package eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv;

import eu.europa.esig.dss.detailedreport.jaxb.XmlBasicBuildingBlocks;
import eu.europa.esig.dss.detailedreport.jaxb.XmlCRS;
import eu.europa.esig.dss.detailedreport.jaxb.XmlConclusion;
import eu.europa.esig.dss.detailedreport.jaxb.XmlPCV;
import eu.europa.esig.dss.detailedreport.jaxb.XmlPSV;
import eu.europa.esig.dss.diagnostic.CertificateRefWrapper;
import eu.europa.esig.dss.diagnostic.CertificateRevocationWrapper;
import eu.europa.esig.dss.diagnostic.CertificateWrapper;
import eu.europa.esig.dss.diagnostic.TokenProxy;
import eu.europa.esig.dss.diagnostic.jaxb.XmlDigestMatcher;
import eu.europa.esig.dss.enumerations.Context;
import eu.europa.esig.dss.enumerations.Indication;
import eu.europa.esig.dss.enumerations.SubIndication;
import eu.europa.esig.dss.i18n.I18nProvider;
import eu.europa.esig.dss.i18n.MessageTag;
import eu.europa.esig.dss.policy.SubContext;
import eu.europa.esig.dss.policy.ValidationPolicy;
import eu.europa.esig.dss.policy.jaxb.CryptographicConstraint;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.process.Chain;
import eu.europa.esig.dss.validation.process.ChainItem;
import eu.europa.esig.dss.validation.process.ValidationProcessUtils;
import eu.europa.esig.dss.validation.process.bbb.sav.checks.CryptographicCheck;
import eu.europa.esig.dss.validation.process.bbb.sav.checks.DigestMatcherCryptographicCheck;
import eu.europa.esig.dss.validation.process.bbb.sav.checks.SigningCertificateDigestAlgorithmCheck;
import eu.europa.esig.dss.validation.process.vpfltvd.checks.BestSignatureTimeNotBeforeCertificateIssuanceCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.POEExtraction;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.pcv.PastCertificateValidation;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv.checks.BestSignatureTimeAfterCertificateIssuanceAndBeforeCertificateExpirationCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv.checks.CurrentTimeIndicationCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv.checks.POEExistsCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv.checks.POENotAfterCARevocationTimeCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv.checks.PastCertificateValidationAcceptableCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv.checks.PastRevocationDataValidationConclusiveCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv.checks.PastSignatureValidationCertificateRevocationSelectorResultCheck;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/vpfswatsp/checks/psv/PastSignatureValidation.class */
public class PastSignatureValidation extends Chain<XmlPSV> {
    private final TokenProxy token;
    private final Map<String, XmlBasicBuildingBlocks> bbbs;
    private final XmlConclusion currentConclusion;
    private final POEExtraction poe;
    private final Date currentTime;
    private final ValidationPolicy policy;
    private final Context context;

