package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.diagnostic.jaxb.XmlBasicSignature;
import eu.europa.esig.dss.diagnostic.jaxb.XmlCertificate;
import eu.europa.esig.dss.diagnostic.jaxb.XmlCertificatePolicy;
import eu.europa.esig.dss.diagnostic.jaxb.XmlCertificateRef;
import eu.europa.esig.dss.diagnostic.jaxb.XmlCertificateRevocation;
import eu.europa.esig.dss.diagnostic.jaxb.XmlChainItem;
import eu.europa.esig.dss.diagnostic.jaxb.XmlDiagnosticData;
import eu.europa.esig.dss.diagnostic.jaxb.XmlDigestAlgoAndValue;
import eu.europa.esig.dss.diagnostic.jaxb.XmlDistinguishedName;
import eu.europa.esig.dss.diagnostic.jaxb.XmlEncapsulationType;
import eu.europa.esig.dss.diagnostic.jaxb.XmlFoundCertificates;
import eu.europa.esig.dss.diagnostic.jaxb.XmlIssuerSerial;
import eu.europa.esig.dss.diagnostic.jaxb.XmlOID;
import eu.europa.esig.dss.diagnostic.jaxb.XmlOrphanCertificate;
import eu.europa.esig.dss.diagnostic.jaxb.XmlOrphanCertificateToken;
import eu.europa.esig.dss.diagnostic.jaxb.XmlOrphanRevocationToken;
import eu.europa.esig.dss.diagnostic.jaxb.XmlRelatedCertificate;
import eu.europa.esig.dss.diagnostic.jaxb.XmlRevocation;
import eu.europa.esig.dss.diagnostic.jaxb.XmlRevocationRef;
import eu.europa.esig.dss.diagnostic.jaxb.XmlSignerInfo;
import eu.europa.esig.dss.diagnostic.jaxb.XmlSigningCertificate;
import eu.europa.esig.dss.diagnostic.jaxb.XmlTrustedList;
import eu.europa.esig.dss.diagnostic.jaxb.XmlTrustedServiceProvider;
import eu.europa.esig.dss.enumerations.CertificateOrigin;
import eu.europa.esig.dss.enumerations.CertificateRefOrigin;
import eu.europa.esig.dss.enumerations.CertificateSourceType;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.EncryptionAlgorithm;
import eu.europa.esig.dss.enumerations.RevocationOrigin;
import eu.europa.esig.dss.enumerations.RevocationRefOrigin;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureValidity;
import eu.europa.esig.dss.enumerations.TokenExtractionStrategy;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.identifier.Identifier;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.QcStatements;
import eu.europa.esig.dss.model.x509.Token;
import eu.europa.esig.dss.model.x509.TokenComparator;
import eu.europa.esig.dss.model.x509.X500PrincipalHelper;
import eu.europa.esig.dss.model.x509.revocation.Revocation;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.QcStatementUtils;
import eu.europa.esig.dss.spi.tsl.DownloadInfoRecord;
import eu.europa.esig.dss.spi.tsl.LOTLInfo;
import eu.europa.esig.dss.spi.tsl.ParsingInfoRecord;
import eu.europa.esig.dss.spi.tsl.TLInfo;
import eu.europa.esig.dss.spi.tsl.TLValidationJobSummary;
import eu.europa.esig.dss.spi.tsl.TrustProperties;
import eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource;
import eu.europa.esig.dss.spi.tsl.ValidationInfoRecord;
import eu.europa.esig.dss.spi.x509.CertificatePolicy;
import eu.europa.esig.dss.spi.x509.CertificateRef;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.CertificateTokenRefMatcher;
import eu.europa.esig.dss.spi.x509.CertificateValidity;
import eu.europa.esig.dss.spi.x509.ListCertificateSource;
import eu.europa.esig.dss.spi.x509.ResponderId;
import eu.europa.esig.dss.spi.x509.SignerIdentifier;
import eu.europa.esig.dss.spi.x509.TokenCertificateSource;
import eu.europa.esig.dss.spi.x509.TokenIssuerSelector;
import eu.europa.esig.dss.spi.x509.revocation.RevocationRef;
import eu.europa.esig.dss.spi.x509.revocation.RevocationToken;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLRef;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPRef;
import eu.europa.esig.dss.utils.Utils;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import signservice.org.bouncycastle.asn1.x500.style.BCStyle;

/* loaded from: input_file:eu/europa/esig/dss/validation/DiagnosticDataBuilder.class */
public abstract class DiagnosticDataBuilder {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DiagnosticDataBuilder.class);
    protected Set<CertificateToken> usedCertificates;
    protected Set<RevocationToken> usedRevocations;
    protected Date validationDate;
    protected ListCertificateSource allCertificateSources = new ListCertificateSource();
    protected TokenExtractionStrategy tokenExtractionStrategy = TokenExtractionStrategy.NONE;
    protected DigestAlgorithm defaultDigestAlgorithm = DigestAlgorithm.SHA256;
    protected TokenIdentifierProvider identifierProvider = new OriginalIdentifierProvider();
    protected Map<String, XmlCertificate> xmlCertsMap = new HashMap();
    protected Map<String, XmlRevocation> xmlRevocationsMap = new HashMap();
    protected Map<String, XmlTrustedList> xmlTrustedListsMap = new HashMap();
    protected Map<String, XmlOrphanCertificateToken> xmlOrphanCertificateTokensMap = new HashMap();
    protected Map<String, XmlOrphanRevocationToken> xmlOrphanRevocationTokensMap = new HashMap();
    protected Map<String, String> referenceMap = new HashMap();
    protected Map<String, CertificateToken> certificateIdsMap = new HashMap();
    protected Map<String, CertificateToken> signingCertificateMap = new HashMap();
    protected Map<String, TLInfo> tlInfoMap = new HashMap();

    public DiagnosticDataBuilder usedCertificates(Set<CertificateToken> set) {
        this.usedCertificates = set;
        return this;
    }

    public DiagnosticDataBuilder usedRevocations(Set<RevocationToken> set) {
        this.usedRevocations = set;
        return this;
    }

    public DiagnosticDataBuilder allCertificateSources(ListCertificateSource listCertificateSource) {
        if (listCertificateSource != null && !listCertificateSource.containsTrustedCertSources()) {
            LOG.warn("Provided CertificateSource configuration contains none of trusted sources of type TRUSTED_STORE or TRUSTED_LIST!");
        }
        this.allCertificateSources = listCertificateSource;
        return this;
    }

    public DiagnosticDataBuilder validationDate(Date date) {
        this.validationDate = date;
        return this;
    }

    public DiagnosticDataBuilder tokenExtractionStrategy(TokenExtractionStrategy tokenExtractionStrategy) {
        this.tokenExtractionStrategy = tokenExtractionStrategy;
        return this;
    }

    public DiagnosticDataBuilder tokenIdentifierProvider(TokenIdentifierProvider tokenIdentifierProvider) {
        this.identifierProvider = tokenIdentifierProvider;
        return this;
    }

    public DiagnosticDataBuilder defaultDigestAlgorithm(DigestAlgorithm digestAlgorithm) {
        this.defaultDigestAlgorithm = digestAlgorithm;
        return this;
    }

    public XmlDiagnosticData build() {
        XmlDiagnosticData xmlDiagnosticData = new XmlDiagnosticData();
        xmlDiagnosticData.setValidationDate(this.validationDate);
        xmlDiagnosticData.getUsedCertificates().addAll(buildXmlCertificates(this.usedCertificates));
        xmlDiagnosticData.getUsedRevocations().addAll(buildXmlRevocations(this.usedRevocations));
        linkSigningCertificateAndChains(this.usedCertificates);
        linkCertificatesAndRevocations(this.usedCertificates);
        if (isUseTrustedLists()) {
            xmlDiagnosticData.getTrustedLists().addAll(buildXmlTrustedLists(this.allCertificateSources));
            linkCertificatesAndTrustServices(this.usedCertificates);
        }
        return xmlDiagnosticData;
    }

