package eu.europa.ec.markt.dss.validation;

import eu.europa.ec.markt.dss.CertificateIdentifier;
import eu.europa.ec.markt.dss.TSLConstant;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.exception.NotETSICompliantException;
import eu.europa.ec.markt.dss.signature.DSSDocument;
import eu.europa.ec.markt.dss.signature.InMemoryDocument;
import eu.europa.ec.markt.dss.signature.ProfileException;
import eu.europa.ec.markt.dss.validation.asic.ASiCXMLDocumentValidator;
import eu.europa.ec.markt.dss.validation.cades.CMSDocumentValidator;
import eu.europa.ec.markt.dss.validation.certificate.CertificateAndContext;
import eu.europa.ec.markt.dss.validation.report.CertPathRevocationAnalysis;
import eu.europa.ec.markt.dss.validation.report.QCStatementInformation;
import eu.europa.ec.markt.dss.validation.report.QualificationsVerification;
import eu.europa.ec.markt.dss.validation.report.Result;
import eu.europa.ec.markt.dss.validation.report.SignatureInformation;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelA;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelAnalysis;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelBES;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelC;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelEPES;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelLTV;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelT;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelX;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelXL;
import eu.europa.ec.markt.dss.validation.report.SignatureVerification;
import eu.europa.ec.markt.dss.validation.report.TimeInformation;
import eu.europa.ec.markt.dss.validation.report.TimestampVerificationResult;
import eu.europa.ec.markt.dss.validation.report.TrustedListInformation;
import eu.europa.ec.markt.dss.validation.report.ValidationReport;
import eu.europa.ec.markt.dss.validation.tsl.Condition;
import eu.europa.ec.markt.dss.validation.tsl.PolicyIdCondition;
import eu.europa.ec.markt.dss.validation.tsl.QcStatementCondition;
import eu.europa.ec.markt.dss.validation.x509.TimestampToken;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.x509.qualified.ETSIQCObjectIdentifiers;
import org.bouncycastle.ocsp.BasicOCSPResp;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation/SignedDocumentValidator.class */
public abstract class SignedDocumentValidator {
    private static final Logger LOG = Logger.getLogger(SignedDocumentValidator.class.getName());
    private static final String SVC_INFO = "http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/SvcInfoExt/";
    protected DSSDocument document;
    protected DSSDocument externalContent;
    private CertificateVerifier certificateVerifier;
    private final Condition qcp = new PolicyIdCondition("0.4.0.1456.1.2");
    private final Condition qcpplus = new PolicyIdCondition("0.4.0.1456.1.1");
    private final Condition qccompliance = new QcStatementCondition(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance);
    private final Condition qcsscd = new QcStatementCondition(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD);
    private static final String MIMETYPE = "mimetype";
    private static final String PATTERN_SIGNATURES_XML = "META-INF/(.*)(?i)signature(.*).xml";
    private static final String PATTERN_SIGNATURES_P7S = "META-INF/(.*)(?i)signature(.*).p7s";

    public DSSDocument getDocument() {
        return this.document;
    }

    /* JADX WARN: Removed duplicated region for block: B:96:0x019a A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static eu.europa.ec.markt.dss.validation.SignedDocumentValidator fromDocument(eu.europa.ec.markt.dss.signature.DSSDocument r5) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 422
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: eu.europa.ec.markt.dss.validation.SignedDocumentValidator.fromDocument(eu.europa.ec.markt.dss.signature.DSSDocument):eu.europa.ec.markt.dss.validation.SignedDocumentValidator");
    }

