package eu.europa.esig.dss.validation.process.vpfswatsp.checks.vts;

import eu.europa.esig.dss.detailedreport.jaxb.XmlBasicBuildingBlocks;
import eu.europa.esig.dss.detailedreport.jaxb.XmlCRS;
import eu.europa.esig.dss.detailedreport.jaxb.XmlRFC;
import eu.europa.esig.dss.detailedreport.jaxb.XmlSAV;
import eu.europa.esig.dss.detailedreport.jaxb.XmlVTS;
import eu.europa.esig.dss.diagnostic.CertificateRevocationWrapper;
import eu.europa.esig.dss.diagnostic.CertificateWrapper;
import eu.europa.esig.dss.diagnostic.RevocationWrapper;
import eu.europa.esig.dss.diagnostic.TokenProxy;
import eu.europa.esig.dss.enumerations.Context;
import eu.europa.esig.dss.enumerations.Indication;
import eu.europa.esig.dss.enumerations.RevocationReason;
import eu.europa.esig.dss.i18n.I18nProvider;
import eu.europa.esig.dss.i18n.MessageTag;
import eu.europa.esig.dss.policy.SubContext;
import eu.europa.esig.dss.policy.ValidationPolicy;
import eu.europa.esig.dss.policy.jaxb.Model;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.process.Chain;
import eu.europa.esig.dss.validation.process.ChainItem;
import eu.europa.esig.dss.validation.process.ValidationProcessUtils;
import eu.europa.esig.dss.validation.process.bbb.sav.CertificateAcceptanceValidation;
import eu.europa.esig.dss.validation.process.bbb.sav.RevocationAcceptanceValidation;
import eu.europa.esig.dss.validation.process.bbb.xcv.rfc.RevocationFreshnessChecker;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.RevocationDataRequiredCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.POEExtraction;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.vts.checks.SatisfyingRevocationDataExistsCheck;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:BOOT-INF/lib/dss-validation-6.1.jar:eu/europa/esig/dss/validation/process/vpfswatsp/checks/vts/ValidationTimeSliding.class */
public class ValidationTimeSliding extends Chain<XmlVTS> {
    private final TokenProxy token;
    private final Date currentTime;
    private final Map<String, XmlBasicBuildingBlocks> bbbs;
    private final Context context;
    private final POEExtraction poe;
    private final ValidationPolicy policy;
    private Date controlTime;

