package eu.europa.esig.dss.spi.validation.analyzer;

import eu.europa.esig.dss.enumerations.TimestampedObjectType;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.ManifestFile;
import eu.europa.esig.dss.model.SignaturePolicyStore;
import eu.europa.esig.dss.model.identifier.OriginalIdentifierProvider;
import eu.europa.esig.dss.model.identifier.TokenIdentifierProvider;
import eu.europa.esig.dss.model.scope.SignatureScope;
import eu.europa.esig.dss.model.signature.SignaturePolicy;
import eu.europa.esig.dss.spi.DSSSecurityProvider;
import eu.europa.esig.dss.spi.client.http.NativeHTTPDataLoader;
import eu.europa.esig.dss.spi.policy.DefaultSignaturePolicyValidatorLoader;
import eu.europa.esig.dss.spi.policy.SignaturePolicyProvider;
import eu.europa.esig.dss.spi.policy.SignaturePolicyValidatorLoader;
import eu.europa.esig.dss.spi.signature.AdvancedSignature;
import eu.europa.esig.dss.spi.validation.CertificateVerifier;
import eu.europa.esig.dss.spi.validation.CertificateVerifierBuilder;
import eu.europa.esig.dss.spi.validation.SignatureValidationContext;
import eu.europa.esig.dss.spi.validation.ValidationContext;
import eu.europa.esig.dss.spi.validation.ValidationDataContainer;
import eu.europa.esig.dss.spi.validation.analyzer.evidencerecord.EvidenceRecordAnalyzer;
import eu.europa.esig.dss.spi.validation.analyzer.evidencerecord.EvidenceRecordAnalyzerFactory;
import eu.europa.esig.dss.spi.validation.analyzer.timestamp.TimestampAnalyzer;
import eu.europa.esig.dss.spi.validation.executor.DefaultValidationContextExecutor;
import eu.europa.esig.dss.spi.validation.executor.ValidationContextExecutor;
import eu.europa.esig.dss.spi.validation.scope.EvidenceRecordScopeFinder;
import eu.europa.esig.dss.spi.validation.timestamp.DetachedTimestampSource;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.evidencerecord.EvidenceRecord;
import eu.europa.esig.dss.spi.x509.tsp.TimestampToken;
import eu.europa.esig.dss.spi.x509.tsp.TimestampedReference;
import eu.europa.esig.dss.utils.Utils;
import java.security.Security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.ServiceLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/spi/validation/analyzer/DefaultDocumentAnalyzer.class */
public abstract class DefaultDocumentAnalyzer implements DocumentAnalyzer {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultDocumentAnalyzer.class);
    protected DSSDocument document;
    protected List<DSSDocument> containerContents;
    protected ManifestFile manifestFile;
    protected CertificateSource signingCertificateSource;
    private Date validationTime;
    protected CertificateVerifier certificateVerifier;
    private SignaturePolicyProvider signaturePolicyProvider;
    private List<AdvancedSignature> signatures;
    private List<TimestampToken> detachedTimestamps;
    private List<EvidenceRecord> evidenceRecords;
    protected List<DSSDocument> detachedContents = new ArrayList();
    protected List<DSSDocument> detachedEvidenceRecordDocuments = new ArrayList();
    private ValidationContextExecutor validationContextExecutor = DefaultValidationContextExecutor.INSTANCE;
    private TokenIdentifierProvider tokenIdentifierProvider = new OriginalIdentifierProvider();

