package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.CertificateReorderer;
import eu.europa.esig.dss.enumerations.CertificateSourceType;
import eu.europa.esig.dss.enumerations.RevocationReason;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.Token;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.client.http.DataLoader;
import eu.europa.esig.dss.spi.x509.AlternateUrlsSourceAdapter;
import eu.europa.esig.dss.spi.x509.CertificatePool;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource;
import eu.europa.esig.dss.spi.x509.revocation.RevocationSourceAlternateUrlsSupport;
import eu.europa.esig.dss.spi.x509.revocation.RevocationToken;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLSource;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPSource;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.timestamp.TimestampToken;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/SignatureValidationContext.class */
public class SignatureValidationContext implements ValidationContext {
    private static final Logger LOG = LoggerFactory.getLogger(SignatureValidationContext.class);
    private DataLoader dataLoader;
    protected CertificatePool validationCertificatePool;
    private Map<CertificateToken, List<CertificateToken>> orderedCertificateChains;
    private OCSPSource ocspSource;
    private CRLSource crlSource;
    private CRLSource signatureCRLSource;
    private OCSPSource signatureOCSPSource;
    private CertificateSource trustedCertSource;
    private boolean checkRevocationForUntrustedChains;
    private final Set<CertificateToken> processedCertificates = new HashSet();
    private final Set<RevocationToken> processedRevocations = new HashSet();
    private final Set<TimestampToken> processedTimestamps = new HashSet();
    private final Map<Token, Boolean> tokensToProcess = new HashMap();
    private final Map<CertificateToken, Date> lastUsageDates = new HashMap();
    protected Date currentTime = new Date();

    public SignatureValidationContext() {
    }

    public SignatureValidationContext(CertificatePool certificatePool) {
        Objects.requireNonNull(certificatePool);
        this.validationCertificatePool = certificatePool;
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public void initialize(CertificateVerifier certificateVerifier) {
        Objects.requireNonNull(certificateVerifier);
        if (this.validationCertificatePool == null) {
            this.validationCertificatePool = new CertificatePool();
        }
        if (certificateVerifier.getTrustedCertSource() != null) {
            this.validationCertificatePool.importCerts(certificateVerifier.getTrustedCertSource());
        }
        if (certificateVerifier.getAdjunctCertSource() != null) {
            this.validationCertificatePool.importCerts(certificateVerifier.getAdjunctCertSource());
        }
        this.crlSource = certificateVerifier.getCrlSource();
        this.ocspSource = certificateVerifier.getOcspSource();
        this.dataLoader = certificateVerifier.getDataLoader();
        this.signatureCRLSource = certificateVerifier.getSignatureCRLSource();
        this.signatureOCSPSource = certificateVerifier.getSignatureOCSPSource();
        this.trustedCertSource = certificateVerifier.getTrustedCertSource();
        this.checkRevocationForUntrustedChains = certificateVerifier.isCheckRevocationForUntrustedChains();
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public Date getCurrentTime() {
        return this.currentTime;
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public void setCurrentTime(Date date) {
        Objects.requireNonNull(date);
        this.currentTime = date;
    }

    private Token getNotYetVerifiedToken() {
        synchronized (this.tokensToProcess) {
            for (Map.Entry<Token, Boolean> entry : this.tokensToProcess.entrySet()) {
                if (entry.getValue() == null) {
                    entry.setValue(true);
                    return entry.getKey();
                }
            }
            return null;
        }
    }

    private Map<CertificateToken, List<CertificateToken>> getOrderedCertificateChains() {
        if (this.orderedCertificateChains == null) {
            this.orderedCertificateChains = new CertificateReorderer(this.processedCertificates).getOrderedCertificateChains();
        }
        return this.orderedCertificateChains;
    }