    private boolean isUseTrustedLists() {
        if (this.allCertificateSources.isEmpty()) {
            return false;
        }
        Iterator<CertificateSource> it = this.allCertificateSources.getSources().iterator();
        while (it.hasNext()) {
            if (it.next() instanceof TrustedListsCertificateSource) {
                return true;
            }
        }
        return false;
    }

    private Collection<XmlCertificate> buildXmlCertificates(Set<CertificateToken> set) {
        ArrayList arrayList = new ArrayList();
        if (Utils.isCollectionNotEmpty(set)) {
            ArrayList<CertificateToken> arrayList2 = new ArrayList(set);
            arrayList2.sort(new TokenComparator());
            for (CertificateToken certificateToken : arrayList2) {
                String dSSIdAsString = certificateToken.getDSSIdAsString();
                XmlCertificate xmlCertificate = this.xmlCertsMap.get(dSSIdAsString);
                if (xmlCertificate == null) {
                    xmlCertificate = buildDetachedXmlCertificate(certificateToken);
                    this.xmlCertsMap.put(dSSIdAsString, xmlCertificate);
                }
                this.certificateIdsMap.put(certificateToken.getDSSIdAsString(), certificateToken);
                arrayList.add(xmlCertificate);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void linkSigningCertificateAndChains(Set<CertificateToken> set) {
        if (Utils.isCollectionNotEmpty(set)) {
            Iterator<CertificateToken> it = set.iterator();
            while (it.hasNext()) {
                CertificateToken processedCertificateToken = getProcessedCertificateToken(it.next());
                XmlCertificate xmlCertificate = this.xmlCertsMap.get(processedCertificateToken.getDSSIdAsString());
                if (xmlCertificate.getSigningCertificate() == null) {
                    xmlCertificate.setSigningCertificate(getXmlSigningCertificate(processedCertificateToken));
                    xmlCertificate.setCertificateChain(getXmlForCertificateChain(processedCertificateToken));
                }
            }
        }
    }

    private void linkCertificatesAndTrustServices(Set<CertificateToken> set) {
        if (Utils.isCollectionNotEmpty(set)) {
            for (CertificateToken certificateToken : set) {
                List<XmlTrustedServiceProvider> build = new XmlTrustedServiceProviderBuilder(this.xmlCertsMap, this.xmlTrustedListsMap, this.tlInfoMap).build(certificateToken, getRelatedTrustServices(certificateToken));
                if (Utils.isCollectionNotEmpty(build)) {
                    this.xmlCertsMap.get(certificateToken.getDSSIdAsString()).setTrustedServiceProviders(build);
                }
            }
        }
    }

    private Map<CertificateToken, List<TrustProperties>> getRelatedTrustServices(CertificateToken certificateToken) {
        HashMap hashMap = new HashMap();
        for (CertificateSource certificateSource : this.allCertificateSources.getSources()) {
            if (certificateSource instanceof TrustedListsCertificateSource) {
                TrustedListsCertificateSource trustedListsCertificateSource = (TrustedListsCertificateSource) certificateSource;
                HashSet hashSet = new HashSet();
                CertificateToken certificateToken2 = certificateToken;
                while (true) {
                    CertificateToken certificateToken3 = certificateToken2;
                    if (certificateToken3 != null) {
                        List<TrustProperties> trustServices = trustedListsCertificateSource.getTrustServices(certificateToken3);
                        if (!trustServices.isEmpty()) {
                            List list = (List) hashMap.get(certificateToken3);
                            if (Utils.isCollectionEmpty(list)) {
                                list = new ArrayList();
                            }
                            list.addAll(trustServices);
                            hashMap.put(certificateToken3, list);
                        }
                        if (!certificateToken3.isSelfSigned() && !hashSet.contains(certificateToken3)) {
                            hashSet.add(certificateToken3);
                            certificateToken2 = getIssuerCertificate(certificateToken3);
                        }
                    }
                }
            }
        }
        return hashMap;
    }

    private Collection<XmlRevocation> buildXmlRevocations(Set<RevocationToken> set) {
        ArrayList arrayList = new ArrayList();
        if (Utils.isCollectionNotEmpty(set)) {
            ArrayList<RevocationToken<?>> arrayList2 = new ArrayList(set);
            arrayList2.sort(new TokenComparator());
            ArrayList arrayList3 = new ArrayList();
            for (RevocationToken<?> revocationToken : arrayList2) {
                String dSSIdAsString = revocationToken.getDSSIdAsString();
                if (!arrayList3.contains(dSSIdAsString)) {
                    if (this.xmlRevocationsMap.get(dSSIdAsString) == null) {
                        XmlRevocation buildDetachedXmlRevocation = buildDetachedXmlRevocation(revocationToken);
                        this.xmlRevocationsMap.put(dSSIdAsString, buildDetachedXmlRevocation);
                        arrayList.add(buildDetachedXmlRevocation);
                    }
                    arrayList3.add(dSSIdAsString);
                }
            }
        }
        return arrayList;
    }

    private void linkCertificatesAndRevocations(Set<CertificateToken> set) {
        if (Utils.isCollectionNotEmpty(set)) {
            for (CertificateToken certificateToken : set) {
                XmlCertificate xmlCertificate = this.xmlCertsMap.get(certificateToken.getDSSIdAsString());
                for (RevocationToken<?> revocationToken : getRevocationsForCert(certificateToken)) {
                    XmlRevocation xmlRevocation = this.xmlRevocationsMap.get(revocationToken.getDSSIdAsString());
                    XmlCertificateRevocation xmlCertificateRevocation = new XmlCertificateRevocation();
                    xmlCertificateRevocation.setRevocation(xmlRevocation);
                    xmlCertificateRevocation.setStatus(revocationToken.getStatus());
                    xmlCertificateRevocation.setRevocationDate(revocationToken.getRevocationDate());
                    xmlCertificateRevocation.setReason(revocationToken.getReason());
                    xmlCertificate.getRevocations().add(xmlCertificateRevocation);
                }
            }
        }
    }

    private Collection<XmlTrustedList> buildXmlTrustedLists(ListCertificateSource listCertificateSource) {
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (CertificateSource certificateSource : listCertificateSource.getSources()) {
            if (certificateSource instanceof TrustedListsCertificateSource) {
                TrustedListsCertificateSource trustedListsCertificateSource = (TrustedListsCertificateSource) certificateSource;
                TLValidationJobSummary summary = trustedListsCertificateSource.getSummary();
                if (summary != null) {
                    hashMap.putAll(getTrustedListsMap(trustedListsCertificateSource, summary));
                    hashMap2.putAll(getListOfTrustedListsMap(trustedListsCertificateSource, summary));
                } else {
                    LOG.warn("The TrustedListsCertificateSource does not contain TLValidationJobSummary. TLValidationJob is not performed!");
                }
            }
        }
        arrayList.addAll(hashMap.values());
        arrayList.addAll(hashMap2.values());
        return arrayList;
    }

    private Map<Identifier, XmlTrustedList> getTrustedListsMap(TrustedListsCertificateSource trustedListsCertificateSource, TLValidationJobSummary tLValidationJobSummary) {
        TLInfo tLInfoById;
        HashMap hashMap = new HashMap();
        for (Identifier identifier : getTLIdentifiers(trustedListsCertificateSource)) {
            if (!hashMap.containsKey(identifier) && (tLInfoById = tLValidationJobSummary.getTLInfoById(identifier)) != null) {
                hashMap.put(identifier, getXmlTrustedList(tLInfoById));
            }
        }
        return hashMap;
    }

