package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.alert.ExceptionOnStatusAlert;
import eu.europa.esig.dss.alert.LogOnStatusAlert;
import eu.europa.esig.dss.alert.StatusAlert;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.x509.revocation.crl.CRL;
import eu.europa.esig.dss.model.x509.revocation.ocsp.OCSP;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.ListCertificateSource;
import eu.europa.esig.dss.spi.x509.aia.AIASource;
import eu.europa.esig.dss.spi.x509.aia.DefaultAIASource;
import eu.europa.esig.dss.spi.x509.revocation.RevocationSource;
import java.util.Iterator;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.event.Level;

/* loaded from: input_file:BOOT-INF/lib/dss-document-6.0.jar:eu/europa/esig/dss/validation/CommonCertificateVerifier.class */
public class CommonCertificateVerifier implements CertificateVerifier {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CommonCertificateVerifier.class);
    private ListCertificateSource trustedCertSources;
    private ListCertificateSource adjunctCertSources;
    private RevocationSource<OCSP> ocspSource;
    private RevocationSource<CRL> crlSource;
    private RevocationDataLoadingStrategyFactory revocationDataLoadingStrategyFactory;
    private RevocationDataVerifier revocationDataVerifier;
    private boolean revocationFallback;
    private AIASource aiaSource;
    private DigestAlgorithm defaultDigestAlgorithm;
    private StatusAlert alertOnInvalidTimestamp;
    private StatusAlert alertOnMissingRevocationData;
    private StatusAlert alertOnRevokedCertificate;
    private StatusAlert alertOnNoRevocationAfterBestSignatureTime;
    private StatusAlert alertOnUncoveredPOE;
    private StatusAlert alertOnExpiredSignature;
    private boolean checkRevocationForUntrustedChains;
    private boolean extractPOEFromUntrustedChains;

    public CommonCertificateVerifier() {
        this(false);
    }

    public CommonCertificateVerifier(boolean z) {
        this.trustedCertSources = new ListCertificateSource();
        this.adjunctCertSources = new ListCertificateSource();
        this.revocationDataLoadingStrategyFactory = new OCSPFirstRevocationDataLoadingStrategyFactory();
        this.revocationDataVerifier = RevocationDataVerifier.createDefaultRevocationDataVerifier();
        this.revocationFallback = false;
        this.defaultDigestAlgorithm = DigestAlgorithm.SHA256;
        this.alertOnInvalidTimestamp = new ExceptionOnStatusAlert();
        this.alertOnMissingRevocationData = new ExceptionOnStatusAlert();
        this.alertOnRevokedCertificate = new ExceptionOnStatusAlert();
        this.alertOnNoRevocationAfterBestSignatureTime = new LogOnStatusAlert(Level.WARN);
        this.alertOnUncoveredPOE = new LogOnStatusAlert(Level.WARN);
        this.alertOnExpiredSignature = new ExceptionOnStatusAlert();
        this.checkRevocationForUntrustedChains = false;
        this.extractPOEFromUntrustedChains = false;
        LOG.info("+ New CommonCertificateVerifier created.");
        if (z) {
            return;
        }
        this.aiaSource = new DefaultAIASource();
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public RevocationSource<CRL> getCrlSource() {
        return this.crlSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setCrlSource(RevocationSource<CRL> revocationSource) {
        this.crlSource = revocationSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public RevocationSource<OCSP> getOcspSource() {
        return this.ocspSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setOcspSource(RevocationSource<OCSP> revocationSource) {
        this.ocspSource = revocationSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public RevocationDataLoadingStrategyFactory getRevocationDataLoadingStrategyFactory() {
        return this.revocationDataLoadingStrategyFactory;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setRevocationDataLoadingStrategyFactory(RevocationDataLoadingStrategyFactory revocationDataLoadingStrategyFactory) {
        Objects.requireNonNull(revocationDataLoadingStrategyFactory, "RevocationDataLoadingStrategyFactory shall be defined!");
        this.revocationDataLoadingStrategyFactory = revocationDataLoadingStrategyFactory;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public RevocationDataVerifier getRevocationDataVerifier() {
        return this.revocationDataVerifier;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setRevocationDataVerifier(RevocationDataVerifier revocationDataVerifier) {
        Objects.requireNonNull(revocationDataVerifier, "RevocationDataVerifier shall be defined!");
        this.revocationDataVerifier = revocationDataVerifier;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isRevocationFallback() {
        return this.revocationFallback;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setRevocationFallback(boolean z) {
        this.revocationFallback = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public ListCertificateSource getTrustedCertSources() {
        return this.trustedCertSources;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setTrustedCertSources(CertificateSource... certificateSourceArr) {
        this.trustedCertSources = new ListCertificateSource();
        addTrustedCertSources(certificateSourceArr);
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void addTrustedCertSources(CertificateSource... certificateSourceArr) {
        for (CertificateSource certificateSource : certificateSourceArr) {
            if (!certificateSource.getCertificateSourceType().isTrusted()) {
                throw new UnsupportedOperationException(String.format("The certificateSource with type [%s] is not allowed in the trustedCertSources. Please, use CertificateSource with a type TRUSTED_STORE or TRUSTED_LIST.", certificateSource.getCertificateSourceType()));
            }
            this.trustedCertSources.add(certificateSource);
        }
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setTrustedCertSources(ListCertificateSource listCertificateSource) {
        if (listCertificateSource == null) {
            this.trustedCertSources = new ListCertificateSource();
        } else {
            if (!listCertificateSource.areAllCertSourcesTrusted()) {
                throw new UnsupportedOperationException("The trusted ListCertificateSource must contain only trusted sources with a type TRUSTED_STORE or TRUSTED_LIST.");
            }
            this.trustedCertSources = listCertificateSource;
        }
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public ListCertificateSource getAdjunctCertSources() {
        return this.adjunctCertSources;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAdjunctCertSources(CertificateSource... certificateSourceArr) {
        this.adjunctCertSources = new ListCertificateSource();
        addAdjunctCertSources(certificateSourceArr);
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void addAdjunctCertSources(CertificateSource... certificateSourceArr) {
        for (CertificateSource certificateSource : certificateSourceArr) {
            assertNotTrusted(certificateSource);
            this.adjunctCertSources.add(certificateSource);
        }
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAdjunctCertSources(ListCertificateSource listCertificateSource) {
        if (listCertificateSource == null) {
            listCertificateSource = new ListCertificateSource();
        }
        Iterator<CertificateSource> it = listCertificateSource.getSources().iterator();
        while (it.hasNext()) {
            assertNotTrusted(it.next());
        }
        this.adjunctCertSources = listCertificateSource;
    }

