package eu.europa.esig.dss.xades.validation;

import eu.europa.esig.dss.DomUtils;
import eu.europa.esig.dss.enumerations.CertificateRefOrigin;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.CertificatePool;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.CertificateRef;
import eu.europa.esig.dss.validation.IssuerSerialInfo;
import eu.europa.esig.dss.validation.SignatureCertificateSource;
import eu.europa.esig.dss.xades.DSSXMLUtils;
import eu.europa.esig.dss.xades.XPathQueryHolder;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:eu/europa/esig/dss/xades/validation/XAdESCertificateSource.class */
public class XAdESCertificateSource extends SignatureCertificateSource {
    private static final Logger LOG = LoggerFactory.getLogger(XAdESCertificateSource.class);
    private final Element signatureElement;
    private final XPathQueryHolder xPathQueryHolder;
    private List<CertificateToken> keyInfoCertificates;
    private List<CertificateToken> certificateValues;
    private List<CertificateToken> attrAuthoritiesCertValues;
    private List<CertificateToken> timeStampValidationDataCertValues;
    private List<CertificateRef> signingCertificateValues;
    private List<CertificateRef> completeCertificateRefs;
    private List<CertificateRef> attributeCertificateRefs;

    public XAdESCertificateSource(Element element, XPathQueryHolder xPathQueryHolder, CertificatePool certificatePool) {
        super(certificatePool);
        Objects.requireNonNull(element, "Element signature must not be null");
        Objects.requireNonNull(xPathQueryHolder, "XPathQueryHolder must not be null");
        this.signatureElement = element;
        this.xPathQueryHolder = xPathQueryHolder;
        getKeyInfoCertificates();
        getCertificateValues();
        getAttrAuthoritiesCertValues();
        getTimeStampValidationDataCertValues();
        if (LOG.isInfoEnabled()) {
            LOG.info("+XAdESCertificateSource");
        }
    }

    public List<CertificateToken> getKeyInfoCertificates() {
        if (this.keyInfoCertificates == null) {
            Objects.requireNonNull(this.xPathQueryHolder);
            this.keyInfoCertificates = getCertificates("./ds:KeyInfo/ds:X509Data/ds:X509Certificate");
        }
        return this.keyInfoCertificates;
    }

    public List<CertificateToken> getCertificateValues() {
        if (this.certificateValues == null) {
            this.certificateValues = getCertificates(this.xPathQueryHolder.XPATH_ENCAPSULATED_X509_CERTIFICATE);
        }
        return this.certificateValues;
    }

    public List<CertificateToken> getAttrAuthoritiesCertValues() {
        if (this.attrAuthoritiesCertValues == null) {
            this.attrAuthoritiesCertValues = getCertificates(this.xPathQueryHolder.XPATH_AUTH_ENCAPSULATED_X509_CERTIFICATE);
        }
        return this.attrAuthoritiesCertValues;
    }

    public List<CertificateToken> getTimeStampValidationDataCertValues() {
        if (this.timeStampValidationDataCertValues == null) {
            this.timeStampValidationDataCertValues = getCertificates(this.xPathQueryHolder.XPATH_TSVD_ENCAPSULATED_X509_CERTIFICATE);
        }
        return this.timeStampValidationDataCertValues;
    }

    private List<CertificateToken> getCertificates(String str) {
        ArrayList arrayList = new ArrayList();
        NodeList nodeList = DomUtils.getNodeList(this.signatureElement, str);
        for (int i = 0; i < nodeList.getLength(); i++) {
            Element element = (Element) nodeList.item(i);
            try {
                CertificateToken addCertificate = addCertificate(DSSUtils.loadCertificate(Utils.fromBase64(element.getTextContent())));
                if (!arrayList.contains(addCertificate)) {
                    arrayList.add(addCertificate);
                }
            } catch (Exception e) {
                LOG.warn("Unable to parse certificate '{}' : {}", element.getTextContent(), e.getMessage());
            }
        }
        return arrayList;
    }

    public List<CertificateRef> getSigningCertificateValues() {
        if (this.signingCertificateValues == null) {
            this.signingCertificateValues = new ArrayList();
            NodeList nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_SIGNING_CERTIFICATE_CERT);
            if (nodeList != null && nodeList.getLength() != 0) {
                this.signingCertificateValues.addAll(extractXAdESCertsV1(nodeList, CertificateRefOrigin.SIGNING_CERTIFICATE));
            }
            NodeList nodeList2 = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_SIGNING_CERTIFICATE_CERT_V2);
            if (nodeList2 != null && nodeList2.getLength() != 0) {
                this.signingCertificateValues.addAll(extractXAdESCertsV2(nodeList2, CertificateRefOrigin.SIGNING_CERTIFICATE));
            }
            if (Utils.isCollectionEmpty(this.signingCertificateValues)) {
                LOG.warn("No signing certificate tag found");
            }
        }
        return this.signingCertificateValues;
    }

