package eu.europa.esig.dss.validation.process;

import eu.europa.esig.dss.detailedreport.jaxb.XmlBasicBuildingBlocks;
import eu.europa.esig.dss.detailedreport.jaxb.XmlCRS;
import eu.europa.esig.dss.detailedreport.jaxb.XmlConclusion;
import eu.europa.esig.dss.detailedreport.jaxb.XmlRAC;
import eu.europa.esig.dss.detailedreport.jaxb.XmlSubXCV;
import eu.europa.esig.dss.detailedreport.jaxb.XmlXCV;
import eu.europa.esig.dss.diagnostic.CertificateRevocationWrapper;
import eu.europa.esig.dss.diagnostic.CertificateWrapper;
import eu.europa.esig.dss.diagnostic.RevocationWrapper;
import eu.europa.esig.dss.diagnostic.SignatureWrapper;
import eu.europa.esig.dss.diagnostic.TimestampWrapper;
import eu.europa.esig.dss.diagnostic.TokenProxy;
import eu.europa.esig.dss.diagnostic.jaxb.XmlDigestMatcher;
import eu.europa.esig.dss.enumerations.Context;
import eu.europa.esig.dss.enumerations.DigestMatcherType;
import eu.europa.esig.dss.enumerations.Indication;
import eu.europa.esig.dss.enumerations.SubIndication;
import eu.europa.esig.dss.enumerations.TimestampType;
import eu.europa.esig.dss.enumerations.ValidationTime;
import eu.europa.esig.dss.i18n.I18nProvider;
import eu.europa.esig.dss.i18n.MessageTag;
import eu.europa.esig.dss.policy.SubContext;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.process.vpfswatsp.POEExtraction;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TimeZone;

/* loaded from: input_file:BOOT-INF/lib/dss-validation-6.1.jar:eu/europa/esig/dss/validation/process/ValidationProcessUtils.class */
public class ValidationProcessUtils {
    private static final String DATE_FORMAT = "yyyy-MM-dd HH:mm";
    private static final String URN_OID_PREFIX = "urn:oid:";
    private static final String ALL_VALUE = "*";

    private ValidationProcessUtils() {
    }

    public static boolean isAllowedBasicSignatureValidation(XmlConclusion xmlConclusion) {
        return xmlConclusion != null && (Indication.PASSED.equals(xmlConclusion.getIndication()) || (Indication.INDETERMINATE.equals(xmlConclusion.getIndication()) && (SubIndication.CRYPTO_CONSTRAINTS_FAILURE_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.REVOKED_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.REVOKED_CA_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.TRY_LATER.equals(xmlConclusion.getSubIndication()) || SubIndication.OUT_OF_BOUNDS_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.OUT_OF_BOUNDS_NOT_REVOKED.equals(xmlConclusion.getSubIndication()))));
    }

    public static boolean isAllowedBasicRevocationDataValidation(XmlConclusion xmlConclusion) {
        return xmlConclusion != null && (Indication.PASSED.equals(xmlConclusion.getIndication()) || (Indication.INDETERMINATE.equals(xmlConclusion.getIndication()) && (SubIndication.REVOKED_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.REVOKED_CA_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.OUT_OF_BOUNDS_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.OUT_OF_BOUNDS_NOT_REVOKED.equals(xmlConclusion.getSubIndication()) || SubIndication.CRYPTO_CONSTRAINTS_FAILURE_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.REVOCATION_OUT_OF_BOUNDS_NO_POE.equals(xmlConclusion.getSubIndication()))));
    }

    public static boolean isAllowedBasicTimestampValidation(XmlConclusion xmlConclusion) {
        return xmlConclusion != null && (Indication.PASSED.equals(xmlConclusion.getIndication()) || (Indication.INDETERMINATE.equals(xmlConclusion.getIndication()) && (SubIndication.REVOKED_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.REVOKED_CA_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.OUT_OF_BOUNDS_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.OUT_OF_BOUNDS_NOT_REVOKED.equals(xmlConclusion.getSubIndication()) || SubIndication.CRYPTO_CONSTRAINTS_FAILURE_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.REVOCATION_OUT_OF_BOUNDS_NO_POE.equals(xmlConclusion.getSubIndication()))));
    }