    protected DefaultDocumentAnalyzer() {
    }

    public static DocumentAnalyzer fromDocument(DSSDocument dSSDocument) {
        Objects.requireNonNull(dSSDocument, "DSSDocument is null");
        Iterator it = ServiceLoader.load(DocumentAnalyzerFactory.class).iterator();
        while (it.hasNext()) {
            DocumentAnalyzerFactory documentAnalyzerFactory = (DocumentAnalyzerFactory) it.next();
            if (documentAnalyzerFactory.isSupported(dSSDocument)) {
                return documentAnalyzerFactory.create(dSSDocument);
            }
        }
        throw new UnsupportedOperationException("Document format not recognized/handled");
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public DSSDocument getDocument() {
        if (this.document == null) {
            throw new IllegalStateException("Document is not provided! Please use a different constructor to extract the document.");
        }
        return this.document;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public void setSigningCertificateSource(CertificateSource certificateSource) {
        this.signingCertificateSource = certificateSource;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public void setCertificateVerifier(CertificateVerifier certificateVerifier) {
        Objects.requireNonNull(certificateVerifier);
        this.certificateVerifier = certificateVerifier;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public void setValidationContextExecutor(ValidationContextExecutor validationContextExecutor) {
        this.validationContextExecutor = validationContextExecutor;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public TokenIdentifierProvider getTokenIdentifierProvider() {
        return this.tokenIdentifierProvider;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public void setTokenIdentifierProvider(TokenIdentifierProvider tokenIdentifierProvider) {
        Objects.requireNonNull(tokenIdentifierProvider);
        this.tokenIdentifierProvider = tokenIdentifierProvider;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public void setDetachedContents(List<DSSDocument> list) {
        this.detachedContents = list;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public void setDetachedEvidenceRecordDocuments(List<DSSDocument> list) {
        this.detachedEvidenceRecordDocuments = list;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public void setContainerContents(List<DSSDocument> list) {
        this.containerContents = list;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public void setManifestFile(ManifestFile manifestFile) {
        this.manifestFile = manifestFile;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public Date getValidationTime() {
        if (this.validationTime == null) {
            this.validationTime = new Date();
        }
        return this.validationTime;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public void setValidationTime(Date date) {
        this.validationTime = date;
    }

    public void setDetachedEvidenceRecords(List<EvidenceRecord> list) {
        this.evidenceRecords = list;
    }

    protected SignaturePolicyProvider getSignaturePolicyProvider() {
        if (this.signaturePolicyProvider == null) {
            LOG.info("Default SignaturePolicyProvider instantiated with NativeHTTPDataLoader.");
            this.signaturePolicyProvider = new SignaturePolicyProvider();
            this.signaturePolicyProvider.setDataLoader(new NativeHTTPDataLoader());
        }
        return this.signaturePolicyProvider;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public void setSignaturePolicyProvider(SignaturePolicyProvider signaturePolicyProvider) {
        this.signaturePolicyProvider = signaturePolicyProvider;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public ValidationContext validate() {
        Objects.requireNonNull(this.certificateVerifier, "CertificateVerifier is not defined");
        Objects.requireNonNull(this.document, "Document is not provided to the validator");
        ValidationContext prepareValidationContext = prepareValidationContext(getAllSignatures(), getDetachedTimestamps(), getDetachedEvidenceRecords(), new CertificateVerifierBuilder(this.certificateVerifier).buildCompleteCopyForValidation());
        validateContext(prepareValidationContext);
        return prepareValidationContext;
    }

    protected <T extends AdvancedSignature> ValidationContext prepareValidationContext(Collection<T> collection, Collection<TimestampToken> collection2, Collection<EvidenceRecord> collection3, CertificateVerifier certificateVerifier) {
        ValidationContext createValidationContext = createValidationContext();
        createValidationContext.initialize(certificateVerifier);
        prepareSignatureValidationContext(createValidationContext, collection);
        prepareDetachedTimestampValidationContext(createValidationContext, collection2);
        prepareDetachedEvidenceRecordValidationContext(createValidationContext, collection3);
        return createValidationContext;
    }