    public List<CertificateRef> getCompleteCertificateRefs() {
        if (this.completeCertificateRefs == null) {
            this.completeCertificateRefs = new ArrayList();
            NodeList nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_CCR_CERT_REFS_CERT);
            if (nodeList != null && nodeList.getLength() != 0) {
                this.completeCertificateRefs.addAll(extractXAdESCertsV1(nodeList, CertificateRefOrigin.COMPLETE_CERTIFICATE_REFS));
            }
            NodeList nodeList2 = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_CCRV2_CERT_REFS_CERT);
            if (nodeList2 != null && nodeList2.getLength() != 0) {
                this.completeCertificateRefs.addAll(extractXAdESCertsV2(nodeList2, CertificateRefOrigin.COMPLETE_CERTIFICATE_REFS));
            }
        }
        return this.completeCertificateRefs;
    }

    public List<CertificateRef> getAttributeCertificateRefs() {
        if (this.attributeCertificateRefs == null) {
            this.attributeCertificateRefs = new ArrayList();
            NodeList nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_ACR_CERT_REFS_CERT);
            if (nodeList != null && nodeList.getLength() != 0) {
                this.attributeCertificateRefs.addAll(extractXAdESCertsV1(nodeList, CertificateRefOrigin.ATTRIBUTE_CERTIFICATE_REFS));
            }
            NodeList nodeList2 = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_ACRV2_CERT_REFS_CERT);
            if (nodeList2 != null && nodeList2.getLength() != 0) {
                this.attributeCertificateRefs.addAll(extractXAdESCertsV2(nodeList2, CertificateRefOrigin.ATTRIBUTE_CERTIFICATE_REFS));
            }
        }
        return this.attributeCertificateRefs;
    }

    private List<CertificateRef> extractXAdESCertsV1(NodeList nodeList, CertificateRefOrigin certificateRefOrigin) {
        Digest certDigest;
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < nodeList.getLength(); i++) {
            Element element = (Element) nodeList.item(i);
            if (element != null && (certDigest = DSSXMLUtils.getCertDigest(element, this.xPathQueryHolder)) != null) {
                CertificateRef certificateRef = new CertificateRef();
                certificateRef.setCertDigest(certDigest);
                certificateRef.setIssuerInfo(getIssuerV1(element));
                certificateRef.setOrigin(certificateRefOrigin);
                arrayList.add(certificateRef);
            }
        }
        return arrayList;
    }

    private List<CertificateRef> extractXAdESCertsV2(NodeList nodeList, CertificateRefOrigin certificateRefOrigin) {
        Digest certDigest;
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < nodeList.getLength(); i++) {
            Element element = (Element) nodeList.item(i);
            if (element != null && (certDigest = DSSXMLUtils.getCertDigest(element, this.xPathQueryHolder)) != null) {
                CertificateRef certificateRef = new CertificateRef();
                certificateRef.setCertDigest(certDigest);
                certificateRef.setIssuerInfo(getIssuerV2(element));
                certificateRef.setOrigin(certificateRefOrigin);
                arrayList.add(certificateRef);
            }
        }
        return arrayList;
    }

    private IssuerSerialInfo getIssuerV1(Element element) {
        IssuerSerialInfo issuerSerialInfo = new IssuerSerialInfo();
        Element element2 = DomUtils.getElement(element, this.xPathQueryHolder.XPATH__X509_ISSUER_NAME);
        if (element2 != null) {
            issuerSerialInfo.setIssuerName(DSSUtils.getX500PrincipalOrNull(element2.getTextContent()));
        }
        Element element3 = DomUtils.getElement(element, this.xPathQueryHolder.XPATH__X509_SERIAL_NUMBER);
        if (element3 != null) {
            issuerSerialInfo.setSerialNumber(new BigInteger(element3.getTextContent().trim()));
        }
        return issuerSerialInfo;
    }

    private IssuerSerialInfo getIssuerV2(Element element) {
        Element element2 = DomUtils.getElement(element, this.xPathQueryHolder.XPATH__X509_ISSUER_V2);
        if (element2 == null) {
            return null;
        }
        return getIssuerInfo(DSSASN1Utils.getIssuerSerial(Utils.fromBase64(element2.getTextContent())));
    }
}
