package eu.europa.esig.dss.validation.process.vpfswatsp.checks.vts;

import eu.europa.esig.dss.detailedreport.jaxb.XmlRFC;
import eu.europa.esig.dss.detailedreport.jaxb.XmlVTS;
import eu.europa.esig.dss.diagnostic.CertificateRevocationWrapper;
import eu.europa.esig.dss.diagnostic.CertificateWrapper;
import eu.europa.esig.dss.diagnostic.RevocationWrapper;
import eu.europa.esig.dss.diagnostic.TokenProxy;
import eu.europa.esig.dss.enumerations.Context;
import eu.europa.esig.dss.enumerations.Indication;
import eu.europa.esig.dss.enumerations.TimestampedObjectType;
import eu.europa.esig.dss.policy.SubContext;
import eu.europa.esig.dss.policy.ValidationPolicy;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.process.BasicBuildingBlockDefinition;
import eu.europa.esig.dss.validation.process.Chain;
import eu.europa.esig.dss.validation.process.ChainItem;
import eu.europa.esig.dss.validation.process.bbb.sav.checks.CryptographicCheck;
import eu.europa.esig.dss.validation.process.bbb.xcv.rfc.RevocationFreshnessChecker;
import eu.europa.esig.dss.validation.process.vpfswatsp.POEExtraction;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.vts.checks.POEExistsAtOrBeforeControlTimeCheck;
import eu.europa.esig.dss.validation.process.vpfswatsp.checks.vts.checks.SatisfyingRevocationDataExistsCheck;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/vpfswatsp/checks/vts/ValidationTimeSliding.class */
public class ValidationTimeSliding extends Chain<XmlVTS> {
    private final TokenProxy token;
    private final Date currentTime;
    private final Context context;
    private final POEExtraction poe;
    private final ValidationPolicy policy;
    private Date controlTime;

    public ValidationTimeSliding(TokenProxy tokenProxy, Date date, Context context, POEExtraction pOEExtraction, ValidationPolicy validationPolicy) {
        super(new XmlVTS());
        this.result.setTitle(BasicBuildingBlockDefinition.VALIDATION_TIME_SLIDING.getTitle());
        this.token = tokenProxy;
        this.currentTime = date;
        this.context = context;
        this.poe = pOEExtraction;
        this.policy = validationPolicy;
    }

    @Override // eu.europa.esig.dss.validation.process.Chain
    protected void initChain() {
        ChainItem<XmlVTS> nextItem;
        this.controlTime = this.currentTime;
        List<CertificateWrapper> certificateChain = this.token.getCertificateChain();
        if (Utils.isCollectionNotEmpty(certificateChain)) {
            List<CertificateWrapper> reduceChainUntilFirstTrustAnchor = reduceChainUntilFirstTrustAnchor(certificateChain);
            Collections.reverse(reduceChainUntilFirstTrustAnchor);
            ChainItem<XmlVTS> chainItem = null;
            for (CertificateWrapper certificateWrapper : reduceChainUntilFirstTrustAnchor) {
                if (!certificateWrapper.isTrusted()) {
                    CertificateRevocationWrapper certificateRevocationWrapper = null;
                    for (CertificateRevocationWrapper certificateRevocationWrapper2 : certificateWrapper.getCertificateRevocationData()) {
                        if (certificateRevocationWrapper == null || certificateRevocationWrapper2.getProductionDate().after(certificateRevocationWrapper.getProductionDate())) {
                            if (isConsistant(certificateWrapper, certificateRevocationWrapper2) && isIssuanceBeforeControlTime(certificateRevocationWrapper2)) {
                                certificateRevocationWrapper = certificateRevocationWrapper2;
                            }
                        }
                    }
                    if (chainItem == null) {
                        ChainItem<XmlVTS> satisfyingRevocationDataExists = satisfyingRevocationDataExists(certificateRevocationWrapper);
                        this.firstItem = satisfyingRevocationDataExists;
                        nextItem = satisfyingRevocationDataExists;
                    } else {
                        nextItem = chainItem.setNextItem(satisfyingRevocationDataExists(certificateRevocationWrapper));
                    }
                    ChainItem<XmlVTS> nextItem2 = nextItem.setNextItem(poeExistsAtOrBeforeControlTime(certificateWrapper, TimestampedObjectType.CERTIFICATE, this.controlTime)).setNextItem(poeExistsAtOrBeforeControlTime(certificateRevocationWrapper, TimestampedObjectType.REVOCATION, this.controlTime));
                    if (certificateRevocationWrapper != null) {
                        if (certificateRevocationWrapper.isRevoked()) {
                            this.controlTime = certificateRevocationWrapper.getRevocationDate();
                        } else if (!isFresh(certificateRevocationWrapper, this.controlTime)) {
                            this.controlTime = certificateRevocationWrapper.getProductionDate();
                        }
                    }
                    chainItem = nextItem2.setNextItem(cryptographicCheck(certificateWrapper, this.controlTime)).setNextItem(cryptographicCheck(certificateRevocationWrapper, this.controlTime));
                }
            }
        }
    }