    private List<Token> getCertChain(Token token) throws DSSException {
        LinkedList linkedList = new LinkedList();
        Token token2 = token;
        do {
            linkedList.add(token2);
            token2 = this.validationCertificatePool.getIssuer(token2);
            if (token2 == null && (token instanceof CertificateToken)) {
                token2 = getIssuerFromAIA((CertificateToken) token);
            }
            if (token2 == null && (token instanceof TimestampToken)) {
                token2 = getTSACertificate((TimestampToken) token);
            }
            if (token2 instanceof CertificateToken) {
                addCertificateTokenForVerification((CertificateToken) token2);
            }
            if (token2 == null) {
                break;
            }
        } while (!linkedList.contains(token2));
        return linkedList;
    }

    private CertificateToken getTSACertificate(TimestampToken timestampToken) {
        for (CertificateToken certificateToken : timestampToken.getCertificates()) {
            if (timestampToken.isSignedBy(certificateToken)) {
                return certificateToken;
            }
        }
        LOG.info("TSA certificate not found in the token");
        for (CertificateToken certificateToken2 : this.validationCertificatePool.getBySignerId(timestampToken.getSignerId())) {
            if (timestampToken.isSignedBy(certificateToken2)) {
                return certificateToken2;
            }
        }
        LOG.warn("TSA certificate not found in the certificate pool");
        return null;
    }

    private CertificateToken getIssuerFromAIA(CertificateToken certificateToken) {
        LOG.info("Retrieving {} certificate's issuer using AIA.", certificateToken.getAbbreviation());
        Collection<CertificateToken> loadPotentialIssuerCertificates = DSSUtils.loadPotentialIssuerCertificates(certificateToken, this.dataLoader);
        if (!Utils.isCollectionNotEmpty(loadPotentialIssuerCertificates)) {
            return null;
        }
        CertificateToken findBestBridgeCertificate = findBestBridgeCertificate(certificateToken, loadPotentialIssuerCertificates);
        if (findBestBridgeCertificate != null) {
            addCertificateTokenForVerification(this.validationCertificatePool.getInstance(findBestBridgeCertificate, CertificateSourceType.AIA));
            return findBestBridgeCertificate;
        }
        Iterator<CertificateToken> it = loadPotentialIssuerCertificates.iterator();
        while (it.hasNext()) {
            addCertificateTokenForVerification(this.validationCertificatePool.getInstance(it.next(), CertificateSourceType.AIA));
        }
        for (CertificateToken certificateToken2 : loadPotentialIssuerCertificates) {
            if (certificateToken.isSignedBy(certificateToken2)) {
                if (!certificateToken.getIssuerX500Principal().equals(certificateToken2.getSubjectX500Principal())) {
                    LOG.info("There is AIA extension, but the issuer subject name and subject name does not match.");
                    LOG.info("CERT ISSUER    : {}", certificateToken.getIssuerX500Principal());
                    LOG.info("ISSUER SUBJECT : {}", certificateToken2.getSubjectX500Principal());
                }
                return certificateToken2;
            }
        }
        LOG.warn("The retrieved certificate(s) using AIA does not sign the certificate {}.", certificateToken.getAbbreviation());
        return null;
    }

    private CertificateToken findBestBridgeCertificate(CertificateToken certificateToken, Collection<CertificateToken> collection) {
        if (Utils.isCollectionEmpty(collection) || collection.size() == 1) {
            return null;
        }
        Object obj = null;
        Token token = null;
        Iterator<CertificateToken> it = collection.iterator();
        while (it.hasNext()) {
            Token token2 = (CertificateToken) it.next();
            Object publicKey = token2.getPublicKey();
            if (obj == null) {
                if (!certificateToken.isSignedBy(token2)) {
                    return null;
                }
                obj = publicKey;
                token = token2;
            } else {
                if (!publicKey.equals(obj)) {
                    return null;
                }
                if (isTrusted(token)) {
                }
            }
            Iterator it2 = this.validationCertificatePool.get(token2.getSubjectX500Principal()).iterator();
            while (true) {
                if (it2.hasNext()) {
                    Token token3 = (CertificateToken) it2.next();
                    if (token3.getPublicKey().equals(obj) && isTrusted(token3)) {
                        token = token3;
                        certificateToken.isSignedBy(token3);
                        break;
                    }
                }
            }
        }
        return token;
    }