    public static boolean isAllowedValidationWithLongTermData(XmlConclusion xmlConclusion) {
        return xmlConclusion != null && (Indication.PASSED.equals(xmlConclusion.getIndication()) || (Indication.INDETERMINATE.equals(xmlConclusion.getIndication()) && (SubIndication.REVOKED_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.REVOKED_CA_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.OUT_OF_BOUNDS_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.OUT_OF_BOUNDS_NOT_REVOKED.equals(xmlConclusion.getSubIndication()) || SubIndication.CRYPTO_CONSTRAINTS_FAILURE_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.REVOCATION_OUT_OF_BOUNDS_NO_POE.equals(xmlConclusion.getSubIndication()) || SubIndication.SIG_CONSTRAINTS_FAILURE.equals(xmlConclusion.getSubIndication()) || SubIndication.TRY_LATER.equals(xmlConclusion.getSubIndication()))));
    }

    public static CertificateRevocationWrapper getLatestAcceptableRevocationData(TokenProxy tokenProxy, CertificateWrapper certificateWrapper, Collection<CertificateRevocationWrapper> collection, Date date, Map<String, XmlBasicBuildingBlocks> map, POEExtraction pOEExtraction) {
        CertificateRevocationWrapper certificateRevocationWrapper = null;
        if (pOEExtraction.isPOEExists(certificateWrapper.getId(), date)) {
            for (CertificateRevocationWrapper certificateRevocationWrapper2 : collection) {
                if (isAllowedBasicRevocationDataValidation(map.get(certificateRevocationWrapper2.getId()).getConclusion()) && isRevocationDataAcceptable(map.get(tokenProxy.getId()), certificateWrapper, certificateRevocationWrapper2) && certificateRevocationWrapper2.getThisUpdate() != null && certificateRevocationWrapper2.getThisUpdate().before(date) && pOEExtraction.isPOEExists(certificateRevocationWrapper2.getId(), date) && (certificateRevocationWrapper == null || (certificateRevocationWrapper2.getProductionDate() != null && certificateRevocationWrapper.getProductionDate().before(certificateRevocationWrapper2.getProductionDate())))) {
                    certificateRevocationWrapper = certificateRevocationWrapper2;
                }
            }
        }
        return certificateRevocationWrapper;
    }

    public static List<CertificateRevocationWrapper> getAcceptableRevocationDataForPSVIfExistOrReturnAll(TokenProxy tokenProxy, CertificateWrapper certificateWrapper, Map<String, XmlBasicBuildingBlocks> map, POEExtraction pOEExtraction) {
        List<CertificateRevocationWrapper> filterRevocationDataForPastSignatureValidation = filterRevocationDataForPastSignatureValidation(tokenProxy, certificateWrapper, map, pOEExtraction);
        return Utils.isCollectionNotEmpty(filterRevocationDataForPastSignatureValidation) ? filterRevocationDataForPastSignatureValidation : certificateWrapper.getCertificateRevocationData();
    }

    private static List<CertificateRevocationWrapper> filterRevocationDataForPastSignatureValidation(TokenProxy tokenProxy, CertificateWrapper certificateWrapper, Map<String, XmlBasicBuildingBlocks> map, POEExtraction pOEExtraction) {
        ArrayList arrayList = new ArrayList();
        for (CertificateRevocationWrapper certificateRevocationWrapper : certificateWrapper.getCertificateRevocationData()) {
            XmlBasicBuildingBlocks xmlBasicBuildingBlocks = map.get(certificateRevocationWrapper.getId());
            CertificateWrapper signingCertificate = certificateRevocationWrapper.getSigningCertificate();
            if (isAllowedBasicRevocationDataValidation(xmlBasicBuildingBlocks.getConclusion()) && isRevocationDataAcceptable(map.get(tokenProxy.getId()), certificateWrapper, certificateRevocationWrapper) && signingCertificate != null && (signingCertificate.isTrusted() || pOEExtraction.isPOEExistInRange(signingCertificate.getId(), signingCertificate.getNotBefore(), signingCertificate.getNotAfter()))) {
                arrayList.add(certificateRevocationWrapper);
            }
        }
        return arrayList;
    }