    public PastSignatureValidation(I18nProvider i18nProvider, TokenProxy tokenProxy, Map<String, XmlBasicBuildingBlocks> map, XmlConclusion xmlConclusion, POEExtraction pOEExtraction, Date date, ValidationPolicy validationPolicy, Context context) {
        super(i18nProvider, new XmlPSV());
        this.token = tokenProxy;
        this.bbbs = map;
        this.currentConclusion = xmlConclusion;
        this.poe = pOEExtraction;
        this.currentTime = date;
        this.policy = validationPolicy;
        this.context = context;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected MessageTag getTitle() {
        return MessageTag.PAST_SIGNATURE_VALIDATION;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void initChain() {
        XmlBasicBuildingBlocks xmlBasicBuildingBlocks = this.bbbs.get(this.token.getId());
        CertificateWrapper signingCertificate = this.token.getSigningCertificate();
        PastSignatureValidationCertificateRevocationSelector pastSignatureValidationCertificateRevocationSelector = new PastSignatureValidationCertificateRevocationSelector(this.i18nProvider, signingCertificate, this.currentTime, this.bbbs, this.token.getId(), this.poe, this.policy);
        XmlCRS execute = pastSignatureValidationCertificateRevocationSelector.execute();
        xmlBasicBuildingBlocks.setPSVCRS(execute);
        ChainItem<XmlPSV> checkCertificateRevocationSelectorResult = checkCertificateRevocationSelectorResult(execute);
        this.firstItem = checkCertificateRevocationSelectorResult;
        XmlConclusion xmlConclusion = new XmlConclusion();
        List<CertificateRevocationWrapper> acceptableCertificateRevocations = pastSignatureValidationCertificateRevocationSelector.getAcceptableCertificateRevocations();
        if (Utils.isCollectionNotEmpty(acceptableCertificateRevocations)) {
            xmlConclusion.setIndication(Indication.PASSED);
        } else {
            xmlConclusion.setIndication(Indication.INDETERMINATE);
            xmlConclusion.setSubIndication(SubIndication.REVOCATION_OUT_OF_BOUNDS_NO_POE);
            acceptableCertificateRevocations = signingCertificate.getCertificateRevocationData();
        }
        XmlPCV execute2 = new PastCertificateValidation(this.i18nProvider, this.token, this.bbbs, this.poe, this.currentTime, this.policy, this.context).execute();
        xmlBasicBuildingBlocks.setPCV(execute2);
        ChainItem<XmlPSV> nextItem = checkCertificateRevocationSelectorResult.setNextItem(pastCertificateValidationAcceptableCheck(execute2));
        Date controlTime = execute2.getControlTime();
        ((XmlPSV) this.result).setControlTime(controlTime);
        boolean z = controlTime != null && this.poe.isPOEExists(this.token.getId(), controlTime);
        if (z) {
            nextItem = nextItem.setNextItem(poeExist());
        }
        if (!z || !Indication.INDETERMINATE.equals(this.currentConclusion.getIndication()) || (!SubIndication.REVOKED_NO_POE.equals(this.currentConclusion.getSubIndication()) && !SubIndication.REVOCATION_OUT_OF_BOUNDS_NO_POE.equals(this.currentConclusion.getSubIndication()))) {
            if (z && Indication.INDETERMINATE.equals(this.currentConclusion.getIndication()) && SubIndication.REVOKED_CA_NO_POE.equals(this.currentConclusion.getSubIndication())) {
                CertificateWrapper signingCertificate2 = signingCertificate.getSigningCertificate();
                CertificateRevocationWrapper latestAcceptableRevocationData = signingCertificate2 == null ? null : ValidationProcessUtils.getLatestAcceptableRevocationData(this.token, signingCertificate2, signingCertificate2.getCertificateRevocationData(), this.currentTime, this.bbbs, this.poe);
                if (latestAcceptableRevocationData != null) {
                    nextItem = nextItem.setNextItem(poeExistNotAfterCARevocationTimeCheck(acceptableCertificateRevocations, latestAcceptableRevocationData.getRevocationDate()));
                }
            } else if (z && Indication.INDETERMINATE.equals(this.currentConclusion.getIndication()) && (SubIndication.OUT_OF_BOUNDS_NO_POE.equals(this.currentConclusion.getSubIndication()) || SubIndication.OUT_OF_BOUNDS_NOT_REVOKED.equals(this.currentConclusion.getSubIndication()))) {
                Date lowestPOETime = this.poe.getLowestPOETime(this.token.getId());
                nextItem = nextItem.setNextItem(bestSignatureTimeNotBeforeCertificateIssuance(lowestPOETime, signingCertificate)).setNextItem(bestSignatureTimeAfterCertificateIssuanceAndBeforeCertificateExpiration(lowestPOETime, signingCertificate, this.currentConclusion.getSubIndication()));
            } else if (Indication.INDETERMINATE.equals(this.currentConclusion.getIndication()) && SubIndication.CRYPTO_CONSTRAINTS_FAILURE_NO_POE.equals(this.currentConclusion.getSubIndication())) {
                CryptographicConstraint signatureCryptographicConstraint = this.policy.getSignatureCryptographicConstraint(this.context);
                Date lowestPoeTime = getLowestPoeTime(this.token);
                ChainItem<XmlPSV> nextItem2 = nextItem.setNextItem(tokenUsedAlgorithmsAreSecureAtPoeTime(this.token, lowestPoeTime, ValidationProcessUtils.getCryptoPosition(this.context), signatureCryptographicConstraint));
                if (Utils.isCollectionNotEmpty(this.token.getDigestMatchers())) {
                    Iterator<XmlDigestMatcher> it = this.token.getDigestMatchers().iterator();
                    while (it.hasNext()) {
                        nextItem2 = nextItem2.setNextItem(digestMatcherIsSecureAtPoeTime(it.next(), lowestPoeTime, signatureCryptographicConstraint));
                    }
                }
                Iterator<CertificateRefWrapper> it2 = this.token.getSigningCertificateReferences().iterator();
                while (it2.hasNext()) {
                    nextItem2 = nextItem2.setNextItem(signCertRefIsSecureAtPoeTime(it2.next(), lowestPoeTime, this.context));
                }
                nextItem = certificateChainReliableAtPoeTime(nextItem2, acceptableCertificateRevocations, this.context);
            } else {
                nextItem = nextItem.setNextItem(currentTimeIndicationCheck());
            }
        }
        nextItem.setNextItem(pastRevocationDataValidationConclusive(xmlConclusion));
    }

