package org.imixs.signature.pdf.util;

import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.pdfbox.io.IOUtils;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.Attributes;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;

/* loaded from: input_file:WEB-INF/classes/org/imixs/signature/pdf/util/ValidationTimeStamp.class */
public class ValidationTimeStamp {
    private TSAClient tsaClient;

    public ValidationTimeStamp(String str) throws NoSuchAlgorithmException, MalformedURLException {
        if (str != null) {
            this.tsaClient = new TSAClient(new URL(str), null, null, MessageDigest.getInstance("SHA-256"));
        }
    }

    public byte[] getTimeStampToken(InputStream inputStream) throws IOException {
        return this.tsaClient.getTimeStampToken(IOUtils.toByteArray(inputStream));
    }

    public CMSSignedData addSignedTimeStamp(CMSSignedData cMSSignedData) throws IOException {
        SignerInformationStore signerInfos = cMSSignedData.getSignerInfos();
        ArrayList arrayList = new ArrayList();
        Iterator<SignerInformation> it = signerInfos.getSigners().iterator();
        while (it.hasNext()) {
            arrayList.add(signTimeStamp(it.next()));
        }
        return CMSSignedData.replaceSigners(cMSSignedData, new SignerInformationStore(arrayList));
    }

    private SignerInformation signTimeStamp(SignerInformation signerInformation) throws IOException {
        AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (unsignedAttributes != null) {
            aSN1EncodableVector = unsignedAttributes.toASN1EncodableVector();
        }
        aSN1EncodableVector.add(new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSet(ASN1Primitive.fromByteArray(this.tsaClient.getTimeStampToken(signerInformation.getSignature())))));
        return SignerInformation.replaceUnsignedAttributes(signerInformation, new AttributeTable(new Attributes(aSN1EncodableVector)));
    }
}
