package eu.europa.esig.dss.pades.signature;

import eu.europa.esig.dss.AbstractSignatureParameters;
import eu.europa.esig.dss.cades.signature.CAdESLevelBaselineT;
import eu.europa.esig.dss.cades.signature.CMSSignedDocument;
import eu.europa.esig.dss.cades.signature.CustomContentSigner;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.model.DSSMessageDigest;
import eu.europa.esig.dss.model.InMemoryDocument;
import eu.europa.esig.dss.model.SignatureValue;
import eu.europa.esig.dss.model.ToBeSigned;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.pades.PAdESSignatureParameters;
import eu.europa.esig.dss.signature.SignatureRequirementsChecker;
import eu.europa.esig.dss.signature.SignatureValueChecker;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.CMSSignedDataBuilder;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.validation.CertificateVerifier;
import java.util.Collections;
import java.util.Objects;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.operator.ContentSigner;

/* loaded from: input_file:eu/europa/esig/dss/pades/signature/ExternalCMSService.class */
public class ExternalCMSService {
    private final CertificateVerifier certificateVerifier;
    private TSPSource tspSource;

    public ExternalCMSService(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
    }

    public void setTspSource(TSPSource tSPSource) {
        this.tspSource = tSPSource;
    }

    public ToBeSigned getDataToSign(DSSMessageDigest dSSMessageDigest, PAdESSignatureParameters pAdESSignatureParameters) {
        Objects.requireNonNull(dSSMessageDigest, "messageDigest cannot be null!");
        Objects.requireNonNull(pAdESSignatureParameters, "SignatureParameters cannot be null!");
        assertConfigurationValid(dSSMessageDigest, pAdESSignatureParameters);
        return buildToBeSignedData(dSSMessageDigest, pAdESSignatureParameters);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ToBeSigned buildToBeSignedData(DSSMessageDigest dSSMessageDigest, PAdESSignatureParameters pAdESSignatureParameters) {
        ContentSigner customContentSigner = new CustomContentSigner(pAdESSignatureParameters.getSignatureAlgorithm().getJCEId());
        getCMSSignedDataBuilder(pAdESSignatureParameters).createCMSSignedData(new PAdESSignerInfoGeneratorBuilder(dSSMessageDigest).build(pAdESSignatureParameters, customContentSigner), new InMemoryDocument(dSSMessageDigest.getValue()));
        return new ToBeSigned(customContentSigner.getOutputStream().toByteArray());
    }

    public CMSSignedDocument signMessageDigest(DSSMessageDigest dSSMessageDigest, PAdESSignatureParameters pAdESSignatureParameters, SignatureValue signatureValue) {
        Objects.requireNonNull(dSSMessageDigest, "messageDigest cannot be null!");
        Objects.requireNonNull(pAdESSignatureParameters, "SignatureParameters cannot be null!");
        Objects.requireNonNull(signatureValue, "SignatureValue cannot be null!");
        assertConfigurationValid(dSSMessageDigest, pAdESSignatureParameters);
        CMSSignedData buildCMSSignedData = buildCMSSignedData(dSSMessageDigest, pAdESSignatureParameters, signatureValue);
        pAdESSignatureParameters.reinit();
        return new CMSSignedDocument(buildCMSSignedData);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CMSSignedData buildCMSSignedData(DSSMessageDigest dSSMessageDigest, PAdESSignatureParameters pAdESSignatureParameters, SignatureValue signatureValue) {
        SignatureAlgorithm signatureAlgorithm = pAdESSignatureParameters.getSignatureAlgorithm();
        SignatureLevel signatureLevel = pAdESSignatureParameters.getSignatureLevel();
        Objects.requireNonNull(signatureAlgorithm, "SignatureAlgorithm cannot be null!");
        Objects.requireNonNull(signatureLevel, "SignatureLevel must be defined!");
        CMSSignedData createCMSSignedData = getCMSSignedDataBuilder(pAdESSignatureParameters).createCMSSignedData(new PAdESSignerInfoGeneratorBuilder(dSSMessageDigest).build(pAdESSignatureParameters, new CustomContentSigner(signatureAlgorithm.getJCEId(), new SignatureValueChecker().ensureSignatureValue(signatureValue, pAdESSignatureParameters.getSignatureAlgorithm()).getValue())), new InMemoryDocument(dSSMessageDigest.getValue()));
        if (!SignatureLevel.PAdES_BASELINE_B.equals(signatureLevel)) {
            Objects.requireNonNull(this.tspSource, "TSPSource shall be provided for T-level creation!");
            pAdESSignatureParameters.m4getContext().setDetachedContents(Collections.singletonList(DSSUtils.toDigestDocument(dSSMessageDigest)));
            createCMSSignedData = new CAdESLevelBaselineT(this.tspSource, this.certificateVerifier).extendCMSSignatures(createCMSSignedData, pAdESSignatureParameters);
        }
        return createCMSSignedData;
    }

    protected void assertConfigurationValid(DSSMessageDigest dSSMessageDigest, PAdESSignatureParameters pAdESSignatureParameters) {
        Objects.requireNonNull(pAdESSignatureParameters.getSignatureLevel(), "SignatureLevel shall be defined!");
        SignatureLevel signatureLevel = pAdESSignatureParameters.getSignatureLevel();
        if (!SignatureLevel.PAdES_BASELINE_B.equals(signatureLevel) && !SignatureLevel.PAdES_BASELINE_T.equals(signatureLevel)) {
            throw new IllegalArgumentException(String.format("SignatureLevel '%s' is not supported within PAdESCMSGeneratorService!", signatureLevel));
        }
        assertSigningCertificateValid(pAdESSignatureParameters);
        if (dSSMessageDigest.getAlgorithm() != pAdESSignatureParameters.getDigestAlgorithm()) {
            throw new IllegalArgumentException(String.format("The DigestAlgorithm provided within Digest '%s' does not correspond to the one defined in SignatureParameters '%s'!", dSSMessageDigest.getAlgorithm(), pAdESSignatureParameters.getDigestAlgorithm()));
        }
    }

    protected void assertSigningCertificateValid(AbstractSignatureParameters<?> abstractSignatureParameters) {
        CertificateToken signingCertificate = abstractSignatureParameters.getSigningCertificate();
        if (signingCertificate != null) {
            new SignatureRequirementsChecker(this.certificateVerifier, abstractSignatureParameters).assertSigningCertificateIsValid(signingCertificate);
        } else if (!abstractSignatureParameters.isGenerateTBSWithoutCertificate()) {
            throw new IllegalArgumentException("Signing Certificate is not defined! Set signing certificate or use method setGenerateTBSWithoutCertificate(true).");
        }
    }

    private CMSSignedDataBuilder getCMSSignedDataBuilder(PAdESSignatureParameters pAdESSignatureParameters) {
        return new CMSSignedDataBuilder().setSigningCertificate(pAdESSignatureParameters.getSigningCertificate()).setCertificateChain(pAdESSignatureParameters.getCertificateChain()).setGenerateWithoutCertificates(pAdESSignatureParameters.isGenerateTBSWithoutCertificate()).setTrustAnchorBPPolicy(pAdESSignatureParameters.bLevel().isTrustAnchorBPPolicy()).setTrustedCertificateSource(this.certificateVerifier.getTrustedCertSources()).setEncapsulate(false);
    }
}
