package eu.europa.ec.markt.dss.validation102853.engine.rules.processes.subprocesses;

import eu.europa.ec.markt.dss.TSLConstant;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.validation102853.engine.function.XmlDom;
import eu.europa.ec.markt.dss.validation102853.engine.function.XmlNode;
import eu.europa.ec.markt.dss.validation102853.engine.rules.AttributeName;
import eu.europa.ec.markt.dss.validation102853.engine.rules.AttributeValue;
import eu.europa.ec.markt.dss.validation102853.engine.rules.ExceptionMessage;
import eu.europa.ec.markt.dss.validation102853.engine.rules.Indication;
import eu.europa.ec.markt.dss.validation102853.engine.rules.NodeName;
import eu.europa.ec.markt.dss.validation102853.engine.rules.NodeValue;
import eu.europa.ec.markt.dss.validation102853.engine.rules.ProcessParameters;
import eu.europa.ec.markt.dss.validation102853.engine.rules.RuleConstant;
import eu.europa.ec.markt.dss.validation102853.engine.rules.RuleUtils;
import eu.europa.ec.markt.dss.validation102853.engine.rules.SubIndication;
import eu.europa.ec.markt.dss.validation102853.engine.rules.processes.dss.ForLegalPerson;
import eu.europa.ec.markt.dss.validation102853.engine.rules.processes.dss.QualifiedCertificate;
import eu.europa.ec.markt.dss.validation102853.engine.rules.processes.dss.SSCD;
import eu.europa.ec.markt.dss.validation102853.engine.rules.wrapper.VConstraint;
import java.util.Date;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation102853/engine/rules/processes/subprocesses/X509CertificateValidation.class */
public class X509CertificateValidation implements Indication, SubIndication, NodeName, NodeValue, AttributeName, AttributeValue, ExceptionMessage, RuleConstant {
    private XmlDom diagnosticData;
    private VConstraint constraintData;
    private Date currentTime;
    private XmlDom signatureContext;
    private XmlDom contextElement;
    private String signingCertId;
    private XmlDom signingCert;
    private XmlNode subProcessNode;

    private void prepareParameters(ProcessParameters processParameters) {
        this.diagnosticData = processParameters.getDiagnosticData();
        this.constraintData = processParameters.getConstraintData();
        this.signatureContext = processParameters.getSignatureContext();
        this.contextElement = processParameters.getContextElement();
        this.currentTime = processParameters.getCurrentTime();
        this.signingCertId = processParameters.getSignCertId();
        this.signingCert = processParameters.getSignCert();
        isInitialised(processParameters);
    }

    private void isInitialised(ProcessParameters processParameters) {
        if (this.diagnosticData == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "diagnosticData"));
        }
        if (this.constraintData == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "policyData"));
        }
        if (this.currentTime == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "currentTime"));
        }
        if (this.signatureContext == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "signatureContext"));
        }
        if (this.contextElement == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "contextElement"));
        }
        if (this.signingCertId == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "signCertId"));
        }
        if (this.signingCert == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "signCert"));
        }
    }

    public boolean run(ProcessParameters processParameters, XmlNode xmlNode) {
        if (xmlNode == null) {
            throw new DSSException(String.format(ExceptionMessage.EXCEPTION_TCOPPNTBI, getClass().getSimpleName(), "processNode"));
        }
        prepareParameters(processParameters);
        this.subProcessNode = xmlNode.addChild(NodeName.XCV);
        XmlNode xmlNode2 = new XmlNode(NodeName.CONCLUSION);
        boolean process = process(processParameters, xmlNode2);
        if (process) {
            xmlNode2.addChild(NodeName.INDICATION, Indication.VALID);
            xmlNode2.setParent(this.subProcessNode);
        } else {
            this.subProcessNode.addChild(xmlNode2);
            xmlNode.addChild(xmlNode2);
        }
        return process;
    }

    private boolean process(ProcessParameters processParameters, XmlNode xmlNode) {
        XmlNode addConstraint = addConstraint(NodeValue.BBB_XCV_ICTIVRSC_LABEL, AttributeValue.BBB_XCV_ICTIVRSC);
        String value = this.signingCert.getValue("./NotAfter/text()", new Object[0]);
        Date parseDate = RuleUtils.parseDate(value);
        String value2 = this.signingCert.getValue("./NotBefore/text()", new Object[0]);
        boolean z = this.currentTime.compareTo(RuleUtils.parseDate(value2)) >= 0 && this.currentTime.compareTo(parseDate) <= 0;
