package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.DSSASN1Utils;
import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.x509.CertificatePool;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.SignatureCertificateSource;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.util.Selector;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/CAdESCertificateSource.class */
public class CAdESCertificateSource extends SignatureCertificateSource {
    private static final Logger logger = LoggerFactory.getLogger(CAdESCertificateSource.class);
    private final CMSSignedData cmsSignedData;
    final SignerInformation signerInformation;
    private List<CertificateToken> keyInfoCerts;
    private List<CertificateToken> encapsulatedCerts;

    public CAdESCertificateSource(TimeStampToken timeStampToken, CertificatePool certificatePool) {
        this(timeStampToken.toCMSSignedData(), (SignerInformation) timeStampToken.toCMSSignedData().getSignerInfos().getSigners().iterator().next(), certificatePool);
    }

    public CAdESCertificateSource(CMSSignedData cMSSignedData, SignerInformation signerInformation, CertificatePool certificatePool) {
        super(certificatePool);
        if (cMSSignedData == null) {
            throw new DSSException("CMS SignedData is null, it must be provided!");
        }
        this.cmsSignedData = cMSSignedData;
        this.signerInformation = signerInformation;
        if (this.certificateTokens == null) {
            this.certificateTokens = new ArrayList();
            this.keyInfoCerts = extractIdSignedDataCertificates();
            this.encapsulatedCerts = extractEncapsulatedCertificates();
        }
    }

    public List<CertificateToken> getEncapsulatedCertificates() {
        return this.encapsulatedCerts;
    }

    private List<CertificateToken> extractEncapsulatedCertificates() {
        ArrayList arrayList = new ArrayList();
        if (this.signerInformation != null && this.signerInformation.getUnsignedAttributes() != null) {
            extractCertificateFromUnsignedAttribute(arrayList, PKCSObjectIdentifiers.id_aa_ets_certValues);
            extractCertificateFromUnsignedAttribute(arrayList, PKCSObjectIdentifiers.id_aa_ets_certificateRefs);
        }
        return arrayList;
    }

    private void extractCertificateFromUnsignedAttribute(List<CertificateToken> list, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Attribute attribute = this.signerInformation.getUnsignedAttributes().get(aSN1ObjectIdentifier);
        if (attribute != null) {
            ASN1Sequence objectAt = attribute.getAttrValues().getObjectAt(0);
            for (int i = 0; i < objectAt.size(); i++) {
                try {
                    CertificateToken addCertificate = addCertificate(new CertificateToken(new X509CertificateObject(Certificate.getInstance(objectAt.getObjectAt(i)))));
                    if (!list.contains(addCertificate)) {
                        list.add(addCertificate);
                    }
                } catch (Exception e) {
                    logger.warn("Unable to parse encapsulated certificate : " + e.getMessage());
                }
            }
        }
    }

    public List<CertificateToken> getKeyInfoCertificates() {
        return this.keyInfoCerts;
    }

    private List<CertificateToken> extractIdSignedDataCertificates() {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator it = this.cmsSignedData.getCertificates().getMatches((Selector) null).iterator();
            while (it.hasNext()) {
                CertificateToken addCertificate = addCertificate(DSSASN1Utils.getCertificate((X509CertificateHolder) it.next()));
                if (!arrayList.contains(addCertificate)) {
                    arrayList.add(addCertificate);
                }
            }
        } catch (Exception e) {
            logger.warn("Cannot extract certificates from CMS Signed Data : " + e.getMessage());
        }
        return arrayList;
    }
}
