package eu.europa.esig.dss.validation.process.vpfswatsp.checks.vts;

import eu.europa.esig.dss.detailedreport.jaxb.XmlBasicBuildingBlocks;
import eu.europa.esig.dss.detailedreport.jaxb.XmlRFC;
import eu.europa.esig.dss.detailedreport.jaxb.XmlSAV;
import eu.europa.esig.dss.detailedreport.jaxb.XmlVTS;
import eu.europa.esig.dss.diagnostic.CertificateRevocationWrapper;
import eu.europa.esig.dss.diagnostic.CertificateWrapper;
import eu.europa.esig.dss.diagnostic.RevocationWrapper;
import eu.europa.esig.dss.diagnostic.TokenProxy;
import eu.europa.esig.dss.enumerations.Context;
import eu.europa.esig.dss.enumerations.Indication;
import eu.europa.esig.dss.enumerations.TimestampedObjectType;
import eu.europa.esig.dss.i18n.I18nProvider;
import eu.europa.esig.dss.i18n.MessageTag;
import eu.europa.esig.dss.policy.SubContext;
import eu.europa.esig.dss.policy.ValidationPolicy;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.process.Chain;
import eu.europa.esig.dss.validation.process.ChainItem;
import eu.europa.esig.dss.validation.process.ValidationProcessUtils;
import eu.europa.esig.dss.validation.process.bbb.sav.CertificateAcceptanceValidation;
import eu.europa.esig.dss.validation.process.bbb.sav.RevocationAcceptanceValidation;
import eu.europa.esig.dss.validation.process.bbb.xcv.rfc.RevocationFreshnessChecker;
import eu.europa.esig.dss.validation.process.vpfswatsp.POEExtraction;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.vts.checks.POEExistsAtOrBeforeControlTimeCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.vts.checks.SatisfyingRevocationDataExistsCheck;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/vpfswatsp/checks/vts/ValidationTimeSliding.class */
public class ValidationTimeSliding extends Chain<XmlVTS> {
    private final TokenProxy token;
    private final Date currentTime;
    private final XmlBasicBuildingBlocks bbb;
    private final Context context;
    private final POEExtraction poe;
    private final ValidationPolicy policy;
    private Date controlTime;

