package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.cades.validation.CMSDocumentAnalyzer;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureForm;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.DSSMessageDigest;
import eu.europa.esig.dss.model.signature.SignatureCryptographicVerification;
import eu.europa.esig.dss.signature.SignatureExtension;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.exception.IllegalInputException;
import eu.europa.esig.dss.spi.validation.CertificateVerifier;
import eu.europa.esig.dss.spi.validation.executor.CompleteValidationContextExecutor;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.utils.Utils;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CAdESSignatureExtension.class */
public abstract class CAdESSignatureExtension implements SignatureExtension<CAdESSignatureParameters> {
    private static final Logger LOG = LoggerFactory.getLogger(CAdESSignatureExtension.class);
    protected final TSPSource tspSource;
    protected final CertificateVerifier certificateVerifier;

    /* JADX INFO: Access modifiers changed from: protected */
    public CAdESSignatureExtension(TSPSource tSPSource, CertificateVerifier certificateVerifier) {
        Objects.requireNonNull(tSPSource, "Missing TSPSource");
        this.tspSource = tSPSource;
        this.certificateVerifier = certificateVerifier;
    }

    public CMSSignedDocument extendSignatures(DSSDocument dSSDocument, CAdESSignatureParameters cAdESSignatureParameters) {
        LOG.trace("EXTEND SIGNATURES.");
        return new CMSSignedDocument(extendCMSSignatures(getCMSSignedData(dSSDocument), cAdESSignatureParameters));
    }

    private CMSSignedData getCMSSignedData(DSSDocument dSSDocument) {
        if (dSSDocument instanceof CMSSignedDocument) {
            return ((CMSSignedDocument) dSSDocument).getCMSSignedData();
        }
        try {
            InputStream openStream = dSSDocument.openStream();
            try {
                CMSSignedData cMSSignedData = new CMSSignedData(openStream);
                if (openStream != null) {
                    openStream.close();
                }
                return cMSSignedData;
            } catch (Throwable th) {
                if (openStream != null) {
                    try {
                        openStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException | CMSException e) {
            throw new IllegalInputException(String.format("Cannot parse CMS data. Reason : %s", e.getMessage()), e);
        }
    }

    public CMSSignedData extendCMSSignatures(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters) {
        return extendCMSSignatures(cMSSignedData, cMSSignedData.getSignerInfos().getSigners(), cAdESSignatureParameters);
    }

    public CMSSignedData extendCMSSignatures(CMSSignedData cMSSignedData, SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters) {
        return extendCMSSignatures(cMSSignedData, Collections.singletonList(signerInformation), cAdESSignatureParameters);
    }

    protected CMSSignedData extendCMSSignatures(CMSSignedData cMSSignedData, Collection<SignerInformation> collection, CAdESSignatureParameters cAdESSignatureParameters) {
        LOG.info("EXTEND CMS SIGNATURES.");
        assertCMSSignaturesValid(cMSSignedData, collection, cAdESSignatureParameters);
        if (Utils.isCollectionEmpty(cMSSignedData.getSignerInfos().getSigners())) {
            throw new IllegalInputException("Unable to extend the document! No signatures found.");
        }
        ArrayList arrayList = new ArrayList();
        for (CAdESSignature cAdESSignature : getDocumentValidator(cMSSignedData, cAdESSignatureParameters).getSignatures()) {
            if (collection.contains(cAdESSignature.getSignerInformation())) {
                arrayList.add(cAdESSignature.getId());
            }
        }
        return extendCMSSignatures(cMSSignedData, cAdESSignatureParameters, arrayList);
    }

    protected abstract CMSSignedData extendCMSSignatures(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters, List<String> list);

    /* JADX INFO: Access modifiers changed from: protected */
    public CMSSignedData replaceSigners(CMSSignedData cMSSignedData, List<SignerInformation> list) {
        return CMSUtils.populateDigestAlgorithmSet(CMSSignedData.replaceSigners(cMSSignedData, new SignerInformationStore(list)), cMSSignedData);
    }

    protected CAdESSignature newCAdESSignature(CMSSignedData cMSSignedData, SignerInformation signerInformation, List<DSSDocument> list) {
        CAdESSignature cAdESSignature = new CAdESSignature(cMSSignedData, signerInformation);
        cAdESSignature.setDetachedContents(list);
        cAdESSignature.initBaselineRequirementsChecker(this.certificateVerifier);
        return cAdESSignature;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ASN1Object getTimeStampAttributeValue(DSSMessageDigest dSSMessageDigest, DigestAlgorithm digestAlgorithm, Attribute... attributeArr) {
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Message to timestamp is {}", dSSMessageDigest);
            }
            CMSSignedData cMSSignedData = new CMSSignedData(this.tspSource.getTimeStampResponse(digestAlgorithm, dSSMessageDigest.getValue()).getBytes());
            if (attributeArr != null) {
                SignerInformation signerInformation = (SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next();
                AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation);
                for (Attribute attribute : attributeArr) {
                    unsignedAttributes = unsignedAttributes.add(attribute.getAttrType(), attribute.getAttrValues().getObjectAt(0));
                }
                if (unsignedAttributes.size() == 0) {
                    unsignedAttributes = null;
                }
                SignerInformation replaceUnsignedAttributes = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes);
                ArrayList arrayList = new ArrayList();
                arrayList.add(replaceUnsignedAttributes);
                cMSSignedData = CMSSignedData.replaceSigners(cMSSignedData, new SignerInformationStore(arrayList));
            }
            return DSSASN1Utils.toASN1Primitive(cMSSignedData.getEncoded());
        } catch (IOException | CMSException e) {
            throw new DSSException("Cannot obtain timestamp attribute value.", e);
        }
    }

    private void assertCMSSignaturesValid(CMSSignedData cMSSignedData, Collection<SignerInformation> collection, CAdESSignatureParameters cAdESSignatureParameters) {
        if (SignatureForm.PAdES.equals(cAdESSignatureParameters.getSignatureLevel().getSignatureForm())) {
            return;
        }
        for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
            if (collection.contains(signerInformation)) {
                assertSignatureValid(newCAdESSignature(cMSSignedData, signerInformation, cAdESSignatureParameters.getDetachedContents()), cAdESSignatureParameters);
            }
        }
    }

    private void assertSignatureValid(CAdESSignature cAdESSignature, CAdESSignatureParameters cAdESSignatureParameters) {
        if (cAdESSignatureParameters.isGenerateTBSWithoutCertificate() && cAdESSignature.getCertificateSource().getNumberOfCertificates() == 0) {
            LOG.debug("Extension of a signature without TBS certificate. Signature validity is not checked.");
            return;
        }
        SignatureCryptographicVerification signatureCryptographicVerification = cAdESSignature.getSignatureCryptographicVerification();
        if (signatureCryptographicVerification.isSignatureIntact()) {
            return;
        }
        String errorMessage = signatureCryptographicVerification.getErrorMessage();
        throw new DSSException("Cryptographic signature verification has failed" + (errorMessage.isEmpty() ? "." : " / " + errorMessage));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CMSDocumentAnalyzer getDocumentValidator(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters) {
        CMSDocumentAnalyzer cMSDocumentAnalyzer = new CMSDocumentAnalyzer(cMSSignedData);
        cMSDocumentAnalyzer.setCertificateVerifier(this.certificateVerifier);
        cMSDocumentAnalyzer.setDetachedContents(cAdESSignatureParameters.getDetachedContents());
        cMSDocumentAnalyzer.setValidationContextExecutor(CompleteValidationContextExecutor.INSTANCE);
        return cMSDocumentAnalyzer;
    }
}