    private static SignedDocumentValidator getInstanceForAsics(DSSDocument dSSDocument) throws IOException {
        ZipInputStream zipInputStream = new ZipInputStream(dSSDocument.openStream());
        String str = "";
        ByteArrayOutputStream byteArrayOutputStream = null;
        ByteArrayOutputStream byteArrayOutputStream2 = null;
        boolean z = false;
        boolean z2 = false;
        while (true) {
            try {
                try {
                    ZipEntry nextEntry = zipInputStream.getNextEntry();
                    if (nextEntry == null) {
                        if (z2) {
                            return new ASiCXMLDocumentValidator(new InMemoryDocument(byteArrayOutputStream2.toByteArray()), byteArrayOutputStream.toByteArray(), str);
                        }
                        if (!z) {
                            throw new RuntimeException("Is not xades nor cades signed");
                        }
                        CMSDocumentValidator cMSDocumentValidator = new CMSDocumentValidator(new InMemoryDocument(byteArrayOutputStream2.toByteArray()));
                        cMSDocumentValidator.setExternalContent(new InMemoryDocument(byteArrayOutputStream.toByteArray()));
                        try {
                            zipInputStream.close();
                        } catch (IOException e) {
                        }
                        return cMSDocumentValidator;
                    }
                    if (nextEntry.getName().matches(PATTERN_SIGNATURES_P7S)) {
                        if (z2) {
                            throw new NotETSICompliantException(NotETSICompliantException.MSG.MORE_THAN_ONE_SIGNATURE);
                        }
                        byteArrayOutputStream2 = new ByteArrayOutputStream();
                        IOUtils.copy(zipInputStream, byteArrayOutputStream2);
                        byteArrayOutputStream2.close();
                        z = true;
                    } else if (nextEntry.getName().matches(PATTERN_SIGNATURES_XML)) {
                        if (z) {
                            throw new NotETSICompliantException(NotETSICompliantException.MSG.MORE_THAN_ONE_SIGNATURE);
                        }
                        byteArrayOutputStream2 = new ByteArrayOutputStream();
                        IOUtils.copy(zipInputStream, byteArrayOutputStream2);
                        byteArrayOutputStream2.close();
                        z2 = true;
                    } else if (nextEntry.getName().equalsIgnoreCase(MIMETYPE)) {
                        ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
                        IOUtils.copy(zipInputStream, byteArrayOutputStream3);
                        byteArrayOutputStream3.close();
                    } else if (nextEntry.getName().indexOf("/") != -1) {
                        continue;
                    } else {
                        if (byteArrayOutputStream != null) {
                            throw new ProfileException("ASiC-S profile support only one data file");
                        }
                        byteArrayOutputStream = new ByteArrayOutputStream();
                        IOUtils.copy(zipInputStream, byteArrayOutputStream);
                        byteArrayOutputStream.close();
                        str = nextEntry.getName();
                    }
                } catch (Exception e2) {
                    throw new RuntimeException(e2);
                }
            } finally {
                try {
                    zipInputStream.close();
                } catch (IOException e3) {
                }
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x0062, code lost:
    
