package eu.europa.esig.dss.validation.process.vpfltvd;

import eu.europa.esig.dss.jaxb.detailedreport.XmlBasicBuildingBlocks;
import eu.europa.esig.dss.jaxb.detailedreport.XmlConclusion;
import eu.europa.esig.dss.jaxb.detailedreport.XmlConstraint;
import eu.europa.esig.dss.jaxb.detailedreport.XmlConstraintsConclusion;
import eu.europa.esig.dss.jaxb.detailedreport.XmlSignature;
import eu.europa.esig.dss.jaxb.detailedreport.XmlStatus;
import eu.europa.esig.dss.jaxb.detailedreport.XmlValidationProcessLongTermData;
import eu.europa.esig.dss.jaxb.detailedreport.XmlValidationProcessTimestamps;
import eu.europa.esig.dss.validation.policy.Context;
import eu.europa.esig.dss.validation.policy.ValidationPolicy;
import eu.europa.esig.dss.validation.policy.rules.Indication;
import eu.europa.esig.dss.validation.policy.rules.SubIndication;
import eu.europa.esig.dss.validation.process.Chain;
import eu.europa.esig.dss.validation.process.ChainItem;
import eu.europa.esig.dss.validation.process.bbb.sav.checks.CryptographicCheck;
import eu.europa.esig.dss.validation.process.vpfltvd.checks.AcceptableBasicSignatureValidationCheck;
import eu.europa.esig.dss.validation.process.vpfltvd.checks.BestSignatureTimeNotBeforeCertificateIssuanceCheck;
import eu.europa.esig.dss.validation.process.vpfltvd.checks.RevocationBasicBuildingBlocksCheck;
import eu.europa.esig.dss.validation.process.vpfltvd.checks.RevocationDateAfterBestSignatureTimeCheck;
import eu.europa.esig.dss.validation.process.vpfltvd.checks.SigningTimeAttributePresentCheck;
import eu.europa.esig.dss.validation.process.vpfltvd.checks.TimestampCoherenceOrderCheck;
import eu.europa.esig.dss.validation.process.vpfltvd.checks.TimestampDelayCheck;
import eu.europa.esig.dss.validation.reports.wrapper.CertificateWrapper;
import eu.europa.esig.dss.validation.reports.wrapper.DiagnosticData;
import eu.europa.esig.dss.validation.reports.wrapper.RevocationWrapper;
import eu.europa.esig.dss.validation.reports.wrapper.SignatureWrapper;
import eu.europa.esig.dss.validation.reports.wrapper.TimestampWrapper;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/vpfltvd/ValidationProcessForSignaturesWithLongTermValidationData.class */
public class ValidationProcessForSignaturesWithLongTermValidationData extends Chain<XmlValidationProcessLongTermData> {
    private static final Logger logger = LoggerFactory.getLogger(ValidationProcessForSignaturesWithLongTermValidationData.class);
    private final XmlConstraintsConclusion basicSignatureValidation;
    private final List<XmlValidationProcessTimestamps> timestampValidations;
    private final DiagnosticData diagnosticData;
    private final SignatureWrapper currentSignature;
    private final Map<String, XmlBasicBuildingBlocks> bbbs;
    private final ValidationPolicy policy;
    private final Date currentDate;

    public ValidationProcessForSignaturesWithLongTermValidationData(XmlSignature xmlSignature, DiagnosticData diagnosticData, SignatureWrapper signatureWrapper, Map<String, XmlBasicBuildingBlocks> map, ValidationPolicy validationPolicy, Date date) {
        super(new XmlValidationProcessLongTermData());
        this.basicSignatureValidation = xmlSignature.getValidationProcessBasicSignatures();
        this.timestampValidations = xmlSignature.getValidationProcessTimestamps();
        this.diagnosticData = diagnosticData;
        this.currentSignature = signatureWrapper;
        this.bbbs = map;
        this.policy = validationPolicy;
        this.currentDate = date;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void initChain() {
        Date date = this.currentDate;
        ChainItem<XmlValidationProcessLongTermData> isAcceptableBasicSignatureValidation = isAcceptableBasicSignatureValidation();
        this.firstItem = isAcceptableBasicSignatureValidation;
        ChainItem<XmlValidationProcessLongTermData> chainItem = isAcceptableBasicSignatureValidation;
        Set<RevocationWrapper> linkedRevocationData = getLinkedRevocationData();
        if (CollectionUtils.isNotEmpty(linkedRevocationData)) {
            for (RevocationWrapper revocationWrapper : linkedRevocationData) {
                XmlBasicBuildingBlocks xmlBasicBuildingBlocks = this.bbbs.get(revocationWrapper.getId());
                if (xmlBasicBuildingBlocks != null) {
                    chainItem = chainItem.setNextItem(revocationBasicBuildingBlocksValid(xmlBasicBuildingBlocks));
                } else {
                    logger.warn("No BBB found for revocation " + revocationWrapper.getId());
                }
            }
        }
        Set<TimestampWrapper> filterInvalidTimestamps = filterInvalidTimestamps(this.currentSignature.getTimestampList());
        if (CollectionUtils.isNotEmpty(filterInvalidTimestamps)) {
            Iterator<TimestampWrapper> it = filterInvalidTimestamps.iterator();
            while (it.hasNext()) {
                Date productionTime = it.next().getProductionTime();
                if (productionTime.before(date)) {
                    date = productionTime;
                }
            }
        }
        XmlConclusion conclusion = this.basicSignatureValidation.getConclusion();
        if (Indication.INDETERMINATE.equals(conclusion.getIndication()) && SubIndication.REVOKED_NO_POE.equals(conclusion.getSubIndication())) {
            chainItem = chainItem.setNextItem(revocationDateAfterBestSignatureDate(date));
        }
        if (Indication.INDETERMINATE.equals(conclusion.getIndication()) && SubIndication.OUT_OF_BOUNDS_NO_POE.equals(conclusion.getSubIndication())) {
            chainItem = chainItem.setNextItem(bestSignatureTimeNotBeforeCertificateIssuance(date));
        }
        if (Indication.INDETERMINATE.equals(conclusion.getIndication()) && SubIndication.CRYPTO_CONSTRAINTS_FAILURE_NO_POE.equals(conclusion.getSubIndication())) {
            chainItem = chainItem.setNextItem(algorithmReliableAtBestSignatureTime(date));
        }
        if (CollectionUtils.isNotEmpty(filterInvalidTimestamps)) {
            chainItem.setNextItem(timestampCoherenceOrder(filterInvalidTimestamps)).setNextItem(signingTimeAttributePresent()).setNextItem(timestampDelay(date));
        }
    }

