package eu.europa.esig.dss.asic.cades.signature;

import eu.europa.esig.dss.asic.cades.ASiCWithCAdESFilenameFactory;
import eu.europa.esig.dss.asic.cades.DefaultASiCWithCAdESFilenameFactory;
import eu.europa.esig.dss.asic.cades.signature.manifest.ASiCEWithCAdESArchiveManifestBuilder;
import eu.europa.esig.dss.asic.cades.validation.ASiCContainerWithCAdESValidator;
import eu.europa.esig.dss.asic.cades.validation.ASiCWithCAdESUtils;
import eu.europa.esig.dss.asic.common.ASiCContent;
import eu.europa.esig.dss.asic.common.ASiCUtils;
import eu.europa.esig.dss.asic.common.validation.ASiCManifestParser;
import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.MimeTypeEnum;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.exception.IllegalInputException;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.InMemoryDocument;
import eu.europa.esig.dss.model.ManifestFile;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.CMSSignedDataBuilder;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.spi.x509.tsp.TimestampToken;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.AdvancedSignature;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.ValidationData;
import java.util.List;

/* loaded from: input_file:eu/europa/esig/dss/asic/cades/signature/ASiCWithCAdESLevelBaselineLTA.class */
public class ASiCWithCAdESLevelBaselineLTA extends ASiCWithCAdESSignatureExtension {
    private static final long serialVersionUID = 5337864432054920568L;
    private final ASiCWithCAdESFilenameFactory asicFilenameFactory;

    public ASiCWithCAdESLevelBaselineLTA(CertificateVerifier certificateVerifier, TSPSource tSPSource) {
        this(certificateVerifier, tSPSource, new DefaultASiCWithCAdESFilenameFactory());
    }

    public ASiCWithCAdESLevelBaselineLTA(CertificateVerifier certificateVerifier, TSPSource tSPSource, ASiCWithCAdESFilenameFactory aSiCWithCAdESFilenameFactory) {
        super(certificateVerifier, tSPSource);
        this.asicFilenameFactory = aSiCWithCAdESFilenameFactory;
    }

    @Override // eu.europa.esig.dss.asic.cades.signature.ASiCWithCAdESSignatureExtension
    public ASiCContent extend(ASiCContent aSiCContent, CAdESSignatureParameters cAdESSignatureParameters) {
        return extend(super.extend(aSiCContent, cAdESSignatureParameters), getReferenceDigestAlgorithmOrDefault(cAdESSignatureParameters), cAdESSignatureParameters.getArchiveTimestampParameters().getDigestAlgorithm());
    }

    public ASiCContent extend(ASiCContent aSiCContent, DigestAlgorithm digestAlgorithm) {
        return extend(super.extend(aSiCContent, getEmptyLTLevelSignatureParameters()), digestAlgorithm, digestAlgorithm);
    }

