package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.DSSASN1Utils;
import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.OID;
import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.TimestampToken;
import eu.europa.esig.dss.x509.CertificateToken;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerIdentifier;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CadesLevelBaselineLTATimestampExtractor.class */
public class CadesLevelBaselineLTATimestampExtractor {
    private static final Logger LOG = LoggerFactory.getLogger(CadesLevelBaselineLTATimestampExtractor.class);
    public static final DigestAlgorithm DEFAULT_ARCHIVE_TIMESTAMP_HASH_ALGO = DigestAlgorithm.SHA256;
    private static final boolean OMIT_ALGORITHM_IDENTIFIER_IF_DEFAULT = true;
    private DigestAlgorithm hashIndexDigestAlgorithm;
    private final Set<ASN1ObjectIdentifier> excludedAttributesFromAtsHashIndex = new HashSet();
    private CAdESSignature cadesSignature;

    public CadesLevelBaselineLTATimestampExtractor(CAdESSignature cAdESSignature) {
        this.cadesSignature = cAdESSignature;
        this.excludedAttributesFromAtsHashIndex.add(PKCSObjectIdentifiers.id_aa_ets_certValues);
        this.excludedAttributesFromAtsHashIndex.add(PKCSObjectIdentifiers.id_aa_ets_revocationValues);
    }

    public Attribute getAtsHashIndex(SignerInformation signerInformation, DigestAlgorithm digestAlgorithm) throws DSSException {
        this.hashIndexDigestAlgorithm = digestAlgorithm;
        return getComposedAtsHashIndex(getHashIndexDigestAlgorithmIdentifier(), getCertificatesHashIndex(), getCRLsHashIndex(), getUnsignedAttributesHashIndex(signerInformation));
    }

    public Attribute getVerifiedAtsHashIndex(SignerInformation signerInformation, TimestampToken timestampToken) throws DSSException {
        return getComposedAtsHashIndex(getAlgorithmIdentifier(timestampToken), getVerifiedCertificatesHashIndex(timestampToken), getVerifiedCRLsHashIndex(timestampToken), getVerifiedUnsignedAttributesHashIndex(signerInformation, timestampToken));
    }

    private Attribute getComposedAtsHashIndex(AlgorithmIdentifier algorithmIdentifier, ASN1Sequence aSN1Sequence, ASN1Sequence aSN1Sequence2, ASN1Sequence aSN1Sequence3) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (algorithmIdentifier != null) {
            aSN1EncodableVector.add(algorithmIdentifier);
        }
        aSN1EncodableVector.add(aSN1Sequence);
        aSN1EncodableVector.add(aSN1Sequence2);
        aSN1EncodableVector.add(aSN1Sequence3);
        return new Attribute(OID.id_aa_ATSHashIndex, new DERSet(new DERSequence(aSN1EncodableVector)));
    }

    private ASN1Sequence getCertificatesHashIndex() throws DSSException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (CertificateToken certificateToken : this.cadesSignature.getCertificates()) {
            byte[] digest = certificateToken.getDigest(this.hashIndexDigestAlgorithm);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Adding to CertificatesHashIndex DSS-Identifier: {} with hash {}", certificateToken.getDSSId(), Utils.toHex(digest));
            }
            aSN1EncodableVector.add(new DEROctetString(digest));
        }
        return new DERSequence(aSN1EncodableVector);
    }

    private ASN1Sequence getVerifiedCertificatesHashIndex(TimestampToken timestampToken) throws DSSException {
        ASN1Sequence certificatesHashIndex = getCertificatesHashIndex(timestampToken);
        ArrayList arrayList = new ArrayList();
        if (certificatesHashIndex != null) {
            arrayList.addAll(Collections.list(certificatesHashIndex.getObjects()));
        }
        for (CertificateToken certificateToken : this.cadesSignature.getCertificatesWithinSignatureAndTimestamps()) {
            if (arrayList.remove(new DEROctetString(certificateToken.getDigest(this.hashIndexDigestAlgorithm)))) {
                LOG.debug("Cert {} present in timestamp", certificateToken.getAbbreviation());
            } else {
                LOG.debug("Cert {} not present in timestamp", certificateToken.getAbbreviation());
            }
        }
        if (arrayList.isEmpty()) {
            return certificatesHashIndex;
        }
        LOG.error("{} attribute hash in Cert Hashes have not been found in document attributes: {}", Integer.valueOf(arrayList.size()), arrayList);
        return new DERSequence();
    }

