package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.DSSASN1Utils;
import eu.europa.esig.dss.DSSDocument;
import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.SignatureLevel;
import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.DefaultAdvancedSignature;
import eu.europa.esig.dss.validation.ValidationContext;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.crl.CRLToken;
import eu.europa.esig.dss.x509.ocsp.OCSPToken;
import eu.europa.esig.dss.x509.tsp.TSPSource;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;

/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CAdESLevelBaselineLT.class */
public class CAdESLevelBaselineLT extends CAdESSignatureExtension {
    private final CertificateVerifier certificateVerifier;
    private final CAdESLevelBaselineT cadesProfileT;

    public CAdESLevelBaselineLT(TSPSource tSPSource, CertificateVerifier certificateVerifier, boolean z) {
        super(tSPSource, z);
        this.certificateVerifier = certificateVerifier;
        this.cadesProfileT = new CAdESLevelBaselineT(tSPSource, z);
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    protected SignerInformation extendCMSSignature(CMSSignedData cMSSignedData, SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters) throws DSSException {
        CAdESSignature cAdESSignature = new CAdESSignature(cMSSignedData, signerInformation);
        cAdESSignature.setDetachedContents(new DSSDocument[]{cAdESSignatureParameters.getDetachedContent()});
        if (!cAdESSignature.isDataForSignatureLevelPresent(SignatureLevel.CAdES_BASELINE_T)) {
            signerInformation = this.cadesProfileT.extendCMSSignature(cMSSignedData, signerInformation, cAdESSignatureParameters);
        }
        return signerInformation;
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    protected CMSSignedData postExtendCMSSignedData(CMSSignedData cMSSignedData, SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters) {
        CAdESSignature cAdESSignature = new CAdESSignature(cMSSignedData, signerInformation);
        cAdESSignature.setDetachedContents(new DSSDocument[]{cAdESSignatureParameters.getDetachedContent()});
        ValidationContext signatureValidationContext = cAdESSignature.getSignatureValidationContext(this.certificateVerifier);
        Store certificates = cMSSignedData.getCertificates();
        Set certificatesForInclusion = cAdESSignature.getCertificatesForInclusion(signatureValidationContext);
        HashSet hashSet = new HashSet(certificates.getMatches((Selector) null));
        Iterator it = certificatesForInclusion.iterator();
        while (it.hasNext()) {
            hashSet.add(DSSASN1Utils.getX509CertificateHolder((CertificateToken) it.next()));
        }
        Store collectionStore = new CollectionStore(hashSet);
        HashSet hashSet2 = new HashSet(cMSSignedData.getCRLs().getMatches((Selector) null));
        DefaultAdvancedSignature.RevocationDataForInclusion revocationDataForInclusion = cAdESSignature.getRevocationDataForInclusion(signatureValidationContext);
        Iterator it2 = revocationDataForInclusion.crlTokens.iterator();
        while (it2.hasNext()) {
            hashSet2.add(getX509CrlHolder((CRLToken) it2.next()));
        }
        Store collectionStore2 = new CollectionStore(hashSet2);
        HashSet hashSet3 = new HashSet(cMSSignedData.getOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic).getMatches((Selector) null));
        Iterator it3 = revocationDataForInclusion.ocspTokens.iterator();
        while (it3.hasNext()) {
            hashSet3.add(DSSASN1Utils.toASN1Primitive(DSSASN1Utils.getEncoded(((OCSPToken) it3.next()).getBasicOCSPResp())));
        }
        return new CMSSignedDataBuilder(this.certificateVerifier).regenerateCMSSignedData(cMSSignedData, cAdESSignatureParameters, collectionStore, cMSSignedData.getAttributeCertificates(), collectionStore2, new CollectionStore(hashSet3), cMSSignedData.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response));
    }

    private X509CRLHolder getX509CrlHolder(CRLToken cRLToken) {
        try {
            X509CRL x509crl = cRLToken.getX509crl();
            return new X509CRLHolder(new CertificateList(new DERSequence(new ASN1Encodable[]{TBSCertList.getInstance(x509crl.getTBSCertList()), new AlgorithmIdentifier(new ASN1ObjectIdentifier(x509crl.getSigAlgOID())), new DERBitString(x509crl.getSignature())})));
        } catch (CRLException e) {
            throw new DSSException(e);
        }
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public /* bridge */ /* synthetic */ CMSSignedData extendCMSSignatures(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters) {
        return super.extendCMSSignatures(cMSSignedData, cAdESSignatureParameters);
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public /* bridge */ /* synthetic */ CMSSignedDocument extendSignatures(DSSDocument dSSDocument, CAdESSignatureParameters cAdESSignatureParameters) throws DSSException {
        return super.extendSignatures(dSSDocument, cAdESSignatureParameters);
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public /* bridge */ /* synthetic */ TSPSource getSignatureTsa() {
        return super.getSignatureTsa();
    }
}