    private Map<Identifier, XmlTrustedList> getListOfTrustedListsMap(TrustedListsCertificateSource trustedListsCertificateSource, TLValidationJobSummary tLValidationJobSummary) {
        LOTLInfo lOTLInfoById;
        HashMap hashMap = new HashMap();
        for (Identifier identifier : getLOTLIdentifiers(trustedListsCertificateSource)) {
            if (!hashMap.containsKey(identifier) && (lOTLInfoById = tLValidationJobSummary.getLOTLInfoById(identifier)) != null) {
                hashMap.put(identifier, getXmlTrustedList(lOTLInfoById));
            }
        }
        return hashMap;
    }

    private Set<Identifier> getTLIdentifiers(TrustedListsCertificateSource trustedListsCertificateSource) {
        HashSet hashSet = new HashSet();
        Iterator<CertificateToken> it = this.usedCertificates.iterator();
        while (it.hasNext()) {
            Iterator<TrustProperties> it2 = trustedListsCertificateSource.getTrustServices(it.next()).iterator();
            while (it2.hasNext()) {
                hashSet.add(it2.next().getTLIdentifier());
            }
        }
        return hashSet;
    }

    private Set<Identifier> getLOTLIdentifiers(TrustedListsCertificateSource trustedListsCertificateSource) {
        HashSet hashSet = new HashSet();
        Iterator<CertificateToken> it = this.usedCertificates.iterator();
        while (it.hasNext()) {
            Iterator<TrustProperties> it2 = trustedListsCertificateSource.getTrustServices(it.next()).iterator();
            while (it2.hasNext()) {
                Identifier lOTLIdentifier = it2.next().getLOTLIdentifier();
                if (lOTLIdentifier != null) {
                    hashSet.add(lOTLIdentifier);
                }
            }
        }
        return hashSet;
    }

    private XmlTrustedList getXmlTrustedList(TLInfo tLInfo) {
        String dSSIdAsString = tLInfo.getDSSIdAsString();
        XmlTrustedList xmlTrustedList = this.xmlTrustedListsMap.get(dSSIdAsString);
        if (xmlTrustedList == null) {
            xmlTrustedList = new XmlTrustedList();
            if (tLInfo instanceof LOTLInfo) {
                xmlTrustedList.setLOTL(true);
            }
            xmlTrustedList.setId(this.identifierProvider.getIdAsString(tLInfo));
            xmlTrustedList.setUrl(tLInfo.getUrl());
            if (tLInfo.getParent() != null) {
                xmlTrustedList.setParent(getXmlTrustedList(tLInfo.getParent()));
            }
            ParsingInfoRecord parsingCacheInfo = tLInfo.getParsingCacheInfo();
            if (parsingCacheInfo != null) {
                if (parsingCacheInfo.getTSLType() != null) {
                    xmlTrustedList.setTSLType(parsingCacheInfo.getTSLType().getUri());
                }
                xmlTrustedList.setCountryCode(parsingCacheInfo.getTerritory());
                xmlTrustedList.setIssueDate(parsingCacheInfo.getIssueDate());
                xmlTrustedList.setNextUpdate(parsingCacheInfo.getNextUpdateDate());
                xmlTrustedList.setSequenceNumber(parsingCacheInfo.getSequenceNumber());
                xmlTrustedList.setVersion(parsingCacheInfo.getVersion());
            }
            DownloadInfoRecord downloadCacheInfo = tLInfo.getDownloadCacheInfo();
            if (downloadCacheInfo != null) {
                xmlTrustedList.setLastLoading(downloadCacheInfo.getLastSuccessSynchronizationTime());
            }
            ValidationInfoRecord validationCacheInfo = tLInfo.getValidationCacheInfo();
            if (validationCacheInfo != null) {
                xmlTrustedList.setWellSigned(validationCacheInfo.isValid());
            }
            if (tLInfo.getMra() != null) {
                xmlTrustedList.setMra(true);
            }
            this.tlInfoMap.put(dSSIdAsString, tLInfo);
            this.xmlTrustedListsMap.put(dSSIdAsString, xmlTrustedList);
        }
        return xmlTrustedList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public XmlSignerInfo getXmlSignerInfo(SignerIdentifier signerIdentifier) {
        XmlSignerInfo xmlSignerInfo = new XmlSignerInfo();
        if (signerIdentifier.getIssuerName() != null) {
            xmlSignerInfo.setIssuerName(signerIdentifier.getIssuerName().toString());
        }
        xmlSignerInfo.setSerialNumber(signerIdentifier.getSerialNumber());
        xmlSignerInfo.setSki(signerIdentifier.getSki());
        if (signerIdentifier.isCurrent()) {
            xmlSignerInfo.setCurrent(Boolean.valueOf(signerIdentifier.isCurrent()));
        }
        return xmlSignerInfo;
    }

    private XmlSignerInfo getXmlSignerInfo(ResponderId responderId) {
        XmlSignerInfo xmlSignerInfo = new XmlSignerInfo();
        if (responderId.getX500Principal() != null) {
            xmlSignerInfo.setIssuerName(responderId.getX500Principal().toString());
        }
        xmlSignerInfo.setSki(responderId.getSki());
        return xmlSignerInfo;
    }

    protected XmlRevocation buildDetachedXmlRevocation(RevocationToken<?> revocationToken) {
        XmlRevocation xmlRevocation = new XmlRevocation();
        xmlRevocation.setId(this.identifierProvider.getIdAsString(revocationToken));
        if (revocationToken.isInternal()) {
            xmlRevocation.setOrigin(RevocationOrigin.INPUT_DOCUMENT);
        } else {
            xmlRevocation.setOrigin(revocationToken.getExternalOrigin());
        }
        xmlRevocation.setType(revocationToken.getRevocationType());
        xmlRevocation.setProductionDate(revocationToken.getProductionDate());
        xmlRevocation.setThisUpdate(revocationToken.getThisUpdate());
        xmlRevocation.setNextUpdate(revocationToken.getNextUpdate());
        xmlRevocation.setExpiredCertsOnCRL(revocationToken.getExpiredCertsOnCRL());
        xmlRevocation.setArchiveCutOff(revocationToken.getArchiveCutOff());
        String sourceURL = revocationToken.getSourceURL();
        if (Utils.isStringNotEmpty(sourceURL)) {
            xmlRevocation.setSourceAddress(sourceURL);
        }
        xmlRevocation.setBasicSignature(getXmlBasicSignature(revocationToken));
        xmlRevocation.setSigningCertificate(getXmlSigningCertificate(revocationToken, revocationToken.getCertificateSource()));
        xmlRevocation.setCertificateChain(getXmlForCertificateChain(revocationToken, revocationToken.getCertificateSource()));
        xmlRevocation.setCertHashExtensionPresent(Boolean.valueOf(revocationToken.isCertHashPresent()));
        xmlRevocation.setCertHashExtensionMatch(Boolean.valueOf(revocationToken.isCertHashMatch()));
        if (revocationToken.getCertificateSource() != null) {
            xmlRevocation.setFoundCertificates(getXmlFoundCertificates(revocationToken.getDSSId(), revocationToken.getCertificateSource()));
        }
        if (this.tokenExtractionStrategy.isRevocationData()) {
            xmlRevocation.setBase64Encoded(revocationToken.getEncoded());
        } else {
            xmlRevocation.setDigestAlgoAndValue(getXmlDigestAlgoAndValue(this.defaultDigestAlgorithm, revocationToken.getDigest(this.defaultDigestAlgorithm)));
        }
        return xmlRevocation;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <R extends Revocation> List<XmlRevocationRef> getXmlRevocationRefs(String str, Map<RevocationRef<R>, Set<RevocationRefOrigin>> map) {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<RevocationRef<R>, Set<RevocationRefOrigin>> entry : map.entrySet()) {
            RevocationRef<R> key = entry.getKey();
            Set<RevocationRefOrigin> value = entry.getValue();
            XmlRevocationRef xmlCRLRevocationRef = key instanceof CRLRef ? getXmlCRLRevocationRef((CRLRef) key, value) : getXmlOCSPRevocationRef((OCSPRef) key, value);
            this.referenceMap.put(key.getDSSIdAsString(), str);
            arrayList.add(xmlCRLRevocationRef);
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public XmlRevocationRef getXmlCRLRevocationRef(CRLRef cRLRef, Set<RevocationRefOrigin> set) {
        XmlRevocationRef xmlRevocationRef = new XmlRevocationRef();
        xmlRevocationRef.getOrigins().addAll(set);
        if (cRLRef.getDigest() != null) {
            xmlRevocationRef.setDigestAlgoAndValue(getXmlDigestAlgoAndValue(cRLRef.getDigest()));
        }
        return xmlRevocationRef;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public XmlRevocationRef getXmlOCSPRevocationRef(OCSPRef oCSPRef, Set<RevocationRefOrigin> set) {
        XmlRevocationRef xmlRevocationRef = new XmlRevocationRef();
        xmlRevocationRef.getOrigins().addAll(set);
        if (oCSPRef.getDigest() != null) {
            xmlRevocationRef.setDigestAlgoAndValue(getXmlDigestAlgoAndValue(oCSPRef.getDigest()));
        }
        xmlRevocationRef.setProducedAt(oCSPRef.getProducedAt());
        ResponderId responderId = oCSPRef.getResponderId();
        if (responderId != null) {
            xmlRevocationRef.setResponderId(getXmlSignerInfo(responderId));
        }
        return xmlRevocationRef;
    }

