package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.DSSASN1Utils;
import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.x509.CertificateSource;
import eu.europa.esig.dss.x509.CertificateToken;
import java.io.InputStream;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
import org.bouncycastle.cms.SimpleAttributeTableGenerator;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;

/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CMSSignedDataBuilder.class */
public class CMSSignedDataBuilder {
    private CertificateVerifier certificateVerifier;

    public CMSSignedDataBuilder(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CMSSignedDataGenerator createCMSSignedDataGenerator(CAdESSignatureParameters cAdESSignatureParameters, ContentSigner contentSigner, SignerInfoGeneratorBuilder signerInfoGeneratorBuilder, CMSSignedData cMSSignedData) throws DSSException {
        try {
            CertificateToken signingCertificate = cAdESSignatureParameters.getSigningCertificate();
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(contentSigner, DSSASN1Utils.getX509CertificateHolder(signingCertificate)));
            HashSet hashSet = new HashSet();
            if (cMSSignedData != null) {
                cMSSignedDataGenerator.addSigners(cMSSignedData.getSignerInfos());
                cMSSignedDataGenerator.addAttributeCertificates(cMSSignedData.getAttributeCertificates());
                cMSSignedDataGenerator.addCRLs(cMSSignedData.getCRLs());
                cMSSignedDataGenerator.addOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic, cMSSignedData.getOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic));
                cMSSignedDataGenerator.addOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response, cMSSignedData.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response));
                Iterator it = cMSSignedData.getCertificates().getMatches((Selector) null).iterator();
                while (it.hasNext()) {
                    hashSet.add(DSSASN1Utils.getCertificate((X509CertificateHolder) it.next()));
                }
            }
            hashSet.add(cAdESSignatureParameters.getSigningCertificate());
            hashSet.addAll(cAdESSignatureParameters.getCertificateChain());
            cMSSignedDataGenerator.addCertificates(getJcaCertStore(hashSet, cAdESSignatureParameters.bLevel().isTrustAnchorBPPolicy()));
            return cMSSignedDataGenerator;
        } catch (CMSException e) {
            throw new DSSException(e);
        } catch (OperatorCreationException e2) {
            throw new DSSException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignerInfoGeneratorBuilder getSignerInfoGeneratorBuilder(CAdESSignatureParameters cAdESSignatureParameters, boolean z) {
        CAdESLevelBaselineB cAdESLevelBaselineB = new CAdESLevelBaselineB();
        AttributeTable signedAttributes = cAdESLevelBaselineB.getSignedAttributes(cAdESSignatureParameters);
        AttributeTable attributeTable = null;
        if (z) {
            attributeTable = cAdESLevelBaselineB.getUnsignedAttributes();
        }
        return getSignerInfoGeneratorBuilder(signedAttributes, attributeTable);
    }

    private SignerInfoGeneratorBuilder getSignerInfoGeneratorBuilder(AttributeTable attributeTable, AttributeTable attributeTable2) {
        if (attributeTable != null && attributeTable.size() == 0) {
            attributeTable = null;
        }
        DefaultSignedAttributeTableGenerator defaultSignedAttributeTableGenerator = new DefaultSignedAttributeTableGenerator(attributeTable);
        if (attributeTable2 != null && attributeTable2.size() == 0) {
            attributeTable2 = null;
        }
        return getSignerInfoGeneratorBuilder(defaultSignedAttributeTableGenerator, new SimpleAttributeTableGenerator(attributeTable2));
    }

    private SignerInfoGeneratorBuilder getSignerInfoGeneratorBuilder(DefaultSignedAttributeTableGenerator defaultSignedAttributeTableGenerator, SimpleAttributeTableGenerator simpleAttributeTableGenerator) {
        SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
        signerInfoGeneratorBuilder.setSignedAttributeGenerator(defaultSignedAttributeTableGenerator);
        signerInfoGeneratorBuilder.setUnsignedAttributeGenerator(simpleAttributeTableGenerator);
        return signerInfoGeneratorBuilder;
    }

    private JcaCertStore getJcaCertStore(Collection<CertificateToken> collection, boolean z) {
        try {
            ArrayList arrayList = new ArrayList();
            for (CertificateToken certificateToken : collection) {
                if (z) {
                    X500Principal subjectX500Principal = certificateToken.getSubjectX500Principal();
                    CertificateSource trustedCertSource = this.certificateVerifier.getTrustedCertSource();
                    if (trustedCertSource != null && !trustedCertSource.get(subjectX500Principal).isEmpty()) {
                    }
                }
                arrayList.add(certificateToken.getCertificate());
            }
            return new JcaCertStore(arrayList);
        } catch (CertificateEncodingException e) {
            throw new DSSException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CMSSignedData regenerateCMSSignedData(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters, Store store, Store store2, Store store3, Store store4, Store store5) {
        CMSSignedData generate;
        try {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSigners(cMSSignedData.getSignerInfos());
            cMSSignedDataGenerator.addAttributeCertificates(store2);
            cMSSignedDataGenerator.addCertificates(store);
            cMSSignedDataGenerator.addCRLs(store3);
            cMSSignedDataGenerator.addOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic, store4);
            cMSSignedDataGenerator.addOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response, store5);
            boolean z = cMSSignedData.getSignedContent() != null;
            if (z) {
                generate = cMSSignedDataGenerator.generate(cMSSignedData.getSignedContent(), z);
            } else {
                InputStream openStream = cAdESSignatureParameters.getDetachedContent().openStream();
                CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(DSSUtils.toByteArray(openStream));
                IOUtils.closeQuietly(openStream);
                generate = cMSSignedDataGenerator.generate(cMSProcessableByteArray, z);
            }
            return generate;
        } catch (CMSException e) {
            throw new DSSException(e);
        }
    }
}
