package eu.europa.esig.dss.spi.validation;

import eu.europa.esig.dss.enumerations.Context;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.tsp.TimestampToken;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-spi-6.2.jar:eu/europa/esig/dss/spi/validation/TimestampTokenVerifier.class */
public class TimestampTokenVerifier {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) TimestampTokenVerifier.class);
    private TrustAnchorVerifier trustAnchorVerifier;
    private RevocationDataVerifier revocationDataVerifier;

    protected TimestampTokenVerifier() {
    }

    public static TimestampTokenVerifier createEmptyTimestampTokenVerifier() {
        return new TimestampTokenVerifier();
    }

    public static TimestampTokenVerifier createDefaultTimestampTokenVerifier() {
        return new TimestampTokenVerifier();
    }

    @Deprecated
    public CertificateSource getTrustedCertificateSource() {
        return getTrustAnchorVerifier().getTrustedCertificateSource();
    }

    @Deprecated
    protected void setTrustedCertificateSource(CertificateSource certificateSource) {
        TrustAnchorVerifier trustAnchorVerifier = getTrustAnchorVerifier();
        if (trustAnchorVerifier == null) {
            throw new NullPointerException("TrustAnchorVerifier is not defined! Please set TrustAnchorVerifier in order to provide a trustedCertificateSource.");
        }
        trustAnchorVerifier.setTrustedCertificateSource(certificateSource);
    }

    @Deprecated
    public void setAcceptUntrustedCertificateChains(boolean z) {
        TrustAnchorVerifier trustAnchorVerifier = getTrustAnchorVerifier();
        if (trustAnchorVerifier == null) {
            throw new NullPointerException("TrustAnchorVerifier is not defined! Please set TrustAnchorVerifier in order to provide an acceptUntrustedCertificateChains constraint.");
        }
        trustAnchorVerifier.setAcceptTimestampUntrustedCertificateChains(z);
    }

    public TrustAnchorVerifier getTrustAnchorVerifier() {
        return this.trustAnchorVerifier;
    }

    public void setTrustAnchorVerifier(TrustAnchorVerifier trustAnchorVerifier) {
        this.trustAnchorVerifier = trustAnchorVerifier;
    }

    public RevocationDataVerifier getRevocationDataVerifier() {
        if (this.revocationDataVerifier != null && this.revocationDataVerifier.getTrustAnchorVerifier() == null) {
            this.revocationDataVerifier.setTrustAnchorVerifier(getTrustAnchorVerifier());
        }
        return this.revocationDataVerifier;
    }

    public void setRevocationDataVerifier(RevocationDataVerifier revocationDataVerifier) {
        this.revocationDataVerifier = revocationDataVerifier;
    }

    public boolean isAcceptable(TimestampToken timestampToken) {
        return isAcceptable(timestampToken, new Date());
    }

    public boolean isAcceptable(TimestampToken timestampToken, Date date) {
        return isAcceptable(timestampToken, Collections.emptyList(), date);
    }

    public boolean isAcceptable(TimestampToken timestampToken, List<CertificateToken> list) {
        return isAcceptable(timestampToken, list, new Date());
    }

    public boolean isAcceptable(TimestampToken timestampToken, List<CertificateToken> list, Date date) {
        return isTrustedTimestampToken(timestampToken, list, date) && isCryptographicallyValid(timestampToken) && isCertificateChainValid(list, date);
    }

    @Deprecated
    protected boolean isTrustedTimestampToken(TimestampToken timestampToken, List<CertificateToken> list) {
        return isTrustedTimestampToken(timestampToken, list, new Date());
    }

    protected boolean isTrustedTimestampToken(TimestampToken timestampToken, List<CertificateToken> list, Date date) {
        if (containsTrustAnchor(list, date)) {
            return true;
        }
        LOG.warn("POE extraction is skipped for untrusted timestamp : {}.", timestampToken.getDSSIdAsString());
        return false;
    }

    protected boolean containsTrustAnchor(List<CertificateToken> list, Date date) {
        TrustAnchorVerifier trustAnchorVerifier = getTrustAnchorVerifier();
        if (trustAnchorVerifier != null) {
            return trustAnchorVerifier.isTrustedCertificateChain(list, date, Context.TIMESTAMP);
        }
        LOG.debug("TrustAnchorVerifier is not defined! None of the certificates will be considered as a trust anchor.");
        return false;
    }

    protected boolean isCryptographicallyValid(TimestampToken timestampToken) {
        if (!timestampToken.isMessageImprintDataIntact()) {
            LOG.warn("POE extraction is skipped for timestamp : {}. The message-imprint is not intact!", timestampToken.getDSSIdAsString());
            return false;
        }
        if (timestampToken.isSignatureIntact()) {
            return true;
        }
        LOG.warn("POE extraction is skipped for timestamp : {}. The signature is not intact!", timestampToken.getDSSIdAsString());
        return false;
    }

    protected boolean isCertificateChainValid(List<CertificateToken> list, Date date) {
        RevocationDataVerifier revocationDataVerifier = getRevocationDataVerifier();
        if (this.revocationDataVerifier != null) {
            return revocationDataVerifier.isCertificateChainValid(list, date, Context.TIMESTAMP);
        }
        LOG.warn("No RevocationDataVerifier is provided! Revocation check is skipped.");
        return true;
    }
}