    protected ValidationContext createValidationContext() {
        return new SignatureValidationContext(getValidationTime());
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public <T extends AdvancedSignature> ValidationDataContainer getValidationData(Collection<T> collection) {
        return getValidationData(collection, Collections.emptyList());
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public <T extends AdvancedSignature> ValidationDataContainer getValidationData(Collection<T> collection, Collection<TimestampToken> collection2) {
        if (Utils.isCollectionEmpty(collection) && Utils.isCollectionEmpty(collection2)) {
            throw new DSSException("At least one signature or a timestamp shall be provided to extract the validation data!");
        }
        ValidationContext prepareValidationContext = prepareValidationContext(collection, collection2, Collections.emptyList(), this.certificateVerifier);
        validateContext(prepareValidationContext);
        ValidationDataContainer instantiateValidationDataContainer = instantiateValidationDataContainer();
        for (T t : collection) {
            instantiateValidationDataContainer.addValidationData(t, prepareValidationContext.getValidationData(t));
            for (TimestampToken timestampToken : t.getAllTimestamps()) {
                instantiateValidationDataContainer.addValidationData(timestampToken, prepareValidationContext.getValidationData(timestampToken));
            }
            for (AdvancedSignature advancedSignature : t.getCounterSignatures()) {
                instantiateValidationDataContainer.addValidationData(advancedSignature, prepareValidationContext.getValidationData(advancedSignature));
            }
        }
        for (TimestampToken timestampToken2 : collection2) {
            instantiateValidationDataContainer.addValidationData(timestampToken2, prepareValidationContext.getValidationData(timestampToken2));
        }
        return instantiateValidationDataContainer;
    }

    protected ValidationDataContainer instantiateValidationDataContainer() {
        return new ValidationDataContainer();
    }

    protected List<EvidenceRecord> getAllEvidenceRecords(List<AdvancedSignature> list, List<EvidenceRecord> list2) {
        ArrayList arrayList = new ArrayList();
        Iterator<AdvancedSignature> it = list.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().getEmbeddedEvidenceRecords());
        }
        arrayList.addAll(list2);
        return arrayList;
    }

    protected <T extends AdvancedSignature> void prepareSignatureValidationContext(ValidationContext validationContext, Collection<T> collection) {
        prepareSignatureForVerification(validationContext, collection);
        processSignaturesValidation(collection);
    }

    protected <T extends AdvancedSignature> void prepareSignatureForVerification(ValidationContext validationContext, Collection<T> collection) {
        Iterator<T> it = collection.iterator();
        while (it.hasNext()) {
            validationContext.addSignatureForVerification(it.next());
        }
    }

    protected void prepareDetachedTimestampValidationContext(ValidationContext validationContext, Collection<TimestampToken> collection) {
        Iterator<TimestampToken> it = collection.iterator();
        while (it.hasNext()) {
            validationContext.addTimestampTokenForVerification(it.next());
        }
    }

    protected void prepareDetachedEvidenceRecordValidationContext(ValidationContext validationContext, Collection<EvidenceRecord> collection) {
        Iterator<EvidenceRecord> it = collection.iterator();
        while (it.hasNext()) {
            validationContext.addEvidenceRecordForVerification(it.next());
        }
    }

    protected void validateContext(ValidationContext validationContext) {
        this.validationContextExecutor.validate(validationContext);
    }

    public SignaturePolicyValidatorLoader getSignaturePolicyValidatorLoader() {
        return new DefaultSignaturePolicyValidatorLoader();
    }

    protected List<AdvancedSignature> getAllSignatures() {
        ArrayList arrayList = new ArrayList();
        for (AdvancedSignature advancedSignature : getSignatures()) {
            arrayList.add(advancedSignature);
            appendCounterSignatures(arrayList, advancedSignature);
        }
        appendExternalEvidenceRecords(arrayList);
        return arrayList;
    }

    protected void appendCounterSignatures(List<AdvancedSignature> list, AdvancedSignature advancedSignature) {
        for (AdvancedSignature advancedSignature2 : advancedSignature.getCounterSignatures()) {
            advancedSignature2.initBaselineRequirementsChecker(this.certificateVerifier);
            validateSignaturePolicy(advancedSignature2);
            list.add(advancedSignature2);
            appendCounterSignatures(list, advancedSignature2);
        }
    }

    protected void appendExternalEvidenceRecords(List<AdvancedSignature> list) {
        List<EvidenceRecord> detachedEvidenceRecords = getDetachedEvidenceRecords();
        if (Utils.isCollectionNotEmpty(detachedEvidenceRecords) && Utils.isCollectionNotEmpty(list)) {
            for (AdvancedSignature advancedSignature : list) {
                for (EvidenceRecord evidenceRecord : detachedEvidenceRecords) {
                    if (coversSignature(advancedSignature, evidenceRecord)) {
                        advancedSignature.addExternalEvidenceRecord(evidenceRecord);
                    }
                }
            }
        }
    }

