package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.diagnostic.jaxb.XmlDiagnosticData;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.TokenExtractionStrategy;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.revocation.crl.CRL;
import eu.europa.esig.dss.model.x509.revocation.ocsp.OCSP;
import eu.europa.esig.dss.policy.EtsiValidationPolicy;
import eu.europa.esig.dss.policy.ValidationPolicy;
import eu.europa.esig.dss.policy.ValidationPolicyFacade;
import eu.europa.esig.dss.policy.jaxb.ConstraintsParameters;
import eu.europa.esig.dss.spi.DSSSecurityProvider;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.CertificateValidity;
import eu.europa.esig.dss.spi.x509.CommonCertificateSource;
import eu.europa.esig.dss.spi.x509.ListCertificateSource;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.executor.DocumentProcessExecutor;
import eu.europa.esig.dss.validation.executor.ValidationLevel;
import eu.europa.esig.dss.validation.executor.signature.DefaultSignatureProcessExecutor;
import eu.europa.esig.dss.validation.reports.Reports;
import eu.europa.esig.dss.validation.scope.SignatureScopeFinder;
import eu.europa.esig.dss.validation.timestamp.TimestampToken;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.Security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.ServiceLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/SignedDocumentValidator.class */
public abstract class SignedDocumentValidator implements DocumentValidator {
    private static final Logger LOG = LoggerFactory.getLogger(SignedDocumentValidator.class);
    protected DocumentProcessExecutor processExecutor;
    protected DSSDocument document;
    protected List<DSSDocument> detachedContents;
    protected List<DSSDocument> containerContents;
    protected ManifestFile manifestFile;
    protected CertificateSource signingCertificateSource;
    private Date validationTime;
    protected CertificateVerifier certificateVerifier;
    private TokenExtractionStrategy tokenExtractionStrategy;
    private boolean includeSemantics;
    protected final SignatureScopeFinder signatureScopeFinder;
    private SignaturePolicyProvider signaturePolicyProvider;
    private ValidationLevel validationLevel;
    private Locale locale;
    private boolean enableEtsiValidationReport;
    protected boolean skipValidationContextExecution;

    /* JADX INFO: Access modifiers changed from: protected */
    public SignedDocumentValidator() {
        this.processExecutor = null;
        this.detachedContents = new ArrayList();
        this.tokenExtractionStrategy = TokenExtractionStrategy.NONE;
        this.includeSemantics = false;
        this.validationLevel = ValidationLevel.ARCHIVAL_DATA;
        this.locale = Locale.getDefault();
        this.enableEtsiValidationReport = true;
        this.skipValidationContextExecution = false;
        this.signatureScopeFinder = null;
    }

    protected SignedDocumentValidator(SignatureScopeFinder signatureScopeFinder) {
        this.processExecutor = null;
        this.detachedContents = new ArrayList();
        this.tokenExtractionStrategy = TokenExtractionStrategy.NONE;
        this.includeSemantics = false;
        this.validationLevel = ValidationLevel.ARCHIVAL_DATA;
        this.locale = Locale.getDefault();
        this.enableEtsiValidationReport = true;
        this.skipValidationContextExecution = false;
        this.signatureScopeFinder = signatureScopeFinder;
    }

    protected void setSignedScopeFinderDefaultDigestAlgorithm(DigestAlgorithm digestAlgorithm) {
        if (this.signatureScopeFinder != null) {
            this.signatureScopeFinder.setDefaultDigestAlgorithm(digestAlgorithm);
        }
    }

    public static SignedDocumentValidator fromDocument(DSSDocument dSSDocument) {
        Objects.requireNonNull(dSSDocument, "DSSDocument is null");
        Iterator it = ServiceLoader.load(DocumentValidatorFactory.class).iterator();
        while (it.hasNext()) {
            DocumentValidatorFactory documentValidatorFactory = (DocumentValidatorFactory) it.next();
            if (documentValidatorFactory.isSupported(dSSDocument)) {
                return documentValidatorFactory.create(dSSDocument);
            }
        }
        throw new DSSException("Document format not recognized/handled");
    }

    public abstract boolean isSupported(DSSDocument dSSDocument);

