package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.cades.validation.CMSDocumentAnalyzer;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.InMemoryDocument;
import eu.europa.esig.dss.model.ManifestFile;
import eu.europa.esig.dss.model.SignatureValue;
import eu.europa.esig.dss.spi.exception.IllegalInputException;
import eu.europa.esig.dss.spi.signature.AdvancedSignature;
import eu.europa.esig.dss.spi.validation.CertificateVerifier;
import eu.europa.esig.dss.spi.x509.BaselineBCertificateSelector;
import eu.europa.esig.dss.spi.x509.CMSSignedDataBuilder;
import eu.europa.esig.dss.utils.Utils;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CAdESCounterSignatureBuilder.class */
public class CAdESCounterSignatureBuilder {
    private static final Logger LOG = LoggerFactory.getLogger(CAdESCounterSignatureBuilder.class);
    private final CertificateVerifier certificateVerifier;
    private ManifestFile manifestFile;

    public CAdESCounterSignatureBuilder(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
    }

    public void setManifestFile(ManifestFile manifestFile) {
        this.manifestFile = manifestFile;
    }

    public CMSSignedDocument addCounterSignature(CMSSignedData cMSSignedData, CAdESCounterSignatureParameters cAdESCounterSignatureParameters, SignatureValue signatureValue) {
        return new CMSSignedDocument(addNewCertificates(CMSUtils.populateDigestAlgorithmSet(CMSSignedData.replaceSigners(cMSSignedData, new SignerInformationStore(getUpdatedSignerInformations(cMSSignedData, cMSSignedData.getSignerInfos(), cAdESCounterSignatureParameters, signatureValue, null))), cMSSignedData), cAdESCounterSignatureParameters));
    }

    private List<SignerInformation> getUpdatedSignerInformations(CMSSignedData cMSSignedData, SignerInformationStore signerInformationStore, CAdESCounterSignatureParameters cAdESCounterSignatureParameters, SignatureValue signatureValue, CAdESSignature cAdESSignature) {
        LinkedList linkedList = new LinkedList();
        Iterator it = signerInformationStore.iterator();
        while (it.hasNext()) {
            SignerInformation signerInformation = (SignerInformation) it.next();
            CAdESSignature cAdESSignature2 = new CAdESSignature(cMSSignedData, signerInformation);
            cAdESSignature2.setMasterSignature(cAdESSignature);
            cAdESSignature2.setDetachedContents(cAdESCounterSignatureParameters.getDetachedContents());
            cAdESSignature2.setManifestFile(this.manifestFile);
            if (Utils.areStringsEqual(cAdESSignature2.getId(), cAdESCounterSignatureParameters.getSignatureIdToCounterSign())) {
                if (cAdESSignature != null) {
                    throw new UnsupportedOperationException("Cannot recursively add a counter-signature");
                }
                assertCounterSignaturePossible(signerInformation);
                linkedList.add(SignerInformation.addCounterSigners(signerInformation, generateCounterSignature(signerInformation, cAdESCounterSignatureParameters, signatureValue)));
            } else if (signerInformation.getCounterSignatures().size() > 0) {
                linkedList.add(replaceCounterSigners(signerInformation, getUpdatedSignerInformations(cMSSignedData, signerInformation.getCounterSignatures(), cAdESCounterSignatureParameters, signatureValue, cAdESSignature2)));
            } else {
                linkedList.add(signerInformation);
            }
        }
        return linkedList;
    }

    private SignerInformation replaceCounterSigners(SignerInformation signerInformation, List<SignerInformation> list) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Attribute updatedCounterSignatureAttribute = getUpdatedCounterSignatureAttribute(list);
        ASN1EncodableVector aSN1EncodableVector2 = signerInformation.getUnsignedAttributes().toASN1EncodableVector();
        for (int i = 0; i < aSN1EncodableVector2.size(); i++) {
            ASN1Encodable aSN1Encodable = aSN1EncodableVector2.get(i);
            if (isCounterSignatureAttribute(aSN1Encodable)) {
                aSN1EncodableVector.add(updatedCounterSignatureAttribute);
            } else {
                aSN1EncodableVector.add(aSN1Encodable);
            }
        }
        return SignerInformation.replaceUnsignedAttributes(signerInformation, new AttributeTable(aSN1EncodableVector));
    }

    private boolean isCounterSignatureAttribute(ASN1Encodable aSN1Encodable) {
        try {
            return CMSAttributes.counterSignature.equals(Attribute.getInstance(aSN1Encodable).getAttrType());
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.warn("Unable to instantiate Attribute. Reason : {}", e.getMessage(), e);
                return false;
            }
            LOG.warn("Unable to instantiate Attribute. Reason : {}", e.getMessage());
            return false;
        }
    }

    private Attribute getUpdatedCounterSignatureAttribute(List<SignerInformation> list) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Iterator<SignerInformation> it = list.iterator();
        while (it.hasNext()) {
            aSN1EncodableVector.add(it.next().toASN1Structure());
        }
        return new Attribute(CMSAttributes.counterSignature, new DERSet(aSN1EncodableVector));
    }