    protected void appendExternalEvidenceRecords(TimestampToken timestampToken) {
        DetachedTimestampSource detachedTimestampSource = new DetachedTimestampSource(timestampToken);
        for (EvidenceRecord evidenceRecord : getDetachedEvidenceRecords()) {
            if (isTimestampCoveredByEvidenceRecord(timestampToken, evidenceRecord)) {
                timestampToken.addDetachedEvidenceRecord(evidenceRecord);
                detachedTimestampSource.addExternalEvidenceRecord(evidenceRecord);
            }
        }
    }

    protected boolean isTimestampCoveredByEvidenceRecord(TimestampToken timestampToken, EvidenceRecord evidenceRecord) {
        return true;
    }

    protected boolean coversSignature(AdvancedSignature advancedSignature, EvidenceRecord evidenceRecord) {
        return true;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public List<AdvancedSignature> getSignatures() {
        if (this.signatures == null) {
            this.signatures = buildSignatures();
        }
        return this.signatures;
    }

    protected List<AdvancedSignature> buildSignatures() {
        return Collections.emptyList();
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public List<TimestampToken> getDetachedTimestamps() {
        if (this.detachedTimestamps == null) {
            this.detachedTimestamps = buildDetachedTimestamps();
        }
        return this.detachedTimestamps;
    }

    protected List<TimestampToken> buildDetachedTimestamps() {
        return Collections.emptyList();
    }

    protected List<TimestampAnalyzer> getTimestampReaders() {
        return Collections.emptyList();
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public List<EvidenceRecord> getDetachedEvidenceRecords() {
        if (this.evidenceRecords == null) {
            this.evidenceRecords = buildDetachedEvidenceRecords();
        }
        return this.evidenceRecords;
    }

    protected List<EvidenceRecord> buildDetachedEvidenceRecords() {
        if (!Utils.isCollectionNotEmpty(this.detachedEvidenceRecordDocuments)) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        Iterator<DSSDocument> it = this.detachedEvidenceRecordDocuments.iterator();
        while (it.hasNext()) {
            EvidenceRecord buildEvidenceRecord = buildEvidenceRecord(it.next());
            if (buildEvidenceRecord != null) {
                arrayList.add(buildEvidenceRecord);
            }
        }
        return arrayList;
    }

    protected EvidenceRecord buildEvidenceRecord(DSSDocument dSSDocument) {
        try {
            EvidenceRecordAnalyzer fromDocument = EvidenceRecordAnalyzerFactory.fromDocument(dSSDocument);
            fromDocument.setDetachedContents(getSignatureEvidenceRecordDetachedContents());
            fromDocument.setCertificateVerifier(this.certificateVerifier);
            return getEvidenceRecord(fromDocument);
        } catch (UnsupportedOperationException e) {
            LOG.warn("An error occurred on attempt to read an evidence record document with name '{}' : {}. Please ensure the corresponding module is loaded.", dSSDocument.getName(), e.getMessage());
            return null;
        } catch (Exception e2) {
            LOG.warn("An error occurred on attempt to read an evidence record document with name '{}' : {}", new Object[]{dSSDocument.getName(), e2.getMessage(), e2});
            return null;
        }
    }

    private List<DSSDocument> getSignatureEvidenceRecordDetachedContents() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.document);
        if (Utils.isCollectionNotEmpty(this.detachedContents)) {
            arrayList.addAll(this.detachedContents);
        }
        return arrayList;
    }

    protected EvidenceRecord getEvidenceRecord(EvidenceRecordAnalyzer evidenceRecordAnalyzer) {
        EvidenceRecord evidenceRecord = evidenceRecordAnalyzer.getEvidenceRecord();
        if (evidenceRecord == null) {
            return null;
        }
        List<SignatureScope> evidenceRecordScopes = getEvidenceRecordScopes(evidenceRecord);
        evidenceRecord.setEvidenceRecordScopes(evidenceRecordScopes);
        evidenceRecord.setTimestampedReferences(getTimestampedReferences(evidenceRecordScopes));
        return evidenceRecord;
    }

