate(Document document, Integer num) {
        Objects.requireNonNull(document, "Document to be validated cannot be null!");
        if (num == null) {
            return Collections.singletonList("No TLVersion has been found!");
        }
        if (Utils.isCollectionEmpty(this.acceptedTLVersions)) {
            LOG.debug("No acceptable TL Versions have been defined. The structural validation is skipped.");
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(validateNamespace(document));
        if (!this.acceptedTLVersions.contains(num)) {
            arrayList.add(String.format("The TL Version '%s' is not acceptable!", num));
        } else if (XAdESTrustedListUtils.TL_V5_IDENTIFIER.equals(num)) {
            arrayList.addAll(validateTrustedListV5(document));
        } else if (XAdESTrustedListUtils.TL_V6_IDENTIFIER.equals(num)) {
            arrayList.addAll(validateTrustedListV6(document));
        }
        return arrayList;
    }

    protected List<String> validateTrustedListV5(Document document) {
        ArrayList arrayList = new ArrayList();
        List<String> validateAgainstXSD = validateAgainstXSD(document, TrustedList211Utils.getInstance());
        if (Utils.isCollectionNotEmpty(validateAgainstXSD)) {
            arrayList.addAll(validateAgainstXSD);
        }
        arrayList.addAll(verifySignatureElementPresence(getSignatureElement(document)));
        return arrayList;
    }

    protected List<String> validateTrustedListV6(Document document) {
        ArrayList arrayList = new ArrayList();
        List<String> validateAgainstXSD = validateAgainstXSD(document, TrustedListUtils.getInstance());
        if (Utils.isCollectionNotEmpty(validateAgainstXSD)) {
            arrayList.addAll(validateAgainstXSD);
        }
        Element signatureElement = getSignatureElement(document);
        arrayList.addAll(verifySignatureElementPresence(signatureElement));
        List<String> validateSignatureElement = validateSignatureElement(signatureElement, true);
        if (Utils.isCollectionNotEmpty(validateSignatureElement)) {
            arrayList.addAll(validateSignatureElement);
        }
        return arrayList;
    }

    private List<String> validateAgainstXSD(Document document, XSDAbstractUtils xSDAbstractUtils) {
        return xSDAbstractUtils.validateAgainstXSD(new DOMSource(document));
    }

    private List<String> validateNamespace(Document document) {
        Element documentElement = document.getDocumentElement();
        return (TRUSTED_LIST_PARENT_ELEMENT.equals(documentElement.getLocalName()) && TrustedListNamespace.NS.getUri().equals(documentElement.getNamespaceURI())) ? Collections.emptyList() : Collections.singletonList(String.format("The root of XML Trusted List shall be %s:%s element!", TrustedListNamespace.NS.getPrefix(), TRUSTED_LIST_PARENT_ELEMENT));
    }

    private Element getSignatureElement(Document document) {
        return getChildElement(document.getDocumentElement(), XMLDSigElement.SIGNATURE);
    }

    private List<String> verifySignatureElementPresence(Element element) {
        if (this.signingMode) {
            if (element != null) {
                return Collections.singletonList("The ds:Signature element shall not be present for XML Trusted List signing!");
            }
        } else if (element == null) {
            return Collections.singletonList("No ds:Signature element is present!");
        }
        return Collections.emptyList();
    }