    private ChainItem<XmlPSV> checkCertificateRevocationSelectorResult(XmlCRS xmlCRS) {
        return new PastSignatureValidationCertificateRevocationSelectorResultCheck(this.i18nProvider, (XmlPSV) this.result, xmlCRS, getWarnLevelConstraint());
    }

    private ChainItem<XmlPSV> currentTimeIndicationCheck() {
        return new CurrentTimeIndicationCheck(this.i18nProvider, (XmlPSV) this.result, this.currentConclusion.getIndication(), this.currentConclusion.getSubIndication(), this.currentConclusion.getErrors(), getFailLevelConstraint());
    }

    private ChainItem<XmlPSV> pastCertificateValidationAcceptableCheck(XmlPCV xmlPCV) {
        return new PastCertificateValidationAcceptableCheck(this.i18nProvider, (XmlPSV) this.result, xmlPCV, this.token.getId(), this.currentConclusion.getIndication(), this.currentConclusion.getSubIndication(), getFailLevelConstraint());
    }

    private ChainItem<XmlPSV> poeExist() {
        return new POEExistsCheck(this.i18nProvider, (XmlPSV) this.result, getFailLevelConstraint());
    }

    private ChainItem<XmlPSV> poeExistNotAfterCARevocationTimeCheck(Collection<CertificateRevocationWrapper> collection, Date date) {
        return new POENotAfterCARevocationTimeCheck(this.i18nProvider, (XmlPSV) this.result, collection, date, this.poe, getFailLevelConstraint());
    }

    private ChainItem<XmlPSV> pastRevocationDataValidationConclusive(XmlConclusion xmlConclusion) {
        return new PastRevocationDataValidationConclusiveCheck(this.i18nProvider, (XmlPSV) this.result, xmlConclusion, getFailLevelConstraint());
    }

    private ChainItem<XmlPSV> bestSignatureTimeNotBeforeCertificateIssuance(Date date, CertificateWrapper certificateWrapper) {
        return new BestSignatureTimeNotBeforeCertificateIssuanceCheck(this.i18nProvider, (XmlPSV) this.result, date, certificateWrapper, getFailLevelConstraint());
    }

    private ChainItem<XmlPSV> bestSignatureTimeAfterCertificateIssuanceAndBeforeCertificateExpiration(Date date, CertificateWrapper certificateWrapper, SubIndication subIndication) {
        return new BestSignatureTimeAfterCertificateIssuanceAndBeforeCertificateExpirationCheck(this.i18nProvider, (XmlPSV) this.result, date, certificateWrapper, subIndication, getFailLevelConstraint());
    }