        String value3 = this.signingCert.getValue("./TrustedServiceProvider/ExpiredCertsRevocationInfo/text()", new Object[0]);
        Date date = null;
        if (!value3.isEmpty()) {
            date = RuleUtils.parseDate(value3);
        }
        if (date == null && !z) {
            addConstraint.addChild(NodeName.STATUS, NodeValue.KO);
            xmlNode.addChild(NodeName.INDICATION, Indication.INDETERMINATE);
            xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.OUT_OF_BOUNDS_NO_POE);
            xmlNode.addChild(NodeName.INFO, NodeValue.BBB_XCV_CTINIVRSC_LABEL);
            xmlNode.addChild(NodeName.INFO, value2).setAttribute(AttributeName.FIELD, AttributeValue.NOT_BEFORE);
            xmlNode.addChild(NodeName.INFO, value).setAttribute(AttributeName.FIELD, AttributeValue.NOT_AFTER);
            return false;
        }
        addConstraint.addChild(NodeName.STATUS, "OK");
        if (date != null) {
            addConstraint.addChild(NodeName.INFO, value3).setAttribute(AttributeName.FIELD, AttributeValue.EXPIRED_CERTS_REVOCATION_INFO);
        }
        XmlNode addConstraint2 = addConstraint(NodeValue.BBB_XCV_CCCBB_LABEL, AttributeValue.BBB_XCV_CCCBB);
        String value4 = this.contextElement.getValue("./CertificateChain/ChainCertificate[last()]/@Id", new Object[0]);
        XmlDom certificate = processParameters.getCertificate(value4);
        boolean z2 = false;
        if (certificate != null) {
            z2 = certificate.getBoolValue("./Trusted/text()", new Object[0]);
        }
        if (!z2) {
            addConstraint2.addChild(NodeName.STATUS, NodeValue.KO);
            xmlNode.addChild(NodeName.INDICATION, Indication.INDETERMINATE);
            xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.NO_CERTIFICATE_CHAIN_FOUND);
            xmlNode.addChild(NodeName.INFO, NodeValue.BBB_XCV_CCINT_LABEL);
            return false;
        }
        addConstraint2.addChild(NodeName.STATUS, "OK");
        List<XmlDom> elements = this.contextElement.getElements("./CertificateChain/ChainCertificate", new Object[0]);
        Iterator<XmlDom> it2 = elements.iterator();
        while (it2.hasNext()) {
            String value5 = it2.next().getValue("./@Id", new Object[0]);
            XmlDom certificate2 = processParameters.getCertificate(value5);
            if (!certificate2.getBoolValue("./Trusted/text()", new Object[0])) {
                XmlNode addConstraint3 = addConstraint(String.format(NodeValue.BBB_XCV_IRDPFC_LABEL, value5), AttributeValue.BBB_XCV_IRDPFC);
                XmlDom element = certificate2.getElement("./Revocation", new Object[0]);
                if (element == null) {
                    addConstraint3.addChild(NodeName.STATUS, NodeValue.KO);
                    xmlNode.addChild(NodeName.INDICATION, Indication.INDETERMINATE);
                    xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.TRY_LATER);
                    xmlNode.addChild(NodeName.INFO, String.format(NodeValue.BBB_XCV_NRDFC_LABEL, value5));
                    return false;
                }
                addConstraint3.addChild(NodeName.STATUS, "OK");
                boolean isRevocationFreshnessToBeChecked = this.constraintData.isRevocationFreshnessToBeChecked();
                boolean z3 = !isRevocationFreshnessToBeChecked;
                String value6 = element.getValue("./IssuingTime/text()", new Object[0]);
                if (isRevocationFreshnessToBeChecked && !value6.isEmpty() && this.currentTime.getTime() - RuleUtils.parseDate(value6).getTime() <= this.constraintData.getMaxRevocationFreshness().longValue()) {
                    z3 = true;
                }
                boolean boolValue = element.getBoolValue("./Status/text()", new Object[0]);
                String value7 = element.getValue("./NextUpdate/text()", new Object[0]);
                if (boolValue) {
                    XmlNode addConstraint4 = addConstraint(String.format(NodeValue.BBB_XCV_IRIF_LABEL, value5), AttributeValue.BBB_XCV_IRIF);
                    if (!z3) {
                        addConstraint4.addChild(NodeName.STATUS, NodeValue.KO);
                        xmlNode.addChild(NodeName.INDICATION, Indication.INDETERMINATE);
                        xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.TRY_LATER);
                        xmlNode.addChild(NodeName.INFO, String.format(NodeValue.BBB_XCV_TVA_LABEL, value7));
                        xmlNode.addChild(NodeName.INFO, String.format(NodeValue.BBB_XCV_RIT_LABEL, value6));
                        xmlNode.addChild(NodeName.INFO, String.format(NodeValue.BBB_XCV_MAORD_LABEL, this.constraintData.getFormatedMaxRevocationFreshness()));
                        return false;
                    }
