package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.spi.client.http.DataLoader;
import eu.europa.esig.dss.spi.client.http.NativeHTTPDataLoader;
import eu.europa.esig.dss.spi.x509.CertificatePool;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLSource;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/CommonCertificateVerifier.class */
public class CommonCertificateVerifier implements CertificateVerifier {
    private static final Logger LOG = LoggerFactory.getLogger(CommonCertificateVerifier.class);
    private CertificateSource trustedCertSource;
    private CertificateSource adjunctCertSource;
    private OCSPSource ocspSource;
    private CRLSource crlSource;
    private DataLoader dataLoader;
    private ListCRLSource signatureCRLSource;
    private ListOCSPSource signatureOCSPSource;
    private boolean exceptionOnMissingRevocationData;
    private boolean exceptionOnUncoveredPOE;
    private DigestAlgorithm defaultDigestAlgorithm;
    private boolean includeCertificateTokens;
    private boolean includeRawRevocationData;
    private boolean includeRawTimestampTokens;
    private boolean exceptionOnRevokedCertificate;
    private boolean exceptionOnInvalidTimestamp;
    private boolean exceptionOnNoRevocationAfterBestSignatureTime;
    private boolean checkRevocationForUntrustedChains;

    public CommonCertificateVerifier() {
        this(false);
    }

    public CommonCertificateVerifier(boolean z) {
        this.exceptionOnMissingRevocationData = true;
        this.exceptionOnUncoveredPOE = false;
        this.defaultDigestAlgorithm = DigestAlgorithm.SHA256;
        this.includeCertificateTokens = false;
        this.includeRawRevocationData = false;
        this.includeRawTimestampTokens = false;
        this.exceptionOnRevokedCertificate = true;
        this.exceptionOnInvalidTimestamp = true;
        this.exceptionOnNoRevocationAfterBestSignatureTime = false;
        this.checkRevocationForUntrustedChains = false;
        LOG.info("+ New CommonCertificateVerifier created.");
        if (z) {
            return;
        }
        this.dataLoader = new NativeHTTPDataLoader();
    }

    public CommonCertificateVerifier(CertificateSource certificateSource, CRLSource cRLSource, OCSPSource oCSPSource, DataLoader dataLoader) {
        this.exceptionOnMissingRevocationData = true;
        this.exceptionOnUncoveredPOE = false;
        this.defaultDigestAlgorithm = DigestAlgorithm.SHA256;
        this.includeCertificateTokens = false;
        this.includeRawRevocationData = false;
        this.includeRawTimestampTokens = false;
        this.exceptionOnRevokedCertificate = true;
        this.exceptionOnInvalidTimestamp = true;
        this.exceptionOnNoRevocationAfterBestSignatureTime = false;
        this.checkRevocationForUntrustedChains = false;
        LOG.info("+ New CommonCertificateVerifier created with parameters.");
        this.trustedCertSource = certificateSource;
        this.crlSource = cRLSource;
        this.ocspSource = oCSPSource;
        this.dataLoader = dataLoader;
        if (dataLoader == null) {
            LOG.warn("DataLoader is null. It's required to access AIA certificate source");
        }
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public CertificateSource getTrustedCertSource() {
        return this.trustedCertSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public OCSPSource getOcspSource() {
        return this.ocspSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public CRLSource getCrlSource() {
        return this.crlSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setCrlSource(CRLSource cRLSource) {
        this.crlSource = cRLSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setOcspSource(OCSPSource oCSPSource) {
        this.ocspSource = oCSPSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setTrustedCertSource(CertificateSource certificateSource) {
        this.trustedCertSource = certificateSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public CertificateSource getAdjunctCertSource() {
        return this.adjunctCertSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setAdjunctCertSource(CertificateSource certificateSource) {
        if (certificateSource instanceof CommonTrustedCertificateSource) {
            LOG.warn("Adjunct certificate source shouldn't be trusted. This source contains missing intermediate certificates");
        }
        this.adjunctCertSource = certificateSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public DataLoader getDataLoader() {
        return this.dataLoader;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setDataLoader(DataLoader dataLoader) {
        this.dataLoader = dataLoader;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public ListCRLSource getSignatureCRLSource() {
        return this.signatureCRLSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setSignatureCRLSource(ListCRLSource listCRLSource) {
        this.signatureCRLSource = listCRLSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public ListOCSPSource getSignatureOCSPSource() {
        return this.signatureOCSPSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setSignatureOCSPSource(ListOCSPSource listOCSPSource) {
        this.signatureOCSPSource = listOCSPSource;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setExceptionOnMissingRevocationData(boolean z) {
        this.exceptionOnMissingRevocationData = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isExceptionOnMissingRevocationData() {
        return this.exceptionOnMissingRevocationData;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isExceptionOnUncoveredPOE() {
        return this.exceptionOnUncoveredPOE;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setExceptionOnUncoveredPOE(boolean z) {
        this.exceptionOnUncoveredPOE = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isExceptionOnRevokedCertificate() {
        return this.exceptionOnRevokedCertificate;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setExceptionOnRevokedCertificate(boolean z) {
        this.exceptionOnRevokedCertificate = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setExceptionOnInvalidTimestamp(boolean z) {
        this.exceptionOnInvalidTimestamp = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isExceptionOnInvalidTimestamp() {
        return this.exceptionOnInvalidTimestamp;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setExceptionOnNoRevocationAfterBestSignatureTime(boolean z) {
        this.exceptionOnNoRevocationAfterBestSignatureTime = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isExceptionOnNoRevocationAfterBestSignatureTime() {
        return this.exceptionOnNoRevocationAfterBestSignatureTime;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isCheckRevocationForUntrustedChains() {
        return this.checkRevocationForUntrustedChains;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setCheckRevocationForUntrustedChains(boolean z) {
        this.checkRevocationForUntrustedChains = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public CertificatePool createValidationPool() {
        CertificatePool certificatePool = new CertificatePool();
        if (this.trustedCertSource != null) {
            certificatePool.importCerts(this.trustedCertSource);
        }
        if (this.adjunctCertSource != null) {
            certificatePool.importCerts(this.adjunctCertSource);
        }
        return certificatePool;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm) {
        this.defaultDigestAlgorithm = digestAlgorithm;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public DigestAlgorithm getDefaultDigestAlgorithm() {
        return this.defaultDigestAlgorithm;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setIncludeCertificateTokenValues(boolean z) {
        this.includeCertificateTokens = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isIncludeCertificateTokenValues() {
        return this.includeCertificateTokens;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setIncludeCertificateRevocationValues(boolean z) {
        this.includeRawRevocationData = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isIncludeCertificateRevocationValues() {
        return this.includeRawRevocationData;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public void setIncludeTimestampTokenValues(boolean z) {
        this.includeRawTimestampTokens = z;
    }

    @Override // eu.europa.esig.dss.validation.CertificateVerifier
    public boolean isIncludeTimestampTokenValues() {
        return this.includeRawTimestampTokens;
    }
}
