package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.DSSASN1Utils;
import eu.europa.esig.dss.DSSConfigurationException;
import eu.europa.esig.dss.DSSDocument;
import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.SignatureForm;
import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.signature.SignatureExtension;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.SignatureCryptographicVerification;
import eu.europa.esig.dss.x509.tsp.TSPSource;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.tsp.TimeStampToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CAdESSignatureExtension.class */
public abstract class CAdESSignatureExtension implements SignatureExtension<CAdESSignatureParameters> {
    private static final Logger LOG = LoggerFactory.getLogger(CAdESSignatureExtension.class);
    protected final TSPSource signatureTsa;
    private final boolean onlyLastCMSSignature;

    public CAdESSignatureExtension(TSPSource tSPSource, boolean z) {
        this.signatureTsa = tSPSource;
        this.onlyLastCMSSignature = z;
        if (tSPSource == null) {
            throw new DSSConfigurationException(DSSConfigurationException.MSG.CONFIGURE_TSP_SERVER);
        }
    }

    public TSPSource getSignatureTsa() {
        return this.signatureTsa;
    }

    public CMSSignedDocument extendSignatures(DSSDocument dSSDocument, CAdESSignatureParameters cAdESSignatureParameters) throws DSSException {
        LOG.info("EXTEND SIGNATURES.");
        try {
            InputStream openStream = dSSDocument.openStream();
            CMSSignedData cMSSignedData = new CMSSignedData(openStream);
            Utils.closeQuietly(openStream);
            return new CMSSignedDocument(extendCMSSignatures(cMSSignedData, cAdESSignatureParameters));
        } catch (CMSException e) {
            throw new DSSException("Cannot parse CMS data", e);
        }
    }

    public CMSSignedData extendCMSSignatures(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters) {
        return this.onlyLastCMSSignature ? extendLastCMSSignature(cMSSignedData, cAdESSignatureParameters) : extendAllCMSSignatures(cMSSignedData, cAdESSignatureParameters);
    }

    private CMSSignedData extendAllCMSSignatures(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters) {
        LOG.info("EXTEND ALL CMS SIGNATURES.");
        CMSSignedData preExtendCMSSignedData = preExtendCMSSignedData(cMSSignedData, cAdESSignatureParameters);
        Collection<SignerInformation> signers = preExtendCMSSignedData.getSignerInfos().getSigners();
        ArrayList arrayList = new ArrayList();
        for (SignerInformation signerInformation : signers) {
            CAdESSignature cAdESSignature = new CAdESSignature(preExtendCMSSignedData, signerInformation);
            cAdESSignature.setDetachedContents(cAdESSignatureParameters.getDetachedContents());
            assertSignatureValid(cAdESSignature, cAdESSignatureParameters);
            arrayList.add(extendCMSSignature(preExtendCMSSignedData, signerInformation, cAdESSignatureParameters));
        }
        CMSSignedData replaceSigners = CMSSignedData.replaceSigners(preExtendCMSSignedData, new SignerInformationStore(arrayList));
        Iterator it = replaceSigners.getSignerInfos().getSigners().iterator();
        while (it.hasNext()) {
            replaceSigners = postExtendCMSSignedData(replaceSigners, (SignerInformation) it.next(), cAdESSignatureParameters);
        }
        return replaceSigners;
    }

    private CMSSignedData extendLastCMSSignature(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters) {
        LOG.info("EXTEND LAST CMS SIGNATURES.");
        CMSSignedData preExtendCMSSignedData = preExtendCMSSignedData(cMSSignedData, cAdESSignatureParameters);
        Collection<SignerInformation> signers = preExtendCMSSignedData.getSignerInfos().getSigners();
        SignerInformation firstSigner = getFirstSigner(preExtendCMSSignedData);
        ArrayList arrayList = new ArrayList();
        for (SignerInformation signerInformation : signers) {
            if (firstSigner == signerInformation) {
                CAdESSignature cAdESSignature = new CAdESSignature(preExtendCMSSignedData, signerInformation);
                cAdESSignature.setDetachedContents(cAdESSignatureParameters.getDetachedContents());
                assertSignatureValid(cAdESSignature, cAdESSignatureParameters);
                arrayList.add(extendCMSSignature(preExtendCMSSignedData, signerInformation, cAdESSignatureParameters));
            } else {
                arrayList.add(signerInformation);
            }
        }
        CMSSignedData replaceSigners = CMSSignedData.replaceSigners(preExtendCMSSignedData, new SignerInformationStore(arrayList));
        return postExtendCMSSignedData(replaceSigners, getFirstSigner(replaceSigners), cAdESSignatureParameters);
    }

