package eu.europa.esig.dss.validation.process.bbb.xcv;

import eu.europa.esig.dss.detailedreport.jaxb.XmlConclusion;
import eu.europa.esig.dss.detailedreport.jaxb.XmlSubXCV;
import eu.europa.esig.dss.detailedreport.jaxb.XmlXCV;
import eu.europa.esig.dss.diagnostic.CertificateWrapper;
import eu.europa.esig.dss.enumerations.Context;
import eu.europa.esig.dss.i18n.I18nProvider;
import eu.europa.esig.dss.i18n.MessageTag;
import eu.europa.esig.dss.policy.SubContext;
import eu.europa.esig.dss.policy.ValidationPolicy;
import eu.europa.esig.dss.policy.jaxb.Level;
import eu.europa.esig.dss.policy.jaxb.LevelConstraint;
import eu.europa.esig.dss.policy.jaxb.Model;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.process.Chain;
import eu.europa.esig.dss.validation.process.ChainItem;
import eu.europa.esig.dss.validation.process.bbb.xcv.checks.CheckSubXCVResult;
import eu.europa.esig.dss.validation.process.bbb.xcv.checks.ProspectiveCertificateChainCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.checks.TrustServiceStatusCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.checks.TrustServiceTypeIdentifierCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.sub.SubX509CertificateValidation;
import java.util.Date;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/bbb/xcv/X509CertificateValidation.class */
public class X509CertificateValidation extends Chain<XmlXCV> {
    private final CertificateWrapper currentCertificate;
    private final Date validationDate;
    private final Date usageTime;
    private final Context context;
    private final ValidationPolicy validationPolicy;

    public X509CertificateValidation(I18nProvider i18nProvider, CertificateWrapper certificateWrapper, Date date, Context context, ValidationPolicy validationPolicy) {
        this(i18nProvider, certificateWrapper, date, date, context, validationPolicy);
    }

    public X509CertificateValidation(I18nProvider i18nProvider, CertificateWrapper certificateWrapper, Date date, Date date2, Context context, ValidationPolicy validationPolicy) {
        super(i18nProvider, new XmlXCV());
        this.currentCertificate = certificateWrapper;
        this.validationDate = date;
        this.usageTime = date2;
        this.context = context;
        this.validationPolicy = validationPolicy;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected MessageTag getTitle() {
        return MessageTag.X509_CERTIFICATE_VALIDATION;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void initChain() {
        ChainItem<XmlXCV> prospectiveCertificateChain = prospectiveCertificateChain();
        this.firstItem = prospectiveCertificateChain;
        if (this.currentCertificate.isTrusted() || this.currentCertificate.isTrustedChain() || !prospectiveCertificateChainCheckEnforced()) {
            ChainItem<XmlXCV> nextItem = prospectiveCertificateChain.setNextItem(trustServiceWithExpectedTypeIdentifier()).setNextItem(trustServiceWithExpectedStatus());
            this.result.getSubXCV().add(new SubX509CertificateValidation(this.i18nProvider, this.currentCertificate, this.validationDate, this.context, SubContext.SIGNING_CERT, this.validationPolicy).execute());
            boolean isTrusted = this.currentCertificate.isTrusted();
            Model validationModel = this.validationPolicy.getValidationModel();
            Date notBefore = Model.SHELL.equals(validationModel) ? this.validationDate : this.currentCertificate.getNotBefore();
            List<CertificateWrapper> certificateChain = this.currentCertificate.getCertificateChain();
            if (Utils.isCollectionNotEmpty(certificateChain)) {
                for (CertificateWrapper certificateWrapper : certificateChain) {
                    if (!isTrusted) {
                        this.result.getSubXCV().add(new SubX509CertificateValidation(this.i18nProvider, certificateWrapper, notBefore, this.context, SubContext.CA_CERTIFICATE, this.validationPolicy).execute());
                        isTrusted = certificateWrapper.isTrusted();
                        notBefore = Model.HYBRID.equals(validationModel) ? notBefore : Model.SHELL.equals(validationModel) ? this.validationDate : certificateWrapper.getNotBefore();
                    }
                }
            }
            Iterator it = this.result.getSubXCV().iterator();
            while (it.hasNext()) {
                nextItem = nextItem.setNextItem(checkSubXCVResult((XmlSubXCV) it.next()));
            }
        }
    }

    private ChainItem<XmlXCV> prospectiveCertificateChain() {
        return new ProspectiveCertificateChainCheck(this.i18nProvider, this.result, this.currentCertificate, this.context, this.validationPolicy.getProspectiveCertificateChainConstraint(this.context));
    }

    private ChainItem<XmlXCV> trustServiceWithExpectedTypeIdentifier() {
        return new TrustServiceTypeIdentifierCheck(this.i18nProvider, this.result, this.currentCertificate, this.usageTime, this.context, this.validationPolicy.getTrustServiceTypeIdentifierConstraint(this.context));
    }

    private ChainItem<XmlXCV> trustServiceWithExpectedStatus() {
        return new TrustServiceStatusCheck(this.i18nProvider, this.result, this.currentCertificate, this.usageTime, this.context, this.validationPolicy.getTrustServiceStatusConstraint(this.context));
    }

    private ChainItem<XmlXCV> checkSubXCVResult(XmlSubXCV xmlSubXCV) {
        return new CheckSubXCVResult(this.i18nProvider, this.result, xmlSubXCV, getFailLevelConstraint());
    }

    private boolean prospectiveCertificateChainCheckEnforced() {
        LevelConstraint prospectiveCertificateChainConstraint = this.validationPolicy.getProspectiveCertificateChainConstraint(this.context);
        return prospectiveCertificateChainConstraint != null && Level.FAIL == prospectiveCertificateChainConstraint.getLevel();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.validation.process.Chain
    public void collectAdditionalMessages(XmlConclusion xmlConclusion) {
        Iterator it = this.result.getSubXCV().iterator();
        while (it.hasNext()) {
            collectAllMessages(xmlConclusion, ((XmlSubXCV) it.next()).getConclusion());
        }
    }
}
