package eu.europa.esig.dss.validation.process.vpfswatsp.checks.pcv;

import eu.europa.esig.dss.jaxb.detailedreport.XmlBasicBuildingBlocks;
import eu.europa.esig.dss.jaxb.detailedreport.XmlPCV;
import eu.europa.esig.dss.jaxb.detailedreport.XmlVTS;
import eu.europa.esig.dss.jaxb.diagnostic.XmlChainCertificate;
import eu.europa.esig.dss.validation.policy.Context;
import eu.europa.esig.dss.validation.policy.SubContext;
import eu.europa.esig.dss.validation.policy.ValidationPolicy;
import eu.europa.esig.dss.validation.process.Chain;
import eu.europa.esig.dss.validation.process.ChainItem;
import eu.europa.esig.dss.validation.process.bbb.sav.checks.CryptographicCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateSignatureValidCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.POEExtraction;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.pcv.checks.ProspectiveCertificateChainCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.pcv.checks.ValidationTimeSlidingCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.vts.ValidationTimeSliding;
import eu.europa.esig.dss.validation.reports.wrapper.CertificateWrapper;
import eu.europa.esig.dss.validation.reports.wrapper.DiagnosticData;
import eu.europa.esig.dss.validation.reports.wrapper.TokenProxy;
import java.util.Date;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/vpfswatsp/checks/pcv/PastCertificateValidation.class */
public class PastCertificateValidation extends Chain<XmlPCV> {
    private final TokenProxy token;
    private final DiagnosticData diagnosticData;
    private final XmlBasicBuildingBlocks bbb;
    private final POEExtraction poe;
    private final Date currentTime;
    private final ValidationPolicy policy;
    private final Context context;
    private Date controlTime;

    public PastCertificateValidation(TokenProxy tokenProxy, DiagnosticData diagnosticData, XmlBasicBuildingBlocks xmlBasicBuildingBlocks, POEExtraction pOEExtraction, Date date, ValidationPolicy validationPolicy, Context context) {
        super(new XmlPCV());
        this.token = tokenProxy;
        this.diagnosticData = diagnosticData;
        this.bbb = xmlBasicBuildingBlocks;
        this.poe = pOEExtraction;
        this.currentTime = date;
        this.policy = validationPolicy;
        this.context = context;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void initChain() {
        Date revocationDate;
        String signingCertificateId = this.token.getSigningCertificateId();
        ChainItem<XmlPCV> prospectiveCertificateChain = prospectiveCertificateChain();
        this.firstItem = prospectiveCertificateChain;
        ChainItem<XmlPCV> chainItem = prospectiveCertificateChain;
        Date date = null;
        Date date2 = null;
        for (XmlChainCertificate xmlChainCertificate : this.token.getCertificateChain()) {
            CertificateWrapper usedCertificateById = this.diagnosticData.getUsedCertificateById(xmlChainCertificate.getId());
            if (!usedCertificateById.isTrusted()) {
                SubContext subContext = SubContext.CA_CERTIFICATE;
                if (StringUtils.equals(signingCertificateId, xmlChainCertificate.getId())) {
                    subContext = SubContext.SIGNING_CERT;
                }
                if (date == null || date.before(usedCertificateById.getNotBefore())) {
                    date = usedCertificateById.getNotBefore();
                }
                if (date2 == null || date2.after(usedCertificateById.getNotAfter())) {
                    date2 = usedCertificateById.getNotAfter();
                }
                if (SubContext.CA_CERTIFICATE.equals(subContext) && usedCertificateById.isRevoked() && (revocationDate = usedCertificateById.getLatestRevocationData().getRevocationDate()) != null && date2.after(revocationDate)) {
                    date2 = revocationDate;
                }
                chainItem = chainItem.setNextItem(certificateSignatureValid(usedCertificateById, subContext));
            }
        }
        ChainItem<XmlPCV> nextItem = chainItem.setNextItem(validationTimeSliding());
        if (this.controlTime != null) {
            for (XmlChainCertificate xmlChainCertificate2 : this.token.getCertificateChain()) {
                CertificateWrapper usedCertificateById2 = this.diagnosticData.getUsedCertificateById(xmlChainCertificate2.getId());
                if (!usedCertificateById2.isTrusted()) {
                    SubContext subContext2 = SubContext.CA_CERTIFICATE;
                    if (StringUtils.equals(signingCertificateId, xmlChainCertificate2.getId())) {
                        subContext2 = SubContext.SIGNING_CERT;
                    }
                    nextItem = nextItem.setNextItem(cryptographicCheck(this.result, usedCertificateById2, this.controlTime, subContext2));
                }
            }
        }
    }

    private ChainItem<XmlPCV> prospectiveCertificateChain() {
        return new ProspectiveCertificateChainCheck(this.result, this.token, this.diagnosticData, this.policy.getProspectiveCertificateChainConstraint(this.context));
    }

    private ChainItem<XmlPCV> certificateSignatureValid(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateSignatureValidCheck(this.result, certificateWrapper, this.policy.getCertificateSignatureConstraint(this.context, subContext));
    }

    private ChainItem<XmlPCV> validationTimeSliding() {
        XmlVTS execute = new ValidationTimeSliding(this.diagnosticData, this.token, this.currentTime, this.context, this.poe, this.policy).execute();
        this.bbb.setVTS(execute);
        this.controlTime = execute.getControlTime();
        return new ValidationTimeSlidingCheck(this.result, execute, getFailLevelConstraint());
    }

    private ChainItem<XmlPCV> cryptographicCheck(XmlPCV xmlPCV, CertificateWrapper certificateWrapper, Date date, SubContext subContext) {
        return new CryptographicCheck(xmlPCV, certificateWrapper, date, this.policy.getCertificateCryptographicConstraint(this.context, subContext));
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void addAdditionalInfo() {
        this.result.setControlTime(this.controlTime);
    }
}
