package eu.europa.esig.dss.spi.x509;

import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.utils.Utils;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-spi-6.2.jar:eu/europa/esig/dss/spi/x509/CertificateReorderer.class */
public class CertificateReorderer {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CertificateReorderer.class);
    private final CertificateToken signingCertificate;
    private final Collection<CertificateToken> certificateChain;

    public CertificateReorderer(Collection<CertificateToken> collection) {
        this(null, collection);
    }

    public CertificateReorderer(CertificateToken certificateToken, Collection<CertificateToken> collection) {
        this.signingCertificate = certificateToken;
        this.certificateChain = collection;
    }

    public List<CertificateToken> getOrderedCertificates() {
        List<CertificateToken> allCertificatesOnce = getAllCertificatesOnce();
        if (Utils.collectionSize(allCertificatesOnce) == 1) {
            return allCertificatesOnce;
        }
        initIssuerPublicKeys(allCertificatesOnce);
        List<CertificateToken> buildCertificateChainForCert = buildCertificateChainForCert(allCertificatesOnce, selectSigningCertificateInList(getSigningCertificates(allCertificatesOnce)));
        if (allCertificatesOnce.size() > buildCertificateChainForCert.size()) {
            LOG.debug("Some certificates are ignored");
            LOG.debug("Before : {}", allCertificatesOnce);
            LOG.debug("After : {}", buildCertificateChainForCert);
        }
        return buildCertificateChainForCert;
    }

    public Map<CertificateToken, List<CertificateToken>> getOrderedCertificateChains() {
        HashMap hashMap = new HashMap();
        List<CertificateToken> allCertificatesOnce = getAllCertificatesOnce();
        if (Utils.collectionSize(allCertificatesOnce) == 1) {
            CertificateToken certificateToken = allCertificatesOnce.get(0);
            hashMap.put(certificateToken, Collections.singletonList(certificateToken));
            return hashMap;
        }
        initIssuerPublicKeys(allCertificatesOnce);
        for (CertificateToken certificateToken2 : getSigningCertificates(allCertificatesOnce)) {
            hashMap.put(certificateToken2, buildCertificateChainForCert(allCertificatesOnce, certificateToken2));
        }
        return hashMap;
    }

    private void initIssuerPublicKeys(List<CertificateToken> list) {
        for (CertificateToken certificateToken : list) {
            if (isIssuerNeeded(certificateToken)) {
                Iterator<CertificateToken> it = list.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    CertificateToken next = it.next();
                    if (certificateToken.isSignedBy(next)) {
                        LOG.debug("{} is signed by {}", certificateToken.getDSSIdAsString(), next.getDSSIdAsString());
                        break;
                    }
                }
                if (isIssuerNeeded(certificateToken)) {
                    LOG.warn("Issuer not found for certificate {}", certificateToken.getDSSIdAsString());
                }
            }
        }
    }

    private List<CertificateToken> buildCertificateChainForCert(List<CertificateToken> list, CertificateToken certificateToken) {
        LinkedList linkedList = new LinkedList();
        while (certificateToken != null && !linkedList.contains(certificateToken)) {
            linkedList.add(certificateToken);
            certificateToken = getCertificateByPubKey(list, certificateToken.getPublicKeyOfTheSigner());
        }
        return linkedList;
    }

    private CertificateToken getCertificateByPubKey(List<CertificateToken> list, PublicKey publicKey) {
        for (CertificateToken certificateToken : list) {
            if (certificateToken.getPublicKey().equals(publicKey)) {
                return certificateToken;
            }
        }
        return null;
    }

    private boolean isIssuerNeeded(CertificateToken certificateToken) {
        return !certificateToken.isSelfSigned() && certificateToken.getPublicKeyOfTheSigner() == null;
    }

    private CertificateToken selectSigningCertificateInList(List<CertificateToken> list) {
        CertificateToken certificateToken;
        if (list.size() == 1) {
            certificateToken = list.get(0);
        } else {
            LOG.warn("More than one chain detected");
            if (this.signingCertificate == null || !list.contains(this.signingCertificate)) {
                throw new DSSException("Unable to determine a signing certificate : No pertinent input parameters");
            }
            certificateToken = this.signingCertificate;
        }
        return certificateToken;
    }

    private List<CertificateToken> getAllCertificatesOnce() {
        ArrayList arrayList = new ArrayList();
        if (this.signingCertificate != null) {
            arrayList.add(this.signingCertificate);
        }
        if (Utils.isCollectionNotEmpty(this.certificateChain)) {
            for (CertificateToken certificateToken : this.certificateChain) {
                if (certificateToken != null && !arrayList.contains(certificateToken)) {
                    arrayList.add(certificateToken);
                }
            }
        }
        return arrayList;
    }

    private List<CertificateToken> getSigningCertificates(List<CertificateToken> list) {
        if (Utils.isCollectionEmpty(list)) {
            throw new DSSException("No signing certificate found");
        }
        ArrayList arrayList = new ArrayList();
        for (CertificateToken certificateToken : list) {
            boolean z = false;
            Iterator<CertificateToken> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (certificateToken.getPublicKey().equals(it.next().getPublicKeyOfTheSigner())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                arrayList.add(certificateToken);
            }
        }
        if (Utils.isCollectionEmpty(arrayList)) {
            throw new DSSException("The certificate chain contains only bridge certificates");
        }
        return arrayList;
    }
}