    private List<String> validateSignatureElement(Element element, boolean z) {
        if (element == null || this.signingMode) {
            return Collections.emptyList();
        }
        List<Element> childElements = getChildElements(element, XMLDSigElement.OBJECT);
        if (Utils.isCollectionEmpty(childElements)) {
            return Collections.singletonList("No ds:Object elements are present!");
        }
        Element qualifyingPropertiesElement = getQualifyingPropertiesElement(childElements);
        if (qualifyingPropertiesElement == null) {
            return Collections.singletonList("No xades:QualifyingProperties element has been found!");
        }
        Element childElement = getChildElement(qualifyingPropertiesElement, XAdES132Element.SIGNED_PROPERTIES);
        if (childElement == null) {
            return Collections.singletonList("No xades:SignedProperties element has been found!");
        }
        Element childElement2 = getChildElement(childElement, XAdES132Element.SIGNED_SIGNATURE_PROPERTIES);
        if (childElement2 == null) {
            return Collections.singletonList("No xades:SignedSignatureProperties element has been found!");
        }
        ArrayList arrayList = new ArrayList();
        List<Element> multipleElements = getMultipleElements(childElement2, XAdES132Element.SIGNING_CERTIFICATE, XAdES132Element.SIGNING_CERTIFICATE_V2);
        if (Utils.isCollectionNotEmpty(multipleElements)) {
            for (Element element2 : multipleElements) {
                if (z ^ doesMatch(element2, XAdES132Element.SIGNING_CERTIFICATE_V2)) {
                    arrayList.add(String.format("%s element shall not be present!", element2.getLocalName()));
                }
            }
        } else {
            Object[] objArr = new Object[1];
            objArr[0] = z ? "V2" : "";
            arrayList.add(String.format("No xades:SigningCertificate%s element has been found!", objArr));
        }
        List<Element> multipleElements2 = getMultipleElements(childElement2, XAdES132Element.SIGNATURE_PRODUCTION_PLACE, XAdES132Element.SIGNATURE_PRODUCTION_PLACE_V2);
        if (Utils.isCollectionNotEmpty(multipleElements2)) {
            for (Element element3 : multipleElements2) {
                if (z ^ doesMatch(element3, XAdES132Element.SIGNATURE_PRODUCTION_PLACE_V2)) {
                    arrayList.add(String.format("%s element shall not be present!", element3.getLocalName()));
                }
            }
        }
        List<Element> multipleElements3 = getMultipleElements(childElement2, XAdES132Element.SIGNER_ROLE, XAdES132Element.SIGNER_ROLE_V2);
        if (Utils.isCollectionNotEmpty(multipleElements3)) {
            for (Element element4 : multipleElements3) {
                if (z ^ doesMatch(element4, XAdES132Element.SIGNER_ROLE_V2)) {
                    arrayList.add(String.format("%s element shall not be present!", element4.getLocalName()));
                }
            }
        }
        return arrayList;
    }

    private Element getQualifyingPropertiesElement(List<Element> list) {
        Iterator<Element> it = list.iterator();
        while (it.hasNext()) {
            Element childElement = getChildElement(it.next(), XAdES132Element.QUALIFYING_PROPERTIES);
            if (childElement != null) {
                return childElement;
            }
        }
        return null;
    }

    private List<Element> getMultipleElements(Element element, XAdESElement... xAdESElementArr) {
        ArrayList arrayList = new ArrayList();
        for (XAdESElement xAdESElement : xAdESElementArr) {
            List<Element> childElements = getChildElements(element, xAdESElement);
            if (Utils.isCollectionNotEmpty(childElements)) {
                arrayList.addAll(childElements);
            }
        }
        return arrayList;
    }

    private Element getChildElement(Element element, DSSElement dSSElement) {
        List<Element> childElements = getChildElements(element, dSSElement);
        if (Utils.collectionSize(childElements) == 1) {
            return childElements.get(0);
        }
        return null;
    }

    private List<Element> getChildElements(Element element, DSSElement dSSElement) {
        ArrayList arrayList = new ArrayList();
        NodeList childNodes = element.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (1 == item.getNodeType()) {
                Element element2 = (Element) item;
                if (doesMatch(element2, dSSElement)) {
                    arrayList.add(element2);
                }
            }
        }
        return arrayList;
    }

    private boolean doesMatch(Element element, DSSElement dSSElement) {
        return dSSElement.isSameTagName(element.getLocalName()) && dSSElement.getURI().equals(element.getNamespaceURI());
    }

    static {
        DomUtils.registerNamespace(TrustedListNamespace.NS);
    }
}