                    addConstraint4.addChild(NodeName.STATUS, "OK");
                }
                if (this.signingCertId.equals(value5)) {
                    XmlNode addConstraint5 = addConstraint(NodeValue.BBB_XCV_ISCR_LABEL, AttributeValue.BBB_XCV_ISCR);
                    String value8 = element.getValue("./Reason/text()", new Object[0]);
                    String value9 = element.getValue("./DateTime/text()", new Object[0]);
                    if (!boolValue && !value8.equals(RuleConstant.CRL_REASON_CERTIFICATE_HOLD)) {
                        addConstraint5.addChild(NodeName.STATUS, NodeValue.KO);
                        xmlNode.addChild(NodeName.INDICATION, Indication.INDETERMINATE);
                        xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.REVOKED_NO_POE);
                        if (!value9.isEmpty()) {
                            xmlNode.addChild(NodeName.INFO, value9).setAttribute(AttributeName.FIELD, AttributeValue.REVOCATION_TIME);
                        }
                        if (value8.isEmpty()) {
                            return false;
                        }
                        xmlNode.addChild(NodeName.INFO, value8).setAttribute(AttributeName.FIELD, AttributeValue.REVOCATION_REASON);
                        return false;
                    }
                    addConstraint5.addChild(NodeName.STATUS, "OK");
                    XmlNode addConstraint6 = addConstraint(NodeValue.BBB_XCV_ISCOH_LABEL, AttributeValue.BBB_XCV_ISCOH);
                    if (!boolValue && value8.equals(RuleConstant.CRL_REASON_CERTIFICATE_HOLD)) {
                        addConstraint6.addChild(NodeName.STATUS, NodeValue.KO);
                        xmlNode.addChild(NodeName.INDICATION, Indication.INDETERMINATE);
                        xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.TRY_LATER);
                        xmlNode.addChild(NodeName.INFO, String.format(NodeValue.BBB_XCV_ST_LABEL, value9));
                        xmlNode.addChild(NodeName.INFO, String.format(NodeValue.BBB_XCV_TVA_LABEL, value7));
                        return false;
                    }
                    addConstraint6.addChild(NodeName.STATUS, "OK");
                    XmlNode addConstraint7 = addConstraint(NodeValue.CTS_WITSS_LABEL, AttributeValue.CTS_ITSUS);
                    XmlDom element2 = certificate2.getElement("./TrustedServiceProvider", new Object[0]);
                    String value10 = element2.getValue("./Status/text()", new Object[0]);
                    addConstraint7.addChild(NodeName.STATUS, "OK");
                    addConstraint7.addChild(NodeName.INFO, value10).setAttribute(AttributeName.FIELD, AttributeValue.TRUSTED_SERVICE_STATUS);
                    if (!TSLConstant.SERVICE_STATUS_UNDERSUPERVISION.equals(value10) && !TSLConstant.SERVICE_STATUS_SUPERVISIONINCESSATION.equals(value10) && !TSLConstant.SERVICE_STATUS_ACCREDITED.equals(value10) && !value10.isEmpty()) {
                        element2.getTimeValue("./StartDate/text()", new Object[0]);
                    }
                } else {
                    XmlNode addConstraint8 = addConstraint(String.format(NodeValue.BBB_XCV_IICR_LABEL, value5), AttributeValue.BBB_XCV_IICR);
                    if (!boolValue) {
                        addConstraint8.addChild(NodeName.STATUS, NodeValue.KO);
                        xmlNode.addChild(NodeName.INDICATION, Indication.INDETERMINATE);
                        xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.REVOKED_CA_NO_POE);
                        return false;
                    }
                    addConstraint8.addChild(NodeName.STATUS, "OK");
                }
                XmlNode addConstraint9 = addConstraint(NodeValue.BBB_XCV_ARDCCM_LABEL, AttributeValue.BBB_XCV_ARDCCM);
                RevocationCryptographicConstraint revocationCryptographicConstraint = new RevocationCryptographicConstraint();
                XmlDom contextElement = processParameters.getContextElement();
                processParameters.setContextElement(element);
                XmlNode xmlNode2 = new XmlNode("");
                boolean run = revocationCryptographicConstraint.run(processParameters, xmlNode2);
                processParameters.setContextElement(contextElement);
                if (!run) {
                    addConstraint9.addChild(NodeName.STATUS, NodeValue.KO);
                    xmlNode.addChild(NodeName.INDICATION, Indication.INVALID);
                    xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.CRYPTO_CONSTRAINTS_FAILURE);
                    xmlNode.addChildrenOf(xmlNode2);
                    return false;
                }
                addConstraint9.addChild(NodeName.STATUS, "OK");