        r8.getCertPathUpToTrustedList().setStatus(eu.europa.ec.markt.dss.validation.report.Result.ResultStatus.VALID, null);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkTimeStampCertPath(eu.europa.ec.markt.dss.validation.x509.TimestampToken r7, eu.europa.ec.markt.dss.validation.report.TimestampVerificationResult r8, eu.europa.ec.markt.dss.validation.ValidationContext r9, eu.europa.ec.markt.dss.validation.AdvancedSignature r10) {
        /*
            r6 = this;
            r0 = r8
            eu.europa.ec.markt.dss.validation.report.Result r0 = r0.getCertPathUpToTrustedList()     // Catch: java.io.IOException -> L76
            eu.europa.ec.markt.dss.validation.report.Result$ResultStatus r1 = eu.europa.ec.markt.dss.validation.report.Result.ResultStatus.INVALID     // Catch: java.io.IOException -> L76
            java.lang.String r2 = "cannot.reach.tsl"
            r0.setStatus(r1, r2)     // Catch: java.io.IOException -> L76
            r0 = r9
            r1 = r7
            r2 = r10
            eu.europa.ec.markt.dss.validation.certificate.CertificateSource r2 = r2.getCertificateSource()     // Catch: java.io.IOException -> L76
            r3 = r10
            eu.europa.ec.markt.dss.validation.crl.CRLSource r3 = r3.getCRLSource()     // Catch: java.io.IOException -> L76
            r4 = r10
            eu.europa.ec.markt.dss.validation.ocsp.OCSPSource r4 = r4.getOCSPSource()     // Catch: java.io.IOException -> L76
            r0.validateTimestamp(r1, r2, r3, r4)     // Catch: java.io.IOException -> L76
            r0 = r9
            java.util.List r0 = r0.getNeededCertificates()     // Catch: java.io.IOException -> L76
            java.util.Iterator r0 = r0.iterator()     // Catch: java.io.IOException -> L76
            r11 = r0
        L31:
            r0 = r11
            boolean r0 = r0.hasNext()     // Catch: java.io.IOException -> L76
            if (r0 == 0) goto L73
            r0 = r11
            java.lang.Object r0 = r0.next()     // Catch: java.io.IOException -> L76
            eu.europa.ec.markt.dss.validation.certificate.CertificateAndContext r0 = (eu.europa.ec.markt.dss.validation.certificate.CertificateAndContext) r0     // Catch: java.io.IOException -> L76
            r12 = r0
            r0 = r12
            java.security.cert.X509Certificate r0 = r0.getCertificate()     // Catch: java.io.IOException -> L76
            javax.security.auth.x500.X500Principal r0 = r0.getSubjectX500Principal()     // Catch: java.io.IOException -> L76
            r1 = r7
            javax.security.auth.x500.X500Principal r1 = r1.getSignerSubjectName()     // Catch: java.io.IOException -> L76
            boolean r0 = eu.europa.ec.markt.dss.validation.X500PrincipalMatcher.viaAny(r0, r1)     // Catch: java.io.IOException -> L76
            if (r0 == 0) goto L70
            r0 = r9
            r1 = r12
            eu.europa.ec.markt.dss.validation.certificate.CertificateAndContext r0 = r0.getParentFromTrustedList(r1)     // Catch: java.io.IOException -> L76
            if (r0 == 0) goto L70
            r0 = r8
            eu.europa.ec.markt.dss.validation.report.Result r0 = r0.getCertPathUpToTrustedList()     // Catch: java.io.IOException -> L76
            eu.europa.ec.markt.dss.validation.report.Result$ResultStatus r1 = eu.europa.ec.markt.dss.validation.report.Result.ResultStatus.VALID     // Catch: java.io.IOException -> L76
            r2 = 0
            r0.setStatus(r1, r2)     // Catch: java.io.IOException -> L76
            goto L73
        L70:
            goto L31
        L73:
            goto L84
        L76:
            r11 = move-exception
            r0 = r8
            eu.europa.ec.markt.dss.validation.report.Result r0 = r0.getCertPathUpToTrustedList()
            eu.europa.ec.markt.dss.validation.report.Result$ResultStatus r1 = eu.europa.ec.markt.dss.validation.report.Result.ResultStatus.UNDETERMINED
            java.lang.String r2 = "exception.while.verifying"
            r0.setStatus(r1, r2)
        L84:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: eu.europa.ec.markt.dss.validation.SignedDocumentValidator.checkTimeStampCertPath(eu.europa.ec.markt.dss.validation.x509.TimestampToken, eu.europa.ec.markt.dss.validation.report.TimestampVerificationResult, eu.europa.ec.markt.dss.validation.ValidationContext, eu.europa.ec.markt.dss.validation.AdvancedSignature):void");
    }

