package eu.europa.esig.dss.validation.process.vpfswatsp.checks.vts;

import eu.europa.esig.dss.jaxb.detailedreport.XmlRFC;
import eu.europa.esig.dss.jaxb.detailedreport.XmlVTS;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.TimestampReferenceCategory;
import eu.europa.esig.dss.validation.policy.Context;
import eu.europa.esig.dss.validation.policy.SubContext;
import eu.europa.esig.dss.validation.policy.ValidationPolicy;
import eu.europa.esig.dss.validation.policy.rules.Indication;
import eu.europa.esig.dss.validation.process.Chain;
import eu.europa.esig.dss.validation.process.ChainItem;
import eu.europa.esig.dss.validation.process.bbb.sav.checks.CryptographicCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.rfc.RevocationFreshnessChecker;
import eu.europa.esig.dss.validation.process.vpfswatsp.POEExtraction;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.vts.checks.POEExistsAtOrBeforeControlTimeCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.vts.checks.SatisfyingRevocationDataExistsCheck;
import eu.europa.esig.dss.validation.reports.wrapper.CertificateWrapper;
import eu.europa.esig.dss.validation.reports.wrapper.DiagnosticData;
import eu.europa.esig.dss.validation.reports.wrapper.RevocationWrapper;
import eu.europa.esig.dss.validation.reports.wrapper.TokenProxy;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/vpfswatsp/checks/vts/ValidationTimeSliding.class */
public class ValidationTimeSliding extends Chain<XmlVTS> {
    private final DiagnosticData diagnosticData;
    private final TokenProxy token;
    private final Date currentTime;
    private final Context context;
    private final POEExtraction poe;
    private final ValidationPolicy policy;
    private Date controlTime;

    public ValidationTimeSliding(DiagnosticData diagnosticData, TokenProxy tokenProxy, Date date, Context context, POEExtraction pOEExtraction, ValidationPolicy validationPolicy) {
        super(new XmlVTS());
        this.diagnosticData = diagnosticData;
        this.token = tokenProxy;
        this.currentTime = date;
        this.context = context;
        this.poe = pOEExtraction;
        this.policy = validationPolicy;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void initChain() {
        this.controlTime = this.currentTime;
        List certificateChainIds = this.token.getCertificateChainIds();
        if (Utils.isCollectionNotEmpty(certificateChainIds)) {
            Collections.reverse(certificateChainIds);
            Iterator it = certificateChainIds.iterator();
            while (it.hasNext()) {
                CertificateWrapper usedCertificateById = this.diagnosticData.getUsedCertificateById((String) it.next());
                if (!usedCertificateById.isTrusted()) {
                    RevocationWrapper revocationWrapper = null;
                    for (RevocationWrapper revocationWrapper2 : usedCertificateById.getRevocationData()) {
                        if (revocationWrapper == null || revocationWrapper2.getProductionDate().after(revocationWrapper.getProductionDate())) {
                            if (isConsistant(usedCertificateById, revocationWrapper2) && isIssuanceBeforeControlTime(revocationWrapper2)) {
                                revocationWrapper = revocationWrapper2;
                            }
                        }
                    }
                    ChainItem<XmlVTS> satisfyingRevocationDataExists = satisfyingRevocationDataExists(revocationWrapper);
                    if (this.firstItem == null) {
                        this.firstItem = satisfyingRevocationDataExists;
                    }
                    ChainItem<XmlVTS> nextItem = satisfyingRevocationDataExists.setNextItem(poeExistsAtOrBeforeControlTime(usedCertificateById, TimestampReferenceCategory.CERTIFICATE, this.controlTime)).setNextItem(poeExistsAtOrBeforeControlTime(revocationWrapper, TimestampReferenceCategory.REVOCATION, this.controlTime));
                    if (revocationWrapper != null) {
                        if (usedCertificateById.isRevoked()) {
                            this.controlTime = revocationWrapper.getRevocationDate();
                        } else if (!isFresh(revocationWrapper, this.controlTime)) {
                            this.controlTime = revocationWrapper.getProductionDate();
                        }
                    }
                    nextItem.setNextItem(cryptographicCheck(usedCertificateById, this.controlTime)).setNextItem(cryptographicCheck(revocationWrapper, this.controlTime));
                }
            }
        }
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void addAdditionalInfo() {
        this.result.setControlTime(this.controlTime);
    }

    private boolean isFresh(RevocationWrapper revocationWrapper, Date date) {
        XmlRFC execute = new RevocationFreshnessChecker(revocationWrapper, date, this.context, SubContext.SIGNING_CERT, this.policy).execute();
        return (execute == null || execute.getConclusion() == null || !Indication.PASSED.equals(execute.getConclusion().getIndication())) ? false : true;
    }

    private ChainItem<XmlVTS> satisfyingRevocationDataExists(RevocationWrapper revocationWrapper) {
        return new SatisfyingRevocationDataExistsCheck(this.result, revocationWrapper, getFailLevelConstraint());
    }

    private ChainItem<XmlVTS> poeExistsAtOrBeforeControlTime(TokenProxy tokenProxy, TimestampReferenceCategory timestampReferenceCategory, Date date) {
        return new POEExistsAtOrBeforeControlTimeCheck(this.result, tokenProxy, timestampReferenceCategory, date, this.poe, getFailLevelConstraint());
    }

    private ChainItem<XmlVTS> cryptographicCheck(TokenProxy tokenProxy, Date date) {
        return new CryptographicCheck(this.result, tokenProxy, date, this.policy.getCertificateCryptographicConstraint(this.context, SubContext.SIGNING_CERT));
    }

    private boolean isConsistant(CertificateWrapper certificateWrapper, RevocationWrapper revocationWrapper) {
        Date certificateTSPServiceExpiredCertsRevocationInfo;
        Date notBefore = certificateWrapper.getNotBefore();
        Date notAfter = certificateWrapper.getNotAfter();
        Date thisUpdate = revocationWrapper.getThisUpdate();
        Date date = thisUpdate;
        Date expiredCertsOnCRL = revocationWrapper.getExpiredCertsOnCRL();
        if (expiredCertsOnCRL != null) {
            date = expiredCertsOnCRL;
        }
        Date archiveCutOff = revocationWrapper.getArchiveCutOff();
        if (archiveCutOff != null) {
            date = archiveCutOff;
        }
        if (expiredCertsOnCRL != null && archiveCutOff != null) {
            CertificateWrapper usedCertificateById = this.diagnosticData.getUsedCertificateById(revocationWrapper.getSigningCertificateId());
            if (usedCertificateById != null && (certificateTSPServiceExpiredCertsRevocationInfo = usedCertificateById.getCertificateTSPServiceExpiredCertsRevocationInfo()) != null) {
                date = certificateTSPServiceExpiredCertsRevocationInfo;
            }
        }
        return thisUpdate != null && notBefore.before(thisUpdate) && notAfter.compareTo(date) >= 0;
    }

    private boolean isIssuanceBeforeControlTime(RevocationWrapper revocationWrapper) {
        return revocationWrapper.getProductionDate().before(this.controlTime);
    }
}
