package eu.europa.esig.dss.jades.signature;

import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.jades.JAdESHeaderParameterNames;
import eu.europa.esig.dss.jades.JAdESSignatureParameters;
import eu.europa.esig.dss.jades.JsonObject;
import eu.europa.esig.dss.jades.validation.JAdESEtsiUHeader;
import eu.europa.esig.dss.jades.validation.JAdESSignature;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLToken;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPToken;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.SignatureCryptographicVerification;
import eu.europa.esig.dss.validation.ValidationContext;
import eu.europa.esig.dss.validation.ValidationDataForInclusion;
import eu.europa.esig.dss.validation.ValidationDataForInclusionBuilder;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.jose4j.json.internal.json_simple.JSONArray;
import org.jose4j.json.internal.json_simple.JSONObject;

/* loaded from: input_file:eu/europa/esig/dss/jades/signature/JAdESLevelBaselineLT.class */
public class JAdESLevelBaselineLT extends JAdESLevelBaselineT {
    public JAdESLevelBaselineLT(CertificateVerifier certificateVerifier) {
        super(certificateVerifier);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.jades.signature.JAdESLevelBaselineT
    public void extendSignature(JAdESSignature jAdESSignature, JAdESSignatureParameters jAdESSignatureParameters) {
        super.extendSignature(jAdESSignature, jAdESSignatureParameters);
        if (jAdESSignature.hasLTAProfile()) {
            return;
        }
        jAdESSignature.resetCertificateSource();
        jAdESSignature.resetRevocationSources();
        jAdESSignature.resetTimestampSource();
        assertExtendSignatureToLTPossible(jAdESSignature, jAdESSignatureParameters);
        JAdESEtsiUHeader etsiUHeader = jAdESSignature.getEtsiUHeader();
        checkSignatureIntegrity(jAdESSignature);
        ValidationContext signatureValidationContext = jAdESSignature.getSignatureValidationContext(this.certificateVerifier);
        removeOldCertificateValues(jAdESSignature, etsiUHeader);
        removeOldRevocationValues(jAdESSignature, etsiUHeader);
        ValidationDataForInclusion validationDataForInclusion = getValidationDataForInclusion(jAdESSignature, signatureValidationContext);
        Set<CertificateToken> certificateTokens = validationDataForInclusion.getCertificateTokens();
        if (Utils.isCollectionNotEmpty(certificateTokens)) {
            etsiUHeader.addComponent(JAdESHeaderParameterNames.X_VALS, getXVals(certificateTokens), jAdESSignatureParameters.isBase64UrlEncodedEtsiUComponents());
        }
        List<CRLToken> crlTokens = validationDataForInclusion.getCrlTokens();
        List<OCSPToken> ocspTokens = validationDataForInclusion.getOcspTokens();
        if (Utils.isCollectionNotEmpty(crlTokens) || Utils.isCollectionNotEmpty(ocspTokens)) {
            etsiUHeader.addComponent(JAdESHeaderParameterNames.R_VALS, getRVals(crlTokens, ocspTokens), jAdESSignatureParameters.isBase64UrlEncodedEtsiUComponents());
        }
    }

    private void removeOldCertificateValues(JAdESSignature jAdESSignature, JAdESEtsiUHeader jAdESEtsiUHeader) {
        jAdESEtsiUHeader.removeLastComponent(JAdESHeaderParameterNames.X_VALS);
        jAdESSignature.resetCertificateSource();
    }

    private void removeOldRevocationValues(JAdESSignature jAdESSignature, JAdESEtsiUHeader jAdESEtsiUHeader) {
        jAdESEtsiUHeader.removeLastComponent(JAdESHeaderParameterNames.R_VALS);
        jAdESSignature.resetRevocationSources();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ValidationDataForInclusion getValidationDataForInclusion(JAdESSignature jAdESSignature, ValidationContext validationContext) {
        return new ValidationDataForInclusionBuilder(validationContext, jAdESSignature.getCompleteCertificateSource()).excludeCertificateTokens(jAdESSignature.getCertificateSource().getCertificates()).excludeCRLs(jAdESSignature.m21getCRLSource().getAllRevocationBinaries()).excludeOCSPs(jAdESSignature.m20getOCSPSource().getAllRevocationBinaries()).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JSONArray getXVals(Set<CertificateToken> set) {
        JSONArray jSONArray = new JSONArray();
        Iterator<CertificateToken> it = set.iterator();
        while (it.hasNext()) {
            jSONArray.add(getX509CertObject(it.next()));
        }
        return jSONArray;
    }

    private JSONObject getX509CertObject(CertificateToken certificateToken) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(JAdESHeaderParameterNames.VAL, Utils.toBase64(certificateToken.getEncoded()));
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put(JAdESHeaderParameterNames.X509_CERT, jSONObject);
        return jSONObject2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JsonObject getRVals(List<CRLToken> list, List<OCSPToken> list2) {
        JsonObject jsonObject = new JsonObject();
        if (Utils.isCollectionNotEmpty(list)) {
            jsonObject.put(JAdESHeaderParameterNames.CRL_VALS, (Object) getCrlVals(list));
        }
        if (Utils.isCollectionNotEmpty(list2)) {
            jsonObject.put(JAdESHeaderParameterNames.OCSP_VALS, (Object) getOcspVals(list2));
        }
        return jsonObject;
    }

    private JSONArray getCrlVals(List<CRLToken> list) {
        JSONArray jSONArray = new JSONArray();
        for (CRLToken cRLToken : list) {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(JAdESHeaderParameterNames.VAL, Utils.toBase64(cRLToken.getEncoded()));
            jSONArray.add(jSONObject);
        }
        return jSONArray;
    }

    private JSONArray getOcspVals(List<OCSPToken> list) {
        JSONArray jSONArray = new JSONArray();
        for (OCSPToken oCSPToken : list) {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(JAdESHeaderParameterNames.VAL, Utils.toBase64(oCSPToken.getEncoded()));
            jSONArray.add(jSONObject);
        }
        return jSONArray;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkSignatureIntegrity(JAdESSignature jAdESSignature) throws DSSException {
        SignatureCryptographicVerification signatureCryptographicVerification = jAdESSignature.getSignatureCryptographicVerification();
        if (signatureCryptographicVerification.isSignatureIntact()) {
            return;
        }
        String errorMessage = signatureCryptographicVerification.getErrorMessage();
        throw new DSSException("Cryptographic signature verification has failed" + (errorMessage.isEmpty() ? "." : " / " + errorMessage));
    }

    private void assertExtendSignatureToLTPossible(JAdESSignature jAdESSignature, JAdESSignatureParameters jAdESSignatureParameters) {
        if (SignatureLevel.JAdES_BASELINE_LT.equals(jAdESSignatureParameters.getSignatureLevel()) && jAdESSignature.hasLTAProfile()) {
            throw new DSSException(String.format("Cannot extend the signature. The signedData is already extended with [%s]!", "JAdES LTA"));
        }
        if (jAdESSignature.areAllSelfSignedCertificates()) {
            throw new DSSException("Cannot extend the signature. The signature contains only self-signed certificate chains!");
        }
    }
}