    private ASN1Sequence getCRLsHashIndex() throws DSSException {
        Enumeration objects;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1Set cRLs = SignedData.getInstance(this.cadesSignature.getCmsSignedData().toASN1Structure().getContent()).getCRLs();
        if (cRLs != null && (objects = cRLs.getObjects()) != null) {
            while (objects.hasMoreElements()) {
                digestAndAddToList(aSN1EncodableVector, DSSASN1Utils.getDEREncoded((ASN1Encodable) objects.nextElement()));
            }
        }
        return new DERSequence(aSN1EncodableVector);
    }

    private void digestAndAddToList(ASN1EncodableVector aSN1EncodableVector, byte[] bArr) {
        byte[] digest = DSSUtils.digest(this.hashIndexDigestAlgorithm, bArr);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Adding to crlsHashIndex with hash {}", Utils.toHex(digest));
        }
        aSN1EncodableVector.add(new DEROctetString(digest));
    }

    private ASN1Sequence getVerifiedCRLsHashIndex(TimestampToken timestampToken) throws DSSException {
        Enumeration objects;
        ASN1Sequence cRLHashIndex = getCRLHashIndex(timestampToken);
        ArrayList arrayList = new ArrayList();
        if (cRLHashIndex != null) {
            arrayList.addAll(Collections.list(cRLHashIndex.getObjects()));
        }
        ASN1Set cRLs = SignedData.getInstance(this.cadesSignature.getCmsSignedData().toASN1Structure().getContent()).getCRLs();
        if (cRLs != null && (objects = cRLs.getObjects()) != null) {
            while (objects.hasMoreElements()) {
                handleRevocationEncoded(arrayList, DSSASN1Utils.getDEREncoded((ASN1Encodable) objects.nextElement()));
            }
        }
        if (arrayList.isEmpty()) {
            return cRLHashIndex;
        }
        LOG.error("{} attribute hash in CRL Hashes have not been found in document attributes: {}", Integer.valueOf(arrayList.size()), arrayList);
        return new DERSequence();
    }

    private void handleRevocationEncoded(List<DEROctetString> list, byte[] bArr) {
        DEROctetString dEROctetString = new DEROctetString(DSSUtils.digest(this.hashIndexDigestAlgorithm, bArr));
        if (list.remove(dEROctetString)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("CRL/OCSP present in timestamp {}", DSSUtils.toHex(dEROctetString.getOctets()));
            }
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("CRL/OCSP not present in timestamp {}", DSSUtils.toHex(dEROctetString.getOctets()));
        }
    }

    private boolean handleCrlEncoded(ArrayList<DEROctetString> arrayList, byte[] bArr) {
        return arrayList.remove(new DEROctetString(DSSUtils.digest(this.hashIndexDigestAlgorithm, bArr)));
    }

    private ASN1Sequence getUnsignedAttributesHashIndex(SignerInformation signerInformation) throws DSSException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector2 = signerInformation.getUnsignedAttributes().toASN1EncodableVector();
        for (int i = 0; i < aSN1EncodableVector2.size(); i += OMIT_ALGORITHM_IDENTIFIER_IF_DEFAULT) {
            Attribute attribute = (Attribute) aSN1EncodableVector2.get(i);
            if (!this.excludedAttributesFromAtsHashIndex.contains(attribute.getAttrType())) {
                aSN1EncodableVector.add(getAttributeDerOctetStringHash(attribute));
            }
        }
        return new DERSequence(aSN1EncodableVector);
    }

