package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.x509.CertificateValidity;
import eu.europa.esig.dss.spi.x509.ListCertificateSource;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.DefaultAdvancedSignature;
import eu.europa.esig.dss.validation.timestamp.TimestampToken;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/BaselineRequirementsChecker.class */
public abstract class BaselineRequirementsChecker<AS extends DefaultAdvancedSignature> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) BaselineRequirementsChecker.class);
    protected final AS signature;
    private final CertificateVerifier offlineCertificateVerifier;
    private ValidationContext validationContext;

    /* JADX INFO: Access modifiers changed from: protected */
    public BaselineRequirementsChecker(AS as, CertificateVerifier certificateVerifier) {
        this.signature = as;
        this.offlineCertificateVerifier = certificateVerifier;
    }

    public abstract boolean hasBaselineBProfile();

    public abstract boolean hasBaselineTProfile();

    public abstract boolean hasBaselineLTProfile();

    public abstract boolean hasBaselineLTAProfile();

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean signatureTimestampsCreatedBeforeSignCertExpiration() {
        CertificateToken signingCertificateToken = this.signature.getSigningCertificateToken();
        if (signingCertificateToken == null || signingCertificateToken.getNotAfter() == null) {
            return true;
        }
        Iterator<TimestampToken> it = this.signature.getSignatureTimestamps().iterator();
        while (it.hasNext()) {
            if (signingCertificateToken.getNotAfter().before(it.next().getGenerationTime())) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean minimalTRequirement() {
        if (Utils.isCollectionEmpty(this.signature.getSignatureTimestamps())) {
            LOG.trace("SignatureTimeStamp shall be present for BASELINE-T signature (cardinality >= 1)!");
            return false;
        }
        CertificateToken signingCertificateToken = this.signature.getSigningCertificateToken();
        if (signingCertificateToken == null) {
            return true;
        }
        Iterator<TimestampToken> it = this.signature.getSignatureTimestamps().iterator();
        while (it.hasNext()) {
            if (!it.next().getCreationDate().before(signingCertificateToken.getNotAfter())) {
                LOG.warn("SignatureTimeStamp shall be generated before the signing certificate expiration for BASELINE-T signature!");
                return false;
            }
        }
        return true;
    }

    public boolean minimalLTRequirement() {
        Objects.requireNonNull(this.offlineCertificateVerifier, "offlineCertificateVerifier cannot be null!");
        ListCertificateSource certificateSourcesExceptLastArchiveTimestamp = getCertificateSourcesExceptLastArchiveTimestamp();
        boolean z = (((certificateSourcesExceptLastArchiveTimestamp.getNumberOfCertificates() > 0) && certificateSourcesExceptLastArchiveTimestamp.isAllSelfSigned()) || (this.signature.getCompleteCRLSource().getAllRevocationBinaries().isEmpty() && this.signature.getCompleteOCSPSource().getAllRevocationBinaries().isEmpty())) ? false : true;
        return z ? isAllRevocationDataPresent() : z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ListCertificateSource getCertificateSourcesExceptLastArchiveTimestamp() {
        ListCertificateSource listCertificateSource = new ListCertificateSource(this.signature.getCertificateSource());
        listCertificateSource.addAll(this.signature.getTimestampSource().getTimestampCertificateSourcesExceptLastArchiveTimestamp());
        listCertificateSource.addAll(this.signature.getCounterSignaturesCertificateSource());
        return listCertificateSource;
    }

    private boolean isAllRevocationDataPresent() {
        return getValidationContext().checkAllRequiredRevocationDataPresent();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ValidationContext getValidationContext() {
        if (this.validationContext == null) {
            this.validationContext = new SignatureValidationContext();
            this.validationContext.initialize(this.offlineCertificateVerifier);
            this.validationContext.addDocumentCertificateSource(this.signature.getCompleteCertificateSource());
            this.validationContext.addDocumentCRLSource(this.signature.getCompleteCRLSource());
            this.validationContext.addDocumentOCSPSource(this.signature.getCompleteOCSPSource());
            addSignatureForVerification(this.validationContext, this.signature);
            this.validationContext.validate();
        }
        return this.validationContext;
    }

    private void addSignatureForVerification(ValidationContext validationContext, AdvancedSignature advancedSignature) {
        CertificateToken signingCertificateToken = advancedSignature.getSigningCertificateToken();
        if (signingCertificateToken != null) {
            validationContext.addCertificateTokenForVerification(signingCertificateToken);
        } else {
            List<CertificateValidity> certificateValidityList = advancedSignature.getCandidatesForSigningCertificate().getCertificateValidityList();
            if (Utils.isCollectionNotEmpty(certificateValidityList)) {
                for (CertificateValidity certificateValidity : certificateValidityList) {
                    if (certificateValidity.isValid() && certificateValidity.getCertificateToken() != null) {
                        validationContext.addCertificateTokenForVerification(certificateValidity.getCertificateToken());
                    }
                }
            }
        }
        Iterator<TimestampToken> it = advancedSignature.getTimestampSource().getAllTimestampsExceptLastArchiveTimestamp().iterator();
        while (it.hasNext()) {
            validationContext.addTimestampTokenForVerification(it.next());
        }
    }

    public boolean minimalLTARequirement() {
        if (!Utils.isCollectionEmpty(this.signature.getArchiveTimestamps())) {
            return true;
        }
        LOG.trace("ArchiveTimeStamp shall be present for BASELINE-LTA signature (cardinality >= 1)!");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean containsSigningCertificate(Collection<CertificateToken> collection) {
        CertificateToken signingCertificateToken = this.signature.getSigningCertificateToken();
        Iterator<CertificateToken> it = collection.iterator();
        while (it.hasNext()) {
            if (it.next().equals(signingCertificateToken)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSignaturePolicyIdentifierHashPresent() {
        Digest digest;
        SignaturePolicy signaturePolicy = this.signature.getSignaturePolicy();
        return (signaturePolicy == null || (digest = signaturePolicy.getDigest()) == null || digest.getAlgorithm() == null) ? false : true;
    }
}