    private CMSSignedData addNewCertificates(CMSSignedData cMSSignedData, CAdESCounterSignatureParameters cAdESCounterSignatureParameters) {
        return new CMSSignedDataBuilder().setOriginalCMSSignedData(cMSSignedData).extendCMSSignedData(new BaselineBCertificateSelector(cAdESCounterSignatureParameters.getSigningCertificate(), cAdESCounterSignatureParameters.getCertificateChain()).setTrustedCertificateSource(this.certificateVerifier.getTrustedCertSources()).setTrustAnchorBPPolicy(cAdESCounterSignatureParameters.bLevel().isTrustAnchorBPPolicy()).getCertificates(), Collections.emptyList(), Collections.emptyList());
    }

    private SignerInformationStore generateCounterSignature(SignerInformation signerInformation, CAdESCounterSignatureParameters cAdESCounterSignatureParameters, SignatureValue signatureValue) {
        return generateCounterSignature(signerInformation, cAdESCounterSignatureParameters, new CustomContentSigner(cAdESCounterSignatureParameters.getSignatureAlgorithm().getJCEId(), signatureValue.getValue()));
    }

    public SignerInformationStore generateCounterSignature(SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters, CustomContentSigner customContentSigner) {
        return CMSUtils.generateCounterSigners(getCMSSignedDataBuilder(cAdESSignatureParameters).createCMSSignedDataGenerator(new CMSSignerInfoGeneratorBuilder().build(new InMemoryDocument(signerInformation.getSignature()), cAdESSignatureParameters, customContentSigner)), signerInformation);
    }

    private CMSSignedDataBuilder getCMSSignedDataBuilder(CAdESSignatureParameters cAdESSignatureParameters) {
        return new CMSSignedDataBuilder().setSigningCertificate(cAdESSignatureParameters.getSigningCertificate()).setCertificateChain(cAdESSignatureParameters.getCertificateChain()).setGenerateWithoutCertificates(cAdESSignatureParameters.isGenerateTBSWithoutCertificate()).setTrustAnchorBPPolicy(cAdESSignatureParameters.bLevel().isTrustAnchorBPPolicy()).setTrustedCertificateSource(this.certificateVerifier.getTrustedCertSources()).setEncapsulate(false);
    }

    public SignerInformation getSignerInformationToBeCounterSigned(DSSDocument dSSDocument, CAdESCounterSignatureParameters cAdESCounterSignatureParameters) {
        CAdESSignature signatureById = getSignatureById(dSSDocument, cAdESCounterSignatureParameters);
        if (signatureById == null) {
            throw new IllegalArgumentException(String.format("CAdESSignature not found with the given dss id '%s'", cAdESCounterSignatureParameters.getSignatureIdToCounterSign()));
        }
        return signatureById.getSignerInformation();
    }

    private CAdESSignature getSignatureById(DSSDocument dSSDocument, CAdESCounterSignatureParameters cAdESCounterSignatureParameters) {
        Objects.requireNonNull(cAdESCounterSignatureParameters.getSignatureIdToCounterSign(), "The Id of a signature to be counter signed shall be defined! Please use SerializableCounterSignatureParameters.setSignatureIdToCounterSign(signatureId) method.");
        CMSDocumentAnalyzer cMSDocumentAnalyzer = new CMSDocumentAnalyzer(dSSDocument);
        cMSDocumentAnalyzer.setDetachedContents(cAdESCounterSignatureParameters.getDetachedContents());
        cMSDocumentAnalyzer.setManifestFile(this.manifestFile);
        return findSignatureRecursive(cMSDocumentAnalyzer.getSignatures(), cAdESCounterSignatureParameters.getSignatureIdToCounterSign());
    }

    private CAdESSignature findSignatureRecursive(List<AdvancedSignature> list, String str) {
        if (!Utils.isCollectionNotEmpty(list)) {
            return null;
        }
        Iterator<AdvancedSignature> it = list.iterator();
        while (it.hasNext()) {
            CAdESSignature cAdESSignature = (AdvancedSignature) it.next();
            if (str.equals(cAdESSignature.getId())) {
                CAdESSignature cAdESSignature2 = cAdESSignature;
                assertCounterSignaturePossible(cAdESSignature2.getSignerInformation());
                return cAdESSignature2;
            }
            if (findSignatureRecursive(cAdESSignature.getCounterSignatures(), str) != null) {
                throw new UnsupportedOperationException("Nested counter signatures are not supported with CAdES!");
            }
        }
        return null;
    }

    private void assertCounterSignaturePossible(SignerInformation signerInformation) {
        if (CMSUtils.containsATSTv2(signerInformation)) {
            throw new IllegalInputException("Cannot add a counter signature to a CAdES containing an archiveTimestampV2");
        }
    }
}