    private boolean isEveryCertificateRefPresent(ValidationContext validationContext, List<CertificateRef> list) {
        try {
            for (CertificateAndContext certificateAndContext : validationContext.getNeededCertificates()) {
                if (certificateAndContext.getCertificate().equals(validationContext.getCertificate())) {
                    LOG.fine("Don't check for the signing certificate");
                } else {
                    if (LOG.isLoggable(Level.INFO)) {
                        LOG.info("Looking for the CertificateRef of the " + certificateAndContext);
                    }
                    boolean z = false;
                    Iterator<CertificateRef> it2 = list.iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            break;
                        }
                        CertificateRef next = it2.next();
                        if (LOG.isLoggable(Level.INFO)) {
                            LOG.info("\tCompare to " + next);
                        }
                        if (Arrays.equals(MessageDigest.getInstance(next.getDigestAlgorithm(), "BC").digest(certificateAndContext.getCertificate().getEncoded()), next.getDigestValue())) {
                            z = true;
                            break;
                        }
                    }
                    if (LOG.isLoggable(Level.INFO)) {
                        LOG.info("\tCerificateRef was " + (z ? "found" : "not found"));
                    }
                    if (!z) {
                        return false;
                    }
                }
            }
            return true;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        } catch (NoSuchProviderException e2) {
            throw new RuntimeException(e2);
        } catch (CertificateEncodingException e3) {
            throw new RuntimeException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isEveryCertificateValuePresent(ValidationContext validationContext, List<X509Certificate> list, X509Certificate x509Certificate) {
        for (CertificateAndContext certificateAndContext : validationContext.getNeededCertificates()) {
            if (!certificateAndContext.getCertificate().equals(x509Certificate)) {
                if (LOG.isLoggable(Level.INFO)) {
                    LOG.info("Looking for the " + certificateAndContext + " in the signature:");
                }
                boolean z = false;
                Iterator<X509Certificate> it2 = list.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    X509Certificate next = it2.next();
                    if (LOG.isLoggable(Level.FINE)) {
                        LOG.fine("Compare to " + CertificateIdentifier.getId(next));
                    }
                    if (next.equals(certificateAndContext.getCertificate())) {
                        z = true;
                        break;
                    }
                }
                if (LOG.isLoggable(Level.INFO)) {
                    LOG.info("\t --> Certificate was " + (z ? "found" : "not found!"));
                }
                if (!z) {
                    return false;
                }
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean everyCRLValueOrRefAreThere(ValidationContext validationContext, List<?> list) {
        for (X509CRL x509crl : validationContext.getNeededCRL()) {
            boolean z = false;
            Iterator<?> it2 = list.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Object next = it2.next();
                if (!(next instanceof X509CRL) || !((X509CRL) next).equals(x509crl)) {
                    if ((next instanceof CRLRef) && ((CRLRef) next).match(x509crl)) {
                        z = true;
                        break;
                    }
                } else {
                    z = true;
                    break;
                }
            }
            if (LOG.isLoggable(Level.INFO)) {
                LOG.info("Ref " + (z ? " found" : " not found"));
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean everyOCSPValueOrRefAreThere(ValidationContext validationContext, List<?> list) {
        for (BasicOCSPResp basicOCSPResp : validationContext.getNeededOCSPResp()) {
            boolean z = false;
            Iterator<?> it2 = list.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Object next = it2.next();
                if (next instanceof BasicOCSPResp) {
                    if (((BasicOCSPResp) next).equals(basicOCSPResp)) {
                        z = true;
                        break;
                    }
                } else if ((next instanceof OCSPRef) && ((OCSPRef) next).match(basicOCSPResp)) {
                    z = true;
                    break;
                }
            }
            LOG.info("OCSPResp or OCSPRef produced at '" + basicOCSPResp.getProducedAt() + "' " + (z ? "was found." : "was not found!"));
            if (!z) {
                return false;
            }
        }
        return true;
    }

    public DSSDocument getExternalContent() {
        return this.externalContent;
    }

    public abstract List<AdvancedSignature> getSignatures();

    public int numberOfSignatures() {
        List<AdvancedSignature> signatures = getSignatures();
        if (signatures == null) {
            return 0;
        }
        return signatures.size();
    }

    private Result resultForTimestamps(List<TimestampVerificationResult> list, Result result) {
        if (list != null && !list.isEmpty()) {
            result.setStatus(Result.ResultStatus.VALID, null);
            Iterator<TimestampVerificationResult> it2 = list.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                TimestampVerificationResult next = it2.next();
                if (next.getSameDigest().isUndetermined()) {
                    result.setStatus(Result.ResultStatus.UNDETERMINED, "one.of.timestamp.digest.undetermined");
                } else if (next.getSameDigest().isInvalid()) {
                    result.setStatus(Result.ResultStatus.INVALID, "timestamp.dont.sign.data");
                    break;
                }
            }
        } else {
            result.setStatus(Result.ResultStatus.INVALID, "no.timestamp");
        }
        return result;
    }

    public void setCertificateVerifier(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
    }

    public void setExternalContent(DSSDocument dSSDocument) {
        this.externalContent = dSSDocument;
    }

    public ValidationReport validateDocument() {
        TimeInformation timeInformation = new TimeInformation(new Date());
        ArrayList arrayList = new ArrayList();
        for (AdvancedSignature advancedSignature : getSignatures()) {
            arrayList.add(validateSignature(advancedSignature, advancedSignature.getSigningTime() == null ? new Date() : advancedSignature.getSigningTime()));
        }
        return new ValidationReport(timeInformation, arrayList);
    }