    public static boolean isRevocationDataAcceptable(XmlBasicBuildingBlocks xmlBasicBuildingBlocks, CertificateWrapper certificateWrapper, RevocationWrapper revocationWrapper) {
        XmlRAC revocationAcceptanceCheckerResult = getRevocationAcceptanceCheckerResult(xmlBasicBuildingBlocks, certificateWrapper.getId(), revocationWrapper.getId());
        return (revocationAcceptanceCheckerResult == null || revocationAcceptanceCheckerResult.getConclusion() == null || !Indication.PASSED.equals(revocationAcceptanceCheckerResult.getConclusion().getIndication())) ? false : true;
    }

    public static boolean isLongTermAvailabilityAndIntegrityMaterialPresent(SignatureWrapper signatureWrapper) {
        return signatureWrapper.isThereALevel() || timestampCoveringOtherSignatureTimestampsPresent(signatureWrapper) || Utils.isCollectionNotEmpty(signatureWrapper.getEvidenceRecords());
    }

    private static boolean timestampCoveringOtherSignatureTimestampsPresent(SignatureWrapper signatureWrapper) {
        Iterator<TimestampWrapper> it = signatureWrapper.getTimestampList().iterator();
        while (it.hasNext()) {
            List<TimestampWrapper> timestampedTimestamps = it.next().getTimestampedTimestamps();
            if (Utils.isCollectionNotEmpty(timestampedTimestamps)) {
                for (TimestampWrapper timestampWrapper : timestampedTimestamps) {
                    if (!timestampWrapper.getType().isContentTimestamp() && Utils.isCollectionNotEmpty(timestampWrapper.getTimestampedSignatures())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public static XmlRAC getRevocationAcceptanceCheckerResult(XmlBasicBuildingBlocks xmlBasicBuildingBlocks, String str, String str2) {
        XmlXCV xcv;
        XmlSubXCV xmlSubXCVForId;
        XmlCRS crs;
        XmlRAC xmlRACForId;
        if (xmlBasicBuildingBlocks == null || (xcv = xmlBasicBuildingBlocks.getXCV()) == null || (xmlSubXCVForId = getXmlSubXCVForId(xcv.getSubXCV(), str)) == null || (crs = xmlSubXCVForId.getCRS()) == null || (xmlRACForId = getXmlRACForId(crs.getRAC(), str2)) == null) {
            return null;
        }
        return xmlRACForId;
    }

    private static XmlSubXCV getXmlSubXCVForId(List<XmlSubXCV> list, String str) {
        for (XmlSubXCV xmlSubXCV : list) {
            if (str.equals(xmlSubXCV.getId())) {
                return xmlSubXCV;
            }
        }
        return null;
    }

    private static XmlRAC getXmlRACForId(List<XmlRAC> list, String str) {
        if (!Utils.isCollectionNotEmpty(list)) {
            return null;
        }
        for (XmlRAC xmlRAC : list) {
            if (str.equals(xmlRAC.getId())) {
                return xmlRAC;
            }
        }
        return null;
    }

    public static String getFormattedDate(Date date) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DATE_FORMAT);
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        return simpleDateFormat.format(date);
    }

    public static String buildStringMessage(I18nProvider i18nProvider, MessageTag messageTag, Object... objArr) {
        if (messageTag != null) {
            return i18nProvider.getMessage(messageTag, objArr);
        }
        return null;
    }

    public static MessageTag getCryptoPosition(Context context) {
        switch (context) {
            case SIGNATURE:
            case COUNTER_SIGNATURE:
                return MessageTag.ACCM_POS_SIG_SIG;
            case TIMESTAMP:
                return MessageTag.ACCM_POS_TST_SIG;
            case REVOCATION:
                return MessageTag.ACCM_POS_REVOC_SIG;
            case CERTIFICATE:
                return MessageTag.ACCM_POS_CERT_CHAIN;
            default:
                throw new IllegalArgumentException("Unsupported context " + context);
        }
    }

