package com.itextpdf.signatures.validation;

import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
import com.itextpdf.commons.bouncycastle.IBouncyCastleFactory;
import com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp;
import com.itextpdf.commons.bouncycastle.cert.ocsp.ISingleResp;
import com.itextpdf.commons.utils.Action;
import com.itextpdf.commons.utils.DateTimeUtil;
import com.itextpdf.commons.utils.MessageFormatUtil;
import com.itextpdf.commons.utils.ThrowingAction;
import com.itextpdf.commons.utils.ThrowingSupplier;
import com.itextpdf.kernel.crypto.OID;
import com.itextpdf.signatures.CertificateUtil;
import com.itextpdf.signatures.CrlClientOnline;
import com.itextpdf.signatures.ICrlClient;
import com.itextpdf.signatures.IOcspClient;
import com.itextpdf.signatures.IssuingCertificateRetriever;
import com.itextpdf.signatures.OcspClientBouncyCastle;
import com.itextpdf.signatures.validation.RevocationDataValidator;
import com.itextpdf.signatures.validation.SignatureValidationProperties;
import com.itextpdf.signatures.validation.context.CertificateSource;
import com.itextpdf.signatures.validation.context.TimeBasedContext;
import com.itextpdf.signatures.validation.context.ValidationContext;
import com.itextpdf.signatures.validation.context.ValidatorContext;
import com.itextpdf.signatures.validation.report.CertificateReportItem;
import com.itextpdf.signatures.validation.report.ReportItem;
import com.itextpdf.signatures.validation.report.ValidationReport;
import java.io.IOException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;

/* loaded from: classes2.dex */
public class RevocationDataValidator {
    private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.getFactory();
    static final String CANNOT_PARSE_CRL = "CRL response from \"{0}\" CRL response cannot be parsed.";
    static final String CANNOT_PARSE_OCSP = "OCSP response from \"{0}\" OCSP response cannot be parsed.";
    static final String CRL_CLIENT_FAILURE = "Unexpected exception occurred in CRL client \"{0}\".";
    static final String CRL_VALIDATOR_FAILURE = "Unexpected exception occurred in CRL validator.";
    static final String ISSUER_RETRIEVAL_FAILED = "Retrieval of the certificate issuer failed.";
    static final String NO_REVOCATION_DATA = "Certificate revocation status cannot be checked: no revocation data available or the status cannot be determined.";
    static final String NO_REV_AVAILABLE = "noRevAvail extension from RFC 9608 is present on {0} certificate. Revocation data checks are not required.";
    static final String NO_REV_AVAILABLE_CA = "noRevAvail extension from RFC 9608 is present on {0} certificate, however this certificate is a CA, which is not allowed.";
    static final String OCSP_CLIENT_FAILURE = "Unexpected exception occurred in OCSP client \"{0}\".";
    static final String OCSP_VALIDATOR_FAILURE = "Unexpected exception occurred in OCSP validator.";
    static final String REVOCATION_DATA_CHECK = "Revocation data check.";
    static final String SELF_SIGNED_CERTIFICATE = "Certificate is self-signed. Revocation data check will be skipped.";
    static final String TRUSTED_OCSP_RESPONDER = "Authorized OCSP Responder certificate has id-pkix-ocsp-nocheck extension so it is trusted by the definition and no revocation checking is performed.";
    static final String UNABLE_TO_RETRIEVE_REV_DATA_ONLINE = "Online revocation data wasn't generated: Unexpected exception occurred.";
    static final String VALIDITY_ASSURED = "Certificate is trusted due to validity assured - short term extension.";
    private final IssuingCertificateRetriever certificateRetriever;
    private final List<ICrlClient> crlClients;
    private final CRLValidator crlValidator;
    private final List<IOcspClient> ocspClients;
    private final OCSPValidator ocspValidator;
    private final SignatureValidationProperties properties;

    /* loaded from: classes2.dex */
    public static class CrlValidationInfo {
        final X509CRL crl;
        final TimeBasedContext timeBasedContext;
        final Date trustedGenerationDate;

        public CrlValidationInfo(X509CRL x509crl, Date date, TimeBasedContext timeBasedContext) {
            this.crl = x509crl;
            this.trustedGenerationDate = date;
            this.timeBasedContext = timeBasedContext;
        }
    }