    public ValidationTimeSliding(I18nProvider i18nProvider, TokenProxy tokenProxy, Date date, POEExtraction pOEExtraction, Map<String, XmlBasicBuildingBlocks> map, Context context, ValidationPolicy validationPolicy) {
        super(i18nProvider, new XmlVTS());
        this.token = tokenProxy;
        this.currentTime = date;
        this.bbbs = map;
        this.context = context;
        this.poe = pOEExtraction;
        this.policy = validationPolicy;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected MessageTag getTitle() {
        return MessageTag.VALIDATION_TIME_SLIDING;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void initChain() {
        XmlBasicBuildingBlocks xmlBasicBuildingBlocks = this.bbbs.get(this.token.getId());
        this.controlTime = this.currentTime;
        List<CertificateWrapper> certificateChain = this.token.getCertificateChain();
        if (Utils.isCollectionNotEmpty(certificateChain)) {
            RevocationDataRequiredCheck<XmlVTS> revocationDataRequiredCheck = null;
            for (CertificateWrapper certificateWrapper : Utils.reverseList(reduceChainUntilFirstTrustAnchor(certificateChain))) {
                if (!certificateWrapper.isTrusted()) {
                    SubContext subContext = this.token.getSigningCertificate().getId().equals(certificateWrapper.getId()) ? SubContext.SIGNING_CERT : SubContext.CA_CERTIFICATE;
                    CertificateRevocationWrapper certificateRevocationWrapper = null;
                    RevocationDataRequiredCheck<XmlVTS> revocationDataRequired = revocationDataRequired(certificateWrapper, subContext);
                    if (revocationDataRequired.process()) {
                        ValidationTimeSlidingCertificateRevocationSelector validationTimeSlidingCertificateRevocationSelector = new ValidationTimeSlidingCertificateRevocationSelector(this.i18nProvider, certificateWrapper, SubContext.SIGNING_CERT.equals(subContext) ? ValidationProcessUtils.getAcceptableRevocationDataForPSVIfExistOrReturnAll(this.token, certificateWrapper, this.bbbs, this.poe) : certificateWrapper.getCertificateRevocationData(), this.controlTime, this.bbbs, xmlBasicBuildingBlocks.getId(), this.poe, this.policy);
                        XmlCRS execute = validationTimeSlidingCertificateRevocationSelector.execute();
                        ((XmlVTS) this.result).getCRS().add(execute);
                        ChainItem<XmlVTS> satisfyingRevocationDataExists = satisfyingRevocationDataExists(execute, certificateWrapper, this.controlTime);
                        if (revocationDataRequiredCheck == null) {
                            this.firstItem = satisfyingRevocationDataExists;
                            revocationDataRequiredCheck = satisfyingRevocationDataExists;
                        } else {
                            revocationDataRequiredCheck = revocationDataRequiredCheck.setNextItem(satisfyingRevocationDataExists);
                        }
                        certificateRevocationWrapper = validationTimeSlidingCertificateRevocationSelector.getLatestAcceptableCertificateRevocation();
                    } else if (revocationDataRequiredCheck == null) {
                        this.firstItem = revocationDataRequired;
                        revocationDataRequiredCheck = revocationDataRequired;
                    } else {
                        revocationDataRequiredCheck = revocationDataRequiredCheck.setNextItem(revocationDataRequired);
                    }
                    if (certificateRevocationWrapper != null) {
                        if (certificateRevocationWrapper.isRevoked()) {
                            Model validationModel = this.policy.getValidationModel();
                            RevocationReason reason = certificateRevocationWrapper.getReason();
                            if (Model.SHELL.equals(validationModel) || ((Model.HYBRID.equals(validationModel) && SubContext.CA_CERTIFICATE.equals(subContext)) || RevocationReason.KEY_COMPROMISE.equals(reason) || RevocationReason.UNSPECIFIED.equals(reason))) {
                                this.controlTime = certificateRevocationWrapper.getRevocationDate();
                            }
                        } else {
                            XmlRFC execute2 = new RevocationFreshnessChecker(this.i18nProvider, certificateRevocationWrapper, this.controlTime, this.context, subContext, this.policy).execute();
                            if (execute2.getConclusion() != null && Indication.FAILED.equals(execute2.getConclusion().getIndication())) {
                                Date thisUpdate = certificateRevocationWrapper.getThisUpdate();
                                if (thisUpdate.before(this.controlTime)) {
                                    this.controlTime = thisUpdate;
                                }
                            }
                        }
                    }
                    XmlSAV certificateCryptographicAcceptanceResult = getCertificateCryptographicAcceptanceResult(certificateWrapper, this.controlTime);
                    Date cryptographicAlgorithmExpirationDateOrNull = isValidConclusion(certificateCryptographicAcceptanceResult.getConclusion()) ? null : getCryptographicAlgorithmExpirationDateOrNull(certificateCryptographicAcceptanceResult);
                    if (certificateRevocationWrapper != null) {
                        XmlSAV revocationCryptographicAcceptanceResult = getRevocationCryptographicAcceptanceResult(certificateRevocationWrapper, this.controlTime);
                        if (!isValidConclusion(revocationCryptographicAcceptanceResult.getConclusion())) {
                            Date cryptographicAlgorithmExpirationDateOrNull2 = getCryptographicAlgorithmExpirationDateOrNull(revocationCryptographicAcceptanceResult);
                            if (cryptographicAlgorithmExpirationDateOrNull == null || (cryptographicAlgorithmExpirationDateOrNull2 != null && cryptographicAlgorithmExpirationDateOrNull2.before(cryptographicAlgorithmExpirationDateOrNull))) {
                                cryptographicAlgorithmExpirationDateOrNull = cryptographicAlgorithmExpirationDateOrNull2;
                            }
                        }
                    }
                    if (cryptographicAlgorithmExpirationDateOrNull != null && cryptographicAlgorithmExpirationDateOrNull.before(this.controlTime)) {
                        this.controlTime = cryptographicAlgorithmExpirationDateOrNull;
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.validation.process.Chain
    public void addAdditionalInfo() {
        ((XmlVTS) this.result).setControlTime(this.controlTime);
    }

    private List<CertificateWrapper> reduceChainUntilFirstTrustAnchor(List<CertificateWrapper> list) {
        ArrayList arrayList = new ArrayList();
        for (CertificateWrapper certificateWrapper : list) {
            arrayList.add(certificateWrapper);
            if (certificateWrapper.isTrusted()) {
                break;
            }
        }
        return arrayList;
    }

    private Date getCryptographicAlgorithmExpirationDateOrNull(XmlSAV xmlSAV) {
        if (xmlSAV.getCryptographicValidation() == null || xmlSAV.getCryptographicValidation().getAlgorithm() == null) {
            return null;
        }
        return xmlSAV.getCryptographicValidation().getNotAfter();
    }

    private RevocationDataRequiredCheck<XmlVTS> revocationDataRequired(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new RevocationDataRequiredCheck<>(this.i18nProvider, (XmlVTS) this.result, certificateWrapper, this.policy.getRevocationDataSkipConstraint(this.context, subContext));
    }

    private ChainItem<XmlVTS> satisfyingRevocationDataExists(XmlCRS xmlCRS, CertificateWrapper certificateWrapper, Date date) {
        return new SatisfyingRevocationDataExistsCheck(this.i18nProvider, (XmlVTS) this.result, xmlCRS, certificateWrapper, date, getFailLevelConstraint());
    }

    private XmlSAV getCertificateCryptographicAcceptanceResult(CertificateWrapper certificateWrapper, Date date) {
        return new CertificateAcceptanceValidation(this.i18nProvider, date, certificateWrapper, this.policy).execute();
    }

    private XmlSAV getRevocationCryptographicAcceptanceResult(RevocationWrapper revocationWrapper, Date date) {
        return new RevocationAcceptanceValidation(this.i18nProvider, date, revocationWrapper, this.policy).execute();
    }
}