    protected SignatureInformation validateSignature(AdvancedSignature advancedSignature, Date date) throws DSSException {
        X509Certificate signingCertificate = advancedSignature.getSigningCertificate();
        if (signingCertificate == null) {
            LOG.severe("There is no signing certificate");
            return null;
        }
        QCStatementInformation verifyQStatement = verifyQStatement(signingCertificate);
        SignatureVerification signatureVerification = new SignatureVerification(new Result(advancedSignature.checkIntegrity(this.externalContent)), advancedSignature.getSignatureAlgorithm(), advancedSignature.getId());
        try {
            ValidationContext validateCertificate = this.certificateVerifier.validateCertificate(signingCertificate, date, advancedSignature.getCertificateSource(), advancedSignature.getCRLSource(), advancedSignature.getOCSPSource());
            CertPathRevocationAnalysis certPathRevocationAnalysis = new CertPathRevocationAnalysis(validateCertificate, new TrustedListInformation(validateCertificate.getRelevantServiceInfo()));
            SignatureLevelXL verifyLevelXL = verifyLevelXL(advancedSignature, date, validateCertificate, signingCertificate);
            return new SignatureInformation(signatureVerification, certPathRevocationAnalysis, new SignatureLevelAnalysis(advancedSignature, verifyLevelBES(advancedSignature, date, validateCertificate), verifyLevelEPES(advancedSignature, date, validateCertificate), verifyLevelT(advancedSignature, date, validateCertificate), verifyLevelC(advancedSignature, date, validateCertificate, verifyLevelXL != null ? verifyLevelXL.getLevelReached().isValid() : false), verifyLevelX(advancedSignature, date, validateCertificate), verifyLevelXL, verifyLevelA(advancedSignature, date, validateCertificate), verifyLevelLTV(advancedSignature, date, validateCertificate)), verifyQualificationsElement(advancedSignature, date, validateCertificate), verifyQStatement);
        } catch (IOException e) {
            throw new DSSException("Cannot read signature file", e);
        }
    }

    protected SignatureVerification[] verifyCounterSignatures(AdvancedSignature advancedSignature, ValidationContext validationContext) {
        List<AdvancedSignature> counterSignatures = advancedSignature.getCounterSignatures();
        if (counterSignatures == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (AdvancedSignature advancedSignature2 : counterSignatures) {
            try {
                arrayList.add(new SignatureVerification(new Result(advancedSignature2.checkIntegrity(getExternalContent())), advancedSignature2.getSignatureAlgorithm(), advancedSignature.getId()));
            } catch (DSSException e) {
                throw new RuntimeException(e);
            }
        }
        return (SignatureVerification[]) arrayList.toArray(new SignatureVerification[arrayList.size()]);
    }

    protected SignatureLevelA verifyLevelA(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext) {
        try {
            if (LOG.isLoggable(Level.INFO)) {
                LOG.info("*** Verifying level -A");
            }
            Result result = new Result();
            List<TimestampVerificationResult> verifyTimestampsA = verifyTimestampsA(advancedSignature, validationContext);
            SignatureLevelA signatureLevelA = new SignatureLevelA(resultForTimestamps(verifyTimestampsA, result), verifyTimestampsA);
            if (LOG.isLoggable(Level.INFO)) {
                LOG.info("*** Verifying level -A / DONE");
            }
            return signatureLevelA;
        } catch (Exception e) {
            LOG.info("\t#Error when verifying level -A / " + e.getMessage());
            return new SignatureLevelA(new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), null);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SignatureLevelBES verifyLevelBES(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext) {
        try {
            LOG.info("*** Verifing level -BES");
            Result result = new Result();
            if (advancedSignature.getSigningCertificate() != null) {
                result.setStatus(Result.ResultStatus.VALID, null);
            } else {
                result.setStatus(Result.ResultStatus.INVALID, "no.signing.certificate");
            }
            return new SignatureLevelBES(new Result(result.isValid()), advancedSignature, result, verifyCounterSignatures(advancedSignature, validationContext), null);
        } catch (Exception e) {
            return new SignatureLevelBES(new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), null, new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), null, null);
        }
    }

