package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.TimeStampTokenProductionComparator;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.cades.validation.CMSDocumentValidator;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.exception.IllegalInputException;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.x509.CMSSignedDataBuilder;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.validation.AdvancedSignature;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.ValidationData;
import eu.europa.esig.dss.validation.ValidationDataContainer;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.tsp.TimeStampToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CAdESLevelBaselineLT.class */
public class CAdESLevelBaselineLT extends CAdESLevelBaselineT {
    private static final Logger LOG = LoggerFactory.getLogger(CAdESLevelBaselineLT.class);

    public CAdESLevelBaselineLT(TSPSource tSPSource, CertificateVerifier certificateVerifier) {
        super(tSPSource, certificateVerifier);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.cades.signature.CAdESLevelBaselineT, eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public CMSSignedData extendCMSSignatures(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters, List<String> list) {
        CMSSignedData extendWithValidationData;
        CMSSignedData extendCMSSignatures = super.extendCMSSignatures(cMSSignedData, cAdESSignatureParameters, list);
        ArrayList<AdvancedSignature> arrayList = new ArrayList();
        CMSDocumentValidator documentValidator = getDocumentValidator(extendCMSSignatures, cAdESSignatureParameters);
        List<CAdESSignature> signatures = documentValidator.getSignatures();
        Iterator it = signatures.iterator();
        while (it.hasNext()) {
            CAdESSignature cAdESSignature = (CAdESSignature) ((AdvancedSignature) it.next());
            if (list.contains(cAdESSignature.getId())) {
                assertExtendSignatureLevelLTPossible(cAdESSignature, cAdESSignatureParameters);
                arrayList.add(cAdESSignature);
            }
        }
        ValidationDataContainer validationData = documentValidator.getValidationData(arrayList);
        if (includesATSv2(extendCMSSignatures)) {
            ArrayList arrayList2 = new ArrayList();
            for (CAdESSignature cAdESSignature2 : signatures) {
                SignerInformation signerInformation = cAdESSignature2.getSignerInformation();
                SignerInformation signerInformation2 = signerInformation;
                if (list.contains(cAdESSignature2.getId())) {
                    signerInformation2 = extendSignerInformation(signerInformation, validationData.getCompleteValidationDataForSignature(cAdESSignature2));
                }
                arrayList2.add(signerInformation2);
            }
            extendWithValidationData = replaceSigners(extendCMSSignatures, arrayList2);
        } else {
            ValidationData allValidationData = validationData.getAllValidationData();
            for (AdvancedSignature advancedSignature : arrayList) {
                allValidationData.excludeCertificateTokens(advancedSignature.getCertificateSource().getCertificateValues());
                allValidationData.excludeCRLTokens(advancedSignature.getCRLSource().getAllRevocationBinaries());
                allValidationData.excludeOCSPTokens(advancedSignature.getOCSPSource().getAllRevocationBinaries());
            }
            extendWithValidationData = extendWithValidationData(extendCMSSignatures, allValidationData);
        }
        return extendWithValidationData;
    }

    private SignerInformation extendSignerInformation(SignerInformation signerInformation, ValidationData validationData) {
        return SignerInformation.replaceUnsignedAttributes(signerInformation, addValidationData(CMSUtils.getUnsignedAttributes(signerInformation), validationData));
    }

    private AttributeTable addValidationData(AttributeTable attributeTable, ValidationData validationData) {
        TimeStampToken lastArchiveTimestamp = getLastArchiveTimestamp(attributeTable);
        if (lastArchiveTimestamp != null) {
            CMSSignedData cMSSignedData = lastArchiveTimestamp.toCMSSignedData();
            attributeTable = replaceTimeStampAttribute(attributeTable, cMSSignedData, extendWithValidationData(cMSSignedData, validationData));
        }
        return attributeTable;
    }

    private TimeStampToken getLastArchiveTimestamp(AttributeTable attributeTable) {
        TimeStampToken timeStampToken = null;
        TimeStampTokenProductionComparator timeStampTokenProductionComparator = new TimeStampTokenProductionComparator();
        for (TimeStampToken timeStampToken2 : DSSASN1Utils.findArchiveTimeStampTokens(attributeTable)) {
            if (timeStampToken == null || timeStampTokenProductionComparator.after(timeStampToken2, timeStampToken)) {
                timeStampToken = timeStampToken2;
            }
        }
        return timeStampToken;
    }

    private AttributeTable replaceTimeStampAttribute(AttributeTable attributeTable, CMSSignedData cMSSignedData, CMSSignedData cMSSignedData2) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (Attribute attribute : attributeTable.toASN1Structure().getAttributes()) {
            Attribute attribute2 = attribute;
            if (DSSASN1Utils.isArchiveTimeStampToken(attribute)) {
                try {
                    if (CMSUtils.isCMSSignedDataEqual(cMSSignedData, DSSASN1Utils.getCMSSignedData(attribute))) {
                        attribute2 = new Attribute(attribute.getAttrType(), new DERSet(DSSASN1Utils.toASN1Primitive(cMSSignedData2.getEncoded())));
                    }
                } catch (Exception e) {
                    LOG.warn("Unable to build a CMSSignedData object from an unsigned attribute. Reason : {}", e.getMessage(), e);
                }
            }
            aSN1EncodableVector.add(attribute2);
        }
        return new AttributeTable(aSN1EncodableVector);
    }

    private CMSSignedData extendWithValidationData(CMSSignedData cMSSignedData, ValidationData validationData) {
        return new CMSSignedDataBuilder().setOriginalCMSSignedData(cMSSignedData).extendCMSSignedData(validationData.getCertificateTokens(), validationData.getCrlTokens(), validationData.getOcspTokens());
    }

    private void assertExtendSignatureLevelLTPossible(CAdESSignature cAdESSignature, CAdESSignatureParameters cAdESSignatureParameters) {
        SignatureLevel signatureLevel = cAdESSignatureParameters.getSignatureLevel();
        if (SignatureLevel.CAdES_BASELINE_LT.equals(signatureLevel) && cAdESSignature.hasLTAProfile()) {
            throw new IllegalInputException(String.format("Cannot extend signature to '%s'. The signedData is already extended with LTA level.", signatureLevel));
        }
        if (cAdESSignature.getCertificateSource().getNumberOfCertificates() == 0) {
            throw new IllegalInputException("Cannot extend signature. The signature does not contain certificates.");
        }
        if (cAdESSignature.areAllSelfSignedCertificates()) {
            throw new IllegalInputException("Cannot extend the signature. The signature contains only self-signed certificate chains!");
        }
    }

    protected boolean includesATSv2(CMSSignedData cMSSignedData) {
        Iterator it = cMSSignedData.getSignerInfos().iterator();
        while (it.hasNext()) {
            if (CMSUtils.containsATSTv2((SignerInformation) it.next())) {
                return true;
            }
        }
        return false;
    }
}