    private boolean addTokenForVerification(Token token) {
        if (token == null) {
            return false;
        }
        boolean isTraceEnabled = LOG.isTraceEnabled();
        if (isTraceEnabled) {
            LOG.trace("addTokenForVerification: trying to acquire synchronized block");
        }
        synchronized (this.tokensToProcess) {
            try {
                if (this.tokensToProcess.containsKey(token)) {
                    if (isTraceEnabled) {
                        LOG.trace("Token was already in the list {}:{}", token.getClass().getSimpleName(), token.getAbbreviation());
                    }
                    return false;
                }
                this.tokensToProcess.put(token, null);
                if (isTraceEnabled) {
                    LOG.trace("+ New {} to check: {}", token.getClass().getSimpleName(), token.getAbbreviation());
                }
                if (isTraceEnabled) {
                    LOG.trace("addTokenForVerification: almost left synchronized block");
                }
                return true;
            } finally {
                if (isTraceEnabled) {
                    LOG.trace("addTokenForVerification: almost left synchronized block");
                }
            }
        }
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public void addRevocationTokensForVerification(List<RevocationToken> list) {
        for (RevocationToken revocationToken : list) {
            if (addTokenForVerification(revocationToken)) {
                boolean add = this.processedRevocations.add(revocationToken);
                if (LOG.isTraceEnabled()) {
                    if (add) {
                        LOG.trace("RevocationToken added to processedRevocations: {} ", revocationToken);
                    } else {
                        LOG.trace("RevocationToken already present processedRevocations: {} ", revocationToken);
                    }
                }
            }
        }
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public void addCertificateTokenForVerification(CertificateToken certificateToken) {
        if (addTokenForVerification(certificateToken)) {
            boolean add = this.processedCertificates.add(certificateToken);
            if (LOG.isTraceEnabled()) {
                if (add) {
                    LOG.trace("CertificateToken added to processedCertificates: {} ", certificateToken);
                } else {
                    LOG.trace("CertificateToken already present processedCertificates: {} ", certificateToken);
                }
            }
        }
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public void addTimestampTokenForVerification(TimestampToken timestampToken) {
        if (addTokenForVerification(timestampToken)) {
            boolean add = this.processedTimestamps.add(timestampToken);
            if (LOG.isTraceEnabled()) {
                if (add) {
                    LOG.trace("TimestampToken added to processedTimestamps: {} ", this.processedTimestamps);
                } else {
                    LOG.trace("TimestampToken already present processedTimestamps: {} ", this.processedTimestamps);
                }
            }
        }
    }

    private void registerUsageDate(TimestampToken timestampToken) {
        CertificateToken tSACertificate = getTSACertificate(timestampToken);
        if (tSACertificate == null) {
            LOG.warn("No Timestamp Certificate found. Chain is skipped.");
            return;
        }
        Map<CertificateToken, List<CertificateToken>> orderedCertificateChains = getOrderedCertificateChains();
        List<CertificateToken> list = orderedCertificateChains.get(tSACertificate);
        if (list == null) {
            list = toCertificateTokenChain(getCertChain(tSACertificate));
            orderedCertificateChains.put(tSACertificate, list);
        }
        Date creationDate = timestampToken.getCreationDate();
        for (CertificateToken certificateToken : list) {
            if (isSelfSignedOrTrusted(certificateToken)) {
                return;
            }
            Date date = this.lastUsageDates.get(certificateToken);
            if (date == null || date.before(creationDate)) {
                this.lastUsageDates.put(certificateToken, creationDate);
            }
        }
    }

