package eu.europa.esig.dss.validation.process.bbb.xcv.rac;

import eu.europa.esig.dss.detailedreport.jaxb.XmlCRS;
import eu.europa.esig.dss.detailedreport.jaxb.XmlConclusion;
import eu.europa.esig.dss.detailedreport.jaxb.XmlRAC;
import eu.europa.esig.dss.diagnostic.CertificateRevocationWrapper;
import eu.europa.esig.dss.diagnostic.CertificateWrapper;
import eu.europa.esig.dss.diagnostic.TokenProxy;
import eu.europa.esig.dss.enumerations.Context;
import eu.europa.esig.dss.enumerations.RevocationType;
import eu.europa.esig.dss.i18n.I18nProvider;
import eu.europa.esig.dss.i18n.MessageTag;
import eu.europa.esig.dss.policy.SubContext;
import eu.europa.esig.dss.policy.ValidationPolicy;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.process.Chain;
import eu.europa.esig.dss.validation.process.ChainItem;
import eu.europa.esig.dss.validation.process.ValidationProcessUtils;
import eu.europa.esig.dss.validation.process.bbb.cv.checks.SignatureIntactCheck;
import eu.europa.esig.dss.validation.process.bbb.cv.checks.SignatureIntactWithIdCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.checks.ProspectiveCertificateChainCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.crs.CertificateRevocationSelector;
import eu.europa.esig.dss.validation.process.bbb.xcv.rac.checks.RevocationCertHashMatchCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.rac.checks.RevocationCertHashPresenceCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.rac.checks.RevocationConsistentCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.rac.checks.RevocationDataKnownCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.rac.checks.RevocationIssuerRevocationDataAvailableCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.rac.checks.SelfIssuedOCSPCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateRevocationSelectorResultCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.CertificateSelfSignedCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks.IdPkixOcspNoCheck;
import java.util.Date;
import java.util.Set;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/bbb/xcv/rac/RevocationAcceptanceChecker.class */
public class RevocationAcceptanceChecker extends Chain<XmlRAC> {
    private final CertificateWrapper certificate;
    private final CertificateRevocationWrapper revocationData;
    private final Date controlTime;
    private final ValidationPolicy policy;
    private final Set<String> validatedTokens;

    public RevocationAcceptanceChecker(I18nProvider i18nProvider, CertificateWrapper certificateWrapper, CertificateRevocationWrapper certificateRevocationWrapper, Date date, ValidationPolicy validationPolicy, Set<String> set) {
        super(i18nProvider, new XmlRAC());
        this.certificate = certificateWrapper;
        this.revocationData = certificateRevocationWrapper;
        this.controlTime = date;
        this.policy = validationPolicy;
        this.validatedTokens = set;
        this.result.setId(certificateRevocationWrapper.getId());
        this.result.setRevocationThisUpdate(certificateRevocationWrapper.getThisUpdate());
        this.result.setRevocationProductionDate(certificateRevocationWrapper.getProductionDate());
        this.validatedTokens.add(certificateWrapper.getId());
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected MessageTag getTitle() {
        return MessageTag.RAC;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void initChain() {
        ChainItem<XmlRAC> revocationDataKnown = revocationDataKnown();
        this.firstItem = revocationDataKnown;
        ChainItem<XmlRAC> chainItem = revocationDataKnown;
        if (RevocationType.OCSP.equals(this.revocationData.getRevocationType())) {
            ChainItem<XmlRAC> nextItem = chainItem.setNextItem(revocationCertHashPresent());
            if (this.revocationData.isCertHashExtensionPresent()) {
                nextItem = nextItem.setNextItem(revocationCertHashMatch());
            }
            chainItem = nextItem.setNextItem(selfIssuedOcsp());
        }
        ChainItem<XmlRAC> nextItem2 = chainItem.setNextItem(revocationDataConsistent()).setNextItem(revocationDataIntact()).setNextItem(prospectiveCertificateChain(this.revocationData.getSigningCertificate()));
        for (CertificateWrapper certificateWrapper : this.revocationData.getCertificateChain()) {
            if (certificateWrapper.isTrusted()) {
                return;
            }
            if (!isTokenValidated(certificateWrapper)) {
                nextItem2 = nextItem2.setNextItem(certificateIntact(certificateWrapper));
                if (certificateWrapper.isSelfSigned()) {
                    nextItem2 = nextItem2.setNextItem(selfSigned(certificateWrapper));
                }
                if (certificateWrapper.isIdPkixOcspNoCheck()) {
                    nextItem2 = nextItem2.setNextItem(idPkixOcspNoCheck(certificateWrapper));
                }
                if (ValidationProcessUtils.isRevocationCheckRequired(certificateWrapper)) {
                    SubContext subContext = this.revocationData.getSigningCertificate().getId().equals(certificateWrapper.getId()) ? SubContext.SIGNING_CERT : SubContext.CA_CERTIFICATE;
                    nextItem2 = nextItem2.setNextItem(revocationDataPresentForRevocationChain(certificateWrapper, subContext));
                    if (Utils.isCollectionNotEmpty(certificateWrapper.getCertificateRevocationData())) {
                        XmlCRS execute = new CertificateRevocationSelector(this.i18nProvider, certificateWrapper, this.controlTime, this.policy, this.validatedTokens).execute();
                        this.result.setCRS(execute);
                        nextItem2 = nextItem2.setNextItem(checkCertificateRevocationSelectorResult(execute, subContext));
                    }
                }
            }
        }
    }