    private ASiCContent extend(ASiCContent aSiCContent, DigestAlgorithm digestAlgorithm, DigestAlgorithm digestAlgorithm2) {
        String timestampFilename = this.asicFilenameFactory.getTimestampFilename(aSiCContent);
        ManifestFile lastManifestFile = getLastManifestFile(aSiCContent.getAllManifestDocuments());
        DSSDocument lastTimestampDocument = getLastTimestampDocument(lastManifestFile, aSiCContent.getTimestampDocuments());
        if (lastTimestampDocument != null) {
            ASiCContainerWithCAdESValidator aSiCContainerWithCAdESValidator = new ASiCContainerWithCAdESValidator(aSiCContent);
            aSiCContainerWithCAdESValidator.setCertificateVerifier(this.certificateVerifier);
            List<AdvancedSignature> allSignatures = aSiCContainerWithCAdESValidator.getAllSignatures();
            List<TimestampToken> detachedTimestamps = aSiCContainerWithCAdESValidator.getDetachedTimestamps();
            ValidationData allValidationData = aSiCContainerWithCAdESValidator.getValidationData(allSignatures, detachedTimestamps).getAllValidationData();
            for (AdvancedSignature advancedSignature : allSignatures) {
                allValidationData.excludeCertificateTokens(advancedSignature.getCompleteCertificateSource().getCertificates());
                allValidationData.excludeCRLTokens(advancedSignature.getCompleteCRLSource().getAllRevocationBinaries());
                allValidationData.excludeOCSPTokens(advancedSignature.getCompleteOCSPSource().getAllRevocationBinaries());
            }
            for (TimestampToken timestampToken : detachedTimestamps) {
                allValidationData.excludeCertificateTokens(timestampToken.getCertificateSource().getCertificates());
                allValidationData.excludeCRLTokens(timestampToken.getCRLSource().getAllRevocationBinaries());
                allValidationData.excludeOCSPTokens(timestampToken.getOCSPSource().getAllRevocationBinaries());
            }
            ASiCUtils.addOrReplaceDocument(aSiCContent.getTimestampDocuments(), extendTimestamp(lastTimestampDocument, allValidationData));
        }
        DSSDocument dSSDocument = null;
        if (lastManifestFile != null && isLastArchiveManifest(lastManifestFile.getFilename())) {
            dSSDocument = lastManifestFile.getDocument();
            dSSDocument.setName(this.asicFilenameFactory.getArchiveManifestFilename(aSiCContent));
        }
        DSSDocument build = new ASiCEWithCAdESArchiveManifestBuilder(aSiCContent, dSSDocument, digestAlgorithm, timestampFilename).build();
        aSiCContent.getArchiveManifestDocuments().add(build);
        aSiCContent.getTimestampDocuments().add(new InMemoryDocument(DSSASN1Utils.getDEREncoded(this.tspSource.getTimeStampResponse(digestAlgorithm2, DSSUtils.digest(digestAlgorithm2, build))), timestampFilename, MimeTypeEnum.TST));
        return aSiCContent;
    }

    private ManifestFile getLastManifestFile(List<DSSDocument> list) {
        DSSDocument lastArchiveManifest = getLastArchiveManifest(list);
        if (lastArchiveManifest == null) {
            lastArchiveManifest = DSSUtils.getDocumentWithLastName(list);
        }
        if (lastArchiveManifest != null) {
            return ASiCManifestParser.getManifestFile(lastArchiveManifest);
        }
        return null;
    }

    private DSSDocument getLastArchiveManifest(List<DSSDocument> list) {
        if (!Utils.isCollectionNotEmpty(list)) {
            return null;
        }
        for (DSSDocument dSSDocument : list) {
            if (isLastArchiveManifest(dSSDocument.getName())) {
                return dSSDocument;
            }
        }
        return null;
    }

    private boolean isLastArchiveManifest(String str) {
        return ASiCWithCAdESUtils.DEFAULT_ARCHIVE_MANIFEST_FILENAME.equals(str);
    }

    private DSSDocument getLastTimestampDocument(ManifestFile manifestFile, List<DSSDocument> list) {
        return manifestFile != null ? DSSUtils.getDocumentWithName(list, manifestFile.getSignatureFilename()) : DSSUtils.getDocumentWithLastName(list);
    }

    private DSSDocument extendTimestamp(DSSDocument dSSDocument, ValidationData validationData) {
        return new InMemoryDocument(DSSASN1Utils.getEncoded(new CMSSignedDataBuilder().setOriginalCMSSignedData(DSSUtils.toCMSSignedData(dSSDocument)).extendCMSSignedData(validationData.getCertificateTokens(), validationData.getCrlTokens(), validationData.getOcspTokens())), dSSDocument.getName(), MimeTypeEnum.TST);
    }

    private CAdESSignatureParameters getEmptyLTLevelSignatureParameters() {
        CAdESSignatureParameters cAdESSignatureParameters = new CAdESSignatureParameters();
        cAdESSignatureParameters.setSignatureLevel(SignatureLevel.CAdES_BASELINE_LT);
        return cAdESSignatureParameters;
    }

    @Override // eu.europa.esig.dss.asic.cades.signature.ASiCWithCAdESSignatureExtension
    protected boolean extensionRequired(CAdESSignatureParameters cAdESSignatureParameters, boolean z) {
        return !z;
    }

    @Override // eu.europa.esig.dss.asic.cades.signature.ASiCWithCAdESSignatureExtension
    protected void assertExtendSignaturePossible(CAdESSignatureParameters cAdESSignatureParameters, boolean z) {
        if (z) {
            throw new IllegalInputException(String.format("Cannot extend signature to '%s'. The signature is already covered by an archive manifest.", cAdESSignatureParameters.getSignatureLevel()));
        }
    }
}
