package eu.europa.esig.dss.x509;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.EncryptionAlgorithm;
import eu.europa.esig.dss.SignatureAlgorithm;
import eu.europa.esig.dss.tsl.KeyUsageBit;
import eu.europa.esig.dss.tsl.ServiceInfo;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:eu/europa/esig/dss/x509/CertificateToken.class */
public class CertificateToken extends Token {
    private X509Certificate x509Certificate;
    private DigestAlgorithm digestAlgorithm;
    private EncryptionAlgorithm encryptionAlgorithm;
    private Boolean selfSigned;
    private String xmlId;
    private Set<KeyUsageBit> keyUsageBits;
    private Set<CertificateSourceType> sources = new HashSet();
    private Set<ServiceInfo> associatedTSPS = new HashSet();
    private Set<RevocationToken> revocationTokens = new HashSet();

    static CertificateToken newInstance(X509Certificate x509Certificate) {
        return new CertificateToken(x509Certificate);
    }

    public CertificateToken(X509Certificate x509Certificate) {
        this.digestAlgorithm = DigestAlgorithm.SHA1;
        if (x509Certificate == null) {
            throw new NullPointerException("X509 certificate is missing");
        }
        this.x509Certificate = x509Certificate;
        this.issuerX500Principal = x509Certificate.getIssuerX500Principal();
        this.signatureAlgorithm = SignatureAlgorithm.forOID(x509Certificate.getSigAlgOID());
        this.digestAlgorithm = this.signatureAlgorithm.getDigestAlgorithm();
        this.encryptionAlgorithm = this.signatureAlgorithm.getEncryptionAlgorithm();
        this.extraInfo = new TokenValidationExtraInfo();
    }

    public void addSourceType(CertificateSourceType certificateSourceType) {
        if (certificateSourceType != null) {
            this.sources.add(certificateSourceType);
        }
    }

    public void addServiceInfo(ServiceInfo serviceInfo) {
        if (serviceInfo != null) {
            this.associatedTSPS.add(serviceInfo);
        }
    }

    @Override // eu.europa.esig.dss.x509.Token
    public String getAbbreviation() {
        return getDSSIdAsString();
    }

    public void addRevocationToken(RevocationToken revocationToken) {
        this.revocationTokens.add(revocationToken);
    }

    public Set<RevocationToken> getRevocationTokens() {
        return this.revocationTokens;
    }

    public PublicKey getPublicKey() {
        return this.x509Certificate.getPublicKey();
    }

    public Date getNotAfter() {
        return this.x509Certificate.getNotAfter();
    }

    public Date getNotBefore() {
        return this.x509Certificate.getNotBefore();
    }

    public boolean isExpiredOn(Date date) {
        if (this.x509Certificate == null || date == null) {
            return true;
        }
        return this.x509Certificate.getNotAfter().before(date);
    }

    public boolean isValidOn(Date date) {
        if (this.x509Certificate == null || date == null) {
            return false;
        }
        try {
            this.x509Certificate.checkValidity(date);
            return true;
        } catch (CertificateExpiredException e) {
            return false;
        } catch (CertificateNotYetValidException e2) {
            return false;
        }
    }

    public Boolean isRevoked() {
        Boolean status;
        if (isTrusted()) {
            return false;
        }
        RevocationToken latestRevocationToken = getLatestRevocationToken();
        if (latestRevocationToken == null || (status = latestRevocationToken.getStatus()) == null) {
            return null;
        }
        return Boolean.valueOf(!status.booleanValue());
    }

    private RevocationToken getLatestRevocationToken() {
        RevocationToken revocationToken = null;
        for (RevocationToken revocationToken2 : this.revocationTokens) {
            if (revocationToken == null || revocationToken2.getProductionDate().after(revocationToken.getProductionDate())) {
                revocationToken = revocationToken2;
            }
        }
        return revocationToken;
    }

    @Override // eu.europa.esig.dss.x509.Token
    public boolean isTrusted() {
        return this.sources.contains(CertificateSourceType.TRUSTED_LIST) || this.sources.contains(CertificateSourceType.TRUSTED_STORE);
    }

    @Override // eu.europa.esig.dss.x509.Token
    public boolean isSelfSigned() {
        if (this.selfSigned == null) {
            this.selfSigned = Boolean.valueOf(this.x509Certificate.getSubjectX500Principal().getName("CANONICAL").equals(this.x509Certificate.getIssuerX500Principal().getName("CANONICAL")));
        }
        return this.selfSigned.booleanValue();
    }

    public X509Certificate getCertificate() {
        return this.x509Certificate;
    }

    @Override // eu.europa.esig.dss.x509.Token
    public byte[] getEncoded() {
        try {
            return this.x509Certificate.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new DSSException(e);
        }
    }

    public Set<CertificateSourceType> getSources() {
        return this.sources;
    }

    public Set<ServiceInfo> getAssociatedTSPS() {
        if (isTrusted()) {
            return this.associatedTSPS;
        }
        return null;
    }

    public BigInteger getSerialNumber() {
        return this.x509Certificate.getSerialNumber();
    }

    public X500Principal getSubjectX500Principal() {
        return this.x509Certificate.getSubjectX500Principal();
    }