    protected SignatureLevelC verifyLevelC(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext, boolean z) {
        try {
            LOG.info("*** Verifing level -C");
            List<CertificateRef> certificateRefs = advancedSignature.getCertificateRefs();
            Result result = new Result();
            if (certificateRefs == null || certificateRefs.isEmpty()) {
                result.setStatus(Result.ResultStatus.INVALID, "no.certificate.ref");
            } else if (isEveryCertificateRefPresent(validationContext, certificateRefs)) {
                result.setStatus(Result.ResultStatus.VALID, null);
            } else {
                result.setStatus(Result.ResultStatus.INVALID, "not.all.needed.certificate.ref");
            }
            LOG.info("Is every needed certificate present in the signature: " + result);
            List<OCSPRef> oCSPRefs = advancedSignature.getOCSPRefs();
            List<CRLRef> cRLRefs = advancedSignature.getCRLRefs();
            Result result2 = new Result(Result.ResultStatus.VALID, (String) null);
            int size = 0 + oCSPRefs.size() + cRLRefs.size();
            if (z) {
                if (!everyOCSPValueOrRefAreThere(validationContext, oCSPRefs)) {
                    result2.setStatus(Result.ResultStatus.INVALID, "not.all.needed.ocsp.ref");
                }
                if (!everyCRLValueOrRefAreThere(validationContext, cRLRefs)) {
                    result2.setStatus(Result.ResultStatus.INVALID, "not.all.needed.crl.ref");
                }
                return new SignatureLevelC(new Result(result.getStatus() == Result.ResultStatus.VALID && result2.getStatus() == Result.ResultStatus.VALID), result, result2);
            }
            Result result3 = new Result();
            if (size == 0) {
                result3.setStatus(Result.ResultStatus.INVALID, "no.revocation.data.reference");
            } else {
                result3.setStatus(Result.ResultStatus.VALID, "at.least.one.reference");
            }
            return new SignatureLevelC(new Result(result.getStatus() == Result.ResultStatus.VALID && result3.getStatus() == Result.ResultStatus.VALID), result, result3);
        } catch (Exception e) {
            return new SignatureLevelC(new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), new Result(Result.ResultStatus.INVALID, "exception.while.verifying"));
        }
    }

    protected SignatureLevelEPES verifyLevelEPES(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext) {
        try {
            LOG.info("*** Verifing level -EPES");
            return new SignatureLevelEPES(advancedSignature, new Result(advancedSignature.getPolicyId() != null));
        } catch (Exception e) {
            return new SignatureLevelEPES(advancedSignature, new Result(Result.ResultStatus.INVALID, "exception.while.verifying"));
        }
    }

    protected SignatureLevelLTV verifyLevelLTV(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext) {
        return null;
    }

    protected SignatureLevelT verifyLevelT(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext) {
        LOG.info("*** Verifing level -T");
        List<TimestampVerificationResult> verifyTimestamps = verifyTimestamps(advancedSignature, date, validationContext, advancedSignature.getSignatureTimestamps(), advancedSignature.getSignatureTimestampData());
        return new SignatureLevelT(resultForTimestamps(verifyTimestamps, new Result()), verifyTimestamps);
    }