    private void assertNotTrusted(CertificateSource certificateSource) {
        if (certificateSource.getCertificateSourceType().isTrusted()) {
            LOG.warn("Adjunct certificate sources shouldn't be trusted. An adjunct certificate source contains missing intermediate certificates");
        }
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public AIASource getAIASource() {
        return this.aiaSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAIASource(AIASource aIASource) {
        this.aiaSource = aIASource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public StatusAlert getAlertOnInvalidTimestamp() {
        return this.alertOnInvalidTimestamp;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAlertOnInvalidTimestamp(StatusAlert statusAlert) {
        Objects.requireNonNull(statusAlert);
        this.alertOnInvalidTimestamp = statusAlert;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public StatusAlert getAlertOnMissingRevocationData() {
        return this.alertOnMissingRevocationData;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAlertOnMissingRevocationData(StatusAlert statusAlert) {
        Objects.requireNonNull(statusAlert);
        this.alertOnMissingRevocationData = statusAlert;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public StatusAlert getAlertOnUncoveredPOE() {
        return this.alertOnUncoveredPOE;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAlertOnUncoveredPOE(StatusAlert statusAlert) {
        Objects.requireNonNull(statusAlert);
        this.alertOnUncoveredPOE = statusAlert;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public StatusAlert getAlertOnRevokedCertificate() {
        return this.alertOnRevokedCertificate;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAlertOnRevokedCertificate(StatusAlert statusAlert) {
        Objects.requireNonNull(statusAlert);
        this.alertOnRevokedCertificate = statusAlert;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public StatusAlert getAlertOnNoRevocationAfterBestSignatureTime() {
        return this.alertOnNoRevocationAfterBestSignatureTime;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAlertOnNoRevocationAfterBestSignatureTime(StatusAlert statusAlert) {
        Objects.requireNonNull(statusAlert);
        this.alertOnNoRevocationAfterBestSignatureTime = statusAlert;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAlertOnExpiredSignature(StatusAlert statusAlert) {
        Objects.requireNonNull(statusAlert);
        this.alertOnExpiredSignature = statusAlert;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public StatusAlert getAlertOnExpiredSignature() {
        return this.alertOnExpiredSignature;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isCheckRevocationForUntrustedChains() {
        return this.checkRevocationForUntrustedChains;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setCheckRevocationForUntrustedChains(boolean z) {
        this.checkRevocationForUntrustedChains = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isExtractPOEFromUntrustedChains() {
        return this.extractPOEFromUntrustedChains;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setExtractPOEFromUntrustedChains(boolean z) {
        this.extractPOEFromUntrustedChains = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm) {
        Objects.requireNonNull(digestAlgorithm, "Default DigestAlgorithm cannot be nulL!");
        this.defaultDigestAlgorithm = digestAlgorithm;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public DigestAlgorithm getDefaultDigestAlgorithm() {
        return this.defaultDigestAlgorithm;
    }
}
