package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.alert.ExceptionOnStatusAlert;
import eu.europa.esig.dss.alert.LogOnStatusAlert;
import eu.europa.esig.dss.alert.StatusAlert;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.revocation.crl.CRL;
import eu.europa.esig.dss.model.x509.revocation.ocsp.OCSP;
import eu.europa.esig.dss.spi.client.http.DataLoader;
import eu.europa.esig.dss.spi.client.http.NativeHTTPDataLoader;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.ListCertificateSource;
import eu.europa.esig.dss.spi.x509.revocation.RevocationSource;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLSource;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPSource;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.event.Level;

/* loaded from: input_file:eu/europa/esig/dss/validation/CommonCertificateVerifier.class */
public class CommonCertificateVerifier implements CertificateVerifier {
    private static final Logger LOG = LoggerFactory.getLogger(CommonCertificateVerifier.class);
    private ListCertificateSource trustedCertSources;
    private ListCertificateSource adjunctCertSources;
    private RevocationSource<OCSP> ocspSource;
    private RevocationSource<CRL> crlSource;
    private DataLoader dataLoader;
    private ListRevocationSource<CRL> signatureCRLSource;
    private ListRevocationSource<OCSP> signatureOCSPSource;
    private ListCertificateSource signatureCertificateSource;
    private DigestAlgorithm defaultDigestAlgorithm;
    private StatusAlert alertOnInvalidTimestamp;
    private StatusAlert alertOnMissingRevocationData;
    private StatusAlert alertOnRevokedCertificate;
    private StatusAlert alertOnNoRevocationAfterBestSignatureTime;
    private StatusAlert alertOnUncoveredPOE;
    private boolean checkRevocationForUntrustedChains;

    public CommonCertificateVerifier() {
        this(false);
    }

    public CommonCertificateVerifier(boolean z) {
        this.trustedCertSources = new ListCertificateSource();
        this.adjunctCertSources = new ListCertificateSource();
        this.defaultDigestAlgorithm = DigestAlgorithm.SHA256;
        this.alertOnInvalidTimestamp = new ExceptionOnStatusAlert();
        this.alertOnMissingRevocationData = new ExceptionOnStatusAlert();
        this.alertOnRevokedCertificate = new ExceptionOnStatusAlert();
        this.alertOnNoRevocationAfterBestSignatureTime = new LogOnStatusAlert(Level.WARN);
        this.alertOnUncoveredPOE = new LogOnStatusAlert(Level.WARN);
        this.checkRevocationForUntrustedChains = false;
        LOG.info("+ New CommonCertificateVerifier created.");
        if (z) {
            return;
        }
        this.dataLoader = new NativeHTTPDataLoader();
    }

    public CommonCertificateVerifier(List<CertificateSource> list, CRLSource cRLSource, OCSPSource oCSPSource, DataLoader dataLoader) {
        this.trustedCertSources = new ListCertificateSource();
        this.adjunctCertSources = new ListCertificateSource();
        this.defaultDigestAlgorithm = DigestAlgorithm.SHA256;
        this.alertOnInvalidTimestamp = new ExceptionOnStatusAlert();
        this.alertOnMissingRevocationData = new ExceptionOnStatusAlert();
        this.alertOnRevokedCertificate = new ExceptionOnStatusAlert();
        this.alertOnNoRevocationAfterBestSignatureTime = new LogOnStatusAlert(Level.WARN);
        this.alertOnUncoveredPOE = new LogOnStatusAlert(Level.WARN);
        this.checkRevocationForUntrustedChains = false;
        LOG.info("+ New CommonCertificateVerifier created with parameters.");
        this.trustedCertSources = new ListCertificateSource(list);
        this.crlSource = cRLSource;
        this.ocspSource = oCSPSource;
        this.dataLoader = dataLoader;
        if (dataLoader == null) {
            LOG.warn("DataLoader is null. It's required to access AIA certificate source");
        }
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public ListCertificateSource getTrustedCertSources() {
        return this.trustedCertSources;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public RevocationSource<OCSP> getOcspSource() {
        return this.ocspSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public RevocationSource<CRL> getCrlSource() {
        return this.crlSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setCrlSource(RevocationSource<CRL> revocationSource) {
        this.crlSource = revocationSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setOcspSource(RevocationSource<OCSP> revocationSource) {
        this.ocspSource = revocationSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    @Deprecated
    public void setTrustedCertSource(CertificateSource certificateSource) {
        Objects.requireNonNull(certificateSource, "CertificateSource cannot be null!");
        setTrustedCertSources(certificateSource);
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setTrustedCertSources(CertificateSource... certificateSourceArr) {
        this.trustedCertSources = new ListCertificateSource();
        addTrustedCertSources(certificateSourceArr);
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void addTrustedCertSources(CertificateSource... certificateSourceArr) {
        for (CertificateSource certificateSource : certificateSourceArr) {
            if (!certificateSource.getCertificateSourceType().isTrusted()) {
                throw new DSSException(String.format("The certificateSource with type [%s] is not allowed in the trustedCertSources. Please, use CertificateSource with a type TRUSTED_STORE or TRUSTED_LIST.", certificateSource.getCertificateSourceType()));
            }
            this.trustedCertSources.add(certificateSource);
        }
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setTrustedCertSources(ListCertificateSource listCertificateSource) {
        if (listCertificateSource == null) {
            this.trustedCertSources = new ListCertificateSource();
        } else {
            if (!listCertificateSource.areAllCertSourcesTrusted()) {
                throw new DSSException(String.format("The trusted ListCertificateSource must contain only trusted sources with a type TRUSTED_STORE or TRUSTED_LIST.", new Object[0]));
            }
            this.trustedCertSources = listCertificateSource;
        }
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public ListCertificateSource getAdjunctCertSources() {
        return this.adjunctCertSources;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    @Deprecated
    public void setAdjunctCertSource(CertificateSource certificateSource) {
        Objects.requireNonNull(certificateSource, "CertificateSource cannot be null!");
        addAdjunctCertSources(certificateSource);
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAdjunctCertSources(CertificateSource... certificateSourceArr) {
        this.adjunctCertSources = new ListCertificateSource();
        addAdjunctCertSources(certificateSourceArr);
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void addAdjunctCertSources(CertificateSource... certificateSourceArr) {
        for (CertificateSource certificateSource : certificateSourceArr) {
            assertNotTrusted(certificateSource);
            this.adjunctCertSources.add(certificateSource);
        }
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAdjunctCertSources(ListCertificateSource listCertificateSource) {
        if (listCertificateSource == null) {
            listCertificateSource = new ListCertificateSource();
        }
        Iterator it = listCertificateSource.getSources().iterator();
        while (it.hasNext()) {
            assertNotTrusted((CertificateSource) it.next());
        }
        this.adjunctCertSources = listCertificateSource;
    }