    protected List<XmlChainItem> getXmlForCertificateChain(Token token) {
        return getXmlForCertificateChain(token, (CertificateSource) null);
    }

    protected List<XmlChainItem> getXmlForCertificateChain(Token token, CertificateSource certificateSource) {
        if (token == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        hashSet.add(token);
        CertificateToken issuerCertificate = getIssuerCertificate(token, certificateSource);
        while (issuerCertificate != null) {
            XmlChainItem xmlChainItem = getXmlChainItem(issuerCertificate);
            if (xmlChainItem != null) {
                arrayList.add(xmlChainItem);
                if (issuerCertificate.isSelfSigned() || hashSet.contains(issuerCertificate)) {
                    break;
                }
                hashSet.add(issuerCertificate);
                issuerCertificate = getIssuerCertificate(issuerCertificate, certificateSource);
            }
        }
        ensureCertificateChain(arrayList);
        return arrayList;
    }

    private void ensureCertificateChain(List<XmlChainItem> list) {
        if (Utils.isCollectionNotEmpty(list)) {
            for (int i = 0; i < list.size(); i++) {
                XmlCertificate certificate = list.get(i).getCertificate();
                if (certificate != null && certificate.getSigningCertificate() == null && i + 1 < list.size()) {
                    certificate.setSigningCertificate(getXmlSigningCertificateFromXmlCertificate(list.get(i + 1).getCertificate()));
                    certificate.setCertificateChain(getCertChainSinceIndex(list, i + 1));
                }
            }
        }
    }

    private XmlSigningCertificate getXmlSigningCertificateFromXmlCertificate(XmlCertificate xmlCertificate) {
        XmlSigningCertificate xmlSigningCertificate = new XmlSigningCertificate();
        xmlSigningCertificate.setCertificate(xmlCertificate);
        return xmlSigningCertificate;
    }

    private List<XmlChainItem> getCertChainSinceIndex(List<XmlChainItem> list, int i) {
        ArrayList arrayList = new ArrayList();
        for (int i2 = i; i2 < list.size(); i2++) {
            arrayList.add(list.get(i2));
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<XmlChainItem> getXmlForCertificateChain(CertificateValidity certificateValidity, CertificateSource certificateSource) {
        CertificateToken signingCertificate;
        XmlChainItem xmlChainItem;
        if (certificateValidity == null || (signingCertificate = getSigningCertificate(certificateValidity)) == null || (xmlChainItem = getXmlChainItem(signingCertificate)) == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(xmlChainItem);
        List<XmlChainItem> xmlForCertificateChain = getXmlForCertificateChain(signingCertificate, certificateSource);
        if (Utils.isCollectionNotEmpty(xmlForCertificateChain)) {
            for (XmlChainItem xmlChainItem2 : xmlForCertificateChain) {
                if (xmlChainItem2.getCertificate() != null && signingCertificate.getDSSIdAsString().equals(xmlChainItem2.getCertificate().getId())) {
                    break;
                }
                arrayList.add(xmlChainItem2);
            }
        }
        ensureCertificateChain(arrayList);
        return arrayList;
    }

    private XmlChainItem getXmlChainItem(CertificateToken certificateToken) {
        XmlCertificate xmlCertificate = this.xmlCertsMap.get(certificateToken.getDSSIdAsString());
        if (xmlCertificate == null) {
            return null;
        }
        XmlChainItem xmlChainItem = new XmlChainItem();
        xmlChainItem.setCertificate(xmlCertificate);
        return xmlChainItem;
    }

    private XmlSigningCertificate getXmlSigningCertificate(Token token) {
        return getXmlSigningCertificate(token, (CertificateSource) null);
    }

    private XmlSigningCertificate getXmlSigningCertificate(Token token, CertificateSource certificateSource) {
        XmlSigningCertificate xmlSigningCertificate = new XmlSigningCertificate();
        CertificateToken issuerCertificate = getIssuerCertificate(token, certificateSource);
        if (issuerCertificate != null) {
            xmlSigningCertificate.setCertificate(this.xmlCertsMap.get(issuerCertificate.getDSSIdAsString()));
            this.signingCertificateMap.put(token.getDSSIdAsString(), issuerCertificate);
        } else {
            if (token.getPublicKeyOfTheSigner() == null) {
                return null;
            }
            xmlSigningCertificate.setPublicKey(token.getPublicKeyOfTheSigner().getEncoded());
        }
        return xmlSigningCertificate;
    }

    private CertificateToken getIssuerCertificate(Token token) {
        return getIssuerCertificate(token, null);
    }

    private CertificateToken getIssuerCertificate(Token token, CertificateSource certificateSource) {
        if (token == null || token.getPublicKeyOfTheSigner() == null) {
            return null;
        }
        CertificateToken certificateToken = null;
        if (certificateSource != null) {
            certificateToken = getBestCertificateFromCandidates(token, certificateSource.getCertificates());
        }
        if (certificateToken == null && this.signingCertificateMap.containsKey(token.getDSSIdAsString())) {
            certificateToken = this.signingCertificateMap.get(token.getDSSIdAsString());
        }
        if (certificateToken == null) {
            certificateToken = getBestCertificateFromCandidates(token, this.usedCertificates);
        }
        if (certificateToken != null) {
            certificateToken = getProcessedCertificateToken(certificateToken);
        }
        return certificateToken;
    }

    private CertificateToken getBestCertificateFromCandidates(Token token, Collection<CertificateToken> collection) {
        return new TokenIssuerSelector(token, collection).getIssuer();
    }

    private List<CertificateToken> getCertsWithPublicKey(PublicKey publicKey, Collection<CertificateToken> collection) {
        ArrayList arrayList = new ArrayList();
        if (publicKey != null) {
            Iterator<CertificateToken> it = collection.iterator();
            while (it.hasNext()) {
                CertificateToken processedCertificateToken = getProcessedCertificateToken(it.next());
                if (publicKey.equals(processedCertificateToken.getPublicKey())) {
                    arrayList.add(processedCertificateToken);
                    if (this.allCertificateSources.isTrusted(processedCertificateToken)) {
                        return Collections.singletonList(processedCertificateToken);
                    }
                }
            }
        }
        return arrayList;
    }