    public static MessageTag getCertificateChainCryptoPosition(Context context) {
        switch (context) {
            case SIGNATURE:
            case COUNTER_SIGNATURE:
                return MessageTag.ACCM_POS_CERT_CHAIN_SIG;
            case TIMESTAMP:
                return MessageTag.ACCM_POS_CERT_CHAIN_TST;
            case REVOCATION:
                return MessageTag.ACCM_POS_CERT_CHAIN_REVOC;
            case CERTIFICATE:
                return MessageTag.ACCM_POS_CERT_CHAIN;
            default:
                throw new IllegalArgumentException("Unsupported context " + context);
        }
    }

    public static MessageTag getDigestMatcherCryptoPosition(XmlDigestMatcher xmlDigestMatcher) {
        switch (xmlDigestMatcher.getType()) {
            case OBJECT:
            case REFERENCE:
            case XPOINTER:
                return MessageTag.ACCM_POS_REF;
            case MANIFEST:
                return MessageTag.ACCM_POS_MAN;
            case MANIFEST_ENTRY:
                return MessageTag.ACCM_POS_MAN_ENT;
            case SIGNED_PROPERTIES:
                return MessageTag.ACCM_POS_SIGND_PRT;
            case KEY_INFO:
                return MessageTag.ACCM_POS_KEY;
            case SIGNATURE_PROPERTIES:
                return MessageTag.ACCM_POS_SIGNTR_PRT;
            case COUNTER_SIGNATURE:
            case COUNTER_SIGNED_SIGNATURE_VALUE:
                return MessageTag.ACCM_POS_CNTR_SIG;
            case MESSAGE_DIGEST:
                return MessageTag.ACCM_POS_MES_DIG;
            case CONTENT_DIGEST:
                return MessageTag.ACCM_POS_CON_DIG;
            case JWS_SIGNING_INPUT_DIGEST:
                return MessageTag.ACCM_POS_JWS;
            case SIG_D_ENTRY:
                return MessageTag.ACCM_POS_SIG_D_ENT;
            case MESSAGE_IMPRINT:
                return MessageTag.ACCM_POS_MESS_IMP;
            case EVIDENCE_RECORD_ARCHIVE_OBJECT:
                return MessageTag.ACCM_POS_ER_ADO;
            case EVIDENCE_RECORD_ORPHAN_REFERENCE:
                return MessageTag.ACCM_POS_ER_OR;
            case EVIDENCE_RECORD_ARCHIVE_TIME_STAMP:
                return MessageTag.ACCM_POS_ER_TST;
            case EVIDENCE_RECORD_ARCHIVE_TIME_STAMP_SEQUENCE:
                return MessageTag.ACCM_POS_ER_TST_SEQ;
            default:
                throw new IllegalArgumentException(String.format("The provided DigestMatcherType '%s' is not supported!", xmlDigestMatcher.getType()));
        }
    }

    public static MessageTag getDigestMatcherCryptoPosition(Collection<XmlDigestMatcher> collection) {
        if (Utils.isCollectionEmpty(collection)) {
            throw new IllegalArgumentException("Collection of DigestMatchers cannot be null!");
        }
        if (Utils.collectionSize(collection) == 1) {
            return getDigestMatcherCryptoPosition(collection.iterator().next());
        }
        DigestMatcherType digestMatcherType = getDigestMatcherType(collection);
        switch (digestMatcherType) {
            case OBJECT:
            case REFERENCE:
            case XPOINTER:
                return MessageTag.ACCM_POS_REF_PL;
            case MANIFEST:
                return MessageTag.ACCM_POS_MAN_PL;
            case MANIFEST_ENTRY:
                return MessageTag.ACCM_POS_MAN_ENT_PL;
            case SIGNED_PROPERTIES:
                return MessageTag.ACCM_POS_SIGND_PRT;
            case KEY_INFO:
                return MessageTag.ACCM_POS_KEY_PL;
            case SIGNATURE_PROPERTIES:
                return MessageTag.ACCM_POS_SIGNTR_PRT;
            case COUNTER_SIGNATURE:
            case COUNTER_SIGNED_SIGNATURE_VALUE:
                return MessageTag.ACCM_POS_CNTR_SIG_PL;
            case MESSAGE_DIGEST:
            case CONTENT_DIGEST:
            case JWS_SIGNING_INPUT_DIGEST:
            case MESSAGE_IMPRINT:
            default:
                throw new IllegalArgumentException(String.format("The provided DigestMatcherType '%s' is not supported for multiple digest matchers!", digestMatcherType));
            case SIG_D_ENTRY:
                return MessageTag.ACCM_POS_SIG_D_ENT_PL;
            case EVIDENCE_RECORD_ARCHIVE_OBJECT:
                return MessageTag.ACCM_POS_ER_ADO_PL;
            case EVIDENCE_RECORD_ORPHAN_REFERENCE:
                return MessageTag.ACCM_POS_ER_OR_PL;
        }
    }

