package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.diagnostic.jaxb.XmlDiagnosticData;
import eu.europa.esig.dss.enumerations.CertificateSourceType;
import eu.europa.esig.dss.enumerations.Context;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.policy.EtsiValidationPolicy;
import eu.europa.esig.dss.policy.ValidationPolicy;
import eu.europa.esig.dss.policy.ValidationPolicyFacade;
import eu.europa.esig.dss.policy.jaxb.ConstraintsParameters;
import eu.europa.esig.dss.spi.DSSSecurityProvider;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.CertificatePool;
import eu.europa.esig.dss.validation.executor.DefaultSignatureProcessExecutor;
import eu.europa.esig.dss.validation.executor.SignatureProcessExecutor;
import eu.europa.esig.dss.validation.executor.ValidationLevel;
import eu.europa.esig.dss.validation.reports.Reports;
import eu.europa.esig.dss.validation.scope.SignatureScopeFinder;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.Security;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.ServiceLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/SignedDocumentValidator.class */
public abstract class SignedDocumentValidator implements DocumentValidator, ProcessExecutorProvider<SignatureProcessExecutor> {
    private static final Logger LOG = LoggerFactory.getLogger(SignedDocumentValidator.class);
    protected DSSDocument document;
    protected List<DSSDocument> containerContents;
    protected List<ManifestFile> manifestFiles;
    protected CertificateVerifier certificateVerifier;
    protected final SignatureScopeFinder signatureScopeFinder;
    protected SignaturePolicyProvider signaturePolicyProvider;
    protected SignatureProcessExecutor processExecutor = null;
    protected CertificatePool validationCertPool = null;
    protected List<DSSDocument> detachedContents = new ArrayList();
    protected CertificateToken providedSigningCertificateToken = null;
    private ValidationLevel validationLevel = ValidationLevel.ARCHIVAL_DATA;
    private boolean enableEtsiValidationReport = true;

    protected SignedDocumentValidator(SignatureScopeFinder signatureScopeFinder) {
        this.signatureScopeFinder = signatureScopeFinder;
    }

    private void setSignedScopeFinderDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm) {
        if (this.signatureScopeFinder != null) {
            this.signatureScopeFinder.setDefaultDigestAlgorithm(digestAlgorithm);
        }
    }

    public static SignedDocumentValidator fromDocument(DSSDocument dSSDocument) {
        Objects.requireNonNull(dSSDocument, "DSSDocument is null");
        Iterator it = ServiceLoader.load(DocumentValidatorFactory.class).iterator();
        while (it.hasNext()) {
            DocumentValidatorFactory documentValidatorFactory = (DocumentValidatorFactory) it.next();
            try {
            } catch (Exception e) {
                LOG.error(String.format("Unable to create a DocumentValidator with the factory '%s'", documentValidatorFactory.getClass().getSimpleName()), e);
            }
            if (documentValidatorFactory.isSupported(dSSDocument)) {
                return documentValidatorFactory.create(dSSDocument);
            }
            continue;
        }
        throw new DSSException("Document format not recognized/handled");
    }

    public abstract boolean isSupported(DSSDocument dSSDocument);