    /* loaded from: classes2.dex */
    public static class OcspResponseValidationInfo {
        final IBasicOCSPResp basicOCSPResp;
        final ISingleResp singleResp;
        final TimeBasedContext timeBasedContext;
        final Date trustedGenerationDate;

        public OcspResponseValidationInfo(ISingleResp iSingleResp, IBasicOCSPResp iBasicOCSPResp, Date date, TimeBasedContext timeBasedContext) {
            this.singleResp = iSingleResp;
            this.basicOCSPResp = iBasicOCSPResp;
            this.trustedGenerationDate = date;
            this.timeBasedContext = timeBasedContext;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RevocationDataValidator(ValidatorChainBuilder validatorChainBuilder) {
        ArrayList arrayList = new ArrayList();
        this.ocspClients = arrayList;
        ArrayList arrayList2 = new ArrayList();
        this.crlClients = arrayList2;
        this.certificateRetriever = validatorChainBuilder.getCertificateRetriever();
        SignatureValidationProperties properties = validatorChainBuilder.getProperties();
        this.properties = properties;
        this.ocspValidator = validatorChainBuilder.getOCSPValidator();
        this.crlValidator = validatorChainBuilder.getCRLValidator();
        arrayList2.addAll(properties.getCrlClients());
        arrayList.addAll(properties.getOcspClients());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void fillOcspResponses(List<OcspResponseValidationInfo> list, IBasicOCSPResp iBasicOCSPResp, Date date, TimeBasedContext timeBasedContext) {
        if (iBasicOCSPResp != null) {
            for (ISingleResp iSingleResp : iBasicOCSPResp.getResponses()) {
                list.add(new OcspResponseValidationInfo(iSingleResp, iBasicOCSPResp, date, timeBasedContext));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ ReportItem lambda$retrieveAllCRLResponsesUsingClient$2(X509Certificate x509Certificate, ICrlClient iCrlClient, Exception exc) {
        return new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, MessageFormatUtil.format(CRL_CLIENT_FAILURE, iCrlClient), exc, ReportItem.ReportItemStatus.INFO);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ ReportItem lambda$retrieveAllCRLResponsesUsingClient$4(X509Certificate x509Certificate, ICrlClient iCrlClient, Exception exc) {
        return new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, MessageFormatUtil.format(CANNOT_PARSE_CRL, iCrlClient), exc, ReportItem.ReportItemStatus.INFO);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ ReportItem lambda$retrieveAllOCSPResponses$10(X509Certificate x509Certificate, IOcspClient iOcspClient, Exception exc) {
        return new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, MessageFormatUtil.format(OCSP_CLIENT_FAILURE, iOcspClient), exc, ReportItem.ReportItemStatus.INFO);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ ReportItem lambda$retrieveAllOCSPResponses$12(X509Certificate x509Certificate, Exception exc) {
        return new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, MessageFormatUtil.format(OCSP_CLIENT_FAILURE, "OcspClientBouncyCastle"), exc, ReportItem.ReportItemStatus.INDETERMINATE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void lambda$tryToFetchRevInfoOnline$16(X509Certificate x509Certificate, X509Certificate x509Certificate2, List list) {
        IBasicOCSPResp basicOCSPResp = new OcspClientBouncyCastle().getBasicOCSPResp(x509Certificate, x509Certificate2, null);
        ArrayList arrayList = new ArrayList();
        fillOcspResponses(arrayList, basicOCSPResp, DateTimeUtil.getCurrentTimeDate(), TimeBasedContext.PRESENT);
        list.addAll((Collection) arrayList.stream().sorted(new Comparator() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda15
            @Override // java.util.Comparator
            public final int compare(Object obj, Object obj2) {
                int compareTo;
                compareTo = ((RevocationDataValidator.OcspResponseValidationInfo) obj2).singleResp.getThisUpdate().compareTo(((RevocationDataValidator.OcspResponseValidationInfo) obj).singleResp.getThisUpdate());
                return compareTo;
            }
        }).collect(Collectors.toList()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ ReportItem lambda$tryToFetchRevInfoOnline$17(X509Certificate x509Certificate, Exception exc) {
        return new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, MessageFormatUtil.format(OCSP_CLIENT_FAILURE, "OcspClientBouncyCastle"), exc, ReportItem.ReportItemStatus.INDETERMINATE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ ReportItem lambda$validateRevocationData$6(X509Certificate x509Certificate, Exception exc) {
        return new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, OCSP_VALIDATOR_FAILURE, exc, ReportItem.ReportItemStatus.INFO);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ ReportItem lambda$validateRevocationData$8(X509Certificate x509Certificate, Exception exc) {
        return new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, CRL_VALIDATOR_FAILURE, exc, ReportItem.ReportItemStatus.INFO);
    }