    public ValidationTimeSliding(I18nProvider i18nProvider, TokenProxy tokenProxy, Date date, POEExtraction pOEExtraction, XmlBasicBuildingBlocks xmlBasicBuildingBlocks, Context context, ValidationPolicy validationPolicy) {
        super(i18nProvider, new XmlVTS());
        this.token = tokenProxy;
        this.currentTime = date;
        this.bbb = xmlBasicBuildingBlocks;
        this.context = context;
        this.poe = pOEExtraction;
        this.policy = validationPolicy;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected MessageTag getTitle() {
        return MessageTag.VALIDATION_TIME_SLIDING;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void initChain() {
        this.controlTime = this.currentTime;
        List<CertificateWrapper> certificateChain = this.token.getCertificateChain();
        if (Utils.isCollectionNotEmpty(certificateChain)) {
            List<CertificateWrapper> reduceChainUntilFirstTrustAnchor = reduceChainUntilFirstTrustAnchor(certificateChain);
            Collections.reverse(reduceChainUntilFirstTrustAnchor);
            ChainItem<XmlVTS> chainItem = null;
            for (CertificateWrapper certificateWrapper : reduceChainUntilFirstTrustAnchor) {
                if (!certificateWrapper.isTrusted()) {
                    CertificateRevocationWrapper latestAcceptableRevocationData = ValidationProcessUtils.getLatestAcceptableRevocationData(certificateWrapper, this.bbb);
                    if (chainItem == null) {
                        ChainItem<XmlVTS> satisfyingRevocationDataExists = satisfyingRevocationDataExists(latestAcceptableRevocationData);
                        this.firstItem = satisfyingRevocationDataExists;
                        chainItem = satisfyingRevocationDataExists;
                    } else {
                        chainItem = chainItem.setNextItem(satisfyingRevocationDataExists(latestAcceptableRevocationData));
                    }
                    if (latestAcceptableRevocationData != null) {
                        chainItem = chainItem.setNextItem(poeExistsAtOrBeforeControlTime(certificateWrapper, TimestampedObjectType.CERTIFICATE, this.controlTime)).setNextItem(poeExistsAtOrBeforeControlTime(latestAcceptableRevocationData, TimestampedObjectType.REVOCATION, this.controlTime));
                        if (latestAcceptableRevocationData.isRevoked()) {
                            this.controlTime = latestAcceptableRevocationData.getRevocationDate();
                        } else if (!isFresh(latestAcceptableRevocationData, this.controlTime)) {
                            this.controlTime = latestAcceptableRevocationData.getProductionDate();
                        }
                        Date date = null;
                        XmlSAV certificateCryptographicAcceptanceResult = getCertificateCryptographicAcceptanceResult(certificateWrapper, this.controlTime);
                        if (!isValidConclusion(certificateCryptographicAcceptanceResult.getConclusion()) && certificateCryptographicAcceptanceResult.getCryptographicInfo() != null && certificateCryptographicAcceptanceResult.getCryptographicInfo().getNotAfter() != null) {
                            date = certificateCryptographicAcceptanceResult.getCryptographicInfo().getNotAfter();
                        }
                        XmlSAV revocationCryptographicAcceptanceResult = getRevocationCryptographicAcceptanceResult(latestAcceptableRevocationData, this.controlTime);
                        if (!isValidConclusion(revocationCryptographicAcceptanceResult.getConclusion()) && ((revocationCryptographicAcceptanceResult.getCryptographicInfo() != null && revocationCryptographicAcceptanceResult.getCryptographicInfo().getNotAfter() != null && date == null) || revocationCryptographicAcceptanceResult.getCryptographicInfo().getNotAfter().before(date))) {
                            date = revocationCryptographicAcceptanceResult.getCryptographicInfo().getNotAfter();
                        }
                        if (date != null && date.before(this.controlTime)) {
                            this.controlTime = date;
                        }
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.validation.process.Chain
    public void addAdditionalInfo() {
        this.result.setControlTime(this.controlTime);
    }

    private List<CertificateWrapper> reduceChainUntilFirstTrustAnchor(List<CertificateWrapper> list) {
        ArrayList arrayList = new ArrayList();
        for (CertificateWrapper certificateWrapper : list) {
            arrayList.add(certificateWrapper);
            if (certificateWrapper.isTrusted()) {
                break;
            }
        }
        return arrayList;
    }

    private boolean isFresh(RevocationWrapper revocationWrapper, Date date) {
        XmlRFC execute = new RevocationFreshnessChecker(this.i18nProvider, revocationWrapper, date, this.context, SubContext.SIGNING_CERT, this.policy).execute();
        return (execute == null || execute.getConclusion() == null || !Indication.PASSED.equals(execute.getConclusion().getIndication())) ? false : true;
    }

    private ChainItem<XmlVTS> satisfyingRevocationDataExists(RevocationWrapper revocationWrapper) {
        return new SatisfyingRevocationDataExistsCheck(this.i18nProvider, this.result, revocationWrapper, getFailLevelConstraint());
    }

    private ChainItem<XmlVTS> poeExistsAtOrBeforeControlTime(TokenProxy tokenProxy, TimestampedObjectType timestampedObjectType, Date date) {
        return new POEExistsAtOrBeforeControlTimeCheck(this.i18nProvider, this.result, tokenProxy, timestampedObjectType, date, this.poe, getFailLevelConstraint());
    }

    private XmlSAV getCertificateCryptographicAcceptanceResult(CertificateWrapper certificateWrapper, Date date) {
        return new CertificateAcceptanceValidation(this.i18nProvider, date, certificateWrapper, this.policy).execute();
    }

    private XmlSAV getRevocationCryptographicAcceptanceResult(RevocationWrapper revocationWrapper, Date date) {
        return new RevocationAcceptanceValidation(this.i18nProvider, date, revocationWrapper, this.policy).execute();
    }
}