    private SignerInformation getFirstSigner(CMSSignedData cMSSignedData) {
        SignerInformation signerInformation = null;
        Iterator it = cMSSignedData.getSignerInfos().getSigners().iterator();
        if (it.hasNext()) {
            signerInformation = (SignerInformation) it.next();
        }
        return signerInformation;
    }

    private void assertSignatureValid(CAdESSignature cAdESSignature, CAdESSignatureParameters cAdESSignatureParameters) {
        if (SignatureForm.PAdES.equals(cAdESSignatureParameters.getSignatureLevel().getSignatureForm())) {
            return;
        }
        SignatureCryptographicVerification signatureCryptographicVerification = cAdESSignature.getSignatureCryptographicVerification();
        if (signatureCryptographicVerification.isSignatureIntact()) {
            return;
        }
        String errorMessage = signatureCryptographicVerification.getErrorMessage();
        throw new DSSException("Cryptographic signature verification has failed" + (errorMessage.isEmpty() ? "." : " / " + errorMessage));
    }

    protected abstract SignerInformation extendCMSSignature(CMSSignedData cMSSignedData, SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters) throws DSSException;

    protected CMSSignedData preExtendCMSSignedData(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters) {
        return cMSSignedData;
    }

    protected CMSSignedData postExtendCMSSignedData(CMSSignedData cMSSignedData, SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters) {
        return cMSSignedData;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ASN1Object getTimeStampAttributeValue(TSPSource tSPSource, byte[] bArr, CAdESSignatureParameters cAdESSignatureParameters) {
        return getTimeStampAttributeValue(tSPSource, bArr, cAdESSignatureParameters.getSignatureTimestampParameters().getDigestAlgorithm(), new Attribute[0]);
    }

    public static ASN1Object getTimeStampAttributeValue(TSPSource tSPSource, byte[] bArr, DigestAlgorithm digestAlgorithm, Attribute... attributeArr) {
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Message to timestamp is: " + Utils.toHex(bArr));
            }
            byte[] digest = DSSUtils.digest(digestAlgorithm, bArr);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Digested ({}) message to timestamp is {}", new Object[]{digestAlgorithm, Utils.toHex(digest)});
            }
            TimeStampToken timeStampResponse = tSPSource.getTimeStampResponse(digestAlgorithm, digest);
            if (timeStampResponse == null) {
                throw new NullPointerException();
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Digested ({}) message in timestamp is {}", new Object[]{digestAlgorithm, Utils.toHex(timeStampResponse.getTimeStampInfo().getMessageImprintDigest())});
            }
            CMSSignedData cMSSignedData = new CMSSignedData(timeStampResponse.getEncoded());
            if (attributeArr != null) {
                SignerInformation signerInformation = (SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next();
                AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation);
                for (Attribute attribute : attributeArr) {
                    unsignedAttributes = unsignedAttributes.add(attribute.getAttrType(), attribute.getAttrValues().getObjectAt(0));
                }
                if (unsignedAttributes.size() == 0) {
                    unsignedAttributes = null;
                }
                SignerInformation replaceUnsignedAttributes = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes);
                ArrayList arrayList = new ArrayList();
                arrayList.add(replaceUnsignedAttributes);
                cMSSignedData = CMSSignedData.replaceSigners(cMSSignedData, new SignerInformationStore(arrayList));
            }
            return DSSASN1Utils.toASN1Primitive(cMSSignedData.getEncoded());
        } catch (CMSException e) {
            throw new DSSException(e);
        } catch (IOException e2) {
            throw new DSSException(e2);
        }
    }
}
