package se.signatureservice.transactionsigning.validationservice;

import eu.europa.esig.dss.enumerations.Indication;
import eu.europa.esig.dss.enumerations.SubIndication;
import eu.europa.esig.dss.jaxb.object.Message;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.service.crl.OnlineCRLSource;
import eu.europa.esig.dss.service.ocsp.OnlineOCSPSource;
import eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.CommonCertificateVerifier;
import eu.europa.esig.dss.validation.SignedDocumentValidator;
import eu.europa.esig.dss.validation.reports.Reports;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.signatureservice.transactionsigning.ValidatorConfig;
import se.signatureservice.transactionsigning.common.InvalidConfigurationException;
import se.signatureservice.transactionsigning.common.InvalidParameterException;
import se.signatureservice.transactionsigning.common.KeyStoreCertificateSource;
import se.signatureservice.transactionsigning.common.SignedDocument;
import se.signatureservice.transactionsigning.common.ValidationException;
import se.signatureservice.transactionsigning.common.ValidationIOException;
import se.signatureservice.transactionsigning.util.DSSUtils;
import signservice.org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:se/signatureservice/transactionsigning/validationservice/DefaultValidationService.class */
public class DefaultValidationService implements ValidationService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultValidationService.class);
    private ValidatorConfig config;
    private boolean initialized;
    private CertificateVerifier certificateVerifier;

    @Override // se.signatureservice.transactionsigning.validationservice.ValidationService
    public void init(ValidatorConfig validatorConfig) throws InvalidConfigurationException {
        this.config = validatorConfig;
        if (validatorConfig.getTrustStore() == null) {
            throw new InvalidConfigurationException("Validation truststore is missing");
        }
        this.initialized = true;
    }

    @Override // se.signatureservice.transactionsigning.validationservice.ValidationService
    public void validateDocuments(List<SignedDocument> list) throws ValidationException, ValidationIOException, InvalidParameterException {
        List<Message> adESValidationWarnings;
        if (!this.initialized) {
            throw new ValidationException("ValidationService must be initialized before calling validateDocuments");
        }
        try {
            String policyName = this.config.getPolicyName();
            Iterator<SignedDocument> it = list.iterator();
            while (it.hasNext()) {
                SignedDocumentValidator fromDocument = SignedDocumentValidator.fromDocument(DSSUtils.createDSSDocument(it.next()));
                fromDocument.setCertificateVerifier(getCertificateVerifier());
                Reports validateDocument = fromDocument.validateDocument(policyName);
                if (log.isDebugEnabled()) {
                    log.debug(validateDocument.getXmlValidationReport());
                    log.debug(validateDocument.getXmlSimpleReport());
                }
                for (String str : validateDocument.getSimpleReport().getSignatureIdList()) {
                    Indication indication = validateDocument.getSimpleReport().getIndication(str);
                    SubIndication subIndication = validateDocument.getSimpleReport().getSubIndication(str);
                    if (indication != Indication.TOTAL_PASSED) {
                        throw new ValidationException("Validation failed for signature id (" + str + "). Indication: " + indication + ", Sub indication: " + subIndication + " (" + StringUtils.join(validateDocument.getSimpleReport().getAdESValidationErrors(str)) + ")");
                    }
                    if (this.config.isStrictValidation() && (adESValidationWarnings = validateDocument.getSimpleReport().getAdESValidationWarnings(str)) != null && adESValidationWarnings.size() > 0) {
                        ArrayList arrayList = new ArrayList();
                        Iterator<Message> it2 = adESValidationWarnings.iterator();
                        while (it2.hasNext()) {
                            arrayList.add(it2.next().getValue());
                        }
                        throw new ValidationException("Strict validation failed for signature id (" + str + "): " + StringUtils.join(arrayList, ","));
                    }
                }
            }
        } catch (Exception e) {
            if (!(e instanceof ValidationException)) {
                throw new ValidationException("Internal error when performing validation: " + e.getMessage(), e);
            }
            throw e;
        }
    }

    private CertificateVerifier getCertificateVerifier() throws ValidationException {
        if (this.certificateVerifier == null) {
            try {
                this.certificateVerifier = new CommonCertificateVerifier();
                if (!this.config.isDisableRevocation()) {
                    this.certificateVerifier.setCrlSource(new OnlineCRLSource());
                    this.certificateVerifier.setOcspSource(new OnlineOCSPSource());
                }
                KeyStoreCertificateSource keyStoreCertificateSource = new KeyStoreCertificateSource(this.config.getTrustStore());
                TrustedListsCertificateSource trustedListsCertificateSource = new TrustedListsCertificateSource();
                HashMap hashMap = new HashMap();
                Iterator<CertificateToken> it = keyStoreCertificateSource.getCertificates().iterator();
                while (it.hasNext()) {
                    hashMap.put(it.next(), new ArrayList());
                }
                trustedListsCertificateSource.setTrustPropertiesByCertificates(hashMap);
                this.certificateVerifier.setTrustedCertSources(trustedListsCertificateSource);
            } catch (Exception e) {
                throw new ValidationException("Failed to initialize certificate verifier: " + e.getMessage(), e);
            }
        }
        return this.certificateVerifier;
    }
}