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    @Deprecated
    public void defineSigningCertificate(CertificateToken certificateToken) {
        Objects.requireNonNull(certificateToken, "Token is not defined");
        CommonCertificateSource commonCertificateSource = new CommonCertificateSource();
        commonCertificateSource.addCertificate(certificateToken);
        setSigningCertificateSource(commonCertificateSource);
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setSigningCertificateSource(CertificateSource certificateSource) {
        this.signingCertificateSource = certificateSource;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setCertificateVerifier(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setTokenExtractionStrategy(TokenExtractionStrategy tokenExtractionStrategy) {
        Objects.requireNonNull(tokenExtractionStrategy);
        this.tokenExtractionStrategy = tokenExtractionStrategy;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setIncludeSemantics(boolean z) {
        this.includeSemantics = z;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setDetachedContents(List<DSSDocument> list) {
        this.detachedContents = list;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setContainerContents(List<DSSDocument> list) {
        this.containerContents = list;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setManifestFile(ManifestFile manifestFile) {
        this.manifestFile = manifestFile;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DigestAlgorithm getDefaultDigestAlgorithm() {
        return this.certificateVerifier.getDefaultDigestAlgorithm();
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setValidationTime(Date date) {
        this.validationTime = date;
    }

    protected Date getValidationTime() {
        if (this.validationTime == null) {
            this.validationTime = new Date();
        }
        return this.validationTime;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setValidationLevel(ValidationLevel validationLevel) {
        this.validationLevel = validationLevel;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setEnableEtsiValidationReport(boolean z) {
        this.enableEtsiValidationReport = z;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument() {
        return validateDocument((InputStream) null);
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument(URL url) {
        if (url == null) {
            return validateDocument((InputStream) null);
        }
        try {
            return validateDocument(url.openStream());
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument(String str) {
        return str == null ? validateDocument((InputStream) null) : validateDocument(getClass().getResourceAsStream(str));
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument(File file) {
        return (file == null || !file.exists()) ? validateDocument((InputStream) null) : validateDocument(DSSUtils.toByteArrayInputStream(file));
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument(InputStream inputStream) {
        ValidationPolicy validationPolicy;
        try {
            if (inputStream == null) {
                LOG.debug("No provided validation policy : use the default policy");
                validationPolicy = ValidationPolicyFacade.newFacade().getDefaultValidationPolicy();
            } else {
                validationPolicy = ValidationPolicyFacade.newFacade().getValidationPolicy(inputStream);
            }
            return validateDocument(validationPolicy);
        } catch (Exception e) {
            throw new DSSException("Unable to load the policy", e);
        }
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument(ConstraintsParameters constraintsParameters) {
        return validateDocument((ValidationPolicy) new EtsiValidationPolicy(constraintsParameters));
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public Reports validateDocument(ValidationPolicy validationPolicy) {
        LOG.info("Document validation...");
        assertConfigurationValid();
        return processValidationPolicy(prepareDiagnosticDataBuilder(new SignatureValidationContext()).build(), validationPolicy);
    }

    protected void assertConfigurationValid() {
        Objects.requireNonNull(this.certificateVerifier, "CertificateVerifier is not defined");
        Objects.requireNonNull(this.document, "Document is not provided to the validator");
    }

    protected DiagnosticDataBuilder prepareDiagnosticDataBuilder(ValidationContext validationContext) {
        List<AdvancedSignature> allSignatures = getAllSignatures();
        List<TimestampToken> detachedTimestamps = getDetachedTimestamps();
        ListRevocationSource<CRL> mergeCRLSources = mergeCRLSources(allSignatures, detachedTimestamps);
        ListRevocationSource<OCSP> mergeOCSPSources = mergeOCSPSources(allSignatures, detachedTimestamps);
        prepareCertificateVerifier(mergeCRLSources, mergeOCSPSources, mergeCertificateSource(allSignatures, detachedTimestamps));
        prepareSignatureValidationContext(validationContext, allSignatures);
        prepareDetachedTimestampValidationContext(validationContext, detachedTimestamps);
        if (!this.skipValidationContextExecution) {
            validateContext(validationContext);
        }
        return createDiagnosticDataBuilder(validationContext, allSignatures, mergeCRLSources, mergeOCSPSources);
    }

    protected SignedDocumentDiagnosticDataBuilder initializeDiagnosticDataBuilder() {
        return new SignedDocumentDiagnosticDataBuilder();
    }

