package eu.europa.esig.dss.spi.x509;

import eu.europa.esig.dss.enumerations.CertificateSourceType;
import eu.europa.esig.dss.model.identifier.EntityIdentifier;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.Token;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.utils.Utils;
import java.io.Serializable;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.util.CollectionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/spi/x509/CertificatePool.class */
public class CertificatePool implements Serializable {
    private static final long serialVersionUID = -3933224032299663242L;
    private static final Logger LOG = LoggerFactory.getLogger(CertificatePool.class);
    private Map<String, CertificatePoolEntity> entriesByPublicKeyHash = new HashMap();
    private Map<String, Set<CertificateToken>> tokensBySubject = new HashMap();

    public CertificatePool() {
        LOG.debug("New CertificatePool created");
    }

    public CertificateToken getInstance(CertificateToken certificateToken, CertificateSourceType certificateSourceType) {
        Objects.requireNonNull(certificateToken, "The certificate must be filled");
        Objects.requireNonNull(certificateSourceType, "The certificate source type must be set.");
        if (LOG.isTraceEnabled()) {
            LOG.trace("Certificate to add: {} | {}", certificateToken.getIssuerX500Principal(), certificateToken.getSerialNumber());
        }
        synchronized (this.entriesByPublicKeyHash) {
            String entityKey = certificateToken.getEntityKey();
            CertificatePoolEntity certificatePoolEntity = this.entriesByPublicKeyHash.get(entityKey);
            if (certificatePoolEntity == null) {
                LOG.trace("Public key {} is not in the pool", entityKey);
                this.entriesByPublicKeyHash.put(entityKey, new CertificatePoolEntity(certificateToken, certificateSourceType));
            } else {
                LOG.trace("Public key {} is already in the pool", entityKey);
                certificatePoolEntity.addEquivalentCertificate(certificateToken);
                certificatePoolEntity.addSource(certificateSourceType);
            }
        }
        synchronized (this.tokensBySubject) {
            String canonicalizedSubject = certificateToken.getCanonicalizedSubject();
            Set<CertificateToken> set = this.tokensBySubject.get(canonicalizedSubject);
            if (set == null) {
                set = new HashSet();
                this.tokensBySubject.put(canonicalizedSubject, set);
            }
            set.add(certificateToken);
        }
        return certificateToken;
    }

    public boolean isTrusted(CertificateToken certificateToken) {
        CertificatePoolEntity poolEntry = getPoolEntry(certificateToken);
        return poolEntry != null && poolEntry.isTrusted();
    }

    public Set<CertificateSourceType> getSources(CertificateToken certificateToken) {
        CertificatePoolEntity poolEntry = getPoolEntry(certificateToken);
        return poolEntry != null ? poolEntry.getSources() : Collections.emptySet();
    }

    public List<CertificateToken> getIssuers(Token token) {
        if (token.getPublicKeyOfTheSigner() != null) {
            return get(token.getPublicKeyOfTheSigner());
        }
        if (token.getIssuerX500Principal() != null) {
            for (CertificateToken certificateToken : get(token.getIssuerX500Principal())) {
                if (token.isSignedBy(certificateToken)) {
                    return get(certificateToken.getPublicKey());
                }
            }
        }
        return Collections.emptyList();
    }

    public CertificateToken getIssuer(Token token) {
        List<CertificateToken> issuers = getIssuers(token);
        if (!Utils.isCollectionNotEmpty(issuers)) {
            return null;
        }
        for (CertificateToken certificateToken : issuers) {
            if (certificateToken.isValidOn(token.getCreationDate())) {
                return certificateToken;
            }
        }
        LOG.warn("No issuer found for the token creation date. The process continues with an issuer which has the same public key.");
        return issuers.iterator().next();
    }