    private CryptographicCheck<XmlPSV> tokenUsedAlgorithmsAreSecureAtPoeTime(TokenProxy tokenProxy, Date date, MessageTag messageTag, CryptographicConstraint cryptographicConstraint) {
        return new CryptographicCheck<>(this.i18nProvider, (XmlPSV) this.result, tokenProxy, messageTag, date, cryptographicConstraint);
    }

    private ChainItem<XmlPSV> digestMatcherIsSecureAtPoeTime(XmlDigestMatcher xmlDigestMatcher, Date date, CryptographicConstraint cryptographicConstraint) {
        return new DigestMatcherCryptographicCheck(this.i18nProvider, xmlDigestMatcher.getDigestMethod(), (XmlPSV) this.result, date, ValidationProcessUtils.getDigestMatcherCryptoPosition(xmlDigestMatcher), cryptographicConstraint);
    }

    private ChainItem<XmlPSV> signCertRefIsSecureAtPoeTime(CertificateRefWrapper certificateRefWrapper, Date date, Context context) {
        return new SigningCertificateDigestAlgorithmCheck(this.i18nProvider, certificateRefWrapper, (XmlPSV) this.result, date, this.policy.getCertificateCryptographicConstraint(context, (this.token.getSigningCertificate() == null || !this.token.getSigningCertificate().getId().equals(certificateRefWrapper.getCertificateId())) ? SubContext.CA_CERTIFICATE : SubContext.SIGNING_CERT), this.policy.getSigningCertificateDigestAlgorithmConstraint(context));
    }

    private ChainItem<XmlPSV> certificateChainReliableAtPoeTime(ChainItem<XmlPSV> chainItem, List<CertificateRevocationWrapper> list, Context context) {
        return certificateChainReliableAtPoeTime(chainItem, this.token.getCertificateChain(), list, context, new ArrayList());
    }

    private ChainItem<XmlPSV> certificateChainReliableAtPoeTime(ChainItem<XmlPSV> chainItem, List<CertificateWrapper> list, List<CertificateRevocationWrapper> list2, Context context, List<String> list3) {
        for (CertificateWrapper certificateWrapper : list) {
            if (certificateWrapper.isTrusted()) {
                break;
            }
            if (!list3.contains(certificateWrapper.getId())) {
                list3.add(certificateWrapper.getId());
                SubContext subContext = this.token.getSigningCertificate().getId().equals(certificateWrapper.getId()) ? SubContext.SIGNING_CERT : SubContext.CA_CERTIFICATE;
                List<CertificateRevocationWrapper> certificateRevocationData = SubContext.SIGNING_CERT.equals(subContext) ? list2 : certificateWrapper.getCertificateRevocationData();
                chainItem = chainItem.setNextItem(tokenUsedAlgorithmsAreSecureAtPoeTime(certificateWrapper, getLowestPoeTime(certificateWrapper), ValidationProcessUtils.getCertificateChainCryptoPosition(context), this.policy.getCertificateCryptographicConstraint(context, subContext)));
                TokenProxy latestAcceptableRevocationData = ValidationProcessUtils.getLatestAcceptableRevocationData(this.token, certificateWrapper, certificateRevocationData, this.currentTime, this.bbbs, this.poe);
                if (latestAcceptableRevocationData != null && !list3.contains(latestAcceptableRevocationData.getId())) {
                    list3.add(latestAcceptableRevocationData.getId());
                    chainItem = certificateChainReliableAtPoeTime(chainItem.setNextItem(tokenUsedAlgorithmsAreSecureAtPoeTime(latestAcceptableRevocationData, getLowestPoeTime(certificateWrapper), ValidationProcessUtils.getCertificateChainCryptoPosition(Context.REVOCATION), this.policy.getSignatureCryptographicConstraint(Context.REVOCATION))), latestAcceptableRevocationData.getCertificateChain(), list2, Context.REVOCATION, list3);
                }
            }
        }
        return chainItem;
    }

    private Date getLowestPoeTime(TokenProxy tokenProxy) {
        return this.poe.getLowestPOETime(tokenProxy.getId());
    }
}