    protected DiagnosticDataBuilder createDiagnosticDataBuilder(ValidationContext validationContext, List<AdvancedSignature> list, ListRevocationSource<CRL> listRevocationSource, ListRevocationSource<OCSP> listRevocationSource2) {
        return initializeDiagnosticDataBuilder().document(this.document).foundSignatures(list).usedTimestamps(validationContext.getProcessedTimestamps()).completeCRLSource(listRevocationSource).completeOCSPSource(listRevocationSource2).signaturePolicyProvider(getSignaturePolicyProvider()).usedCertificates(validationContext.getProcessedCertificates()).usedRevocations(validationContext.getProcessedRevocations()).defaultDigestAlgorithm(this.certificateVerifier.getDefaultDigestAlgorithm()).tokenExtractionStrategy(this.tokenExtractionStrategy).certificateSourceTypes(validationContext.getCertificateSourceTypes()).trustedCertificateSources(this.certificateVerifier.getTrustedCertSources()).validationDate(getValidationTime());
    }

    protected void prepareCertificateVerifier(ListRevocationSource<CRL> listRevocationSource, ListRevocationSource<OCSP> listRevocationSource2, ListCertificateSource listCertificateSource) {
        this.certificateVerifier.setSignatureCRLSource(listRevocationSource);
        this.certificateVerifier.setSignatureOCSPSource(listRevocationSource2);
        this.certificateVerifier.setSignatureCertificateSource(listCertificateSource);
    }

    protected ListRevocationSource<CRL> mergeCRLSources(Collection<AdvancedSignature> collection, Collection<TimestampToken> collection2) {
        ListRevocationSource<CRL> listRevocationSource = new ListRevocationSource<>();
        if (Utils.isCollectionNotEmpty(collection)) {
            for (AdvancedSignature advancedSignature : collection) {
                listRevocationSource.add(advancedSignature.getCRLSource());
                listRevocationSource.addAll(advancedSignature.getTimestampSource().getTimestampCRLSources());
            }
        }
        if (Utils.isCollectionNotEmpty(collection2)) {
            Iterator<TimestampToken> it = collection2.iterator();
            while (it.hasNext()) {
                listRevocationSource.add(it.next().getCRLSource());
            }
        }
        return listRevocationSource;
    }

    protected ListRevocationSource<OCSP> mergeOCSPSources(Collection<AdvancedSignature> collection, Collection<TimestampToken> collection2) {
        ListRevocationSource<OCSP> listRevocationSource = new ListRevocationSource<>();
        if (Utils.isCollectionNotEmpty(collection)) {
            for (AdvancedSignature advancedSignature : collection) {
                listRevocationSource.add(advancedSignature.getOCSPSource());
                listRevocationSource.addAll(advancedSignature.getTimestampSource().getTimestampOCSPSources());
            }
        }
        if (Utils.isCollectionNotEmpty(collection2)) {
            Iterator<TimestampToken> it = collection2.iterator();
            while (it.hasNext()) {
                listRevocationSource.add(it.next().getOCSPSource());
            }
        }
        return listRevocationSource;
    }

    protected ListCertificateSource mergeCertificateSource(Collection<AdvancedSignature> collection, Collection<TimestampToken> collection2) {
        ListCertificateSource listCertificateSource = new ListCertificateSource();
        if (Utils.isCollectionNotEmpty(collection)) {
            Iterator<AdvancedSignature> it = collection.iterator();
            while (it.hasNext()) {
                listCertificateSource.addAll(it.next().getCompleteCertificateSource());
            }
        }
        if (Utils.isCollectionNotEmpty(collection2)) {
            Iterator<TimestampToken> it2 = collection2.iterator();
            while (it2.hasNext()) {
                listCertificateSource.add(it2.next().getCertificateSource());
            }
        }
        return listCertificateSource;
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void prepareSignatureValidationContext(ValidationContext validationContext, List<AdvancedSignature> list) {
        prepareCertificatesAndTimestamps(validationContext, list);
        processSignaturesValidation(list);
    }

    protected void prepareCertificatesAndTimestamps(ValidationContext validationContext, List<AdvancedSignature> list) {
        for (AdvancedSignature advancedSignature : list) {
            List<CertificateValidity> certificateValidityList = advancedSignature.getCandidatesForSigningCertificate().getCertificateValidityList();
            if (Utils.isCollectionNotEmpty(certificateValidityList)) {
                for (CertificateValidity certificateValidity : certificateValidityList) {
                    if (certificateValidity.isValid() && certificateValidity.getCertificateToken() != null) {
                        validationContext.addCertificateTokenForVerification(certificateValidity.getCertificateToken());
                    }
                }
            }
            Iterator<CertificateToken> it = advancedSignature.getCertificates().iterator();
            while (it.hasNext()) {
                validationContext.addCertificateTokenForVerification(it.next());
            }
            advancedSignature.prepareTimestamps(validationContext);
        }
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void prepareDetachedTimestampValidationContext(ValidationContext validationContext, List<TimestampToken> list) {
        Iterator<TimestampToken> it = list.iterator();
        while (it.hasNext()) {
            validationContext.addTimestampTokenForVerification(it.next());
        }
    }

