package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.SignaturePolicyStore;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.OID;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.SignaturePolicy;
import eu.europa.esig.dss.validation.policy.SignaturePolicyValidatorLoader;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CAdESSignaturePolicyStoreBuilder.class */
public class CAdESSignaturePolicyStoreBuilder {
    private static final Logger LOG = LoggerFactory.getLogger(CAdESSignaturePolicyStoreBuilder.class);

    public CMSSignedData addSignaturePolicyStore(CMSSignedData cMSSignedData, SignaturePolicyStore signaturePolicyStore) {
        Objects.requireNonNull(cMSSignedData, "CMSSignedData must be provided");
        Objects.requireNonNull(signaturePolicyStore, "SignaturePolicyStore must be provided");
        Objects.requireNonNull(signaturePolicyStore.getSpDocSpecification(), "SpDocSpecification must be provided");
        Objects.requireNonNull(signaturePolicyStore.getSpDocSpecification().getId(), "ID (OID or URI) for SpDocSpecification must be provided");
        Objects.requireNonNull(signaturePolicyStore.getSignaturePolicyContent(), "Signature policy content must be provided");
        Collection<SignerInformation> signers = cMSSignedData.getSignerInfos().getSigners();
        if (Utils.isCollectionEmpty(signers)) {
            throw new DSSException("Unable to extend the document! No signatures found.");
        }
        ArrayList arrayList = new ArrayList();
        for (SignerInformation signerInformation : signers) {
            assertSignaturePolicyStoreExtensionPossible(signerInformation);
            SignerInformation signerInformation2 = signerInformation;
            CAdESSignature cAdESSignature = new CAdESSignature(cMSSignedData, signerInformation);
            SignaturePolicy signaturePolicy = cAdESSignature.getSignaturePolicy();
            if (signaturePolicy != null) {
                Digest digest = signaturePolicy.getDigest();
                if (digest != null) {
                    signaturePolicy.setPolicyContent(signaturePolicyStore.getSignaturePolicyContent());
                    if (digest.equals(new SignaturePolicyValidatorLoader(signaturePolicy).loadValidator().getComputedDigest(digest.getAlgorithm()))) {
                        signerInformation2 = addSignaturePolicyStore(signerInformation, signaturePolicyStore);
                    } else {
                        LOG.warn("Signature policy's digest doesn't match the document {} for signature {}", digest, cAdESSignature.getId());
                    }
                } else {
                    LOG.warn("SignaturePolicyIdentifier Digest is not found for a signature with id {}", cAdESSignature.getId());
                }
            } else {
                LOG.warn("SignaturePolicyIdentifier is not defined for a signature with id {}", cAdESSignature.getId());
            }
            arrayList.add(signerInformation2);
        }
        return CMSSignedData.replaceSigners(cMSSignedData, new SignerInformationStore(arrayList));
    }

    private SignerInformation addSignaturePolicyStore(SignerInformation signerInformation, SignaturePolicyStore signaturePolicyStore) {
        return SignerInformation.replaceUnsignedAttributes(signerInformation, CMSUtils.getUnsignedAttributes(signerInformation).add(OID.id_aa_ets_sigPolicyStore, getSignaturePolicyStore(signaturePolicyStore)));
    }

    private ASN1Sequence getSignaturePolicyStore(SignaturePolicyStore signaturePolicyStore) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(getSPDocSpecificationId(signaturePolicyStore.getSpDocSpecification().getId()));
        aSN1EncodableVector.add(new DEROctetString(DSSUtils.toByteArray(signaturePolicyStore.getSignaturePolicyContent())));
        return new DERSequence(aSN1EncodableVector);
    }

    private ASN1Primitive getSPDocSpecificationId(String str) {
        return DSSUtils.isOidCode(str) ? new ASN1ObjectIdentifier(str) : new DERIA5String(str);
    }

    private void assertSignaturePolicyStoreExtensionPossible(SignerInformation signerInformation) {
        if (CMSUtils.containsATSTv2(signerInformation)) {
            throw new DSSException("Cannot add signature policy store to a CAdES containing an archiveTimestampV2");
        }
    }
}