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void defineSigningCertificate(CertificateToken certificateToken) {
        if (certificateToken == null) {
            throw new NullPointerException("Token is not defined");
        }
        if (this.validationCertPool == null) {
            throw new NullPointerException("Certificate pool is not instantiated");
        }
        this.providedSigningCertificateToken = this.validationCertPool.getInstance(certificateToken, CertificateSourceType.OTHER);
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setCertificateVerifier(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
        if (this.validationCertPool == null) {
            this.validationCertPool = certificateVerifier.createValidationPool();
        }
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setDetachedContents(List<DSSDocument> list) {
        this.detachedContents = list;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setContainerContents(List<DSSDocument> list) {
        this.containerContents = list;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setManifestFiles(List<ManifestFile> list) {
        this.manifestFiles = list;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setValidationLevel(ValidationLevel validationLevel) {
        this.validationLevel = validationLevel;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setEnableEtsiValidationReport(boolean z) {
        this.enableEtsiValidationReport = z;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument() {
        return validateDocument((InputStream) null);
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument(URL url) {
        if (url == null) {
            return validateDocument((InputStream) null);
        }
        try {
            return validateDocument(url.openStream());
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument(String str) {
        return str == null ? validateDocument((InputStream) null) : validateDocument(getClass().getResourceAsStream(str));
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument(File file) {
        return (file == null || !file.exists()) ? validateDocument((InputStream) null) : validateDocument(DSSUtils.toByteArrayInputStream(file));
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument(InputStream inputStream) {
        try {
            return validateDocument(ValidationPolicyFacade.newFacade().getValidationPolicy(inputStream));
        } catch (Exception e) {
            throw new DSSException("Unable to load the policy", e);
        }
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument(ConstraintsParameters constraintsParameters) {
        return validateDocument((ValidationPolicy) new EtsiValidationPolicy(constraintsParameters));
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument(ValidationPolicy validationPolicy) {
        LOG.info("Document validation...");
        Objects.requireNonNull(this.certificateVerifier, "CertificateVerifier is not defined");
        Objects.requireNonNull(this.document, "Document is not provided to the validator");
        ensureSignaturePolicyDetectorInitialized();
        boolean isRequireStructuralValidation = isRequireStructuralValidation(validationPolicy);
        SignatureValidationContext signatureValidationContext = new SignatureValidationContext(this.validationCertPool);
        return processValidationPolicy(new DiagnosticDataBuilder().document(this.document).containerInfo(getContainerInfo()).foundSignatures(processSignaturesValidation(signatureValidationContext, prepareSignatureValidationContext(signatureValidationContext), isRequireStructuralValidation)).usedCertificates(signatureValidationContext.getProcessedCertificates()).usedRevocations(signatureValidationContext.getProcessedRevocations()).setDefaultDigestAlgorithm(this.certificateVerifier.getDefaultDigestAlgorithm()).includeRawCertificateTokens(this.certificateVerifier.isIncludeCertificateTokenValues()).includeRawRevocationData(this.certificateVerifier.isIncludeCertificateRevocationValues()).includeRawTimestampTokens(this.certificateVerifier.isIncludeTimestampTokenValues()).certificateSourceTypes(signatureValidationContext.getCertificateSourceTypes()).trustedCertificateSource(this.certificateVerifier.getTrustedCertSource()).validationDate(signatureValidationContext.getCurrentTime()).build(), validationPolicy);
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public List<AdvancedSignature> prepareSignatureValidationContext(ValidationContext validationContext) {
        List<AdvancedSignature> allSignatures = getAllSignatures();
        setSignedScopeFinderDefaultDigestAlgorithm(this.certificateVerifier.getDefaultDigestAlgorithm());
        for (AdvancedSignature advancedSignature : allSignatures) {
            if (this.signatureScopeFinder != null) {
                advancedSignature.findSignatureScope(this.signatureScopeFinder);
            }
        }
        prepareCertificatesAndTimestamps(allSignatures, validationContext);
        return allSignatures;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public List<AdvancedSignature> processSignaturesValidation(ValidationContext validationContext, List<AdvancedSignature> list, boolean z) {
        ListCRLSource signatureCrlSource = getSignatureCrlSource(list);
        this.certificateVerifier.setSignatureCRLSource(signatureCrlSource);
        ListOCSPSource signatureOcspSource = getSignatureOcspSource(list);
        this.certificateVerifier.setSignatureOCSPSource(signatureOcspSource);
        validationContext.setCurrentTime(provideProcessExecutorInstance().getCurrentTime());
        validationContext.initialize(this.certificateVerifier);
        validationContext.validate();
        for (AdvancedSignature advancedSignature : list) {
            advancedSignature.checkSigningCertificate();
            advancedSignature.checkSignatureIntegrity();
            if (z) {
                advancedSignature.validateStructure();
            }
            advancedSignature.checkSignaturePolicy(this.signaturePolicyProvider);
            advancedSignature.populateCRLTokenLists(signatureCrlSource);
            advancedSignature.populateOCSPTokenLists(signatureOcspSource);
        }
        return list;
    }