    public CertificateToken getTrustAnchor(CertificateToken certificateToken) {
        CertificatePoolEntity poolEntry = getPoolEntry(certificateToken);
        while (poolEntry != null) {
            List<CertificateToken> equivalentCertificates = poolEntry.getEquivalentCertificates();
            if (poolEntry.isTrusted()) {
                return equivalentCertificates.iterator().next();
            }
            ArrayList arrayList = new ArrayList();
            for (CertificateToken certificateToken2 : equivalentCertificates) {
                if (!certificateToken2.isSelfIssued() && certificateToken2.getPublicKeyOfTheSigner() != null) {
                    arrayList.add(certificateToken2.getPublicKeyOfTheSigner());
                }
            }
            if (!arrayList.isEmpty()) {
                if (arrayList.size() > 1) {
                    LOG.warn("More than one path found");
                }
                poolEntry = getPoolEntry((PublicKey) arrayList.iterator().next());
            }
        }
        return null;
    }

    public Set<CertificateToken> get(X500Principal x500Principal) {
        Set<CertificateToken> set = this.tokensBySubject.get(canonicalize(x500Principal));
        return set != null ? set : Collections.emptySet();
    }

    public List<CertificateToken> get(PublicKey publicKey) {
        CertificatePoolEntity certificatePoolEntity = this.entriesByPublicKeyHash.get(getPublicKeyHash(publicKey));
        return certificatePoolEntity != null ? certificatePoolEntity.getEquivalentCertificates() : Collections.emptyList();
    }

    public List<CertificateToken> getBySki(byte[] bArr) {
        for (CertificatePoolEntity certificatePoolEntity : this.entriesByPublicKeyHash.values()) {
            if (Arrays.equals(bArr, certificatePoolEntity.getSki())) {
                return certificatePoolEntity.getEquivalentCertificates();
            }
        }
        return Collections.emptyList();
    }

    public List<CertificateToken> getBySignerId(SignerId signerId) {
        Iterator<CertificatePoolEntity> it = this.entriesByPublicKeyHash.values().iterator();
        while (it.hasNext()) {
            List<CertificateToken> equivalentCertificates = it.next().getEquivalentCertificates();
            if (!new CollectionStore(Collections.singleton(DSSASN1Utils.getX509CertificateHolder(equivalentCertificates.iterator().next()))).getMatches(signerId).isEmpty()) {
                return equivalentCertificates;
            }
        }
        return Collections.emptyList();
    }

    private CertificatePoolEntity getPoolEntry(CertificateToken certificateToken) {
        return this.entriesByPublicKeyHash.get(certificateToken.getEntityKey());
    }

    private CertificatePoolEntity getPoolEntry(PublicKey publicKey) {
        return this.entriesByPublicKeyHash.get(getPublicKeyHash(publicKey));
    }

    private String getPublicKeyHash(PublicKey publicKey) {
        return new EntityIdentifier(publicKey).asXmlId();
    }

    private String canonicalize(X500Principal x500Principal) {
        return x500Principal.getName("CANONICAL");
    }

    public void importCerts(CertificateSource certificateSource) {
        List<CertificateToken> certificates = certificateSource.getCertificates();
        CertificateSourceType certificateSourceType = certificateSource.getCertificateSourceType();
        Iterator<CertificateToken> it = certificates.iterator();
        while (it.hasNext()) {
            getInstance(it.next(), certificateSourceType);
        }
    }

    public int getNumberOfEntities() {
        return this.entriesByPublicKeyHash.size();
    }

    public int getNumberOfCertificates() {
        int i = 0;
        Iterator<CertificatePoolEntity> it = this.entriesByPublicKeyHash.values().iterator();
        while (it.hasNext()) {
            i += it.next().getEquivalentCertificates().size();
        }
        return i;
    }

    public List<CertificateToken> getCertificateTokens() {
        ArrayList arrayList = new ArrayList();
        Iterator<CertificatePoolEntity> it = this.entriesByPublicKeyHash.values().iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().getEquivalentCertificates());
        }
        return arrayList;
    }
}