    private ASN1Sequence getVerifiedUnsignedAttributesHashIndex(SignerInformation signerInformation, TimestampToken timestampToken) throws DSSException {
        ASN1Sequence unsignedAttributesHashIndex = getUnsignedAttributesHashIndex(timestampToken);
        ArrayList arrayList = new ArrayList();
        if (unsignedAttributesHashIndex != null) {
            arrayList.addAll(Collections.list(unsignedAttributesHashIndex.getObjects()));
        }
        ASN1EncodableVector aSN1EncodableVector = CMSUtils.getUnsignedAttributes(signerInformation).toASN1EncodableVector();
        for (int i = 0; i < aSN1EncodableVector.size(); i += OMIT_ALGORITHM_IDENTIFIER_IF_DEFAULT) {
            Attribute attribute = (Attribute) aSN1EncodableVector.get(i);
            DEROctetString attributeDerOctetStringHash = getAttributeDerOctetStringHash(attribute);
            ASN1ObjectIdentifier attrType = attribute.getAttrType();
            if (arrayList.remove(attributeDerOctetStringHash)) {
                LOG.debug("Attribute {} present in timestamp", attrType.getId());
            } else {
                LOG.debug("Attribute {} not present in timestamp", attrType.getId());
            }
        }
        if (arrayList.isEmpty()) {
            return unsignedAttributesHashIndex;
        }
        LOG.error("{} attribute hash in Timestamp have not been found in document attributes: {}", Integer.valueOf(arrayList.size()), arrayList);
        return new DERSequence();
    }

    private DEROctetString getAttributeDerOctetStringHash(Attribute attribute) throws DSSException {
        return new DEROctetString(DSSUtils.digest(this.hashIndexDigestAlgorithm, DSSASN1Utils.getDEREncoded(attribute)));
    }

    private ASN1Sequence getUnsignedAttributesHashIndex(TimestampToken timestampToken) {
        ASN1Sequence atsHashIndex = getAtsHashIndex(timestampToken);
        if (atsHashIndex == null) {
            return null;
        }
        int i = 2;
        if (atsHashIndex.size() > 3) {
            i = 2 + OMIT_ALGORITHM_IDENTIFIER_IF_DEFAULT;
        }
        return atsHashIndex.getObjectAt(i).toASN1Primitive();
    }

    private ASN1Sequence getCRLHashIndex(TimestampToken timestampToken) {
        ASN1Sequence atsHashIndex = getAtsHashIndex(timestampToken);
        if (atsHashIndex == null) {
            return null;
        }
        int i = OMIT_ALGORITHM_IDENTIFIER_IF_DEFAULT;
        if (atsHashIndex.size() > 3) {
            i += OMIT_ALGORITHM_IDENTIFIER_IF_DEFAULT;
        }
        return atsHashIndex.getObjectAt(i).toASN1Primitive();
    }

    private ASN1Sequence getCertificatesHashIndex(TimestampToken timestampToken) {
        ASN1Sequence atsHashIndex = getAtsHashIndex(timestampToken);
        if (atsHashIndex == null) {
            return null;
        }
        int i = 0;
        if (atsHashIndex.size() > 3) {
            i = 0 + OMIT_ALGORITHM_IDENTIFIER_IF_DEFAULT;
        }
        return atsHashIndex.getObjectAt(i).toASN1Primitive();
    }

    private AlgorithmIdentifier getAlgorithmIdentifier(TimestampToken timestampToken) {
        ASN1Sequence atsHashIndex = getAtsHashIndex(timestampToken);
        if (atsHashIndex != null && atsHashIndex.size() > 3) {
            ASN1Sequence objectAt = atsHashIndex.getObjectAt(0);
            if (objectAt instanceof ASN1Sequence) {
                ASN1Sequence aSN1Sequence = objectAt;
                this.hashIndexDigestAlgorithm = DigestAlgorithm.forOID(aSN1Sequence.getObjectAt(0).getId());
                return AlgorithmIdentifier.getInstance(aSN1Sequence);
            }
            if (objectAt instanceof ASN1ObjectIdentifier) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(objectAt);
                this.hashIndexDigestAlgorithm = DigestAlgorithm.forOID(aSN1ObjectIdentifier.getId());
                return new AlgorithmIdentifier(aSN1ObjectIdentifier);
            }
        }
        this.hashIndexDigestAlgorithm = DEFAULT_ARCHIVE_TIMESTAMP_HASH_ALGO;
        return null;
    }

    private ASN1Sequence getAtsHashIndex(TimestampToken timestampToken) {
        ASN1Set attrValues;
        Attribute attribute = timestampToken.getUnsignedAttributes().get(OID.id_aa_ATSHashIndex);
        if (attribute == null || (attrValues = attribute.getAttrValues()) == null || attrValues.size() <= 0) {
            return null;
        }
        return attrValues.getObjectAt(0).toASN1Primitive();
    }

    private AlgorithmIdentifier getHashIndexDigestAlgorithmIdentifier() {
        if (this.hashIndexDigestAlgorithm.getOid().equals(DEFAULT_ARCHIVE_TIMESTAMP_HASH_ALGO.getOid())) {
            return null;
        }
        return DSSASN1Utils.getAlgorithmIdentifier(this.hashIndexDigestAlgorithm);
    }

