package eu.europa.ec.markt.dss.validation.tsl;

import eu.europa.ec.markt.dss.CertificateIdentifier;
import eu.europa.ec.markt.dss.DSSUtils;
import eu.europa.ec.markt.dss.exception.CannotFetchDataException;
import eu.europa.ec.markt.dss.exception.EncodingException;
import eu.europa.ec.markt.dss.exception.NotETSICompliantException;
import eu.europa.ec.markt.dss.validation.certificate.CertificateAndContext;
import eu.europa.ec.markt.dss.validation.certificate.CertificateSource;
import eu.europa.ec.markt.dss.validation.certificate.CertificateSourceType;
import eu.europa.ec.markt.dss.validation.https.HTTPDataLoader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.URL;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.ConfigurationException;
import javax.security.auth.x500.X500Principal;
import javax.xml.namespace.NamespaceContext;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation/tsl/TrustedListsCertificateSource.class */
public class TrustedListsCertificateSource implements CertificateSource {
    private static final Logger LOG = Logger.getLogger(TrustedListsCertificateSource.class.getName());
    private String lotlUrl;
    private HTTPDataLoader tslLoader;
    private Map<X500Principal, List<CertificateAndContext>> certificates;
    private Map<String, String> diagnosticInfo = new ConcurrentHashMap();
    private boolean checkSignature = true;
    private String lotlCertificate;
    private static final String CP = "classpath://";
    private static final String FILE = "file://";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation/tsl/TrustedListsCertificateSource$FutureResult.class */
    public static class FutureResult {
        public final PointerToOtherTSL pointer;
        public final TrustStatusList trustStatusList;
        public final boolean wellSigned;

        private FutureResult(PointerToOtherTSL pointerToOtherTSL, TrustStatusList trustStatusList, boolean z) {
            this.pointer = pointerToOtherTSL;
            this.trustStatusList = trustStatusList;
            this.wellSigned = z;
        }
    }

    public TrustedListsCertificateSource() {
        Security.addProvider(new BouncyCastleProvider());
    }

    private void addCertificate(X509Certificate x509Certificate, AbstractTrustService abstractTrustService, TrustServiceProvider trustServiceProvider, boolean z) {
        List<CertificateAndContext> list = this.certificates.get(x509Certificate.getSubjectX500Principal());
        if (list == null) {
            list = Collections.synchronizedList(new ArrayList());
            this.certificates.put(x509Certificate.getSubjectX500Principal(), list);
        }
        if (LOG.isLoggable(Level.INFO)) {
            LOG.info("Certificate added from TL: " + CertificateIdentifier.getId(x509Certificate));
        }
        CertificateAndContext certificateAndContext = new CertificateAndContext(x509Certificate);
        certificateAndContext.setCertificateSource(CertificateSourceType.TRUSTED_LIST);
        try {
            ServiceInfo createServiceInfo = abstractTrustService.createServiceInfo();
            createServiceInfo.setCurrentStatus(abstractTrustService.getCurrentServiceInfo().getStatus());
            createServiceInfo.setCurrentStatusStartingDate(abstractTrustService.getCurrentServiceInfo().getStatusStartDate());
            createServiceInfo.setServiceName(abstractTrustService.getServiceName());
            createServiceInfo.setStatusAtReferenceTime(abstractTrustService.getStatus());
            createServiceInfo.setStatusStartingDateAtReferenceTime(abstractTrustService.getStatusStartDate());
            createServiceInfo.setStatusEndingDateAtReferenceTime(abstractTrustService.getStatusEndDate());
            createServiceInfo.setTspElectronicAddress(trustServiceProvider.getElectronicAddress());
            createServiceInfo.setTspName(trustServiceProvider.getName());
            createServiceInfo.setTspPostalAddress(trustServiceProvider.getPostalAddress());
            createServiceInfo.setTspTradeName(trustServiceProvider.getTradeName());
            createServiceInfo.setType(abstractTrustService.getType());
            createServiceInfo.setTlWellSigned(z);
            certificateAndContext.setContext(createServiceInfo);
            list.add(certificateAndContext);
        } catch (NotETSICompliantException e) {
            LOG.log(Level.SEVERE, "The entry for " + abstractTrustService.getServiceName() + " don't respect ESTI specification " + e.getMessage());
        }
    }

    private XPathExpression createXPathExpression(String str) {
        XPath newXPath = XPathFactory.newInstance().newXPath();
        newXPath.setNamespaceContext(new NamespaceContext() { // from class: eu.europa.ec.markt.dss.validation.tsl.TrustedListsCertificateSource.1
            @Override // javax.xml.namespace.NamespaceContext, org.codehaus.stax2.validation.ValidationContext
            public String getNamespaceURI(String str2) {
                if ("ds".equals(str2)) {
                    return "http://www.w3.org/2000/09/xmldsig#";
                }
                if ("etsi".equals(str2)) {
                    return "http://uri.etsi.org/01903/v1.1.1#";
                }
                if ("xades".equals(str2)) {
                    return "http://uri.etsi.org/01903/v1.3.2#";
                }
                if ("xades141".equals(str2)) {
                    return "http://uri.etsi.org/01903/v1.4.1#";
                }
                throw new RuntimeException("Prefix not recognized : " + str2);
            }