                if (!certificate2.getBoolValue("./TokenSignatureIntact/text()", new Object[0])) {
                    addConstraint9.addChild(NodeName.STATUS, NodeValue.KO);
                    xmlNode.addChild(NodeName.INDICATION, Indication.INDETERMINATE);
                    xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.NO_CERTIFICATE_CHAIN_FOUND);
                    XmlNode addChild = xmlNode.addChild(NodeName.INFO, NodeValue.XCV_SOCIS_LABEL);
                    addChild.setAttribute(AttributeName.FIELD, AttributeValue.CERT_ID);
                    addChild.setAttribute(AttributeValue.CERT_ID, value5);
                    return false;
                }
            }
        }
        addConstraint(NodeValue.BBB_XCV_ACCM_LABEL, AttributeValue.BBB_XCV_ACCM).addChild(NodeName.STATUS, "OK");
        boolean equals = NodeName.TIMESTAMP.equals(this.contextElement.getName());
        Boolean run2 = new QualifiedCertificate(this.constraintData).run(equals, this.signingCert);
        if (run2 != null) {
            XmlNode addConstraint10 = addConstraint(NodeValue.BBB_XCV_CMDCIQC_LABEL, AttributeValue.BBB_XCV_CMDCIQC);
            if (!run2.booleanValue()) {
                addConstraint10.addChild(NodeName.STATUS, NodeValue.KO);
                xmlNode.addChild(NodeName.INDICATION, Indication.INVALID);
                xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.CHAIN_CONSTRAINTS_FAILURE);
                xmlNode.addChild(NodeName.INFO, NodeValue.BBB_XCV_SCINQ_LABEL);
                return false;
            }
            addConstraint10.addChild(NodeName.STATUS, "OK");
        }
        Boolean run3 = new SSCD(this.constraintData).run(equals, this.signingCert);
        if (run3 != null) {
            XmlNode addConstraint11 = addConstraint(NodeValue.BBB_XCV_CMDCISSCD_LABEL, AttributeValue.BBB_XCV_CMDCISSCD);
            if (!run3.booleanValue()) {
                addConstraint11.addChild(NodeName.STATUS, NodeValue.KO);
                xmlNode.addChild(NodeName.INDICATION, Indication.INVALID);
                xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.CHAIN_CONSTRAINTS_FAILURE);
                return false;
            }
            addConstraint11.addChild(NodeName.STATUS, "OK");
        }
        Boolean run4 = new ForLegalPerson(this.constraintData).run(equals, this.signingCert);
        if (run4 != null) {
            XmlNode addConstraint12 = addConstraint(NodeValue.BBB_XCV_CMDCIITLP_LABEL, AttributeValue.BBB_XCV_CMDCIITLP);
            if (!run4.booleanValue()) {
                addConstraint12.addChild(NodeName.STATUS, NodeValue.KO);
                xmlNode.addChild(NodeName.INDICATION, Indication.INVALID);
                xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.CHAIN_CONSTRAINTS_FAILURE);
                return false;
            }
            addConstraint12.addChild(NodeName.STATUS, "OK");
        }
        XmlNode addConstraint13 = addConstraint(NodeValue.BBB_XCV_ACCCM_LABEL, AttributeValue.BBB_XCV_ACCCM);
        boolean z4 = false;
        XmlNode xmlNode3 = new XmlNode("Container");
        Iterator<XmlDom> it3 = elements.iterator();
        while (it3.hasNext()) {
            String value11 = it3.next().getValue("./@Id", new Object[0]);
            if (value11.equals(value4) && z2) {
                z4 = true;
            } else {
                XmlDom certificate3 = processParameters.getCertificate(value11);
                XCVCryptographicConstraint xCVCryptographicConstraint = new XCVCryptographicConstraint();
                XCVCryptoConstraintParameters xCVCryptoConstraintParameters = new XCVCryptoConstraintParameters(processParameters);
                xCVCryptoConstraintParameters.setContextElement(certificate3);
                if (!value11.equals(this.signingCertId)) {
                    xCVCryptoConstraintParameters.setContextName(NodeName.CA_CERTIFICATE);
                }
                z4 = xCVCryptographicConstraint.run(xCVCryptoConstraintParameters, xmlNode3);
                if (!z4) {
                    break;
                }
            }
        }
        if (z4) {
            addConstraint13.addChild(NodeName.STATUS, "OK");
            return true;
        }
        addConstraint13.addChild(NodeName.STATUS, NodeValue.KO);
        xmlNode.addChild(NodeName.INDICATION, Indication.INDETERMINATE);
        xmlNode.addChild(NodeName.SUB_INDICATION, SubIndication.CRYPTO_CONSTRAINTS_FAILURE_NO_POE);
        xmlNode.addChildrenOf(xmlNode3);
        return false;
    }

    private XmlNode addConstraint(String str, String str2) {
        XmlNode addChild = this.subProcessNode.addChild(NodeName.CONSTRAINT);
        addChild.addChild("Name", str).setAttribute(AttributeName.NAME_ID, str2);
        return addChild;
    }
}