    /* JADX WARN: Type inference failed for: r0v14, types: [byte[], byte[][]] */
    public byte[] getArchiveTimestampDataV3(SignerInformation signerInformation, Attribute attribute, InputStream inputStream, DigestAlgorithm digestAlgorithm) throws DSSException {
        byte[] encodedContentType = getEncodedContentType(this.cadesSignature.getCmsSignedData());
        byte[] digest = DSSUtils.digest(digestAlgorithm, inputStream);
        byte[] signedFields = getSignedFields(signerInformation);
        byte[] dEREncoded = DSSASN1Utils.getDEREncoded(attribute.getAttrValues().getObjectAt(0));
        byte[] concatenate = DSSUtils.concatenate((byte[][]) new byte[]{encodedContentType, digest, signedFields, dEREncoded});
        if (LOG.isDebugEnabled()) {
            LOG.debug("eContentType={}", Utils.toHex(encodedContentType));
            LOG.debug("signedDataDigest={}", Utils.toHex(digest));
            LOG.debug("encodedFields=see above");
            LOG.debug("encodedAtsHashIndex={}", Utils.toHex(dEREncoded));
        }
        return concatenate;
    }

    private byte[] getEncodedContentType(CMSSignedData cMSSignedData) {
        return DSSASN1Utils.getDEREncoded(SignedData.getInstance(cMSSignedData.toASN1Structure().getContent()).getEncapContentInfo().getContentType());
    }

    /* JADX WARN: Type inference failed for: r0v29, types: [byte[], byte[][]] */
    private byte[] getSignedFields(SignerInformation signerInformation) {
        SignerInfo aSN1Structure = signerInformation.toASN1Structure();
        ASN1Integer version = aSN1Structure.getVersion();
        SignerIdentifier sid = aSN1Structure.getSID();
        AlgorithmIdentifier digestAlgorithm = aSN1Structure.getDigestAlgorithm();
        DERTaggedObject dERSignedAttributes = CMSUtils.getDERSignedAttributes(signerInformation);
        AlgorithmIdentifier digestEncryptionAlgorithm = aSN1Structure.getDigestEncryptionAlgorithm();
        ASN1OctetString encryptedDigest = aSN1Structure.getEncryptedDigest();
        byte[] dEREncoded = DSSASN1Utils.getDEREncoded(version);
        byte[] dEREncoded2 = DSSASN1Utils.getDEREncoded(sid);
        byte[] dEREncoded3 = DSSASN1Utils.getDEREncoded(digestAlgorithm);
        byte[] dEREncoded4 = DSSASN1Utils.getDEREncoded(dERSignedAttributes);
        byte[] dEREncoded5 = DSSASN1Utils.getDEREncoded(digestEncryptionAlgorithm);
        byte[] dEREncoded6 = DSSASN1Utils.getDEREncoded(encryptedDigest);
        if (LOG.isDebugEnabled()) {
            LOG.debug("getSignedFields Version={}", Utils.toBase64(dEREncoded));
            LOG.debug("getSignedFields Sid={}", Utils.toBase64(dEREncoded2));
            LOG.debug("getSignedFields DigestAlgorithm={}", Utils.toBase64(dEREncoded3));
            LOG.debug("getSignedFields SignedAttributes={}", Utils.toBase64(dEREncoded4));
            LOG.debug("getSignedFields DigestEncryptionAlgorithm={}", Utils.toBase64(dEREncoded5));
            LOG.debug("getSignedFields EncryptedDigest={}", Utils.toBase64(dEREncoded6));
        }
        return DSSUtils.concatenate((byte[][]) new byte[]{dEREncoded, dEREncoded2, dEREncoded3, dEREncoded4, dEREncoded5, dEREncoded6});
    }
}
