package eu.europa.esig.dss.validation.process.bbb.xcv.sub;

import eu.europa.esig.dss.jaxb.detailedreport.XmlRFC;
import eu.europa.esig.dss.jaxb.detailedreport.XmlSubXCV;
import eu.europa.esig.dss.validation.policy.Context;
import eu.europa.esig.dss.validation.policy.SubContext;
import eu.europa.esig.dss.validation.policy.ValidationPolicy;
import eu.europa.esig.dss.validation.process.Chain;
import eu.europa.esig.dss.validation.process.ChainItem;
import eu.europa.esig.dss.validation.process.bbb.xcv.rfc.RevocationFreshnessChecker;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.AuthorityInfoAccessPresentCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateCryptographicCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateExpirationCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateIssuedToLegalPersonCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateIssuedToNaturalPersonCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateNotSelfSignedCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateOnHoldCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificatePolicyIdsCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateQCStatementIdsCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateQualifiedCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateRevokedCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateSelfSignedCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateSignatureValidCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateSupportedByQSCDCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CommonNameCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CountryCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.GivenNameCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.IdPkixOcspNoCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.KeyUsageCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.OrganizationNameCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.OrganizationUnitCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.PseudoUsageCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.PseudonymCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.RevocationCertHashMatchCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.RevocationFreshnessCheckerResult;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.RevocationInfoAccessPresentCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.SerialNumberCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.SurnameCheck;
import eu.europa.esig.dss.validation.reports.wrapper.CertificateWrapper;
import java.util.Date;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/bbb/xcv/sub/SubX509CertificateValidation.class */
public class SubX509CertificateValidation extends Chain<XmlSubXCV> {
    private final CertificateWrapper currentCertificate;
    private final Date currentTime;
    private final Context context;
    private final SubContext subContext;
    private final ValidationPolicy validationPolicy;

    public SubX509CertificateValidation(CertificateWrapper certificateWrapper, Date date, Context context, SubContext subContext, ValidationPolicy validationPolicy) {
        super(new XmlSubXCV());
        this.result.setId(certificateWrapper.getId());
        this.result.setTrustAnchor(Boolean.valueOf(certificateWrapper.isTrusted()));
        this.currentCertificate = certificateWrapper;
        this.currentTime = date;
        this.context = context;
        this.subContext = subContext;
        this.validationPolicy = validationPolicy;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void initChain() {
        ChainItem<XmlSubXCV> nextItem;
        if (this.currentCertificate.isTrusted()) {
            return;
        }
        ChainItem<XmlSubXCV> serialNumber = serialNumber(this.currentCertificate, this.subContext);
        this.firstItem = serialNumber;
        ChainItem<XmlSubXCV> nextItem2 = serialNumber.setNextItem(surname(this.currentCertificate, this.subContext)).setNextItem(givenName(this.currentCertificate, this.subContext)).setNextItem(commonName(this.currentCertificate, this.subContext)).setNextItem(pseudoUsage(this.currentCertificate, this.subContext)).setNextItem(pseudonym(this.currentCertificate, this.subContext)).setNextItem(country(this.currentCertificate, this.subContext)).setNextItem(organizationUnit(this.currentCertificate, this.subContext)).setNextItem(organizationName(this.currentCertificate, this.subContext)).setNextItem(selfSigned(this.currentCertificate, this.subContext)).setNextItem(notSelfSigned(this.currentCertificate, this.subContext)).setNextItem(certificatePolicyIds(this.currentCertificate, this.subContext)).setNextItem(certificateQCStatementIds(this.currentCertificate, this.subContext)).setNextItem(certificateQualified(this.currentCertificate, this.subContext)).setNextItem(certificateSupportedByQSCD(this.currentCertificate, this.subContext)).setNextItem(certificateIssuedToLegalPerson(this.currentCertificate, this.subContext)).setNextItem(certificateIssuedToNaturalPerson(this.currentCertificate, this.subContext)).setNextItem(certificateSignatureValid(this.currentCertificate, this.subContext)).setNextItem(certificateCryptographic(this.currentCertificate, this.context, this.subContext)).setNextItem(keyUsage(this.currentCertificate, this.subContext)).setNextItem(aiaPresent(this.currentCertificate, this.subContext)).setNextItem(revocationInfoAccessPresent(this.currentCertificate, this.subContext)).setNextItem(certificateExpiration(this.currentCertificate, this.subContext)).setNextItem(certificateRevoked(this.currentCertificate, this.subContext)).setNextItem(certificateOnHold(this.currentCertificate, this.subContext));
        if (isRevocationNoNeedCheck(this.currentCertificate)) {
            nextItem = nextItem2.setNextItem(idPkixOcspNoCheck());
        } else {
            XmlRFC execute = new RevocationFreshnessChecker(this.currentCertificate.getLatestRevocationData(), this.currentTime, this.context, this.subContext, this.validationPolicy).execute();
            this.result.setRFC(execute);
            nextItem = nextItem2.setNextItem(checkRevocationFreshnessCheckerResult(execute));
        }
        nextItem.setNextItem(revocationCertHashCheck());
    }