    private List<CertificateToken> toCertificateTokenChain(List<Token> list) {
        LinkedList linkedList = new LinkedList();
        Iterator<Token> it = list.iterator();
        while (it.hasNext()) {
            CertificateToken certificateToken = (Token) it.next();
            if (certificateToken instanceof CertificateToken) {
                linkedList.add(certificateToken);
            }
        }
        return linkedList;
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public void validate() throws DSSException {
        Token notYetVerifiedToken = getNotYetVerifiedToken();
        while (true) {
            Token token = notYetVerifiedToken;
            if (token == null) {
                return;
            }
            List<Token> certChain = getCertChain(token);
            if (token instanceof CertificateToken) {
                addRevocationTokensForVerification(getRevocationData((CertificateToken) token, certChain));
            } else if (token instanceof TimestampToken) {
                registerUsageDate((TimestampToken) token);
            }
            notYetVerifiedToken = getNotYetVerifiedToken();
        }
    }

    private List<RevocationToken> getRevocationData(CertificateToken certificateToken, List<Token> list) {
        if (LOG.isTraceEnabled()) {
            LOG.trace("Checking revocation data for : {}", certificateToken.getDSSIdAsString());
        }
        if (isRevocationDataNotRequired(certificateToken)) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        if (this.signatureCRLSource != null || this.signatureOCSPSource != null) {
            OCSPAndCRLCertificateVerifier oCSPAndCRLCertificateVerifier = new OCSPAndCRLCertificateVerifier(this.signatureCRLSource, this.signatureOCSPSource, this.validationCertificatePool);
            RevocationToken checkOCSP = oCSPAndCRLCertificateVerifier.checkOCSP(certificateToken);
            if (checkOCSP != null) {
                arrayList.add(checkOCSP);
            }
            RevocationToken checkCRL = oCSPAndCRLCertificateVerifier.checkCRL(certificateToken);
            if (checkCRL != null) {
                arrayList.add(checkCRL);
            }
        }
        if (arrayList.isEmpty() || isRevocationDataRefreshNeeded(certificateToken, arrayList)) {
            if (this.checkRevocationForUntrustedChains || containsTrustAnchor(list)) {
                CertificateToken certificateToken2 = (CertificateToken) getFirstTrustAnchor(list);
                RevocationToken check = ((!(this.trustedCertSource instanceof CommonTrustedCertificateSource) || certificateToken2 == null) ? new OCSPAndCRLCertificateVerifier(this.crlSource, this.ocspSource, this.validationCertificatePool) : instantiateWithTrustServices((CommonTrustedCertificateSource) this.trustedCertSource, certificateToken2)).check(certificateToken);
                if (check != null && !arrayList.contains(check)) {
                    arrayList.add(check);
                }
            } else {
                LOG.warn("External revocation check is skipped for untrusted certificate : {}", certificateToken.getDSSIdAsString());
            }
        }
        if (arrayList.isEmpty()) {
            LOG.warn("No revocation found for certificate {}", certificateToken.getDSSIdAsString());
        }
        return arrayList;
    }

    private boolean containsTrustAnchor(List<Token> list) {
        return getFirstTrustAnchor(list) != null;
    }

    private Token getFirstTrustAnchor(List<Token> list) {
        for (Token token : list) {
            if (isTrusted(token)) {
                return token;
            }
        }
        return null;
    }

