package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.EncryptionAlgorithm;
import eu.europa.esig.dss.SignatureAlgorithm;
import eu.europa.esig.dss.x509.ArchiveTimestampType;
import eu.europa.esig.dss.x509.CertificatePool;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.TimestampType;
import eu.europa.esig.dss.x509.TimestampValidation;
import eu.europa.esig.dss.x509.TimestampValidity;
import eu.europa.esig.dss.x509.Token;
import eu.europa.esig.dss.x509.TokenValidationExtraInfo;
import java.io.IOException;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TSPValidationException;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/TimestampToken.class */
public class TimestampToken extends Token {
    private static final Logger logger = LoggerFactory.getLogger(TimestampToken.class);
    private final TimeStampToken timeStamp;
    private TimestampType timeStampType;
    private CAdESCertificateSource wrappedSource;
    private X500Principal issuerX500Principal;
    private boolean messageImprintData;
    private Boolean messageImprintIntact = null;
    private String signedDataMessage = "";
    private List<TimestampReference> timestampedReferences;
    private List<TimestampInclude> timestampIncludes;
    private ArchiveTimestampType archiveTimestampType;
    private String canonicalizationMethod;
    private int hashCode;

    public TimestampToken(TimeStampToken timeStampToken, TimestampType timestampType, CertificatePool certificatePool) {
        this.timeStamp = timeStampToken;
        this.timeStampType = timestampType;
        this.extraInfo = new TokenValidationExtraInfo();
        this.wrappedSource = new CAdESCertificateSource(timeStampToken, certificatePool);
        for (CertificateToken certificateToken : this.wrappedSource.getCertificates()) {
            if (timeStampToken.getSID().match(new X509CertificateHolder(Certificate.getInstance(certificateToken.getEncoded()))) && isSignedBy(certificateToken)) {
                return;
            }
        }
    }

    public String getAbbreviation() {
        return this.timeStampType.name() + ": " + getDSSId() + ": " + DSSUtils.formatInternal(this.timeStamp.getTimeStampInfo().getGenTime());
    }

    public X500Principal getIssuerX500Principal() {
        return this.issuerX500Principal;
    }

    public boolean isSignedBy(CertificateToken certificateToken) {
        if (this.issuerToken != null) {
            return this.issuerToken.equals(certificateToken);
        }
        TimestampValidation validateTimestampToken = validateTimestampToken(this.timeStamp, certificateToken);
        this.signatureInvalidityReason = validateTimestampToken.getValidity().name();
        this.signatureValid = validateTimestampToken.isValid();
        if (this.signatureValid) {
            this.issuerToken = certificateToken;
            this.issuerX500Principal = certificateToken.getSubjectX500Principal();
            this.signatureAlgorithm = SignatureAlgorithm.getAlgorithm(EncryptionAlgorithm.forName(certificateToken.getPublicKey().getAlgorithm()), DigestAlgorithm.forOID(this.timeStamp.getTimeStampInfo().getHashAlgorithm().getAlgorithm().getId()));
        }
        return this.signatureValid;
    }

    private TimestampValidation validateTimestampToken(TimeStampToken timeStampToken, CertificateToken certificateToken) {
        TimestampValidity timestampValidity;
        try {
            timeStampToken.validate(new JcaSimpleSignerInfoVerifierBuilder().build(certificateToken.getCertificate()));
            timestampValidity = TimestampValidity.VALID;
        } catch (TSPException e) {
            if (logger.isDebugEnabled()) {
                logger.info("No valid structure for timestamp token: ", e);
            } else {
                logger.info("No valid structure for timestamp token: " + e.getMessage());
            }
            timestampValidity = TimestampValidity.NOT_VALID_STRUCTURE;
        } catch (IllegalArgumentException e2) {
            if (logger.isDebugEnabled()) {
                logger.debug("No signing certificate for timestamp token: ", e2);
            } else {
                logger.info("No signing certificate for timestamp token: ", e2.getMessage());
            }
            timestampValidity = TimestampValidity.NO_SIGNING_CERTIFICATE;
        } catch (TSPValidationException e3) {
            if (logger.isDebugEnabled()) {
                logger.info("No valid signature for timestamp token: ", e3);
            } else {
                logger.info("No valid signature for timestamp token: " + e3.getMessage());
            }
            timestampValidity = TimestampValidity.NOT_VALID_SIGNATURE;
        } catch (OperatorCreationException e4) {
            if (logger.isDebugEnabled()) {
                logger.info("No valid structure for timestamp token: ", e4);
            } else {
                logger.info("No valid structure for timestamp token: " + e4.getMessage());
            }
            timestampValidity = TimestampValidity.NOT_VALID_STRUCTURE;
        }
        return new TimestampValidation(timestampValidity);
    }