    private List<CrlValidationInfo> retrieveAllCRLResponses(ValidationReport validationReport, ValidationContext validationContext, X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        Iterator<ICrlClient> it = this.crlClients.iterator();
        while (it.hasNext()) {
            arrayList.addAll(retrieveAllCRLResponsesUsingClient(validationReport, x509Certificate, it.next()));
        }
        if (SignatureValidationProperties.OnlineFetching.ALWAYS_FETCH == this.properties.getRevocationOnlineFetching(validationContext.setValidatorContext(ValidatorContext.CRL_VALIDATOR))) {
            arrayList.addAll(retrieveAllCRLResponsesUsingClient(validationReport, x509Certificate, new CrlClientOnline()));
        }
        return (List) arrayList.stream().sorted(new Comparator() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda8
            @Override // java.util.Comparator
            public final int compare(Object obj, Object obj2) {
                int compareTo;
                compareTo = ((RevocationDataValidator.CrlValidationInfo) obj2).crl.getThisUpdate().compareTo(((RevocationDataValidator.CrlValidationInfo) obj).crl.getThisUpdate());
                return compareTo;
            }
        }).collect(Collectors.toList());
    }

    private static List<CrlValidationInfo> retrieveAllCRLResponsesUsingClient(ValidationReport validationReport, final X509Certificate x509Certificate, final ICrlClient iCrlClient) {
        final ArrayList arrayList = new ArrayList();
        if (iCrlClient instanceof ValidationCrlClient) {
            arrayList.addAll(((ValidationCrlClient) iCrlClient).getCrls().values());
        } else {
            for (final byte[] bArr : (Collection) SafeCalling.onExceptionLog(new ThrowingSupplier() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda11
                @Override // com.itextpdf.commons.utils.ThrowingSupplier
                public final Object get() {
                    Collection encoded;
                    encoded = ICrlClient.this.getEncoded(x509Certificate, null);
                    return encoded;
                }
            }, Collections.emptyList(), validationReport, new Function() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda12
                @Override // java.util.function.Function
                public final Object apply(Object obj) {
                    return RevocationDataValidator.lambda$retrieveAllCRLResponsesUsingClient$2(x509Certificate, iCrlClient, (Exception) obj);
                }
            })) {
                SafeCalling.onExceptionLog(new ThrowingAction() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda13
                    @Override // com.itextpdf.commons.utils.ThrowingAction
                    public final void execute() {
                        arrayList.add(new RevocationDataValidator.CrlValidationInfo((X509CRL) CertificateUtil.parseCrlFromBytes(bArr), DateTimeUtil.getCurrentTimeDate(), TimeBasedContext.PRESENT));
                    }
                }, validationReport, new Function() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda14
                    @Override // java.util.function.Function
                    public final Object apply(Object obj) {
                        return RevocationDataValidator.lambda$retrieveAllCRLResponsesUsingClient$4(x509Certificate, iCrlClient, (Exception) obj);
                    }
                });
            }
        }
        return arrayList;
    }