    private List<CertificateWrapper> reduceChainUntilFirstTrustAnchor(List<CertificateWrapper> list) {
        ArrayList arrayList = new ArrayList();
        for (CertificateWrapper certificateWrapper : list) {
            arrayList.add(certificateWrapper);
            if (certificateWrapper.isTrusted()) {
                break;
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.validation.process.Chain
    public void addAdditionalInfo() {
        this.result.setControlTime(this.controlTime);
    }

    private boolean isFresh(RevocationWrapper revocationWrapper, Date date) {
        XmlRFC execute = new RevocationFreshnessChecker(revocationWrapper, date, this.context, SubContext.SIGNING_CERT, this.policy).execute();
        return (execute == null || execute.getConclusion() == null || !Indication.PASSED.equals(execute.getConclusion().getIndication())) ? false : true;
    }

    private ChainItem<XmlVTS> satisfyingRevocationDataExists(RevocationWrapper revocationWrapper) {
        return new SatisfyingRevocationDataExistsCheck(this.result, revocationWrapper, getFailLevelConstraint());
    }

    private ChainItem<XmlVTS> poeExistsAtOrBeforeControlTime(TokenProxy tokenProxy, TimestampedObjectType timestampedObjectType, Date date) {
        return new POEExistsAtOrBeforeControlTimeCheck(this.result, tokenProxy, timestampedObjectType, date, this.poe, getFailLevelConstraint());
    }

    private ChainItem<XmlVTS> cryptographicCheck(TokenProxy tokenProxy, Date date) {
        return new CryptographicCheck(this.result, tokenProxy, date, this.policy.getCertificateCryptographicConstraint(this.context, SubContext.SIGNING_CERT));
    }

    private boolean isConsistant(CertificateWrapper certificateWrapper, RevocationWrapper revocationWrapper) {
        CertificateWrapper signingCertificate;
        Date certificateTSPServiceExpiredCertsRevocationInfo;
        Date notBefore = certificateWrapper.getNotBefore();
        Date notAfter = certificateWrapper.getNotAfter();
        Date thisUpdate = revocationWrapper.getThisUpdate();
        Date date = thisUpdate;
        Date expiredCertsOnCRL = revocationWrapper.getExpiredCertsOnCRL();
        if (expiredCertsOnCRL != null) {
            date = expiredCertsOnCRL;
        }
        Date archiveCutOff = revocationWrapper.getArchiveCutOff();
        if (archiveCutOff != null) {
            date = archiveCutOff;
        }
        if (expiredCertsOnCRL != null && archiveCutOff != null && (signingCertificate = revocationWrapper.getSigningCertificate()) != null && (certificateTSPServiceExpiredCertsRevocationInfo = signingCertificate.getCertificateTSPServiceExpiredCertsRevocationInfo()) != null) {
            date = certificateTSPServiceExpiredCertsRevocationInfo;
        }
        return thisUpdate != null && notBefore.before(thisUpdate) && (notAfter.compareTo(date) >= 0 || (revocationWrapper.isCertHashExtensionPresent() && revocationWrapper.isCertHashExtensionMatch()));
    }

    private boolean isIssuanceBeforeControlTime(RevocationWrapper revocationWrapper) {
        return revocationWrapper.getProductionDate().before(this.controlTime);
    }
}