    protected SignatureLevelX verifyLevelX(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext) {
        try {
            LOG.info("*** Verifing level -X");
            Result result = new Result();
            result.setStatus(Result.ResultStatus.VALID, null);
            TimestampVerificationResult[] timestampVerificationResultArr = null;
            TimestampVerificationResult[] timestampVerificationResultArr2 = null;
            List<TimestampToken> timestampsX1 = advancedSignature.getTimestampsX1();
            if (timestampsX1 != null && !timestampsX1.isEmpty()) {
                byte[] timestampX1Data = advancedSignature.getTimestampX1Data();
                timestampVerificationResultArr = new TimestampVerificationResult[timestampsX1.size()];
                for (int i = 0; i < timestampsX1.size(); i++) {
                    try {
                        TimestampToken timestampToken = timestampsX1.get(i);
                        timestampVerificationResultArr[i] = new TimestampVerificationResult(timestampToken);
                        if (timestampToken.matchData(timestampX1Data)) {
                            timestampVerificationResultArr[i].setSameDigest(new Result(Result.ResultStatus.VALID, (String) null));
                        } else {
                            result.setStatus(Result.ResultStatus.INVALID, "timestamp.dont.sign.data");
                            timestampVerificationResultArr[i].setSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"));
                        }
                        checkTimeStampCertPath(timestampToken, timestampVerificationResultArr[i], validationContext, advancedSignature);
                    } catch (NoSuchAlgorithmException e) {
                        result.setStatus(Result.ResultStatus.UNDETERMINED, "no.such.algoritm");
                    }
                }
            }
            List<TimestampToken> timestampsX2 = advancedSignature.getTimestampsX2();
            if (timestampsX2 != null && !timestampsX2.isEmpty()) {
                byte[] timestampX2Data = advancedSignature.getTimestampX2Data();
                timestampVerificationResultArr2 = new TimestampVerificationResult[timestampsX2.size()];
                for (TimestampToken timestampToken2 : timestampsX2) {
                    try {
                        timestampVerificationResultArr2[0] = new TimestampVerificationResult(timestampToken2);
                        if (timestampToken2.matchData(timestampX2Data)) {
                            timestampVerificationResultArr2[0].setSameDigest(new Result(Result.ResultStatus.VALID, (String) null));
                        } else {
                            result.setStatus(Result.ResultStatus.INVALID, "timestamp.dont.sign.data");
                            timestampVerificationResultArr2[0].setSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"));
                        }
                        checkTimeStampCertPath(timestampToken2, timestampVerificationResultArr2[0], validationContext, advancedSignature);
                    } catch (NoSuchAlgorithmException e2) {
                        result.setStatus(Result.ResultStatus.UNDETERMINED, "no.such.algoritm");
                    }
                }
            }
            if ((timestampsX1 == null || timestampsX1.isEmpty()) && (timestampsX2 == null || timestampsX2.isEmpty())) {
                result.setStatus(Result.ResultStatus.INVALID, "no.timestamp");
            }
            return new SignatureLevelX(advancedSignature, result, timestampVerificationResultArr, timestampVerificationResultArr2);
        } catch (Exception e3) {
            return new SignatureLevelX(advancedSignature, new Result(Result.ResultStatus.INVALID, "exception.while.verifying"));
        }
    }

    protected SignatureLevelXL verifyLevelXL(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext, X509Certificate x509Certificate) {
        try {
            LOG.info("*** Verifing level -XL");
            Result result = new Result();
            Result result2 = new Result();
            result2.setStatus(Result.ResultStatus.VALID, null);
            Result result3 = new Result();
            result3.setStatus(Result.ResultStatus.VALID, null);
            List<X509Certificate> certificates = advancedSignature.getCertificates();
            if (certificates.isEmpty()) {
                result2.setStatus(Result.ResultStatus.INVALID, "no.certificate.value");
            } else if (!isEveryCertificateValuePresent(validationContext, certificates, x509Certificate)) {
                result2.setStatus(Result.ResultStatus.INVALID, "not.all.needed.certificate.value");
            }
            LOG.info("Is every needed certificate present in the signature: " + result2);
            List<BasicOCSPResp> oCSPs = advancedSignature.getOCSPs();
            int size = oCSPs.size();
            if (!everyOCSPValueOrRefAreThere(validationContext, oCSPs)) {
                result3.setStatus(Result.ResultStatus.INVALID, "not.all.needed.ocsp.value");
            }
            List<X509CRL> cRLs = advancedSignature.getCRLs();
            int size2 = size + (cRLs == null ? 0 : cRLs.size());
            if (!everyCRLValueOrRefAreThere(validationContext, cRLs)) {
                result3.setStatus(Result.ResultStatus.INVALID, "not.all.needed.crl.value");
            }
            if (size2 == 0) {
                result3.setStatus(Result.ResultStatus.INVALID, "no.revocation.data.value");
            }
            result.setStatus((result2.getStatus() == Result.ResultStatus.VALID && result3.getStatus() == Result.ResultStatus.VALID) ? Result.ResultStatus.VALID : Result.ResultStatus.INVALID, null);
            SignatureLevelXL signatureLevelXL = new SignatureLevelXL(result, result2, result3);
            LOG.info("*** Verifing level -XL / DONE");
            return signatureLevelXL;
        } catch (Exception e) {
            SignatureLevelXL signatureLevelXL2 = new SignatureLevelXL(new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), new Result(Result.ResultStatus.INVALID, "exception.while.verifying"), new Result(Result.ResultStatus.INVALID, "exception.while.verifying"));
            LOG.info("*** Verifing level -XL / DONE" + e.getMessage());
            return signatureLevelXL2;
        }
    }