    private boolean isRevocationNoNeedCheck(CertificateWrapper certificateWrapper) {
        return certificateWrapper.isIdPkixOcspNoCheck() && this.currentTime.compareTo(certificateWrapper.getNotBefore()) >= 0 && this.currentTime.compareTo(certificateWrapper.getNotAfter()) <= 0;
    }

    private ChainItem<XmlSubXCV> certificateExpiration(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateExpirationCheck(this.result, certificateWrapper, this.currentTime, this.validationPolicy.getCertificateNotExpiredConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> keyUsage(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new KeyUsageCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateKeyUsageConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> aiaPresent(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new AuthorityInfoAccessPresentCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateAuthorityInfoAccessPresentConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> revocationInfoAccessPresent(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new RevocationInfoAccessPresentCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateRevocationInfoAccessPresentConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> checkRevocationFreshnessCheckerResult(XmlRFC xmlRFC) {
        return new RevocationFreshnessCheckerResult(this.result, xmlRFC, this.validationPolicy.getCertificateRevocationFreshnessConstraint(this.context, this.subContext));
    }

    private ChainItem<XmlSubXCV> surname(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new SurnameCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateSurnameConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> givenName(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new GivenNameCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateGivenNameConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> commonName(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CommonNameCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateCommonNameConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> pseudonym(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new PseudonymCheck(this.result, certificateWrapper, this.validationPolicy.getCertificatePseudonymConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> country(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CountryCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateCountryConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> organizationName(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new OrganizationNameCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateOrganizationNameConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> organizationUnit(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new OrganizationUnitCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateOrganizationUnitConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> serialNumber(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new SerialNumberCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateSerialNumberConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> pseudoUsage(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new PseudoUsageCheck(this.result, certificateWrapper, this.validationPolicy.getCertificatePseudoUsageConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateSignatureValid(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateSignatureValidCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateSignatureConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateRevoked(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateRevokedCheck(this.result, certificateWrapper, this.currentTime, this.validationPolicy.getCertificateNotRevokedConstraint(this.context, subContext), subContext);
    }

    private ChainItem<XmlSubXCV> certificateOnHold(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateOnHoldCheck(this.result, certificateWrapper, this.currentTime, this.validationPolicy.getCertificateNotOnHoldConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> notSelfSigned(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateNotSelfSignedCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateNotSelfSignedConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> selfSigned(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateSelfSignedCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateSelfSignedConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificatePolicyIds(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificatePolicyIdsCheck(this.result, certificateWrapper, this.validationPolicy.getCertificatePolicyIdsConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateQCStatementIds(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateQCStatementIdsCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateQCStatementIdsConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateCryptographic(CertificateWrapper certificateWrapper, Context context, SubContext subContext) {
        return new CertificateCryptographicCheck(this.result, certificateWrapper, this.currentTime, this.validationPolicy.getCertificateCryptographicConstraint(context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateQualified(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateQualifiedCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateQualificationConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateSupportedByQSCD(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateSupportedByQSCDCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateSupportedByQSCDConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateIssuedToLegalPerson(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateIssuedToLegalPersonCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateIssuedToLegalPersonConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> certificateIssuedToNaturalPerson(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new CertificateIssuedToNaturalPersonCheck(this.result, certificateWrapper, this.validationPolicy.getCertificateIssuedToNaturalPersonConstraint(this.context, subContext));
    }

    private ChainItem<XmlSubXCV> idPkixOcspNoCheck() {
        return new IdPkixOcspNoCheck(this.result, getFailLevelConstraint());
    }

    private ChainItem<XmlSubXCV> revocationCertHashCheck() {
        return new RevocationCertHashMatchCheck(this.result, this.currentCertificate, this.validationPolicy.getRevocationCertHashMatchConstraint(this.context, this.subContext));
    }
}