    private void assertNotTrusted(CertificateSource certificateSource) {
        if (certificateSource.getCertificateSourceType().isTrusted()) {
            LOG.warn("Adjunct certificate sources shouldn't be trusted. An adjunct certificate source contains missing intermediate certificates");
        }
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public DataLoader getDataLoader() {
        return this.dataLoader;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setDataLoader(DataLoader dataLoader) {
        this.dataLoader = dataLoader;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public ListRevocationSource<CRL> getSignatureCRLSource() {
        return this.signatureCRLSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setSignatureCRLSource(ListRevocationSource<CRL> listRevocationSource) {
        this.signatureCRLSource = listRevocationSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public ListRevocationSource<OCSP> getSignatureOCSPSource() {
        return this.signatureOCSPSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setSignatureOCSPSource(ListRevocationSource<OCSP> listRevocationSource) {
        this.signatureOCSPSource = listRevocationSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public ListCertificateSource getSignatureCertificateSource() {
        return this.signatureCertificateSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setSignatureCertificateSource(ListCertificateSource listCertificateSource) {
        this.signatureCertificateSource = listCertificateSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public StatusAlert getAlertOnInvalidTimestamp() {
        return this.alertOnInvalidTimestamp;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAlertOnInvalidTimestamp(StatusAlert statusAlert) {
        Objects.requireNonNull(statusAlert);
        this.alertOnInvalidTimestamp = statusAlert;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public StatusAlert getAlertOnMissingRevocationData() {
        return this.alertOnMissingRevocationData;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAlertOnMissingRevocationData(StatusAlert statusAlert) {
        Objects.requireNonNull(statusAlert);
        this.alertOnMissingRevocationData = statusAlert;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public StatusAlert getAlertOnUncoveredPOE() {
        return this.alertOnUncoveredPOE;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAlertOnUncoveredPOE(StatusAlert statusAlert) {
        Objects.requireNonNull(statusAlert);
        this.alertOnUncoveredPOE = statusAlert;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public StatusAlert getAlertOnRevokedCertificate() {
        return this.alertOnRevokedCertificate;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAlertOnRevokedCertificate(StatusAlert statusAlert) {
        Objects.requireNonNull(statusAlert);
        this.alertOnRevokedCertificate = statusAlert;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public StatusAlert getAlertOnNoRevocationAfterBestSignatureTime() {
        return this.alertOnNoRevocationAfterBestSignatureTime;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAlertOnNoRevocationAfterBestSignatureTime(StatusAlert statusAlert) {
        Objects.requireNonNull(statusAlert);
        this.alertOnNoRevocationAfterBestSignatureTime = statusAlert;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isCheckRevocationForUntrustedChains() {
        return this.checkRevocationForUntrustedChains;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setCheckRevocationForUntrustedChains(boolean z) {
        this.checkRevocationForUntrustedChains = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm) {
        this.defaultDigestAlgorithm = digestAlgorithm;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public DigestAlgorithm getDefaultDigestAlgorithm() {
        return this.defaultDigestAlgorithm;
    }
}
