package eu.europa.esig.dss.jades.signature;

import eu.europa.esig.dss.enumerations.JWSSerializationType;
import eu.europa.esig.dss.enumerations.SignaturePackaging;
import eu.europa.esig.dss.jades.DSSJsonUtils;
import eu.europa.esig.dss.jades.JAdESSignatureParameters;
import eu.europa.esig.dss.jades.JWSJsonSerializationGenerator;
import eu.europa.esig.dss.jades.JWSJsonSerializationObject;
import eu.europa.esig.dss.jades.validation.JWS;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.InMemoryDocument;
import eu.europa.esig.dss.model.MimeType;
import eu.europa.esig.dss.model.SignatureValue;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.CertificateVerifier;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:eu/europa/esig/dss/jades/signature/JAdESSerializationBuilder.class */
public class JAdESSerializationBuilder extends AbstractJAdESBuilder {
    private JWSJsonSerializationObject jwsJsonSerializationObject;

    public JAdESSerializationBuilder(CertificateVerifier certificateVerifier, JAdESSignatureParameters jAdESSignatureParameters, List<DSSDocument> list) {
        super(certificateVerifier, jAdESSignatureParameters, list);
    }

    public JAdESSerializationBuilder(CertificateVerifier certificateVerifier, JAdESSignatureParameters jAdESSignatureParameters, JWSJsonSerializationObject jWSJsonSerializationObject) {
        super(certificateVerifier, jAdESSignatureParameters, extractDocumentToBeSigned(jAdESSignatureParameters, jWSJsonSerializationObject));
        this.jwsJsonSerializationObject = jWSJsonSerializationObject;
    }

    private static List<DSSDocument> extractDocumentToBeSigned(JAdESSignatureParameters jAdESSignatureParameters, JWSJsonSerializationObject jWSJsonSerializationObject) {
        if (Utils.isStringNotBlank(jWSJsonSerializationObject.getPayload())) {
            return Collections.singletonList(new InMemoryDocument(jWSJsonSerializationObject.getSignatures().get(0).isRfc7797UnencodedPayload() ? jWSJsonSerializationObject.getPayload().getBytes(StandardCharsets.UTF_8) : DSSJsonUtils.fromBase64Url(jWSJsonSerializationObject.getPayload())));
        }
        if (Utils.isCollectionNotEmpty(jAdESSignatureParameters.getDetachedContents())) {
            return jAdESSignatureParameters.getDetachedContents();
        }
        throw new DSSException("The payload or detached content must be provided!");
    }

    @Override // eu.europa.esig.dss.jades.signature.JAdESBuilder
    public DSSDocument build(SignatureValue signatureValue) {
        assertConfigurationValidity(this.parameters);
        JWS jws = getJWS();
        if (this.jwsJsonSerializationObject == null) {
            this.jwsJsonSerializationObject = new JWSJsonSerializationObject();
            if (!SignaturePackaging.DETACHED.equals(this.parameters.getSignaturePackaging())) {
                this.jwsJsonSerializationObject.setPayload(jws.getSignedPayload());
            }
        } else {
            assertB64ConfigurationConsistent();
        }
        jws.setSignature(DSSASN1Utils.fromAsn1toSignatureValue(this.parameters.getEncryptionAlgorithm(), signatureValue.getValue()));
        this.jwsJsonSerializationObject.getSignatures().add(jws);
        return new JWSJsonSerializationGenerator(this.jwsJsonSerializationObject, this.parameters.getJwsSerializationType()).generate();
    }

    private void assertB64ConfigurationConsistent() {
        if (SignaturePackaging.DETACHED.equals(this.parameters.getSignaturePackaging())) {
            return;
        }
        boolean isBase64UrlEncodedPayload = this.parameters.isBase64UrlEncodedPayload();
        Iterator<JWS> it = this.jwsJsonSerializationObject.getSignatures().iterator();
        while (it.hasNext()) {
            if (isBase64UrlEncodedPayload != (!it.next().isRfc7797UnencodedPayload())) {
                throw new DSSException("'b64' value shall be the same for all signatures! Change 'Base64UrlEncodedPayload' signature parameter or sign another file!");
            }
        }
    }

    private JWS getJWS() {
        JWS jws = new JWS();
        incorporateHeader(jws);
        incorporatePayload(jws);
        return jws;
    }

    @Override // eu.europa.esig.dss.jades.signature.JAdESBuilder
    public MimeType getMimeType() {
        return MimeType.JOSE_JSON;
    }

    @Override // eu.europa.esig.dss.jades.signature.AbstractJAdESBuilder
    protected void assertConfigurationValidity(JAdESSignatureParameters jAdESSignatureParameters) {
        SignaturePackaging signaturePackaging = jAdESSignatureParameters.getSignaturePackaging();
        if (signaturePackaging != SignaturePackaging.ENVELOPING && signaturePackaging != SignaturePackaging.DETACHED) {
            throw new DSSException("Unsupported signature packaging for JSON Serialization Signature: " + signaturePackaging);
        }
        if (!JWSSerializationType.JSON_SERIALIZATION.equals(jAdESSignatureParameters.getJwsSerializationType()) && this.jwsJsonSerializationObject != null) {
            throw new DSSException(String.format("The '%s' type is not supported for a parallel signing!", jAdESSignatureParameters.getJwsSerializationType()));
        }
    }
}
