package eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv;

import eu.europa.esig.dss.detailedreport.jaxb.XmlBasicBuildingBlocks;
import eu.europa.esig.dss.detailedreport.jaxb.XmlName;
import eu.europa.esig.dss.detailedreport.jaxb.XmlPCV;
import eu.europa.esig.dss.detailedreport.jaxb.XmlPSV;
import eu.europa.esig.dss.diagnostic.CertificateRevocationWrapper;
import eu.europa.esig.dss.diagnostic.CertificateWrapper;
import eu.europa.esig.dss.diagnostic.TokenProxy;
import eu.europa.esig.dss.enumerations.Context;
import eu.europa.esig.dss.enumerations.Indication;
import eu.europa.esig.dss.enumerations.SubIndication;
import eu.europa.esig.dss.i18n.I18nProvider;
import eu.europa.esig.dss.i18n.MessageTag;
import eu.europa.esig.dss.policy.SubContext;
import eu.europa.esig.dss.policy.ValidationPolicy;
import eu.europa.esig.dss.validation.process.Chain;
import eu.europa.esig.dss.validation.process.ChainItem;
import eu.europa.esig.dss.validation.process.ValidationProcessUtils;
import eu.europa.esig.dss.validation.process.bbb.sav.checks.CryptographicCheck;
import eu.europa.esig.dss.validation.process.vpfltvd.checks.BestSignatureTimeNotBeforeCertificateIssuanceCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.POEExtraction;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.pcv.PastCertificateValidation;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv.checks.BestSignatureTimeAfterCertificateIssuanceAndBeforeCertificateExpirationCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv.checks.CurrentTimeIndicationCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv.checks.POEExistsCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.psv.checks.PastCertificateValidationAcceptableCheck;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/vpfswatsp/checks/psv/PastSignatureValidation.class */
public class PastSignatureValidation extends Chain<XmlPSV> {
    private final TokenProxy token;
    private final Map<String, XmlBasicBuildingBlocks> bbbs;
    private final POEExtraction poe;
    private final Date currentTime;
    private final ValidationPolicy policy;
    private final Context context;

    public PastSignatureValidation(I18nProvider i18nProvider, TokenProxy tokenProxy, Map<String, XmlBasicBuildingBlocks> map, POEExtraction pOEExtraction, Date date, ValidationPolicy validationPolicy, Context context) {
        super(i18nProvider, new XmlPSV());
        this.token = tokenProxy;
        this.bbbs = map;
        this.poe = pOEExtraction;
        this.currentTime = date;
        this.policy = validationPolicy;
        this.context = context;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected MessageTag getTitle() {
        return MessageTag.PAST_SIGNATURE_VALIDATION;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void initChain() {
        XmlBasicBuildingBlocks xmlBasicBuildingBlocks = this.bbbs.get(this.token.getId());
        Indication indication = xmlBasicBuildingBlocks.getConclusion().getIndication();
        SubIndication subIndication = xmlBasicBuildingBlocks.getConclusion().getSubIndication();
        List<XmlName> errors = xmlBasicBuildingBlocks.getConclusion().getErrors();
        XmlPCV execute = new PastCertificateValidation(this.i18nProvider, this.token, xmlBasicBuildingBlocks, this.poe, this.currentTime, this.policy, this.context).execute();
        xmlBasicBuildingBlocks.setPCV(execute);
        ChainItem<XmlPSV> pastCertificateValidationAcceptableCheck = pastCertificateValidationAcceptableCheck(execute);
        this.firstItem = pastCertificateValidationAcceptableCheck;
        Date controlTime = execute.getControlTime();
        if (controlTime != null && this.poe.isPOEExists(this.token.getId(), controlTime)) {
            this.result.setControlTime(controlTime);
            if (Indication.INDETERMINATE.equals(indication) && (SubIndication.REVOKED_NO_POE.equals(subIndication) || SubIndication.REVOKED_CA_NO_POE.equals(subIndication))) {
                pastCertificateValidationAcceptableCheck.setNextItem(poeExist());
                return;
            } else if (Indication.INDETERMINATE.equals(indication) && (SubIndication.OUT_OF_BOUNDS_NO_POE.equals(subIndication) || SubIndication.OUT_OF_BOUNDS_NOT_REVOKED.equals(subIndication))) {
                Date lowestPOETime = this.poe.getLowestPOETime(this.token.getId());
                CertificateWrapper signingCertificate = this.token.getSigningCertificate();
                pastCertificateValidationAcceptableCheck.setNextItem(bestSignatureTimeNotBeforeCertificateIssuance(lowestPOETime, signingCertificate)).setNextItem(bestSignatureTimeAfterCertificateIssuanceAndBeforeCertificateExpiration(lowestPOETime, signingCertificate, subIndication));
                return;
            }
        }
        if (Indication.INDETERMINATE.equals(indication) && SubIndication.CRYPTO_CONSTRAINTS_FAILURE_NO_POE.equals(subIndication)) {
            certificateChainReliableAtPoeTime(pastCertificateValidationAcceptableCheck.setNextItem(tokenUsedAlgorithmsAreSecureAtPoeTime(this.token, this.context)), this.context);
        } else {
            pastCertificateValidationAcceptableCheck.setNextItem(currentTimeIndicationCheck(indication, subIndication, errors));
        }
    }