    protected void validateContext(ValidationContext validationContext) {
        validationContext.initialize(this.certificateVerifier);
        validationContext.validate();
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void setSignaturePolicyProvider(SignaturePolicyProvider signaturePolicyProvider) {
        this.signaturePolicyProvider = signaturePolicyProvider;
    }

    protected SignaturePolicyProvider getSignaturePolicyProvider() {
        if (this.signaturePolicyProvider == null) {
            this.signaturePolicyProvider = new SignaturePolicyProvider();
            this.signaturePolicyProvider.setDataLoader(this.certificateVerifier.getDataLoader());
        }
        return this.signaturePolicyProvider;
    }

    @Override // eu.europa.esig.dss.validation.ProcessExecutorProvider
    public void setProcessExecutor(DocumentProcessExecutor documentProcessExecutor) {
        this.processExecutor = documentProcessExecutor;
    }

    protected DocumentProcessExecutor provideProcessExecutorInstance() {
        if (this.processExecutor == null) {
            this.processExecutor = getDefaultProcessExecutor();
        }
        return this.processExecutor;
    }

    @Override // eu.europa.esig.dss.validation.ProcessExecutorProvider
    public DocumentProcessExecutor getDefaultProcessExecutor() {
        return new DefaultSignatureProcessExecutor();
    }

    protected final Reports processValidationPolicy(XmlDiagnosticData xmlDiagnosticData, ValidationPolicy validationPolicy) {
        DocumentProcessExecutor provideProcessExecutorInstance = provideProcessExecutorInstance();
        provideProcessExecutorInstance.setValidationPolicy(validationPolicy);
        provideProcessExecutorInstance.setValidationLevel(this.validationLevel);
        provideProcessExecutorInstance.setDiagnosticData(xmlDiagnosticData);
        provideProcessExecutorInstance.setIncludeSemantics(this.includeSemantics);
        provideProcessExecutorInstance.setEnableEtsiValidationReport(this.enableEtsiValidationReport);
        provideProcessExecutorInstance.setLocale(this.locale);
        provideProcessExecutorInstance.setCurrentTime(getValidationTime());
        return provideProcessExecutorInstance.execute();
    }

    protected List<AdvancedSignature> getAllSignatures() {
        setSignedScopeFinderDefaultDigestAlgorithm(this.certificateVerifier.getDefaultDigestAlgorithm());
        ArrayList arrayList = new ArrayList();
        for (AdvancedSignature advancedSignature : getSignatures()) {
            arrayList.add(advancedSignature);
            appendCounterSignatures(arrayList, advancedSignature);
        }
        findSignatureScopes(arrayList);
        return arrayList;
    }

    protected void appendCounterSignatures(List<AdvancedSignature> list, AdvancedSignature advancedSignature) {
        for (AdvancedSignature advancedSignature2 : advancedSignature.getCounterSignatures()) {
            advancedSignature2.prepareOfflineCertificateVerifier(this.certificateVerifier);
            list.add(advancedSignature2);
            appendCounterSignatures(list, advancedSignature2);
        }
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public List<AdvancedSignature> getSignatures() {
        return Collections.emptyList();
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public List<TimestampToken> getDetachedTimestamps() {
        return Collections.emptyList();
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void processSignaturesValidation(List<AdvancedSignature> list) {
        Iterator<AdvancedSignature> it = list.iterator();
        while (it.hasNext()) {
            it.next().checkSignatureIntegrity();
        }
    }

    @Override // eu.europa.esig.dss.validation.DocumentValidator
    public void findSignatureScopes(List<AdvancedSignature> list) {
        Iterator<AdvancedSignature> it = list.iterator();
        while (it.hasNext()) {
            it.next().findSignatureScope(this.signatureScopeFinder);
        }
    }

    public void setSkipValidationContextExecution(boolean z) {
        this.skipValidationContextExecution = z;
    }

    public void setLocale(Locale locale) {
        this.locale = locale;
    }

    static {
        Security.addProvider(DSSSecurityProvider.getSecurityProvider());
    }
}