    private CertificateToken getProcessedCertificateToken(CertificateToken certificateToken) {
        CertificateToken certificateToken2 = this.certificateIdsMap.get(certificateToken.getDSSIdAsString());
        if (certificateToken2 == null) {
            certificateToken2 = certificateToken;
            this.certificateIdsMap.put(certificateToken.getDSSIdAsString(), certificateToken);
        }
        return certificateToken2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public XmlSigningCertificate getXmlSigningCertificate(Identifier identifier, CertificateValidity certificateValidity) {
        XmlSigningCertificate xmlSigningCertificate = new XmlSigningCertificate();
        CertificateToken signingCertificate = getSigningCertificate(certificateValidity);
        if (signingCertificate != null) {
            xmlSigningCertificate.setCertificate(this.xmlCertsMap.get(signingCertificate.getDSSIdAsString()));
            this.signingCertificateMap.put(identifier.asXmlId(), signingCertificate);
        } else if (certificateValidity.getPublicKey() != null) {
            xmlSigningCertificate.setPublicKey(certificateValidity.getPublicKey().getEncoded());
        } else if (certificateValidity.getSignerInfo() != null) {
        }
        return xmlSigningCertificate;
    }

    private CertificateToken getSigningCertificate(CertificateValidity certificateValidity) {
        CertificateToken certificateToken = certificateValidity.getCertificateToken();
        if (certificateToken == null && certificateValidity.getPublicKey() != null) {
            certificateToken = getCertificateByPubKey(certificateValidity.getPublicKey());
        }
        if (certificateToken == null && certificateValidity.getSignerInfo() != null) {
            certificateToken = getCertificateByCertificateIdentifier(certificateValidity.getSignerInfo());
        }
        if (certificateToken != null) {
            certificateToken = getProcessedCertificateToken(certificateToken);
        }
        return certificateToken;
    }

    private CertificateToken getCertificateByPubKey(PublicKey publicKey) {
        if (publicKey == null) {
            return null;
        }
        List<CertificateToken> certsWithPublicKey = getCertsWithPublicKey(publicKey, this.usedCertificates);
        if (Utils.isCollectionNotEmpty(certsWithPublicKey)) {
            return certsWithPublicKey.iterator().next();
        }
        return null;
    }

    private CertificateToken getCertificateByCertificateIdentifier(SignerIdentifier signerIdentifier) {
        if (signerIdentifier == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (CertificateToken certificateToken : this.usedCertificates) {
            if (signerIdentifier.isRelatedToCertificate(certificateToken)) {
                arrayList.add(certificateToken);
                if (this.allCertificateSources.isTrusted(certificateToken)) {
                    return certificateToken;
                }
            }
        }
        if (Utils.isCollectionNotEmpty(arrayList)) {
            return (CertificateToken) arrayList.iterator().next();
        }
        return null;
    }

    private XmlDistinguishedName getXmlDistinguishedName(String str, String str2) {
        XmlDistinguishedName xmlDistinguishedName = new XmlDistinguishedName();
        xmlDistinguishedName.setFormat(str);
        xmlDistinguishedName.setValue(str2);
        return xmlDistinguishedName;
    }

    private List<String> getCleanedUrls(List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(DSSUtils.removeControlCharacters(it.next()));
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public XmlFoundCertificates getXmlFoundCertificates(Identifier identifier, TokenCertificateSource tokenCertificateSource) {
        XmlFoundCertificates xmlFoundCertificates = new XmlFoundCertificates();
        xmlFoundCertificates.getRelatedCertificates().addAll(getXmlRelatedCertificates(tokenCertificateSource));
        xmlFoundCertificates.getRelatedCertificates().addAll(getXmlRelatedCertificateForOrphanReferences(tokenCertificateSource));
        CertificateToken certificateToken = this.signingCertificateMap.get(identifier.asXmlId());
        xmlFoundCertificates.getOrphanCertificates().addAll(getOrphanCertificates(tokenCertificateSource, certificateToken));
        xmlFoundCertificates.getOrphanCertificates().addAll(getOrphanCertificateRefs(tokenCertificateSource, certificateToken));
        return xmlFoundCertificates;
    }

    private List<XmlRelatedCertificate> getXmlRelatedCertificates(TokenCertificateSource tokenCertificateSource) {
        HashMap hashMap = new HashMap();
        if (CertificateSourceType.OCSP_RESPONSE.equals(tokenCertificateSource.getCertificateSourceType())) {
            populateCertificateOriginMap(hashMap, CertificateOrigin.BASIC_OCSP_RESP, tokenCertificateSource.getCertificates(), tokenCertificateSource);
        } else {
            SignatureCertificateSource signatureCertificateSource = (SignatureCertificateSource) tokenCertificateSource;
            populateCertificateOriginMap(hashMap, CertificateOrigin.KEY_INFO, signatureCertificateSource.getKeyInfoCertificates(), tokenCertificateSource);
            populateCertificateOriginMap(hashMap, CertificateOrigin.SIGNED_DATA, signatureCertificateSource.getSignedDataCertificates(), tokenCertificateSource);
            populateCertificateOriginMap(hashMap, CertificateOrigin.CERTIFICATE_VALUES, signatureCertificateSource.getCertificateValues(), tokenCertificateSource);
            populateCertificateOriginMap(hashMap, CertificateOrigin.ATTR_AUTHORITIES_CERT_VALUES, signatureCertificateSource.getAttrAuthoritiesCertValues(), tokenCertificateSource);
            populateCertificateOriginMap(hashMap, CertificateOrigin.TIMESTAMP_VALIDATION_DATA, signatureCertificateSource.getTimeStampValidationDataCertValues(), tokenCertificateSource);
            populateCertificateOriginMap(hashMap, CertificateOrigin.DSS_DICTIONARY, signatureCertificateSource.getDSSDictionaryCertValues(), tokenCertificateSource);
            populateCertificateOriginMap(hashMap, CertificateOrigin.VRI_DICTIONARY, signatureCertificateSource.getVRIDictionaryCertValues(), tokenCertificateSource);
        }
        return new ArrayList(hashMap.values());
    }

    protected void populateCertificateOriginMap(Map<String, XmlRelatedCertificate> map, CertificateOrigin certificateOrigin, List<CertificateToken> list, TokenCertificateSource tokenCertificateSource) {
        for (CertificateToken certificateToken : list) {
            if (map.containsKey(certificateToken.getDSSIdAsString())) {
                XmlRelatedCertificate xmlRelatedCertificate = map.get(certificateToken.getDSSIdAsString());
                if (!xmlRelatedCertificate.getOrigins().contains(certificateOrigin)) {
                    xmlRelatedCertificate.getOrigins().add(certificateOrigin);
                }
            } else if (this.xmlCertsMap.containsKey(certificateToken.getDSSIdAsString())) {
                map.put(certificateToken.getDSSIdAsString(), populateXmlRelatedCertificatesList(certificateOrigin, certificateToken, tokenCertificateSource));
            }
        }
    }

    protected XmlRelatedCertificate populateXmlRelatedCertificatesList(CertificateOrigin certificateOrigin, CertificateToken certificateToken, TokenCertificateSource tokenCertificateSource) {
        XmlRelatedCertificate xmlRelatedCertificate = new XmlRelatedCertificate();
        xmlRelatedCertificate.getOrigins().add(certificateOrigin);
        xmlRelatedCertificate.setCertificate(this.xmlCertsMap.get(certificateToken.getDSSIdAsString()));
        for (CertificateRef certificateRef : tokenCertificateSource.getReferencesForCertificateToken(certificateToken)) {
            Iterator<CertificateRefOrigin> it = tokenCertificateSource.getCertificateRefOrigins(certificateRef).iterator();
            while (it.hasNext()) {
                XmlCertificateRef xmlCertificateRef = getXmlCertificateRef(certificateRef, it.next());
                verifyAgainstCertificateToken(xmlCertificateRef, certificateRef, certificateToken);
                xmlRelatedCertificate.getCertificateRefs().add(xmlCertificateRef);
            }
            this.referenceMap.put(certificateRef.getDSSIdAsString(), certificateToken.getDSSIdAsString());
        }
        return xmlRelatedCertificate;
    }