    private Set<RevocationWrapper> getLinkedRevocationData() {
        HashSet hashSet = new HashSet();
        extractRevocationDataFromCertificateChain(hashSet, this.currentSignature.getCertificateChainIds());
        Iterator it = this.currentSignature.getTimestampList().iterator();
        while (it.hasNext()) {
            extractRevocationDataFromCertificateChain(hashSet, ((TimestampWrapper) it.next()).getCertificateChainIds());
        }
        return hashSet;
    }

    private void extractRevocationDataFromCertificateChain(Set<RevocationWrapper> set, List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            CertificateWrapper usedCertificateById = this.diagnosticData.getUsedCertificateById(it.next());
            if (usedCertificateById != null && usedCertificateById.getRevocationData() != null) {
                set.addAll(usedCertificateById.getRevocationData());
            }
        }
    }

    private Set<TimestampWrapper> filterInvalidTimestamps(List<TimestampWrapper> list) {
        HashSet hashSet = new HashSet();
        for (TimestampWrapper timestampWrapper : list) {
            boolean z = false;
            Iterator<XmlValidationProcessTimestamps> it = this.timestampValidations.iterator();
            while (it.hasNext()) {
                Iterator it2 = it.next().getConstraint().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        XmlConstraint xmlConstraint = (XmlConstraint) it2.next();
                        if (StringUtils.equals(timestampWrapper.getId(), xmlConstraint.getId())) {
                            z = true;
                            if (XmlStatus.OK.equals(xmlConstraint.getStatus())) {
                                hashSet.add(timestampWrapper);
                                break;
                            }
                        }
                    }
                }
            }
            if (!z) {
                logger.warn("Cannot find tsp validation info for tsp " + timestampWrapper.getId());
            }
        }
        return hashSet;
    }

    private ChainItem<XmlValidationProcessLongTermData> isAcceptableBasicSignatureValidation() {
        return new AcceptableBasicSignatureValidationCheck(this.result, this.basicSignatureValidation, getFailLevelConstraint());
    }

    private ChainItem<XmlValidationProcessLongTermData> revocationBasicBuildingBlocksValid(XmlBasicBuildingBlocks xmlBasicBuildingBlocks) {
        return new RevocationBasicBuildingBlocksCheck(this.result, xmlBasicBuildingBlocks, getFailLevelConstraint());
    }

    private ChainItem<XmlValidationProcessLongTermData> revocationDateAfterBestSignatureDate(Date date) {
        return new RevocationDateAfterBestSignatureTimeCheck(this.result, this.diagnosticData.getUsedCertificateById(this.currentSignature.getSigningCertificateId()), date, getFailLevelConstraint());
    }

    private ChainItem<XmlValidationProcessLongTermData> bestSignatureTimeNotBeforeCertificateIssuance(Date date) {
        return new BestSignatureTimeNotBeforeCertificateIssuanceCheck(this.result, date, this.diagnosticData.getUsedCertificateById(this.currentSignature.getSigningCertificateId()), this.policy.getBestSignatureTimeBeforeIssuanceDateOfSigningCertificateConstraint());
    }

    private ChainItem<XmlValidationProcessLongTermData> timestampCoherenceOrder(Set<TimestampWrapper> set) {
        return new TimestampCoherenceOrderCheck(this.result, set, this.policy.getTimestampCoherenceConstraint());
    }

    private ChainItem<XmlValidationProcessLongTermData> signingTimeAttributePresent() {
        return new SigningTimeAttributePresentCheck(this.result, this.currentSignature, this.policy.getSigningTimeConstraint());
    }

    private ChainItem<XmlValidationProcessLongTermData> timestampDelay(Date date) {
        return new TimestampDelayCheck(this.result, this.currentSignature, date, this.policy.getTimestampDelaySigningTimePropertyConstraint());
    }

    private ChainItem<XmlValidationProcessLongTermData> algorithmReliableAtBestSignatureTime(Date date) {
        return new CryptographicCheck(this.result, this.currentSignature, date, this.policy.getSignatureCryptographicConstraint(Context.SIGNATURE));
    }
}
