package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.enumerations.CertificateSourceType;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.x509.CommonCertificateSource;
import eu.europa.esig.dss.spi.x509.TokenIssuerSelector;
import eu.europa.esig.dss.spi.x509.aia.AIASource;
import eu.europa.esig.dss.utils.Utils;
import java.security.PublicKey;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/AIACertificateSource.class */
public class AIACertificateSource extends CommonCertificateSource {
    private static final long serialVersionUID = -2604947158902474169L;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AIACertificateSource.class);
    private final CertificateToken certificate;
    private final AIASource aiaSource;

    public AIACertificateSource(CertificateToken certificateToken, AIASource aIASource) {
        Objects.requireNonNull(certificateToken, "The certificate cannot be null");
        Objects.requireNonNull(aIASource, "The aiaSource cannot be null");
        this.certificate = certificateToken;
        this.aiaSource = aIASource;
    }

    public CertificateToken getIssuerFromAIA() {
        LOG.info("Retrieving {} certificate's issuer using AIA.", this.certificate.getAbbreviation());
        Set<CertificateToken> certificatesByAIA = this.aiaSource.getCertificatesByAIA(this.certificate);
        if (!Utils.isCollectionNotEmpty(certificatesByAIA)) {
            return null;
        }
        CertificateToken findBestBridgeCertificate = findBestBridgeCertificate(certificatesByAIA);
        if (findBestBridgeCertificate != null) {
            addCertificate(findBestBridgeCertificate);
            return findBestBridgeCertificate;
        }
        Iterator<CertificateToken> it = certificatesByAIA.iterator();
        while (it.hasNext()) {
            addCertificate(it.next());
        }
        CertificateToken issuer = new TokenIssuerSelector(this.certificate, certificatesByAIA).getIssuer();
        if (issuer == null) {
            LOG.warn("The retrieved certificate(s) using AIA do not sign the certificate with Id : {}.", this.certificate.getDSSIdAsString());
        }
        return issuer;
    }

    private CertificateToken findBestBridgeCertificate(Collection<CertificateToken> collection) {
        if (Utils.collectionSize(collection) <= 1) {
            return null;
        }
        PublicKey publicKey = null;
        CertificateToken certificateToken = null;
        Iterator<CertificateToken> it = collection.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            CertificateToken next = it.next();
            PublicKey publicKey2 = next.getPublicKey();
            if (publicKey == null) {
                if (!this.certificate.isSignedBy(next)) {
                    return null;
                }
                publicKey = publicKey2;
                if (certificateToken == null) {
                    certificateToken = next;
                }
            } else if (!publicKey2.equals(publicKey)) {
                return null;
            }
            if (this.certificate.getIssuerX500Principal().equals(next.getSubject().getPrincipal())) {
                certificateToken = next;
            }
            if (next.isValidOn(this.certificate.getCreationDate())) {
                certificateToken = next;
                break;
            }
        }
        return certificateToken;
    }

    @Override // eu.europa.esig.dss.spi.x509.CommonCertificateSource, eu.europa.esig.dss.spi.x509.CertificateSource
    public CertificateSourceType getCertificateSourceType() {
        return CertificateSourceType.AIA;
    }
}