    protected ContainerInfo getContainerInfo() {
        return null;
    }

    protected Reports processValidationPolicy(XmlDiagnosticData xmlDiagnosticData, ValidationPolicy validationPolicy) {
        SignatureProcessExecutor provideProcessExecutorInstance = provideProcessExecutorInstance();
        provideProcessExecutorInstance.setValidationPolicy(validationPolicy);
        provideProcessExecutorInstance.setValidationLevel(this.validationLevel);
        provideProcessExecutorInstance.setDiagnosticData(xmlDiagnosticData);
        provideProcessExecutorInstance.setEnableEtsiValidationReport(this.enableEtsiValidationReport);
        return provideProcessExecutorInstance.execute();
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setSignaturePolicyProvider(SignaturePolicyProvider signaturePolicyProvider) {
        this.signaturePolicyProvider = signaturePolicyProvider;
    }

    protected void ensureSignaturePolicyDetectorInitialized() {
        if (this.signaturePolicyProvider == null) {
            this.signaturePolicyProvider = new SignaturePolicyProvider();
            this.signaturePolicyProvider.setDataLoader(this.certificateVerifier.getDataLoader());
        }
    }

    @Override // eu.europa.esig.dss.validation.ProcessExecutorProvider
    public void setProcessExecutor(SignatureProcessExecutor signatureProcessExecutor) {
        this.processExecutor = signatureProcessExecutor;
    }

    public SignatureProcessExecutor provideProcessExecutorInstance() {
        if (this.processExecutor == null) {
            this.processExecutor = new DefaultSignatureProcessExecutor();
        }
        return this.processExecutor;
    }

    private List<AdvancedSignature> getAllSignatures() {
        ArrayList arrayList = new ArrayList();
        for (AdvancedSignature advancedSignature : getSignatures()) {
            arrayList.add(advancedSignature);
            arrayList.addAll(advancedSignature.getCounterSignatures());
        }
        return arrayList;
    }

    private ListCRLSource getSignatureCrlSource(List<AdvancedSignature> list) {
        ListCRLSource listCRLSource = new ListCRLSource();
        Iterator<AdvancedSignature> it = list.iterator();
        while (it.hasNext()) {
            listCRLSource.addAll(it.next().getCompleteCRLSource());
        }
        return listCRLSource;
    }

    private ListOCSPSource getSignatureOcspSource(List<AdvancedSignature> list) {
        ListOCSPSource listOCSPSource = new ListOCSPSource();
        Iterator<AdvancedSignature> it = list.iterator();
        while (it.hasNext()) {
            listOCSPSource.addAll(it.next().getCompleteOCSPSource());
        }
        return listOCSPSource;
    }

    private void prepareCertificatesAndTimestamps(List<AdvancedSignature> list, ValidationContext validationContext) {
        if (this.providedSigningCertificateToken != null) {
            validationContext.addCertificateTokenForVerification(this.providedSigningCertificateToken);
        }
        for (AdvancedSignature advancedSignature : list) {
            Iterator<CertificateToken> it = advancedSignature.getCertificates().iterator();
            while (it.hasNext()) {
                validationContext.addCertificateTokenForVerification(it.next());
            }
            advancedSignature.prepareTimestamps(validationContext);
        }
    }

    private boolean isRequireStructuralValidation(ValidationPolicy validationPolicy) {
        return (validationPolicy == null || validationPolicy.getStructuralValidationConstraint(Context.SIGNATURE) == null) ? false : true;
    }

    static {
        Security.addProvider(DSSSecurityProvider.getSecurityProvider());
    }
}