    protected void populateXmlRelatedCertificatesList(List<XmlRelatedCertificate> list, TokenCertificateSource tokenCertificateSource, CertificateToken certificateToken, CertificateRef certificateRef) {
        XmlRelatedCertificate xmlRelatedCertificateWithId = getXmlRelatedCertificateWithId(list, certificateToken.getDSSIdAsString());
        if (xmlRelatedCertificateWithId == null) {
            xmlRelatedCertificateWithId = new XmlRelatedCertificate();
            xmlRelatedCertificateWithId.setCertificate(this.xmlCertsMap.get(certificateToken.getDSSIdAsString()));
            list.add(xmlRelatedCertificateWithId);
        }
        Iterator<CertificateRefOrigin> it = tokenCertificateSource.getCertificateRefOrigins(certificateRef).iterator();
        while (it.hasNext()) {
            XmlCertificateRef xmlCertificateRef = getXmlCertificateRef(certificateRef, it.next());
            verifyAgainstCertificateToken(xmlCertificateRef, certificateRef, certificateToken);
            xmlRelatedCertificateWithId.getCertificateRefs().add(xmlCertificateRef);
        }
        this.referenceMap.put(certificateRef.getDSSIdAsString(), certificateToken.getDSSIdAsString());
    }

    private XmlRelatedCertificate getXmlRelatedCertificateWithId(List<XmlRelatedCertificate> list, String str) {
        for (XmlRelatedCertificate xmlRelatedCertificate : list) {
            if (str.equals(xmlRelatedCertificate.getCertificate().getId())) {
                return xmlRelatedCertificate;
            }
        }
        return null;
    }

    protected XmlCertificateRef getXmlCertificateRef(CertificateRef certificateRef, CertificateRefOrigin certificateRefOrigin) {
        XmlCertificateRef xmlCertificateRef = new XmlCertificateRef();
        SignerIdentifier certificateIdentifier = certificateRef.getCertificateIdentifier();
        if (certificateIdentifier != null) {
            xmlCertificateRef.setIssuerSerial(getXmlIssuerSerial(certificateIdentifier));
        }
        Digest certDigest = certificateRef.getCertDigest();
        ResponderId responderId = certificateRef.getResponderId();
        if (certDigest != null) {
            xmlCertificateRef.setDigestAlgoAndValue(getXmlDigestAlgoAndValue(certDigest.getAlgorithm(), certDigest.getValue()));
        } else if (certificateIdentifier != null) {
            xmlCertificateRef.setSerialInfo(getXmlSignerInfo(certificateIdentifier));
        } else if (responderId != null) {
            xmlCertificateRef.setSerialInfo(getXmlSignerInfo(responderId));
        }
        xmlCertificateRef.setOrigin(certificateRefOrigin);
        return xmlCertificateRef;
    }

    private List<XmlOrphanCertificate> getOrphanCertificates(TokenCertificateSource tokenCertificateSource, CertificateToken certificateToken) {
        HashMap hashMap = new HashMap();
        if (CertificateSourceType.OCSP_RESPONSE.equals(tokenCertificateSource.getCertificateSourceType())) {
            populateOrphanCertificateOriginMap(hashMap, CertificateOrigin.BASIC_OCSP_RESP, tokenCertificateSource.getCertificates(), tokenCertificateSource, certificateToken);
        } else {
            SignatureCertificateSource signatureCertificateSource = (SignatureCertificateSource) tokenCertificateSource;
            populateOrphanCertificateOriginMap(hashMap, CertificateOrigin.KEY_INFO, signatureCertificateSource.getKeyInfoCertificates(), tokenCertificateSource, certificateToken);
            populateOrphanCertificateOriginMap(hashMap, CertificateOrigin.SIGNED_DATA, signatureCertificateSource.getSignedDataCertificates(), tokenCertificateSource, certificateToken);
            populateOrphanCertificateOriginMap(hashMap, CertificateOrigin.CERTIFICATE_VALUES, signatureCertificateSource.getCertificateValues(), tokenCertificateSource, certificateToken);
            populateOrphanCertificateOriginMap(hashMap, CertificateOrigin.ATTR_AUTHORITIES_CERT_VALUES, signatureCertificateSource.getAttrAuthoritiesCertValues(), tokenCertificateSource, certificateToken);
            populateOrphanCertificateOriginMap(hashMap, CertificateOrigin.TIMESTAMP_VALIDATION_DATA, signatureCertificateSource.getTimeStampValidationDataCertValues(), tokenCertificateSource, certificateToken);
            populateOrphanCertificateOriginMap(hashMap, CertificateOrigin.DSS_DICTIONARY, signatureCertificateSource.getDSSDictionaryCertValues(), tokenCertificateSource, certificateToken);
            populateOrphanCertificateOriginMap(hashMap, CertificateOrigin.VRI_DICTIONARY, signatureCertificateSource.getVRIDictionaryCertValues(), tokenCertificateSource, certificateToken);
        }
        return new ArrayList(hashMap.values());
    }

    protected void populateOrphanCertificateOriginMap(Map<String, XmlOrphanCertificate> map, CertificateOrigin certificateOrigin, List<CertificateToken> list, TokenCertificateSource tokenCertificateSource, CertificateToken certificateToken) {
        for (CertificateToken certificateToken2 : list) {
            if (!this.xmlCertsMap.containsKey(certificateToken2.getDSSIdAsString())) {
                if (map.containsKey(certificateToken2.getDSSIdAsString())) {
                    XmlOrphanCertificate xmlOrphanCertificate = map.get(certificateToken2.getDSSIdAsString());
                    if (!xmlOrphanCertificate.getOrigins().contains(certificateOrigin)) {
                        xmlOrphanCertificate.getOrigins().add(certificateOrigin);
                    }
                } else {
                    map.put(certificateToken2.getDSSIdAsString(), getXmlOrphanCertificate(certificateOrigin, certificateToken2, tokenCertificateSource, certificateToken));
                }
            }
        }
    }

    protected XmlOrphanCertificate getXmlOrphanCertificate(CertificateOrigin certificateOrigin, CertificateToken certificateToken, TokenCertificateSource tokenCertificateSource, CertificateToken certificateToken2) {
        XmlOrphanCertificate xmlOrphanCertificate = new XmlOrphanCertificate();
        xmlOrphanCertificate.getOrigins().add(certificateOrigin);
        xmlOrphanCertificate.setToken(buildXmlOrphanCertificateToken(certificateToken));
        for (CertificateRef certificateRef : tokenCertificateSource.getReferencesForCertificateToken(certificateToken)) {
            Iterator<CertificateRefOrigin> it = tokenCertificateSource.getCertificateRefOrigins(certificateRef).iterator();
            while (it.hasNext()) {
                XmlCertificateRef xmlCertificateRef = getXmlCertificateRef(certificateRef, it.next());
                verifyAgainstCertificateToken(xmlCertificateRef, certificateRef, certificateToken2);
                xmlOrphanCertificate.getCertificateRefs().add(xmlCertificateRef);
            }
            this.referenceMap.put(certificateRef.getDSSIdAsString(), certificateToken.getDSSIdAsString());
        }
        return xmlOrphanCertificate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public XmlOrphanCertificateToken buildXmlOrphanCertificateToken(CertificateToken certificateToken) {
        XmlOrphanCertificateToken xmlOrphanCertificateToken = this.xmlOrphanCertificateTokensMap.get(certificateToken.getDSSIdAsString());
        if (xmlOrphanCertificateToken == null) {
            xmlOrphanCertificateToken = new XmlOrphanCertificateToken();
            xmlOrphanCertificateToken.setEncapsulationType(XmlEncapsulationType.BINARIES);
            xmlOrphanCertificateToken.setId(this.identifierProvider.getIdAsString(certificateToken));
            X500PrincipalHelper subject = certificateToken.getSubject();
            xmlOrphanCertificateToken.getSubjectDistinguishedName().add(getXmlDistinguishedName("CANONICAL", subject.getCanonical()));
            xmlOrphanCertificateToken.getSubjectDistinguishedName().add(getXmlDistinguishedName("RFC2253", subject.getRFC2253()));
            X500PrincipalHelper issuer = certificateToken.getIssuer();
            xmlOrphanCertificateToken.getIssuerDistinguishedName().add(getXmlDistinguishedName("CANONICAL", issuer.getCanonical()));
            xmlOrphanCertificateToken.getIssuerDistinguishedName().add(getXmlDistinguishedName("RFC2253", issuer.getRFC2253()));
            xmlOrphanCertificateToken.setSerialNumber(certificateToken.getSerialNumber());
            xmlOrphanCertificateToken.setNotAfter(certificateToken.getNotAfter());
            xmlOrphanCertificateToken.setNotBefore(certificateToken.getNotBefore());
            xmlOrphanCertificateToken.setEntityKey(certificateToken.getEntityKey().asXmlId());
            xmlOrphanCertificateToken.setSelfSigned(Boolean.valueOf(certificateToken.isSelfSigned()));
            xmlOrphanCertificateToken.setTrusted(Boolean.valueOf(this.allCertificateSources.isTrusted(certificateToken)));
            if (this.tokenExtractionStrategy.isCertificate()) {
                xmlOrphanCertificateToken.setBase64Encoded(certificateToken.getEncoded());
            } else {
                xmlOrphanCertificateToken.setDigestAlgoAndValue(getXmlDigestAlgoAndValue(this.defaultDigestAlgorithm, certificateToken.getDigest(this.defaultDigestAlgorithm)));
            }
            this.xmlOrphanCertificateTokensMap.put(certificateToken.getDSSIdAsString(), xmlOrphanCertificateToken);
        }
        return xmlOrphanCertificateToken;
    }

