package eu.europa.esig.dss.jades.signature;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.exception.IllegalInputException;
import eu.europa.esig.dss.jades.DSSJsonUtils;
import eu.europa.esig.dss.jades.JAdESHeaderParameterNames;
import eu.europa.esig.dss.jades.JAdESSignatureParameters;
import eu.europa.esig.dss.jades.JWSJsonSerializationGenerator;
import eu.europa.esig.dss.jades.JWSJsonSerializationObject;
import eu.europa.esig.dss.jades.validation.AbstractJWSDocumentValidator;
import eu.europa.esig.dss.jades.validation.JAdESDocumentValidatorFactory;
import eu.europa.esig.dss.jades.validation.JAdESSignature;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.signature.SignatureRequirementsChecker;
import eu.europa.esig.dss.signature.SigningOperation;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.AdvancedSignature;
import eu.europa.esig.dss.validation.CertificateVerifier;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;

/* loaded from: input_file:eu/europa/esig/dss/jades/signature/JAdESLevelBaselineT.class */
public class JAdESLevelBaselineT extends JAdESExtensionBuilder implements JAdESLevelBaselineExtension {
    protected final CertificateVerifier certificateVerifier;
    protected TSPSource tspSource;
    protected AbstractJWSDocumentValidator documentValidator;
    private SigningOperation operationKind;

    public JAdESLevelBaselineT(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
    }

    public void setTspSource(TSPSource tSPSource) {
        this.tspSource = tSPSource;
    }

    @Override // eu.europa.esig.dss.jades.signature.JAdESLevelBaselineExtension
    public void setOperationKind(SigningOperation signingOperation) {
        this.operationKind = signingOperation;
    }

    public DSSDocument extendSignatures(DSSDocument dSSDocument, JAdESSignatureParameters jAdESSignatureParameters) {
        Objects.requireNonNull(dSSDocument, "The document cannot be null");
        Objects.requireNonNull(this.tspSource, "The TSPSource cannot be null");
        this.documentValidator = new JAdESDocumentValidatorFactory().m19create(dSSDocument);
        this.documentValidator.setCertificateVerifier(this.certificateVerifier);
        this.documentValidator.setDetachedContents(jAdESSignatureParameters.getDetachedContents());
        JWSJsonSerializationObject jwsJsonSerializationObject = this.documentValidator.getJwsJsonSerializationObject();
        assertJWSJsonSerializationObjectValid(jwsJsonSerializationObject);
        List signatures = this.documentValidator.getSignatures();
        if (Utils.isCollectionEmpty(signatures)) {
            throw new IllegalInputException("There is no signature to extend!");
        }
        List list = signatures;
        if (SigningOperation.SIGN.equals(this.operationKind)) {
            list = Arrays.asList(signatures.get(signatures.size() - 1));
        }
        extendSignatures((List<AdvancedSignature>) list, jAdESSignatureParameters);
        return new JWSJsonSerializationGenerator(jwsJsonSerializationObject, jAdESSignatureParameters.getJwsSerializationType()).generate();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void extendSignatures(List<AdvancedSignature> list, JAdESSignatureParameters jAdESSignatureParameters) {
        SignatureRequirementsChecker signatureRequirementsChecker = new SignatureRequirementsChecker(this.certificateVerifier, jAdESSignatureParameters);
        for (AdvancedSignature advancedSignature : list) {
            JAdESSignature jAdESSignature = (JAdESSignature) advancedSignature;
            assertEtsiUComponentsConsistent(jAdESSignature.getJws(), jAdESSignatureParameters.isBase64UrlEncodedEtsiUComponents());
            if (tLevelExtensionRequired(jAdESSignature, jAdESSignatureParameters)) {
                assertExtendSignatureToTPossible(jAdESSignature, jAdESSignatureParameters);
                signatureRequirementsChecker.assertSigningCertificateIsValid(advancedSignature);
                DigestAlgorithm digestAlgorithm = jAdESSignatureParameters.m2getSignatureTimestampParameters().getDigestAlgorithm();
                jAdESSignature.getEtsiUHeader().addComponent(JAdESHeaderParameterNames.SIG_TST, DSSJsonUtils.getTstContainer(Collections.singletonList(this.tspSource.getTimeStampResponse(digestAlgorithm, DSSUtils.digest(digestAlgorithm, jAdESSignature.m23getTimestampSource().getSignatureTimestampData()))), null), jAdESSignatureParameters.isBase64UrlEncodedEtsiUComponents());
            }
        }
    }

    private boolean tLevelExtensionRequired(JAdESSignature jAdESSignature, JAdESSignatureParameters jAdESSignatureParameters) {
        return SignatureLevel.JAdES_BASELINE_T.equals(jAdESSignatureParameters.getSignatureLevel()) || !jAdESSignature.hasTProfile();
    }

    private void assertExtendSignatureToTPossible(JAdESSignature jAdESSignature, JAdESSignatureParameters jAdESSignatureParameters) {
        SignatureLevel signatureLevel = jAdESSignatureParameters.getSignatureLevel();
        if (SignatureLevel.JAdES_BASELINE_T.equals(signatureLevel)) {
            if (jAdESSignature.hasLTAProfile() || (jAdESSignature.hasLTProfile() && !jAdESSignature.areAllSelfSignedCertificates())) {
                throw new IllegalInputException(String.format("Cannot extend signature to '%s'. The signature is already extended with LT level.", signatureLevel));
            }
        }
    }
}