    private OCSPAndCRLCertificateVerifier instantiateWithTrustServices(CommonTrustedCertificateSource commonTrustedCertificateSource, CertificateToken certificateToken) {
        List alternativeOCSPUrls = commonTrustedCertificateSource.getAlternativeOCSPUrls(certificateToken);
        AlternateUrlsSourceAdapter alternateUrlsSourceAdapter = (Utils.isCollectionNotEmpty(alternativeOCSPUrls) && (this.ocspSource instanceof RevocationSourceAlternateUrlsSupport)) ? new AlternateUrlsSourceAdapter(this.ocspSource, alternativeOCSPUrls) : this.ocspSource;
        List alternativeCRLUrls = commonTrustedCertificateSource.getAlternativeCRLUrls(certificateToken);
        return new OCSPAndCRLCertificateVerifier((Utils.isCollectionNotEmpty(alternativeCRLUrls) && (this.crlSource instanceof RevocationSourceAlternateUrlsSupport)) ? new AlternateUrlsSourceAdapter(this.crlSource, alternativeCRLUrls) : this.crlSource, alternateUrlsSourceAdapter, this.validationCertificatePool);
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public boolean isAllRequiredRevocationDataPresent() {
        Iterator<List<CertificateToken>> it = getOrderedCertificateChains().values().iterator();
        while (it.hasNext()) {
            if (!checkRevocationPresentForCertificateChain(it.next())) {
                return false;
            }
        }
        return true;
    }

    private boolean checkRevocationPresentForCertificateChain(List<CertificateToken> list) {
        return checkRevocationForCertificateChainAgainstBestSignatureTime(list, null);
    }

    private boolean checkRevocationForCertificateChainAgainstBestSignatureTime(List<CertificateToken> list, Date date) {
        for (CertificateToken certificateToken : list) {
            if (isSelfSignedOrTrusted(certificateToken)) {
                return true;
            }
            if (!isOCSPNoCheckExtension(certificateToken)) {
                boolean z = false;
                Date date2 = null;
                for (RevocationToken revocationToken : this.processedRevocations) {
                    if (Utils.areStringsEqual(certificateToken.getDSSIdAsString(), revocationToken.getRelatedCertificateID())) {
                        if (date == null || revocationToken.getThisUpdate().after(date)) {
                            z = true;
                            break;
                        }
                        if (revocationToken.getNextUpdate() != null && (date2 == null || revocationToken.getNextUpdate().before(date2))) {
                            date2 = revocationToken.getNextUpdate();
                        }
                    }
                }
                if (!z) {
                    if (date == null) {
                        LOG.debug("No revocation data found for certificate : {}", certificateToken.getDSSIdAsString());
                        return false;
                    }
                    if (date2 != null) {
                        LOG.warn("No revocation data found after the best signature time [{}] for the certificate : {}. \nThe nextUpdate available after : [{}]", new Object[]{date, certificateToken.getDSSIdAsString(), date2});
                        return false;
                    }
                    LOG.warn("No revocation data found after the best signature time [{}] for the certificate : {}", date, certificateToken.getDSSIdAsString());
                    return false;
                }
            }
        }
        return true;
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public boolean isAllPOECoveredByRevocationData() {
        for (Map.Entry<CertificateToken, Date> entry : this.lastUsageDates.entrySet()) {
            Date value = entry.getValue();
            CertificateToken key = entry.getKey();
            if (!isRevocationDataNotRequired(key)) {
                boolean z = false;
                Date date = null;
                Iterator<RevocationToken> it = this.processedRevocations.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    RevocationToken next = it.next();
                    if (Utils.areStringsEqual(key.getDSSIdAsString(), next.getRelatedCertificateID())) {
                        if (next.getProductionDate().after(value)) {
                            z = true;
                            break;
                        }
                        Date nextUpdate = next.getNextUpdate();
                        if (date == null || (nextUpdate != null && date.before(nextUpdate))) {
                            date = nextUpdate;
                        }
                    }
                }
                if (!z) {
                    LOG.debug("POE {} not covered by a valid revocation data (nextUpdate : {})", key.getDSSIdAsString(), date);
                    return false;
                }
            }
        }
        return true;
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public boolean isAllTimestampValid() {
        for (TimestampToken timestampToken : this.processedTimestamps) {
            if (!timestampToken.isSignatureValid() || !timestampToken.isMessageImprintDataFound().booleanValue() || !timestampToken.isMessageImprintDataIntact().booleanValue()) {
                LOG.warn("Invalid timestamp detected : {}", timestampToken.getDSSIdAsString());
                return false;
            }
        }
        return true;
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public boolean isAllCertificateValid() {
        for (CertificateToken certificateToken : this.processedCertificates) {
            if (!isRevocationDataNotRequired(certificateToken)) {
                for (RevocationToken revocationToken : this.processedRevocations) {
                    if (Utils.areStringsEqual(certificateToken.getDSSIdAsString(), revocationToken.getRelatedCertificateID()) && !Utils.isTrue(revocationToken.getStatus())) {
                        LOG.debug("Certificate {} is revoked", certificateToken.getDSSIdAsString());
                        return false;
                    }
                }
            }
        }
        return true;
    }