    private List<XmlOrphanCertificate> getOrphanCertificateRefs(TokenCertificateSource tokenCertificateSource, CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        for (CertificateRef certificateRef : tokenCertificateSource.getOrphanCertificateRefs()) {
            if (getUsedCertificateByCertificateRef(certificateRef) == null) {
                arrayList.add(createXmlOrphanCertificateFromRef(tokenCertificateSource, certificateRef, certificateToken));
            }
        }
        return arrayList;
    }

    private XmlOrphanCertificate createXmlOrphanCertificateFromRef(TokenCertificateSource tokenCertificateSource, CertificateRef certificateRef, CertificateToken certificateToken) {
        XmlOrphanCertificate xmlOrphanCertificate = new XmlOrphanCertificate();
        xmlOrphanCertificate.setToken(getXmlOrphanCertificateTokenFromRef(certificateRef));
        Iterator<CertificateRefOrigin> it = tokenCertificateSource.getCertificateRefOrigins(certificateRef).iterator();
        while (it.hasNext()) {
            XmlCertificateRef xmlCertificateRef = getXmlCertificateRef(certificateRef, it.next());
            verifyAgainstCertificateToken(xmlCertificateRef, certificateRef, certificateToken);
            xmlOrphanCertificate.getCertificateRefs().add(xmlCertificateRef);
        }
        return xmlOrphanCertificate;
    }

    private XmlOrphanCertificateToken getXmlOrphanCertificateTokenFromRef(CertificateRef certificateRef) {
        XmlOrphanCertificateToken xmlOrphanCertificateToken = this.xmlOrphanCertificateTokensMap.get(certificateRef.getDSSIdAsString());
        if (xmlOrphanCertificateToken == null) {
            xmlOrphanCertificateToken = new XmlOrphanCertificateToken();
            xmlOrphanCertificateToken.setEncapsulationType(XmlEncapsulationType.REFERENCE);
            xmlOrphanCertificateToken.setId(this.identifierProvider.getIdAsString(certificateRef));
            if (certificateRef.getCertDigest() != null) {
                xmlOrphanCertificateToken.setDigestAlgoAndValue(getXmlDigestAlgoAndValue(certificateRef.getCertDigest()));
            }
            this.xmlOrphanCertificateTokensMap.put(certificateRef.getDSSIdAsString(), xmlOrphanCertificateToken);
        }
        return xmlOrphanCertificateToken;
    }

    protected List<XmlRelatedCertificate> getXmlRelatedCertificateForOrphanReferences(TokenCertificateSource tokenCertificateSource) {
        ArrayList arrayList = new ArrayList();
        for (CertificateRef certificateRef : tokenCertificateSource.getOrphanCertificateRefs()) {
            CertificateToken usedCertificateByCertificateRef = getUsedCertificateByCertificateRef(certificateRef);
            if (usedCertificateByCertificateRef != null) {
                populateXmlRelatedCertificatesList(arrayList, tokenCertificateSource, usedCertificateByCertificateRef, certificateRef);
            }
        }
        return arrayList;
    }

    protected CertificateToken getUsedCertificateByCertificateRef(CertificateRef certificateRef) {
        CertificateTokenRefMatcher certificateTokenRefMatcher = new CertificateTokenRefMatcher();
        for (CertificateToken certificateToken : this.usedCertificates) {
            if (certificateTokenRefMatcher.match(certificateToken, certificateRef)) {
                return certificateToken;
            }
        }
        return null;
    }

    protected void verifyAgainstCertificateToken(XmlCertificateRef xmlCertificateRef, CertificateRef certificateRef, CertificateToken certificateToken) {
        CertificateTokenRefMatcher certificateTokenRefMatcher = new CertificateTokenRefMatcher();
        XmlDigestAlgoAndValue digestAlgoAndValue = xmlCertificateRef.getDigestAlgoAndValue();
        if (digestAlgoAndValue != null) {
            digestAlgoAndValue.setMatch(Boolean.valueOf(certificateToken != null && certificateTokenRefMatcher.matchByDigest(certificateToken, certificateRef)));
        }
        XmlIssuerSerial issuerSerial = xmlCertificateRef.getIssuerSerial();
        if (issuerSerial != null) {
            issuerSerial.setMatch(Boolean.valueOf(certificateToken != null && certificateTokenRefMatcher.matchByIssuerName(certificateToken, certificateRef) && certificateTokenRefMatcher.matchBySerialNumber(certificateToken, certificateRef)));
        }
    }

    private XmlIssuerSerial getXmlIssuerSerial(SignerIdentifier signerIdentifier) {
        XmlIssuerSerial xmlIssuerSerial = new XmlIssuerSerial();
        xmlIssuerSerial.setValue(signerIdentifier.getIssuerSerialEncoded());
        return xmlIssuerSerial;
    }

    protected XmlBasicSignature getXmlBasicSignature(Token token) {
        XmlBasicSignature xmlBasicSignature = new XmlBasicSignature();
        SignatureAlgorithm signatureAlgorithm = token.getSignatureAlgorithm();
        if (signatureAlgorithm != null) {
            xmlBasicSignature.setEncryptionAlgoUsedToSignThisToken(signatureAlgorithm.getEncryptionAlgorithm());
            xmlBasicSignature.setDigestAlgoUsedToSignThisToken(signatureAlgorithm.getDigestAlgorithm());
            xmlBasicSignature.setMaskGenerationFunctionUsedToSignThisToken(signatureAlgorithm.getMaskGenerationFunction());
        }
        xmlBasicSignature.setKeyLengthUsedToSignThisToken(DSSPKUtils.getStringPublicKeySize(token));
        if (SignatureValidity.NOT_EVALUATED != token.getSignatureValidity()) {
            boolean z = SignatureValidity.VALID == token.getSignatureValidity();
            xmlBasicSignature.setSignatureIntact(Boolean.valueOf(z));
            xmlBasicSignature.setSignatureValid(Boolean.valueOf(z));
        }
        return xmlBasicSignature;
    }