    private static DigestMatcherType getDigestMatcherType(Collection<XmlDigestMatcher> collection) {
        return collection.iterator().next().getType();
    }

    public static MessageTag getTimestampTypeMessageTag(TimestampType timestampType) {
        if (timestampType.isContentTimestamp()) {
            return MessageTag.TST_TYPE_CONTENT_TST;
        }
        if (timestampType.isSignatureTimestamp()) {
            return MessageTag.TST_TYPE_SIGNATURE_TST;
        }
        if (timestampType.isValidationDataTimestamp()) {
            return MessageTag.TST_TYPE_VD_TST;
        }
        if (timestampType.isDocumentTimestamp()) {
            return MessageTag.TST_TYPE_DOC_TST;
        }
        if (timestampType.isContainerTimestamp()) {
            return MessageTag.TST_TYPE_CONTAINER_TST;
        }
        if (timestampType.isArchivalTimestamp()) {
            return MessageTag.TST_TYPE_ARCHIVE_TST;
        }
        if (timestampType.isEvidenceRecordTimestamp()) {
            return MessageTag.TST_TYPE_ER_TST;
        }
        throw new IllegalArgumentException(String.format("The TimestampType '%s' is not supported!", timestampType));
    }

    public static MessageTag getContextPosition(Context context) {
        switch (context) {
            case SIGNATURE:
            case COUNTER_SIGNATURE:
            case CERTIFICATE:
                return MessageTag.SIGNATURE;
            case TIMESTAMP:
                return MessageTag.TIMESTAMP;
            case REVOCATION:
                return MessageTag.REVOCATION;
            default:
                throw new IllegalArgumentException("Unsupported context " + context);
        }
    }

    public static MessageTag getSubContextPosition(SubContext subContext) {
        switch (subContext) {
            case SIGNING_CERT:
                return MessageTag.SIGNING_CERTIFICATE;
            case CA_CERTIFICATE:
                return MessageTag.CA_CERTIFICATE;
            default:
                throw new IllegalArgumentException("Unsupported subContext " + subContext);
        }
    }

    public static MessageTag getValidationTimeMessageTag(ValidationTime validationTime) {
        switch (validationTime) {
            case BEST_SIGNATURE_TIME:
                return MessageTag.VT_BEST_SIGNATURE_TIME;
            case CERTIFICATE_ISSUANCE_TIME:
                return MessageTag.VT_CERTIFICATE_ISSUANCE_TIME;
            case VALIDATION_TIME:
                return MessageTag.VT_VALIDATION_TIME;
            case TIMESTAMP_GENERATION_TIME:
                return MessageTag.VT_TST_GENERATION_TIME;
            case TIMESTAMP_POE_TIME:
                return MessageTag.VT_TST_POE_TIME;
            default:
                throw new IllegalArgumentException(String.format("The validation time [%s] is not supported", validationTime));
        }
    }

    public static String toUrnOid(String str) {
        if (str == null) {
            return null;
        }
        return "urn:oid:" + str;
    }

    public static String getDomainName(String str) {
        if (str == null) {
            return null;
        }
        return str.replaceAll("(^.*://)|(www\\.)|([?=:#/].*)", "");
    }

    public static boolean processValueCheck(String str, List<String> list) {
        if (Utils.isStringNotEmpty(str) && Utils.isCollectionNotEmpty(list)) {
            return list.contains("*") || list.contains(str);
        }
        return false;
    }

    public static boolean processValuesCheck(List<String> list, List<String> list2) {
        if (!Utils.isCollectionNotEmpty(list)) {
            return Utils.isCollectionEmpty(list2);
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (processValueCheck(it.next(), list2)) {
                return true;
            }
        }
        return false;
    }
}
