package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.TimeStampTokenProductionComparator;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.OID;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.ValidationDataForInclusion;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CAdESLevelBaselineLTA.class */
public class CAdESLevelBaselineLTA extends CAdESLevelBaselineLT {
    private static final Logger LOG = LoggerFactory.getLogger(CAdESLevelBaselineLTA.class);

    public CAdESLevelBaselineLTA(TSPSource tSPSource, CertificateVerifier certificateVerifier) {
        super(tSPSource, certificateVerifier);
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    protected CMSSignedData preExtendCMSSignedData(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters) {
        if (!includesATSv2(cMSSignedData)) {
            Iterator it = cMSSignedData.getSignerInfos().getSigners().iterator();
            while (it.hasNext()) {
                cMSSignedData = super.extendCMSSignedData(cMSSignedData, super.extendSignerInformation(cMSSignedData, (SignerInformation) it.next(), cAdESSignatureParameters), cAdESSignatureParameters);
            }
        }
        return cMSSignedData;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.cades.signature.CAdESLevelBaselineLT, eu.europa.esig.dss.cades.signature.CAdESLevelBaselineT, eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public SignerInformation extendSignerInformation(CMSSignedData cMSSignedData, SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters) throws DSSException {
        SignerInformation extendSignerInformation = super.extendSignerInformation(cMSSignedData, signerInformation, cAdESSignatureParameters);
        AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(extendSignerInformation);
        if (includesATSv2(cMSSignedData)) {
            try {
                CAdESSignature newCAdESSignature = newCAdESSignature(cMSSignedData, extendSignerInformation, cAdESSignatureParameters.getDetachedContents());
                unsignedAttributes = addValidationData(unsignedAttributes, getValidationDataForInclusionBuilder(newCAdESSignature).excludeCertificateTokens(newCAdESSignature.getCompleteCertificateSource().getAllCertificateTokens()).excludeCRLs(newCAdESSignature.getCompleteCRLSource().getAllRevocationBinaries()).excludeOCSPs(newCAdESSignature.getCompleteOCSPSource().getAllRevocationBinaries()).build(), cAdESSignatureParameters.getDetachedContents());
                extendSignerInformation = SignerInformation.replaceUnsignedAttributes(extendSignerInformation, unsignedAttributes);
            } catch (IOException | CMSException | TSPException e) {
                LOG.warn("Validation data to a timestamp was not added due the error : {}", e.getMessage());
            }
        }
        return SignerInformation.replaceUnsignedAttributes(extendSignerInformation, addArchiveTimestampV3Attribute(newCAdESSignature(cMSSignedData, extendSignerInformation, cAdESSignatureParameters.getDetachedContents()), extendSignerInformation, cAdESSignatureParameters, unsignedAttributes));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.cades.signature.CAdESLevelBaselineLT, eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public CMSSignedData extendCMSSignedData(CMSSignedData cMSSignedData, SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters) {
        return cMSSignedData;
    }

    private AttributeTable addValidationData(AttributeTable attributeTable, ValidationDataForInclusion validationDataForInclusion, List<DSSDocument> list) throws IOException, CMSException, TSPException {
        TimeStampToken lastArchiveTimestamp = getLastArchiveTimestamp(attributeTable);
        if (lastArchiveTimestamp != null) {
            CMSSignedData cMSSignedData = lastArchiveTimestamp.toCMSSignedData();
            attributeTable = replaceTimeStampAttribute(attributeTable, cMSSignedData, extendWithValidationData(cMSSignedData, validationDataForInclusion, list));
        }
        return attributeTable;
    }

    private TimeStampToken getLastArchiveTimestamp(AttributeTable attributeTable) {
        TimeStampToken timeStampToken = null;
        TimeStampTokenProductionComparator timeStampTokenProductionComparator = new TimeStampTokenProductionComparator();
        for (TimeStampToken timeStampToken2 : DSSASN1Utils.findArchiveTimeStampTokens(attributeTable)) {
            if (timeStampToken == null || timeStampTokenProductionComparator.after(timeStampToken2, timeStampToken)) {
                timeStampToken = timeStampToken2;
            }
        }
        return timeStampToken;
    }

    private AttributeTable replaceTimeStampAttribute(AttributeTable attributeTable, CMSSignedData cMSSignedData, CMSSignedData cMSSignedData2) throws IOException, CMSException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (Attribute attribute : attributeTable.toASN1Structure().getAttributes()) {
            Attribute attribute2 = attribute;
            if (DSSASN1Utils.isArchiveTimeStampToken(attribute)) {
                try {
                    if (CMSUtils.isCMSSignedDataEqual(cMSSignedData, DSSASN1Utils.getCMSSignedData(attribute))) {
                        attribute2 = new Attribute(attribute.getAttrType(), new DERSet(DSSASN1Utils.toASN1Primitive(cMSSignedData2.getEncoded())));
                    }
                } catch (Exception e) {
                    LOG.warn("Unable to build a CMSSignedData object from an unsigned attribute. Reason : {}", e.getMessage(), e);
                }
            }
            aSN1EncodableVector.add(attribute2);
        }
        return new AttributeTable(aSN1EncodableVector);
    }

    private AttributeTable addArchiveTimestampV3Attribute(CAdESSignature cAdESSignature, SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters, AttributeTable attributeTable) {
        CadesLevelBaselineLTATimestampExtractor cadesLevelBaselineLTATimestampExtractor = new CadesLevelBaselineLTATimestampExtractor(cAdESSignature);
        DigestAlgorithm digestAlgorithm = cAdESSignatureParameters.m0getArchiveTimestampParameters().getDigestAlgorithm();
        byte[] fromBase64 = Utils.fromBase64(cAdESSignature.getOriginalDocument().getDigest(digestAlgorithm));
        Attribute atsHashIndex = cadesLevelBaselineLTATimestampExtractor.getAtsHashIndex(signerInformation, digestAlgorithm, getAtsHashIndexTableIdentifier(cAdESSignatureParameters));
        return attributeTable.add(OID.id_aa_ets_archiveTimestampV3, getTimeStampAttributeValue(cadesLevelBaselineLTATimestampExtractor.getArchiveTimestampDataV3(signerInformation, atsHashIndex, fromBase64), digestAlgorithm, atsHashIndex));
    }

    private ASN1ObjectIdentifier getAtsHashIndexTableIdentifier(CAdESSignatureParameters cAdESSignatureParameters) {
        return !cAdESSignatureParameters.isEn319122() ? OID.id_aa_ATSHashIndex : OID.id_aa_ATSHashIndexV3;
    }

    private boolean includesATSv2(CMSSignedData cMSSignedData) {
        Iterator it = cMSSignedData.getSignerInfos().iterator();
        while (it.hasNext()) {
            if (CMSUtils.containsATSTv2((SignerInformation) it.next())) {
                return true;
            }
        }
        return false;
    }
}