            @Override // javax.xml.namespace.NamespaceContext
            public String getPrefix(String str2) {
                throw new RuntimeException();
            }

            @Override // javax.xml.namespace.NamespaceContext
            public Iterator<?> getPrefixes(String str2) {
                throw new RuntimeException();
            }
        });
        try {
            return newXPath.compile(str);
        } catch (XPathExpressionException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.certificate.CertificateSource
    public List<CertificateAndContext> getCertificateBySubjectName(X500Principal x500Principal) {
        if (LOG.isLoggable(Level.FINE)) {
            LOG.log(Level.FINE, "Looking for {0} in {1}", new Object[]{x500Principal, this.certificates.values()});
        }
        return this.certificates.get(x500Principal);
    }

    public List<CertificateAndContext> getCertificateList() {
        ArrayList arrayList = new ArrayList();
        Iterator<List<CertificateAndContext>> it2 = this.certificates.values().iterator();
        while (it2.hasNext()) {
            Iterator<CertificateAndContext> it3 = it2.next().iterator();
            while (it3.hasNext()) {
                arrayList.add(it3.next());
            }
        }
        return arrayList;
    }

    public Map<X500Principal, List<CertificateAndContext>> getCertificates() {
        return this.certificates;
    }

    public Map<String, String> getDiagnosticInfo() {
        return this.diagnosticInfo;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Element getElement(Node node, String str) {
        try {
            NodeList nodeList = (NodeList) createXPathExpression(str).evaluate(node, XPathConstants.NODESET);
            if (nodeList.getLength() > 1) {
                throw new RuntimeException("More than one result for XPath: " + str);
            }
            return (Element) nodeList.item(0);
        } catch (XPathExpressionException e) {
            throw new RuntimeException(e);
        }
    }

    private InputStream getLotlCertificateInputStream() throws IOException {
        return this.lotlCertificate.toLowerCase().startsWith(CP) ? TrustedListsCertificateSource.class.getClassLoader().getResourceAsStream(this.lotlCertificate.substring(CP.length())) : this.lotlCertificate.toLowerCase().startsWith(FILE) ? new File(this.lotlCertificate.substring(FILE.length())).toURI().toURL().openStream() : new URL(this.lotlCertificate).openStream();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x0064, code lost:
    
        eu.europa.ec.markt.dss.validation.tsl.TrustedListsCertificateSource.LOG.fine("found: " + r0.getName());
        r9 = r10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public eu.europa.ec.markt.dss.validation.tsl.TrustStatusList getTrustStatusList(java.lang.String r7, java.security.cert.X509Certificate r8) throws java.io.IOException, eu.europa.ec.markt.dss.exception.CannotFetchDataException {
        /*
            Method dump skipped, instructions count: 608
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: eu.europa.ec.markt.dss.validation.tsl.TrustedListsCertificateSource.getTrustStatusList(java.lang.String, java.security.cert.X509Certificate):eu.europa.ec.markt.dss.validation.tsl.TrustStatusList");
    }