    private ChainItem<XmlPSV> currentTimeIndicationCheck(Indication indication, SubIndication subIndication, List<XmlName> list) {
        return new CurrentTimeIndicationCheck(this.i18nProvider, this.result, indication, subIndication, list, getFailLevelConstraint());
    }

    private ChainItem<XmlPSV> pastCertificateValidationAcceptableCheck(XmlPCV xmlPCV) {
        return new PastCertificateValidationAcceptableCheck(this.i18nProvider, this.result, xmlPCV, this.token.getId(), getFailLevelConstraint());
    }

    private ChainItem<XmlPSV> poeExist() {
        return new POEExistsCheck(this.i18nProvider, this.result, getFailLevelConstraint());
    }

    private ChainItem<XmlPSV> bestSignatureTimeNotBeforeCertificateIssuance(Date date, CertificateWrapper certificateWrapper) {
        return new BestSignatureTimeNotBeforeCertificateIssuanceCheck(this.i18nProvider, this.result, date, certificateWrapper, getFailLevelConstraint());
    }

    private ChainItem<XmlPSV> bestSignatureTimeAfterCertificateIssuanceAndBeforeCertificateExpiration(Date date, CertificateWrapper certificateWrapper, SubIndication subIndication) {
        return new BestSignatureTimeAfterCertificateIssuanceAndBeforeCertificateExpirationCheck(this.i18nProvider, this.result, date, certificateWrapper, subIndication, getFailLevelConstraint());
    }

    private CryptographicCheck<XmlPSV> tokenUsedAlgorithmsAreSecureAtPoeTime(TokenProxy tokenProxy, Context context) {
        return new CryptographicCheck<>(this.i18nProvider, this.result, tokenProxy, getLowestPoeTime(this.token), this.policy.getSignatureCryptographicConstraint(context));
    }

    private ChainItem<XmlPSV> certificateChainReliableAtPoeTime(ChainItem<XmlPSV> chainItem, Context context) {
        return certificateChainReliableAtPoeTime(chainItem, this.token.getCertificateChain(), context, new ArrayList());
    }

    private ChainItem<XmlPSV> certificateChainReliableAtPoeTime(ChainItem<XmlPSV> chainItem, List<CertificateWrapper> list, Context context, List<String> list2) {
        for (CertificateWrapper certificateWrapper : list) {
            if (certificateWrapper.isTrusted()) {
                break;
            }
            if (!list2.contains(certificateWrapper.getId())) {
                list2.add(certificateWrapper.getId());
                chainItem = chainItem.setNextItem(new CryptographicCheck(this.i18nProvider, this.result, certificateWrapper, getLowestPoeTime(certificateWrapper), this.policy.getCertificateCryptographicConstraint(context, this.token.getSigningCertificate().getId().equals(certificateWrapper.getId()) ? SubContext.SIGNING_CERT : SubContext.CA_CERTIFICATE)));
                CertificateRevocationWrapper latestAcceptableRevocationData = ValidationProcessUtils.getLatestAcceptableRevocationData(certificateWrapper, this.bbbs.get(this.token.getId()));
                if (latestAcceptableRevocationData != null && !list2.contains(latestAcceptableRevocationData.getId())) {
                    list2.add(latestAcceptableRevocationData.getId());
                    chainItem = certificateChainReliableAtPoeTime(chainItem.setNextItem(new CryptographicCheck(this.i18nProvider, this.result, latestAcceptableRevocationData, getLowestPoeTime(latestAcceptableRevocationData), this.policy.getSignatureCryptographicConstraint(Context.REVOCATION))), latestAcceptableRevocationData.getCertificateChain(), Context.REVOCATION, list2);
                }
            }
        }
        return chainItem;
    }

    private Date getLowestPoeTime(TokenProxy tokenProxy) {
        return this.poe.getLowestPOETime(tokenProxy.getId());
    }
}