    public boolean matchData(byte[] bArr) {
        try {
            this.messageImprintData = bArr != null;
            TimeStampTokenInfo timeStampInfo = this.timeStamp.getTimeStampInfo();
            DigestAlgorithm forOID = DigestAlgorithm.forOID(timeStampInfo.getHashAlgorithm().getAlgorithm().getId());
            byte[] digest = DSSUtils.digest(forOID, bArr);
            byte[] messageImprintDigest = timeStampInfo.getMessageImprintDigest();
            this.messageImprintIntact = Boolean.valueOf(Arrays.equals(digest, messageImprintDigest));
            if (!this.messageImprintIntact.booleanValue()) {
                logger.error("Extracted data from the document: {}", Hex.encodeHexString(bArr));
                logger.error("Computed digest ({}) on the extracted data from the document : {}", forOID, Hex.encodeHexString(digest));
                logger.error("Digest present in TimestampToken: {}", Hex.encodeHexString(messageImprintDigest));
                logger.error("Digest in TimestampToken matches digest of extracted data from document: {}", this.messageImprintIntact);
            }
        } catch (DSSException e) {
            this.messageImprintIntact = false;
            this.signedDataMessage = "Timestamp digest problem: " + e.getMessage();
        }
        return this.messageImprintIntact.booleanValue();
    }

    public TimestampType getTimeStampType() {
        return this.timeStampType;
    }

    public Date getGenerationTime() {
        return this.timeStamp.getTimeStampInfo().getGenTime();
    }

    public DigestAlgorithm getSignedDataDigestAlgo() {
        return DigestAlgorithm.forOID(this.timeStamp.getTimeStampInfo().getHashAlgorithm().getAlgorithm().getId());
    }

    public String getEncodedSignedDataDigestValue() {
        return Base64.encodeBase64String(this.timeStamp.getTimeStampInfo().getMessageImprintDigest());
    }

    public Boolean isMessageImprintDataFound() {
        return Boolean.valueOf(this.messageImprintData);
    }

    public Boolean isMessageImprintDataIntact() {
        if (this.messageImprintIntact == null) {
            throw new DSSException("Invoke matchData(byte[] data) method before!");
        }
        return this.messageImprintIntact;
    }

    public List<TimestampReference> getTimestampedReferences() {
        return this.timestampedReferences;
    }

    public void setTimestampedReferences(List<TimestampReference> list) {
        this.timestampedReferences = list;
    }

    public ArchiveTimestampType getArchiveTimestampType() {
        return this.archiveTimestampType;
    }

    public void setArchiveTimestampType(ArchiveTimestampType archiveTimestampType) {
        this.archiveTimestampType = archiveTimestampType;
    }

    public String getCanonicalizationMethod() {
        return this.canonicalizationMethod;
    }

    public void setCanonicalizationMethod(String str) {
        this.canonicalizationMethod = str;
    }

    public byte[] getEncoded() {
        try {
            return this.timeStamp.getEncoded();
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    public List<TimestampInclude> getTimestampIncludes() {
        return this.timestampIncludes;
    }

    public void setTimestampIncludes(List<TimestampInclude> list) {
        this.timestampIncludes = list;
    }

    public List<CertificateToken> getCertificates() {
        return this.wrappedSource.getCertificates();
    }

    public AttributeTable getUnsignedAttributes() {
        return this.timeStamp.getUnsignedAttributes();
    }

    public void setHashCode(int i) {
        this.hashCode = i;
    }

    public int getHashCode() {
        return this.hashCode;
    }

    public String toString(String str) {
        try {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(str).append("TimestampToken[signedBy=").append(this.issuerToken == null ? "?" : this.issuerToken.getDSSIdAsString());
            stringBuffer.append(", generated: ").append(DSSUtils.formatInternal(this.timeStamp.getTimeStampInfo().getGenTime()));
            stringBuffer.append(" / ").append(this.timeStampType).append('\n');
            if (this.signatureValid) {
                String str2 = str + "\t";
                stringBuffer.append(str2).append("Timestamp's signature validity: VALID").append('\n');
                str = str2.substring(1);
            } else if (!this.signatureInvalidityReason.isEmpty()) {
                String str3 = str + "\t";
                stringBuffer.append(str3).append("Timestamp's signature validity: INVALID").append(" - ").append(this.signatureInvalidityReason).append('\n');
                str = str3.substring(1);
            }
            String str4 = str + "\t";
            if (this.messageImprintIntact != null) {
                if (this.messageImprintIntact.booleanValue()) {
                    stringBuffer.append(str4).append("Timestamp MATCHES the signed data.").append('\n');
                } else {
                    stringBuffer.append(str4).append("Timestamp DOES NOT MATCH the signed data.").append('\n');
                    if (!this.signedDataMessage.isEmpty()) {
                        stringBuffer.append(str4).append("- ").append(this.signedDataMessage).append('\n');
                    }
                }
            }
            String substring = str4.substring(1);
            if (this.issuerToken != null) {
                String str5 = substring + "\t";
                stringBuffer.append(this.issuerToken.toString(str5)).append('\n');
                stringBuffer.append(str5.substring(1));
            }
            stringBuffer.append("]");
            return stringBuffer.toString();
        } catch (Exception e) {
            return getClass().getName();
        }
    }
}