    private boolean isRevocationDataNotRequired(CertificateToken certificateToken) {
        return isSelfSignedOrTrusted(certificateToken) || isOCSPNoCheckExtension(certificateToken);
    }

    private boolean isSelfSignedOrTrusted(CertificateToken certificateToken) {
        return certificateToken.isSelfSigned() || isTrusted(certificateToken);
    }

    private boolean isOCSPNoCheckExtension(CertificateToken certificateToken) {
        return DSSASN1Utils.hasIdPkixOcspNoCheckExtension(certificateToken);
    }

    private boolean isRevocationDataRefreshNeeded(CertificateToken certificateToken, List<RevocationToken> list) {
        Date date = this.lastUsageDates.get(certificateToken);
        if (date == null) {
            return false;
        }
        boolean z = false;
        Iterator<RevocationToken> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            RevocationToken next = it.next();
            if (date.compareTo(next.getProductionDate()) < 0 && RevocationReason.CERTIFICATE_HOLD != next.getReason()) {
                z = true;
                break;
            }
        }
        if (z) {
            return false;
        }
        LOG.debug("Revocation data refresh is needed");
        return true;
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public boolean isAtLeastOneRevocationDataPresentAfterBestSignatureTime(CertificateToken certificateToken) {
        for (Map.Entry<CertificateToken, List<CertificateToken>> entry : getOrderedCertificateChains().entrySet()) {
            CertificateToken key = entry.getKey();
            if (!checkRevocationForCertificateChainAgainstBestSignatureTime(entry.getValue(), key.equals(certificateToken) ? getEarliestTimestampTime() : this.lastUsageDates.get(key))) {
                return false;
            }
        }
        return true;
    }

    private Date getEarliestTimestampTime() {
        Date date = null;
        for (TimestampToken timestampToken : getProcessedTimestamps()) {
            if (timestampToken.getTimeStampType().coversSignature()) {
                Date creationDate = timestampToken.getCreationDate();
                if (date == null || creationDate.before(date)) {
                    date = creationDate;
                }
            }
        }
        return date;
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public Set<CertificateToken> getProcessedCertificates() {
        return Collections.unmodifiableSet(this.processedCertificates);
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public Map<CertificateToken, Set<CertificateSourceType>> getCertificateSourceTypes() {
        Set<CertificateToken> processedCertificates = getProcessedCertificates();
        HashMap hashMap = new HashMap();
        for (CertificateToken certificateToken : processedCertificates) {
            hashMap.put(certificateToken, this.validationCertificatePool.getSources(certificateToken));
        }
        return hashMap;
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public Set<RevocationToken> getProcessedRevocations() {
        return Collections.unmodifiableSet(this.processedRevocations);
    }

    @Override // eu.europa.esig.dss.validation.ValidationContext
    public Set<TimestampToken> getProcessedTimestamps() {
        return Collections.unmodifiableSet(this.processedTimestamps);
    }

    private boolean isTrusted(Token token) {
        return (token instanceof CertificateToken) && this.validationCertificatePool.isTrusted((CertificateToken) token);
    }
}