    private List<OcspResponseValidationInfo> retrieveAllOCSPResponses(ValidationReport validationReport, ValidationContext validationContext, final X509Certificate x509Certificate) {
        final ArrayList arrayList = new ArrayList();
        try {
            List<X509Certificate> retrieveIssuerCertificate = this.certificateRetriever.retrieveIssuerCertificate(x509Certificate);
            for (final IOcspClient iOcspClient : this.ocspClients) {
                if (iOcspClient instanceof ValidationOcspClient) {
                    for (Map.Entry<IBasicOCSPResp, OcspResponseValidationInfo> entry : ((ValidationOcspClient) iOcspClient).getResponses().entrySet()) {
                        fillOcspResponses(arrayList, entry.getKey(), entry.getValue().trustedGenerationDate, entry.getValue().timeBasedContext);
                    }
                } else {
                    for (final X509Certificate x509Certificate2 : retrieveIssuerCertificate) {
                        byte[] bArr = (byte[]) SafeCalling.onRuntimeExceptionLog(new Supplier() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda16
                            @Override // java.util.function.Supplier
                            public final Object get() {
                                byte[] encoded;
                                encoded = IOcspClient.this.getEncoded(x509Certificate, x509Certificate2, null);
                                return encoded;
                            }
                        }, null, validationReport, new Function() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda17
                            @Override // java.util.function.Function
                            public final Object apply(Object obj) {
                                return RevocationDataValidator.lambda$retrieveAllOCSPResponses$10(x509Certificate, iOcspClient, (Exception) obj);
                            }
                        });
                        if (bArr != null) {
                            try {
                                IBouncyCastleFactory iBouncyCastleFactory = BOUNCY_CASTLE_FACTORY;
                                fillOcspResponses(arrayList, iBouncyCastleFactory.createBasicOCSPResp(iBouncyCastleFactory.createBasicOCSPResponse(iBouncyCastleFactory.createASN1Primitive(bArr))), DateTimeUtil.getCurrentTimeDate(), TimeBasedContext.PRESENT);
                            } catch (IOException | RuntimeException e) {
                                validationReport.addReportItem(new ReportItem(REVOCATION_DATA_CHECK, MessageFormatUtil.format(CANNOT_PARSE_OCSP, iOcspClient), e, ReportItem.ReportItemStatus.INFO));
                            }
                        }
                    }
                }
            }
            if (SignatureValidationProperties.OnlineFetching.ALWAYS_FETCH == this.properties.getRevocationOnlineFetching(validationContext.setValidatorContext(ValidatorContext.OCSP_VALIDATOR))) {
                for (final X509Certificate x509Certificate3 : retrieveIssuerCertificate) {
                    SafeCalling.onRuntimeExceptionLog(new Action() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda1
                        @Override // com.itextpdf.commons.utils.Action
                        public final void execute() {
                            RevocationDataValidator.fillOcspResponses(arrayList, new OcspClientBouncyCastle().getBasicOCSPResp(x509Certificate, x509Certificate3, null), DateTimeUtil.getCurrentTimeDate(), TimeBasedContext.PRESENT);
                        }
                    }, validationReport, new Function() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda2
                        @Override // java.util.function.Function
                        public final Object apply(Object obj) {
                            return RevocationDataValidator.lambda$retrieveAllOCSPResponses$12(x509Certificate, (Exception) obj);
                        }
                    });
                }
            }
            return arrayList;
        } catch (RuntimeException e2) {
            validationReport.addReportItem(new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, ISSUER_RETRIEVAL_FAILED, e2, ReportItem.ReportItemStatus.INDETERMINATE));
            return arrayList;
        }
    }

    private void tryToFetchRevInfoOnline(ValidationReport validationReport, ValidationContext validationContext, final X509Certificate x509Certificate, List<CrlValidationInfo> list, final List<OcspResponseValidationInfo> list2) {
        if (SignatureValidationProperties.OnlineFetching.FETCH_IF_NO_OTHER_DATA_AVAILABLE == this.properties.getRevocationOnlineFetching(validationContext.setValidatorContext(ValidatorContext.CRL_VALIDATOR))) {
            list.addAll((Collection) retrieveAllCRLResponsesUsingClient(validationReport, x509Certificate, new CrlClientOnline()).stream().sorted(new Comparator() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda0
                @Override // java.util.Comparator
                public final int compare(Object obj, Object obj2) {
                    int compareTo;
                    compareTo = ((RevocationDataValidator.CrlValidationInfo) obj2).crl.getThisUpdate().compareTo(((RevocationDataValidator.CrlValidationInfo) obj).crl.getThisUpdate());
                    return compareTo;
                }
            }).collect(Collectors.toList()));
        }
        if (SignatureValidationProperties.OnlineFetching.FETCH_IF_NO_OTHER_DATA_AVAILABLE == this.properties.getRevocationOnlineFetching(validationContext.setValidatorContext(ValidatorContext.OCSP_VALIDATOR))) {
            for (final X509Certificate x509Certificate2 : this.certificateRetriever.retrieveIssuerCertificate(x509Certificate)) {
                SafeCalling.onRuntimeExceptionLog(new Action() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda9
                    @Override // com.itextpdf.commons.utils.Action
                    public final void execute() {
                        RevocationDataValidator.lambda$tryToFetchRevInfoOnline$16(x509Certificate, x509Certificate2, list2);
                    }
                }, validationReport, new Function() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda10
                    @Override // java.util.function.Function
                    public final Object apply(Object obj) {
                        return RevocationDataValidator.lambda$tryToFetchRevInfoOnline$17(x509Certificate, (Exception) obj);
                    }
                });
            }
        }
    }