    protected XmlCertificate buildDetachedXmlCertificate(CertificateToken certificateToken) {
        XmlCertificate xmlCertificate = new XmlCertificate();
        xmlCertificate.setId(this.identifierProvider.getIdAsString(certificateToken));
        X500PrincipalHelper subject = certificateToken.getSubject();
        xmlCertificate.getSubjectDistinguishedName().add(getXmlDistinguishedName("CANONICAL", subject.getCanonical()));
        xmlCertificate.getSubjectDistinguishedName().add(getXmlDistinguishedName("RFC2253", subject.getRFC2253()));
        X500PrincipalHelper issuer = certificateToken.getIssuer();
        xmlCertificate.getIssuerDistinguishedName().add(getXmlDistinguishedName("CANONICAL", issuer.getCanonical()));
        xmlCertificate.getIssuerDistinguishedName().add(getXmlDistinguishedName("RFC2253", issuer.getRFC2253()));
        xmlCertificate.setSerialNumber(certificateToken.getSerialNumber());
        xmlCertificate.setSubjectSerialNumber(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.SERIALNUMBER, subject));
        xmlCertificate.setTitle(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.T, subject));
        xmlCertificate.setCommonName(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.CN, subject));
        xmlCertificate.setLocality(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.L, subject));
        xmlCertificate.setState(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.ST, subject));
        xmlCertificate.setCountryName(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.C, subject));
        xmlCertificate.setOrganizationIdentifier(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.ORGANIZATION_IDENTIFIER, subject));
        xmlCertificate.setOrganizationName(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.O, subject));
        xmlCertificate.setOrganizationalUnit(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.OU, subject));
        xmlCertificate.setGivenName(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.GIVENNAME, subject));
        xmlCertificate.setSurname(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.SURNAME, subject));
        xmlCertificate.setPseudonym(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.PSEUDONYM, subject));
        xmlCertificate.setEmail(DSSASN1Utils.extractAttributeFromX500Principal(BCStyle.E, subject));
        List<String> subjectAlternativeNames = DSSASN1Utils.getSubjectAlternativeNames(certificateToken);
        if (Utils.isCollectionNotEmpty(subjectAlternativeNames)) {
            xmlCertificate.setSubjectAlternativeNames(subjectAlternativeNames);
        }
        xmlCertificate.setAuthorityInformationAccessUrls(getCleanedUrls(DSSASN1Utils.getCAAccessLocations(certificateToken)));
        xmlCertificate.setOCSPAccessUrls(getCleanedUrls(DSSASN1Utils.getOCSPAccessLocations(certificateToken)));
        xmlCertificate.setCRLDistributionPoints(getCleanedUrls(DSSASN1Utils.getCrlUrls(certificateToken)));
        xmlCertificate.setSources(getXmlCertificateSources(certificateToken));
        xmlCertificate.setNotAfter(certificateToken.getNotAfter());
        xmlCertificate.setNotBefore(certificateToken.getNotBefore());
        PublicKey publicKey = certificateToken.getPublicKey();
        xmlCertificate.setPublicKeySize(DSSPKUtils.getPublicKeySize(publicKey));
        xmlCertificate.setPublicKeyEncryptionAlgo(EncryptionAlgorithm.forKey(publicKey));
        xmlCertificate.setEntityKey(certificateToken.getEntityKey().asXmlId());
        xmlCertificate.setKeyUsageBits(certificateToken.getKeyUsageBits());
        xmlCertificate.setExtendedKeyUsages(getXmlOids(DSSASN1Utils.getExtendedKeyUsage(certificateToken)));
        xmlCertificate.setIdPkixOcspNoCheck(Boolean.valueOf(DSSASN1Utils.hasIdPkixOcspNoCheckExtension(certificateToken)));
        boolean hasValAssuredShortTermCertsExtension = DSSASN1Utils.hasValAssuredShortTermCertsExtension(certificateToken);
        if (hasValAssuredShortTermCertsExtension) {
            xmlCertificate.setValAssuredShortTermCertificate(Boolean.valueOf(hasValAssuredShortTermCertsExtension));
        }
        QcStatements qcStatements = QcStatementUtils.getQcStatements(certificateToken);
        if (qcStatements != null) {
            xmlCertificate.setQcStatements(new XmlQcStatementsBuilder().build(qcStatements));
        }
        xmlCertificate.setBasicSignature(getXmlBasicSignature(certificateToken));
        xmlCertificate.setCertificatePolicies(getXmlCertificatePolicies(DSSASN1Utils.getCertificatePolicies(certificateToken)));
        xmlCertificate.setSelfSigned(certificateToken.isSelfSigned());
        xmlCertificate.setTrusted(this.allCertificateSources.isTrusted(certificateToken));
        if (this.tokenExtractionStrategy.isCertificate()) {
            xmlCertificate.setBase64Encoded(certificateToken.getEncoded());
        } else {
            xmlCertificate.setDigestAlgoAndValue(getXmlDigestAlgoAndValue(this.defaultDigestAlgorithm, certificateToken.getDigest(this.defaultDigestAlgorithm)));
        }
        return xmlCertificate;
    }

    private List<CertificateSourceType> getXmlCertificateSources(CertificateToken certificateToken) {
        Set<CertificateSourceType> certificateSource;
        ArrayList arrayList = new ArrayList();
        if (this.allCertificateSources != null && (certificateSource = this.allCertificateSources.getCertificateSource(certificateToken)) != null) {
            arrayList.addAll(certificateSource);
        }
        if (Utils.isCollectionEmpty(arrayList)) {
            arrayList.add(CertificateSourceType.UNKNOWN);
        }
        return arrayList;
    }

    private Set<RevocationToken<?>> getRevocationsForCert(CertificateToken certificateToken) {
        HashSet hashSet = new HashSet();
        if (Utils.isCollectionNotEmpty(this.usedRevocations)) {
            for (RevocationToken revocationToken : this.usedRevocations) {
                if (Utils.areStringsEqual(certificateToken.getDSSIdAsString(), revocationToken.getRelatedCertificateId())) {
                    hashSet.add(revocationToken);
                }
            }
        }
        return hashSet;
    }

    private List<XmlCertificatePolicy> getXmlCertificatePolicies(List<CertificatePolicy> list) {
        ArrayList arrayList = new ArrayList();
        for (CertificatePolicy certificatePolicy : list) {
            XmlCertificatePolicy xmlCertificatePolicy = new XmlCertificatePolicy();
            xmlCertificatePolicy.setValue(certificatePolicy.getOid());
            xmlCertificatePolicy.setDescription(OidRepository.getDescription(certificatePolicy.getOid()));
            xmlCertificatePolicy.setCpsUrl(DSSUtils.removeControlCharacters(certificatePolicy.getCpsUrl()));
            arrayList.add(xmlCertificatePolicy);
        }
        return arrayList;
    }

    private List<XmlOID> getXmlOids(List<String> list) {
        ArrayList arrayList = new ArrayList();
        if (Utils.isCollectionNotEmpty(list)) {
            for (String str : list) {
                XmlOID xmlOID = new XmlOID();
                xmlOID.setValue(str);
                xmlOID.setDescription(OidRepository.getDescription(str));
                arrayList.add(xmlOID);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public XmlDigestAlgoAndValue getXmlDigestAlgoAndValue(Digest digest) {
        return digest == null ? getXmlDigestAlgoAndValue(null, null) : getXmlDigestAlgoAndValue(digest.getAlgorithm(), digest.getValue());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public XmlDigestAlgoAndValue getXmlDigestAlgoAndValue(DigestAlgorithm digestAlgorithm, byte[] bArr) {
        XmlDigestAlgoAndValue xmlDigestAlgoAndValue = new XmlDigestAlgoAndValue();
        xmlDigestAlgoAndValue.setDigestMethod(digestAlgorithm);
        xmlDigestAlgoAndValue.setDigestValue(bArr == null ? DSSUtils.EMPTY_BYTE_ARRAY : bArr);
        return xmlDigestAlgoAndValue;
    }
}