    public void init() throws IOException, ConfigurationException, CannotFetchDataException {
        this.certificates = new ConcurrentHashMap();
        X509Certificate x509Certificate = null;
        if (this.checkSignature) {
            if (this.lotlCertificate == null) {
                throw new ConfigurationException("The LOTL certificate property must contain a reference to the LOTL signer's certificate.");
            }
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
                InputStream inputStream = null;
                try {
                    try {
                        inputStream = getLotlCertificateInputStream();
                        x509Certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);
                        DSSUtils.closeQuietly(inputStream);
                    } catch (CertificateException e) {
                        this.diagnosticInfo.put(this.lotlUrl, "Cannot read certificate");
                        throw new EncodingException(EncodingException.MSG.CERTIFICATE_CANNOT_BE_READ);
                    }
                } catch (Throwable th) {
                    DSSUtils.closeQuietly(inputStream);
                    throw th;
                }
            } catch (CertificateException e2) {
                throw new ConfigurationException("Platform does not support X509 certificate");
            }
        }
        LOG.log(Level.INFO, "Loading LOTL from " + this.lotlUrl);
        TrustStatusList trustStatusList = null;
        try {
            trustStatusList = getTrustStatusList(this.lotlUrl, x509Certificate);
        } catch (NotETSICompliantException e3) {
            LOG.severe("TSL not compliant with ETSI " + e3.getMessage());
        }
        this.diagnosticInfo.put(this.lotlUrl, "Loaded " + new Date().toString());
        ArrayList arrayList = new ArrayList();
        for (final PointerToOtherTSL pointerToOtherTSL : trustStatusList.getOtherTSLPointers()) {
            arrayList.add(new Callable<FutureResult>() { // from class: eu.europa.ec.markt.dss.validation.tsl.TrustedListsCertificateSource.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public FutureResult call() {
                    try {
                        TrustedListsCertificateSource.this.diagnosticInfo.put(pointerToOtherTSL.getTslLocation(), "Loading");
                        X509Certificate digitalId = pointerToOtherTSL.getDigitalId();
                        boolean z = true;
                        if (digitalId == null) {
                            TrustedListsCertificateSource.LOG.severe("The certificate with which the list of '" + pointerToOtherTSL.getTerritory() + "' was signed is absent.");
                            z = false;
                        }
                        TrustedListsCertificateSource.LOG.info("Loading TrustStatusList fo '" + pointerToOtherTSL.getTerritory() + "' from url= " + pointerToOtherTSL.getTslLocation());
                        return new FutureResult(pointerToOtherTSL, TrustedListsCertificateSource.this.getTrustStatusList(pointerToOtherTSL.getTslLocation(), digitalId), z);
                    } catch (CannotFetchDataException e4) {
                        TrustedListsCertificateSource.LOG.log(Level.SEVERE, "Error when reading TSL", (Throwable) e4);
                        TrustedListsCertificateSource.this.diagnosticInfo.put(pointerToOtherTSL.getTslLocation(), TrustedListsCertificateSource.this.getStackTrace(e4));
                        return null;
                    } catch (NotETSICompliantException e5) {
                        TrustedListsCertificateSource.LOG.severe("TSL not compliant with ETSI " + e5.toString());
                        TrustedListsCertificateSource.this.diagnosticInfo.put(pointerToOtherTSL.getTslLocation(), TrustedListsCertificateSource.this.getStackTrace(e5));
                        return null;
                    } catch (IOException e6) {
                        TrustedListsCertificateSource.LOG.log(Level.SEVERE, "Error when reading TSL", (Throwable) e6);
                        TrustedListsCertificateSource.this.diagnosticInfo.put(pointerToOtherTSL.getTslLocation(), TrustedListsCertificateSource.this.getStackTrace(e6));
                        return null;
                    } catch (RuntimeException e7) {
                        TrustedListsCertificateSource.LOG.severe("TSL not compliant with ETSI (RuntimeException): " + e7.toString());
                        TrustedListsCertificateSource.this.diagnosticInfo.put(pointerToOtherTSL.getTslLocation(), TrustedListsCertificateSource.this.getStackTrace(e7));
                        return null;
                    } catch (CertificateException e8) {
                        TrustedListsCertificateSource.LOG.log(Level.SEVERE, "Cannot read certificate from pointer to " + pointerToOtherTSL.getTerritory(), (Throwable) e8);
                        TrustedListsCertificateSource.this.diagnosticInfo.put(pointerToOtherTSL.getTslLocation(), TrustedListsCertificateSource.this.getStackTrace(e8));
                        return null;
                    }
                }
            });
        }
        try {
            ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(trustStatusList.getOtherTSLPointers().size());
            Iterator it2 = newFixedThreadPool.invokeAll(arrayList).iterator();
            while (it2.hasNext()) {
                FutureResult futureResult = (FutureResult) ((Future) it2.next()).get();
                if (futureResult != null) {
                    loadAllCertificatesFromOneTSL(futureResult.trustStatusList, futureResult.wellSigned);
                    this.diagnosticInfo.put(futureResult.pointer.getTslLocation(), "Loaded " + new Date().toString());
                }
            }
            newFixedThreadPool.shutdown();
            LOG.info("Done loading TLs from " + this.lotlUrl);
        } catch (InterruptedException e4) {
            LOG.log(Level.SEVERE, "TSL load error: " + e4.toString(), (Throwable) e4);
        } catch (ExecutionException e5) {
            LOG.log(Level.SEVERE, "TSL load error: " + e5.toString(), (Throwable) e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getStackTrace(Throwable th) {
        StringWriter stringWriter = new StringWriter();
        th.printStackTrace(new PrintWriter(stringWriter));
        return stringWriter.toString();
    }

    private void loadAllCertificatesFromOneTSL(TrustStatusList trustStatusList, boolean z) {
        for (TrustServiceProvider trustServiceProvider : trustStatusList.getTrustServicesProvider()) {
            for (AbstractTrustService abstractTrustService : trustServiceProvider.getTrustServiceList()) {
                Iterator<X509Certificate> it2 = abstractTrustService.getDigitalIdentity().iterator();
                while (it2.hasNext()) {
                    addCertificate(it2.next(), abstractTrustService, trustServiceProvider, z);
                }
            }
        }
    }

    public void setCheckSignature(boolean z) {
        this.checkSignature = z;
    }

    public void setLotlCertificate(String str) {
        this.lotlCertificate = str;
    }

    public void setTslLoader(HTTPDataLoader hTTPDataLoader) {
        this.tslLoader = hTTPDataLoader;
    }

    public void setLotlUrl(String str) {
        this.lotlUrl = str;
    }
}