    private void validateRevocationData(ValidationReport validationReport, final ValidationContext validationContext, final X509Certificate x509Certificate, final Date date, List<OcspResponseValidationInfo> list, List<CrlValidationInfo> list2) {
        int i = 0;
        int i2 = 0;
        while (true) {
            if (i >= list.size() && i2 >= list2.size()) {
                validationReport.addReportItem(new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, NO_REVOCATION_DATA, ReportItem.ReportItemStatus.INDETERMINATE));
                return;
            }
            final ValidationReport validationReport2 = new ValidationReport();
            if (i >= list.size() || (i2 < list2.size() && !list.get(i).singleResp.getThisUpdate().after(list2.get(i2).crl.getThisUpdate()))) {
                final CrlValidationInfo crlValidationInfo = list2.get(i2);
                SafeCalling.onRuntimeExceptionLog(new Action() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda5
                    @Override // com.itextpdf.commons.utils.Action
                    public final void execute() {
                        RevocationDataValidator.this.m7572x980b5479(validationReport2, validationContext, crlValidationInfo, x509Certificate, date);
                    }
                }, validationReport, new Function() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda6
                    @Override // java.util.function.Function
                    public final Object apply(Object obj) {
                        return RevocationDataValidator.lambda$validateRevocationData$8(x509Certificate, (Exception) obj);
                    }
                });
                i2++;
            } else {
                final OcspResponseValidationInfo ocspResponseValidationInfo = list.get(i);
                SafeCalling.onRuntimeExceptionLog(new Action() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda3
                    @Override // com.itextpdf.commons.utils.Action
                    public final void execute() {
                        RevocationDataValidator.this.m7571x8c03bdbb(validationReport2, validationContext, ocspResponseValidationInfo, x509Certificate, date);
                    }
                }, validationReport, new Function() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda4
                    @Override // java.util.function.Function
                    public final Object apply(Object obj) {
                        return RevocationDataValidator.lambda$validateRevocationData$6(x509Certificate, (Exception) obj);
                    }
                });
                i++;
            }
            if (ValidationReport.ValidationResult.INDETERMINATE != validationReport2.getValidationResult()) {
                validationReport.merge(validationReport2);
                return;
            }
            for (ReportItem reportItem : validationReport2.getLogs()) {
                if (!"OCSP: Serial numbers don't match.".equals(reportItem.getMessage()) && !"The CRL issuer does not share the root of the inspected certificate.".equals(reportItem.getMessage())) {
                    validationReport.addReportItem(reportItem.setStatus(ReportItem.ReportItemStatus.INFO));
                }
            }
        }
    }

    public RevocationDataValidator addCrlClient(ICrlClient iCrlClient) {
        this.crlClients.add(iCrlClient);
        return this;
    }

    public RevocationDataValidator addOcspClient(IOcspClient iOcspClient) {
        this.ocspClients.add(iOcspClient);
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$validateRevocationData$5$com-itextpdf-signatures-validation-RevocationDataValidator, reason: not valid java name */
    public /* synthetic */ void m7571x8c03bdbb(ValidationReport validationReport, ValidationContext validationContext, OcspResponseValidationInfo ocspResponseValidationInfo, X509Certificate x509Certificate, Date date) {
        this.ocspValidator.validate(validationReport, validationContext.setTimeBasedContext(ocspResponseValidationInfo.timeBasedContext), x509Certificate, ocspResponseValidationInfo.singleResp, ocspResponseValidationInfo.basicOCSPResp, date, ocspResponseValidationInfo.trustedGenerationDate);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$validateRevocationData$7$com-itextpdf-signatures-validation-RevocationDataValidator, reason: not valid java name */
    public /* synthetic */ void m7572x980b5479(ValidationReport validationReport, ValidationContext validationContext, CrlValidationInfo crlValidationInfo, X509Certificate x509Certificate, Date date) {
        this.crlValidator.validate(validationReport, validationContext.setTimeBasedContext(crlValidationInfo.timeBasedContext), x509Certificate, crlValidationInfo.crl, date, crlValidationInfo.trustedGenerationDate);
    }