    protected QCStatementInformation verifyQStatement(X509Certificate x509Certificate) {
        return x509Certificate == null ? new QCStatementInformation(null, null, null, null) : new QCStatementInformation(new Result(this.qcp.check(new CertificateAndContext(x509Certificate))), new Result(this.qcpplus.check(new CertificateAndContext(x509Certificate))), new Result(this.qccompliance.check(new CertificateAndContext(x509Certificate))), new Result(this.qcsscd.check(new CertificateAndContext(x509Certificate))));
    }

    protected QualificationsVerification verifyQualificationsElement(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext) {
        Result result = new Result();
        Result result2 = new Result();
        Result result3 = new Result();
        Result result4 = new Result();
        List<String> qualificationStatement = validationContext.getQualificationStatement();
        if (qualificationStatement != null) {
            result = new Result(qualificationStatement.contains(TSLConstant.QC_WITH_SSCD));
            result2 = new Result(qualificationStatement.contains(TSLConstant.QC_NO_SSCD));
            result3 = new Result(qualificationStatement.contains(TSLConstant.QCSSCD_STATUS_AS_IN_CERT));
            result4 = new Result(qualificationStatement.contains(TSLConstant.QC_FOR_LEGAL_PERSON));
        }
        return new QualificationsVerification(result, result2, result3, result4);
    }

    protected List<TimestampVerificationResult> verifyTimestamps(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext, List<TimestampToken> list, byte[] bArr) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            for (TimestampToken timestampToken : list) {
                TimestampVerificationResult timestampVerificationResult = new TimestampVerificationResult(timestampToken);
                try {
                    if (timestampToken.matchData(bArr)) {
                        timestampVerificationResult.setSameDigest(new Result(Result.ResultStatus.VALID, (String) null));
                    } else {
                        timestampVerificationResult.setSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"));
                    }
                } catch (NoSuchAlgorithmException e) {
                    timestampVerificationResult.setSameDigest(new Result(Result.ResultStatus.UNDETERMINED, "no.such.algoritm"));
                }
                checkTimeStampCertPath(timestampToken, timestampVerificationResult, validationContext, advancedSignature);
                arrayList.add(timestampVerificationResult);
            }
        }
        return arrayList;
    }

    protected List<TimestampVerificationResult> verifyTimestampsA(AdvancedSignature advancedSignature, ValidationContext validationContext) {
        List<TimestampToken> archiveTimestamps = advancedSignature.getArchiveTimestamps();
        ArrayList arrayList = new ArrayList();
        if (archiveTimestamps != null) {
            int i = 0;
            for (TimestampToken timestampToken : archiveTimestamps) {
                TimestampVerificationResult timestampVerificationResult = new TimestampVerificationResult(timestampToken);
                try {
                    int i2 = i;
                    i++;
                    if (timestampToken.matchData(advancedSignature.getArchiveTimestampData(i2, this.externalContent))) {
                        timestampVerificationResult.setSameDigest(new Result(Result.ResultStatus.VALID, (String) null));
                    } else {
                        timestampVerificationResult.setSameDigest(new Result(Result.ResultStatus.INVALID, "timestamp.dont.sign.data"));
                    }
                } catch (NoSuchAlgorithmException e) {
                    timestampVerificationResult.setSameDigest(new Result(Result.ResultStatus.UNDETERMINED, "no.such.algoritm"));
                }
                checkTimeStampCertPath(timestampToken, timestampVerificationResult, validationContext, advancedSignature);
                arrayList.add(timestampVerificationResult);
            }
        }
        return arrayList;
    }
}