    protected List<SignatureScope> getEvidenceRecordScopes(EvidenceRecord evidenceRecord) {
        return new EvidenceRecordScopeFinder(evidenceRecord).findEvidenceRecordScope();
    }

    protected <T extends AdvancedSignature> void processSignaturesValidation(Collection<T> collection) {
        Iterator<T> it = collection.iterator();
        while (it.hasNext()) {
            it.next().checkSignatureIntegrity();
        }
    }

    protected List<TimestampedReference> getTimestampedReferences(List<SignatureScope> list) {
        ArrayList arrayList = new ArrayList();
        if (Utils.isCollectionNotEmpty(list)) {
            for (SignatureScope signatureScope : list) {
                if (addReference(signatureScope)) {
                    arrayList.add(new TimestampedReference(signatureScope.getDSSIdAsString(), TimestampedObjectType.SIGNED_DATA));
                }
            }
        }
        return arrayList;
    }

    protected boolean addReference(SignatureScope signatureScope) {
        return true;
    }

    @Override // eu.europa.esig.dss.spi.validation.analyzer.DocumentAnalyzer
    public List<DSSDocument> getOriginalDocuments(String str) {
        AdvancedSignature signatureById = getSignatureById(str);
        return signatureById != null ? getOriginalDocuments(signatureById) : Collections.emptyList();
    }

    public AdvancedSignature getSignatureById(String str) {
        Objects.requireNonNull(str, "Signature Id cannot be null!");
        Iterator<AdvancedSignature> it = getSignatures().iterator();
        while (it.hasNext()) {
            AdvancedSignature findSignatureRecursively = findSignatureRecursively(it.next(), str);
            if (findSignatureRecursively != null) {
                return findSignatureRecursively;
            }
        }
        return null;
    }

    private AdvancedSignature findSignatureRecursively(AdvancedSignature advancedSignature, String str) {
        if (doesIdMatch(advancedSignature, str)) {
            return advancedSignature;
        }
        Iterator<AdvancedSignature> it = advancedSignature.getCounterSignatures().iterator();
        while (it.hasNext()) {
            AdvancedSignature findSignatureRecursively = findSignatureRecursively(it.next(), str);
            if (findSignatureRecursively != null) {
                return findSignatureRecursively;
            }
        }
        return null;
    }

    private boolean doesIdMatch(AdvancedSignature advancedSignature, String str) {
        return str.equals(advancedSignature.getId()) || str.equals(advancedSignature.getDAIdentifier()) || str.equals(this.tokenIdentifierProvider.getIdAsString(advancedSignature));
    }

    protected void validateSignaturePolicy(AdvancedSignature advancedSignature) {
        SignaturePolicy signaturePolicy = advancedSignature.getSignaturePolicy();
        if (signaturePolicy != null) {
            signaturePolicy.setPolicyContent(extractSignaturePolicyContent(signaturePolicy, advancedSignature.getSignaturePolicyStore()));
            signaturePolicy.setValidationResult(getSignaturePolicyValidatorLoader().loadValidator(signaturePolicy).validate(signaturePolicy));
        }
    }

    private DSSDocument extractSignaturePolicyContent(SignaturePolicy signaturePolicy, SignaturePolicyStore signaturePolicyStore) {
        if (signaturePolicyStore != null) {
            if (signaturePolicyStore.getSignaturePolicyContent() != null) {
                return signaturePolicyStore.getSignaturePolicyContent();
            }
            if (signaturePolicyStore.getSigPolDocLocalURI() != null && this.signaturePolicyProvider != null) {
                return this.signaturePolicyProvider.getSignaturePolicyByUrl(signaturePolicyStore.getSigPolDocLocalURI());
            }
        }
        if (this.signaturePolicyProvider != null) {
            return this.signaturePolicyProvider.getSignaturePolicy(signaturePolicy.getIdentifier(), signaturePolicy.getUri());
        }
        return null;
    }

    static {
        Security.addProvider(DSSSecurityProvider.getSecurityProvider());
    }
}
