package be.fedict.trust.client;

import be.fedict.trust.CRLRevocationData;
import be.fedict.trust.OCSPRevocationData;
import be.fedict.trust.RevocationData;
import be.fedict.trust.TrustValidator;
import be.fedict.trust.client.exception.RevocationDataNotFoundException;
import be.fedict.trust.client.exception.TrustDomainNotFoundException;
import be.fedict.trust.client.exception.ValidationFailedException;
import be.fedict.trust.client.jaxb.xades132.CRLValuesType;
import be.fedict.trust.client.jaxb.xades132.CertifiedRolesListType;
import be.fedict.trust.client.jaxb.xades132.EncapsulatedPKIDataType;
import be.fedict.trust.client.jaxb.xades132.OCSPValuesType;
import be.fedict.trust.client.jaxb.xades132.ObjectFactory;
import be.fedict.trust.client.jaxb.xades132.RevocationValuesType;
import be.fedict.trust.xkms2.XKMSConstants;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.xml.ws.WebServiceException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.tsp.TimeStampToken;

/* loaded from: input_file:be/fedict/trust/client/HAXKMS2Client.class */
public class HAXKMS2Client extends XKMS2Client {
    private static final Log LOG = LogFactory.getLog(HAXKMS2Client.class);
    private final TrustValidator trustValidator;

    public HAXKMS2Client(String str, TrustValidator trustValidator) {
        super(str);
        this.trustValidator = trustValidator;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // be.fedict.trust.client.XKMS2Client
    public void validate(String str, List<X509Certificate> list, boolean z, Date date, List<byte[]> list2, List<byte[]> list3, RevocationValuesType revocationValuesType, TimeStampToken timeStampToken, CertifiedRolesListType certifiedRolesListType) throws CertificateEncodingException, ValidationFailedException, TrustDomainNotFoundException, RevocationDataNotFoundException {
        try {
            super.validate(str, list, z, date, list2, list3, revocationValuesType, timeStampToken, certifiedRolesListType);
        } catch (WebServiceException e) {
            fallbackValidate(list, date, timeStampToken, certifiedRolesListType);
        }
    }

    @Override // be.fedict.trust.client.XKMS2Client
    public RevocationValuesType getRevocationValues() {
        RevocationData revocationData = this.trustValidator.getRevocationData();
        if (null == revocationData) {
            return null;
        }
        ObjectFactory objectFactory = new ObjectFactory();
        RevocationValuesType createRevocationValuesType = objectFactory.createRevocationValuesType();
        OCSPValuesType createOCSPValuesType = objectFactory.createOCSPValuesType();
        for (OCSPRevocationData oCSPRevocationData : revocationData.getOcspRevocationData()) {
            EncapsulatedPKIDataType createEncapsulatedPKIDataType = objectFactory.createEncapsulatedPKIDataType();
            createEncapsulatedPKIDataType.setValue(oCSPRevocationData.getData());
            createOCSPValuesType.getEncapsulatedOCSPValue().add(createEncapsulatedPKIDataType);
        }
        createRevocationValuesType.setOCSPValues(createOCSPValuesType);
        CRLValuesType createCRLValuesType = objectFactory.createCRLValuesType();
        for (CRLRevocationData cRLRevocationData : revocationData.getCrlRevocationData()) {
            EncapsulatedPKIDataType createEncapsulatedPKIDataType2 = objectFactory.createEncapsulatedPKIDataType();
            createEncapsulatedPKIDataType2.setValue(cRLRevocationData.getData());
            createCRLValuesType.getEncapsulatedCRLValue().add(createEncapsulatedPKIDataType2);
        }
        createRevocationValuesType.setCRLValues(createCRLValuesType);
        return createRevocationValuesType;
    }

    private void fallbackValidate(List<X509Certificate> list, Date date, TimeStampToken timeStampToken, CertifiedRolesListType certifiedRolesListType) throws ValidationFailedException, CertificateEncodingException {
        LOG.debug("eID Trust Service not available, falling back to specified Trust Validator");
        try {
            if (null != timeStampToken) {
                LinkedList linkedList = new LinkedList();
                Iterator<? extends Certificate> it = timeStampToken.getCertificatesAndCRLs("Collection", "BC").getCertificates(null).iterator();
                while (it.hasNext()) {
                    linkedList.add((X509Certificate) it.next());
                }
                if (TrustValidator.isSelfSigned((X509Certificate) linkedList.get(0))) {
                    Collections.reverse(linkedList);
                }
                this.trustValidator.isTrusted(list);
            } else if (null != certifiedRolesListType) {
                LinkedList linkedList2 = new LinkedList();
                Iterator<EncapsulatedPKIDataType> it2 = certifiedRolesListType.getCertifiedRole().iterator();
                while (it2.hasNext()) {
                    linkedList2.add(it2.next().getValue());
                }
                if (null != date) {
                    this.trustValidator.isTrusted(linkedList2, list, date);
                } else {
                    this.trustValidator.isTrusted(linkedList2, list);
                }
            } else if (null != date) {
                this.trustValidator.isTrusted(list, date);
            } else {
                this.trustValidator.isTrusted(list);
            }
        } catch (NoSuchAlgorithmException e) {
            throw new CertificateEncodingException(e);
        } catch (NoSuchProviderException e2) {
            throw new CertificateEncodingException(e2);
        } catch (CertPathValidatorException e3) {
            this.invalidReasonURIs.add(XKMSConstants.KEY_BINDING_REASON_ISSUER_TRUST_URI);
            throw new ValidationFailedException(Collections.singletonList(XKMSConstants.KEY_BINDING_REASON_ISSUER_TRUST_URI));
        } catch (CertStoreException e4) {
            throw new CertificateEncodingException(e4);
        } catch (CMSException e5) {
            throw new CertificateEncodingException(e5);
        }
    }
}