    private ChainItem<XmlRAC> revocationDataKnown() {
        return new RevocationDataKnownCheck(this.i18nProvider, this.result, this.revocationData, this.policy.getUnknownStatusConstraint());
    }

    private ChainItem<XmlRAC> revocationCertHashPresent() {
        return new RevocationCertHashPresenceCheck(this.i18nProvider, this.result, this.revocationData, this.policy.getOCSPResponseCertHashPresentConstraint());
    }

    private ChainItem<XmlRAC> revocationCertHashMatch() {
        return new RevocationCertHashMatchCheck(this.i18nProvider, this.result, this.revocationData, this.policy.getOCSPResponseCertHashMatchConstraint());
    }

    private ChainItem<XmlRAC> selfIssuedOcsp() {
        return new SelfIssuedOCSPCheck(this.i18nProvider, this.result, this.certificate, this.revocationData, this.policy.getSelfIssuedOCSPConstraint());
    }

    private ChainItem<XmlRAC> revocationDataConsistent() {
        return new RevocationConsistentCheck(this.i18nProvider, this.result, this.certificate, this.revocationData, getFailLevelConstraint());
    }

    private ChainItem<XmlRAC> revocationDataIntact() {
        return new SignatureIntactCheck(this.i18nProvider, this.result, this.revocationData, Context.REVOCATION, this.policy.getSignatureIntactConstraint(Context.REVOCATION));
    }

    private ChainItem<XmlRAC> prospectiveCertificateChain(CertificateWrapper certificateWrapper) {
        return new ProspectiveCertificateChainCheck(this.i18nProvider, this.result, certificateWrapper, Context.REVOCATION, this.policy.getProspectiveCertificateChainConstraint(Context.REVOCATION));
    }

    private boolean isTokenValidated(TokenProxy tokenProxy) {
        boolean contains = this.validatedTokens.contains(tokenProxy.getId());
        this.validatedTokens.add(tokenProxy.getId());
        return contains;
    }

    private ChainItem<XmlRAC> certificateIntact(CertificateWrapper certificateWrapper) {
        return new SignatureIntactWithIdCheck(this.i18nProvider, this.result, certificateWrapper, Context.CERTIFICATE, this.policy.getSignatureIntactConstraint(Context.CERTIFICATE));
    }

    private ChainItem<XmlRAC> selfSigned(CertificateWrapper certificateWrapper) {
        return new CertificateSelfSignedCheck(this.i18nProvider, this.result, certificateWrapper, getWarnLevelConstraint());
    }

    private ChainItem<XmlRAC> idPkixOcspNoCheck(CertificateWrapper certificateWrapper) {
        return new IdPkixOcspNoCheck(this.i18nProvider, this.result, certificateWrapper, getWarnLevelConstraint());
    }

    private ChainItem<XmlRAC> revocationDataPresentForRevocationChain(CertificateWrapper certificateWrapper, SubContext subContext) {
        return new RevocationIssuerRevocationDataAvailableCheck(this.i18nProvider, this.result, certificateWrapper, this.policy.getRevocationDataAvailableConstraint(Context.REVOCATION, subContext));
    }

    private ChainItem<XmlRAC> checkCertificateRevocationSelectorResult(XmlCRS xmlCRS, SubContext subContext) {
        return new CertificateRevocationSelectorResultCheck(this.i18nProvider, this.result, xmlCRS, this.policy.getAcceptableRevocationDataFoundConstraint(Context.REVOCATION, subContext));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.validation.process.Chain
    public void collectAdditionalMessages(XmlConclusion xmlConclusion) {
        super.collectAdditionalMessages(xmlConclusion);
        XmlCRS crs = this.result.getCRS();
        if (crs != null) {
            super.collectAllMessages(xmlConclusion, crs.getConclusion());
        }
    }
}