    public void validate(ValidationReport validationReport, ValidationContext validationContext, X509Certificate x509Certificate, Date date) {
        ValidationContext validatorContext = validationContext.setValidatorContext(ValidatorContext.REVOCATION_DATA_VALIDATOR);
        if (CertificateUtil.isSelfSigned(x509Certificate)) {
            validationReport.addReportItem(new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, SELF_SIGNED_CERTIFICATE, ReportItem.ReportItemStatus.INFO));
            return;
        }
        if (CertificateUtil.getExtensionValueByOid(x509Certificate, OID.X509Extensions.VALIDITY_ASSURED_SHORT_TERM) != null) {
            validationReport.addReportItem(new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, VALIDITY_ASSURED, ReportItem.ReportItemStatus.INFO));
            return;
        }
        if (CertificateUtil.getExtensionValueByOid(x509Certificate, OID.X509Extensions.NO_REV_AVAILABLE) != null) {
            if (x509Certificate.getBasicConstraints() < 0) {
                validationReport.addReportItem(new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, MessageFormatUtil.format(NO_REV_AVAILABLE, x509Certificate.getSubjectX500Principal()), ReportItem.ReportItemStatus.INFO));
                return;
            } else {
                validationReport.addReportItem(new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, MessageFormatUtil.format(NO_REV_AVAILABLE_CA, x509Certificate.getSubjectX500Principal()), ReportItem.ReportItemStatus.INDETERMINATE));
                return;
            }
        }
        if (CertificateSource.OCSP_ISSUER == validatorContext.getCertificateSource() && CertificateUtil.getExtensionValueByOid(x509Certificate, BOUNCY_CASTLE_FACTORY.createOCSPObjectIdentifiers().getIdPkixOcspNoCheck().getId()) != null) {
            validationReport.addReportItem(new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, TRUSTED_OCSP_RESPONDER, ReportItem.ReportItemStatus.INFO));
            return;
        }
        List<OcspResponseValidationInfo> list = (List) retrieveAllOCSPResponses(validationReport, validatorContext, x509Certificate).stream().sorted(new Comparator() { // from class: com.itextpdf.signatures.validation.RevocationDataValidator$$ExternalSyntheticLambda7
            @Override // java.util.Comparator
            public final int compare(Object obj, Object obj2) {
                int compareTo;
                compareTo = ((RevocationDataValidator.OcspResponseValidationInfo) obj2).singleResp.getThisUpdate().compareTo(((RevocationDataValidator.OcspResponseValidationInfo) obj).singleResp.getThisUpdate());
                return compareTo;
            }
        }).collect(Collectors.toList());
        List<CrlValidationInfo> retrieveAllCRLResponses = retrieveAllCRLResponses(validationReport, validatorContext, x509Certificate);
        ValidationReport validationReport2 = new ValidationReport();
        validateRevocationData(validationReport2, validatorContext, x509Certificate, date, list, retrieveAllCRLResponses);
        if (ValidationReport.ValidationResult.INDETERMINATE == validationReport2.getValidationResult()) {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            try {
                tryToFetchRevInfoOnline(validationReport, validationContext, x509Certificate, arrayList, arrayList2);
            } catch (RuntimeException e) {
                validationReport.addReportItem(new CertificateReportItem(x509Certificate, REVOCATION_DATA_CHECK, UNABLE_TO_RETRIEVE_REV_DATA_ONLINE, e, ReportItem.ReportItemStatus.INFO));
            }
            if (!arrayList.isEmpty() || !arrayList2.isEmpty()) {
                for (ReportItem reportItem : validationReport2.getLogs()) {
                    if (!NO_REVOCATION_DATA.equals(reportItem.getMessage())) {
                        validationReport.addReportItem(reportItem);
                    }
                }
                validateRevocationData(validationReport, validatorContext, x509Certificate, date, arrayList2, arrayList);
                return;
            }
        }
        validationReport.merge(validationReport2);
    }
}