    @Override // eu.europa.esig.dss.x509.Token
    public boolean isSignedBy(CertificateToken certificateToken) {
        this.signatureValid = false;
        this.signatureInvalidityReason = "";
        try {
            this.x509Certificate.verify(certificateToken.getCertificate().getPublicKey());
            this.signatureValid = true;
            if (!isSelfSigned()) {
                this.issuerToken = certificateToken;
            }
        } catch (InvalidKeyException e) {
            this.signatureInvalidityReason = "InvalidKeyException - on incorrect key.";
        } catch (NoSuchAlgorithmException e2) {
            this.signatureInvalidityReason = "NoSuchAlgorithmException - on unsupported signature algorithms.";
        } catch (NoSuchProviderException e3) {
            throw new DSSException(e3);
        } catch (SignatureException e4) {
            this.signatureInvalidityReason = "SignatureException - on signature errors.";
        } catch (CertificateException e5) {
            this.signatureInvalidityReason = "CertificateException -  on encoding errors.";
        }
        return this.signatureValid;
    }

    public DigestAlgorithm getDigestAlgorithm() {
        return this.digestAlgorithm;
    }

    public EncryptionAlgorithm getEncryptionAlgorithm() {
        return this.encryptionAlgorithm;
    }

    public CertificateToken getTrustAnchor() {
        if (isSelfSigned() && isTrusted()) {
            return this;
        }
        CertificateToken issuerToken = getIssuerToken();
        while (true) {
            CertificateToken certificateToken = issuerToken;
            if (certificateToken == null) {
                return null;
            }
            if (certificateToken.isTrusted()) {
                return certificateToken;
            }
            issuerToken = certificateToken.getIssuerToken();
        }
    }

    public boolean checkKeyUsage(KeyUsageBit keyUsageBit) {
        return getKeyUsageBits().contains(keyUsageBit);
    }

    @Override // eu.europa.esig.dss.x509.Token
    public String toString(String str) {
        try {
            StringBuilder sb = new StringBuilder();
            sb.append(str).append("CertificateToken[\n");
            String str2 = str + "\t";
            String x500Principal = this.issuerToken == null ? isSelfSigned() ? "[SELF-SIGNED]" : getIssuerX500Principal().toString() : this.issuerToken.getDSSIdAsString();
            String str3 = "UNKNOWN";
            if (this.sources.size() > 0) {
                Iterator<CertificateSourceType> it = this.sources.iterator();
                while (it.hasNext()) {
                    String name = it.next().name();
                    str3 = "UNKNOWN".equals(str3) ? name : str3 + "/" + name;
                }
            }
            sb.append(str2).append(getDSSIdAsString()).append("<--").append(x500Principal).append(", source=").append(str3);
            sb.append(", serial=" + this.x509Certificate.getSerialNumber()).append('\n');
            sb.append(str2).append("Validity period    : ").append(this.x509Certificate.getNotBefore()).append(" - ").append(this.x509Certificate.getNotAfter()).append('\n');
            sb.append(str2).append("Subject name       : ").append(getSubjectX500Principal()).append('\n');
            sb.append(str2).append("Issuer subject name: ").append(getIssuerX500Principal()).append('\n');
            if (this.sources.contains(CertificateSourceType.TRUSTED_LIST)) {
                for (ServiceInfo serviceInfo : this.associatedTSPS) {
                    sb.append(str2).append("Service Info      :\n");
                    String str4 = str2 + "\t";
                    sb.append(serviceInfo.toString(str4));
                    str2 = str4.substring(1);
                }
            }
            sb.append(str2).append("Signature algorithm: ").append(this.signatureAlgorithm == null ? "?" : this.signatureAlgorithm).append('\n');
            if (isTrusted()) {
                sb.append(str2).append("Signature validity : Signature verification is not needed: trusted certificate\n");
            } else if (this.signatureValid) {
                sb.append(str2).append("Signature validity : VALID").append('\n');
            } else if (!this.signatureInvalidityReason.isEmpty()) {
                sb.append(str2).append("Signature validity : INVALID").append(" - ").append(this.signatureInvalidityReason).append('\n');
            }
            if (this.issuerToken != null) {
                sb.append(str2).append("Issuer certificate[\n");
                String str5 = str2 + "\t";
                if (this.issuerToken.isSelfSigned()) {
                    sb.append(str5).append(this.issuerToken.getDSSIdAsString()).append(" SELF-SIGNED");
                } else {
                    sb.append(this.issuerToken.toString(str5));
                }
                sb.append('\n');
                str2 = str5.substring(1);
                sb.append(str2).append("]\n");
            }
            Iterator<String> it2 = this.extraInfo.getValidationInfo().iterator();
            while (it2.hasNext()) {
                sb.append(str2).append("- ").append(it2.next()).append('\n');
            }
            sb.append(str2.substring(1)).append(']');
            return sb.toString();
        } catch (Exception e) {
            return e.getMessage();
        }
    }

    public String getXmlId() {
        return this.xmlId;
    }

    public void setXmlId(String str) {
        this.xmlId = str;
    }

    public Set<KeyUsageBit> getKeyUsageBits() {
        if (this.keyUsageBits == null) {
            boolean[] keyUsage = this.x509Certificate.getKeyUsage();
            this.keyUsageBits = new HashSet();
            if (keyUsage != null) {
                for (KeyUsageBit keyUsageBit : KeyUsageBit.values()) {
                    if (keyUsage[keyUsageBit.getIndex()]) {
                        this.keyUsageBits.add(keyUsageBit);
                    }
                }
            }
        }
        return this.keyUsageBits;
    }

    public byte[] getSignature() {
        return this.x509Certificate.getSignature();
    }
}
