package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.enumerations.CertificateRefOrigin;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.x509.CertificatePool;
import eu.europa.esig.dss.utils.Utils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.ess.ESSCertID;
import org.bouncycastle.asn1.ess.ESSCertIDv2;
import org.bouncycastle.asn1.ess.SigningCertificate;
import org.bouncycastle.asn1.ess.SigningCertificateV2;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.util.Selector;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/CAdESCertificateSource.class */
public class CAdESCertificateSource extends CMSCertificateSource {
    private static final Logger LOG = LoggerFactory.getLogger(CAdESCertificateSource.class);
    private final transient CMSSignedData cmsSignedData;
    private final transient AttributeTable signedAttributes;
    private List<CertificateToken> keyInfoCertificates;
    private List<CertificateRef> signingCertificateValues;

    public CAdESCertificateSource(CMSSignedData cMSSignedData, CertificatePool certificatePool) {
        this(cMSSignedData, DSSASN1Utils.getFirstSignerInformation(cMSSignedData), certificatePool);
    }

    public CAdESCertificateSource(CMSSignedData cMSSignedData, SignerInformation signerInformation, CertificatePool certificatePool) {
        super(signerInformation.getUnsignedAttributes(), certificatePool);
        Objects.requireNonNull(cMSSignedData, "CMS SignedData is null, it must be provided!");
        Objects.requireNonNull(signerInformation, "SignerInformation is null, it must be provided!");
        this.cmsSignedData = cMSSignedData;
        this.signedAttributes = signerInformation.getSignedAttributes();
        getKeyInfoCertificates();
        getCertificateValues();
    }

    @Override // eu.europa.esig.dss.validation.SignatureCertificateSource
    public List<CertificateToken> getKeyInfoCertificates() {
        if (this.keyInfoCertificates == null) {
            this.keyInfoCertificates = new ArrayList();
            try {
                Iterator it = this.cmsSignedData.getCertificates().getMatches((Selector) null).iterator();
                while (it.hasNext()) {
                    CertificateToken addCertificate = addCertificate(DSSASN1Utils.getCertificate((X509CertificateHolder) it.next()));
                    if (!this.keyInfoCertificates.contains(addCertificate)) {
                        this.keyInfoCertificates.add(addCertificate);
                    }
                }
            } catch (Exception e) {
                LOG.warn("Cannot extract certificates from CMS Signed Data : {}", e.getMessage());
            }
        }
        return this.keyInfoCertificates;
    }

    @Override // eu.europa.esig.dss.validation.SignatureCertificateSource
    public List<CertificateToken> getAttrAuthoritiesCertValues() {
        return Collections.emptyList();
    }

    @Override // eu.europa.esig.dss.validation.SignatureCertificateSource
    public List<CertificateToken> getTimeStampValidationDataCertValues() {
        return Collections.emptyList();
    }

    @Override // eu.europa.esig.dss.validation.SignatureCertificateSource
    public List<CertificateRef> getSigningCertificateValues() {
        if (this.signingCertificateValues == null) {
            this.signingCertificateValues = new ArrayList();
            if (this.signedAttributes != null && this.signedAttributes.size() > 0) {
                Attribute attribute = this.signedAttributes.get(PKCSObjectIdentifiers.id_aa_signingCertificate);
                if (attribute != null) {
                    this.signingCertificateValues.addAll(extractSigningCertificateV1(attribute));
                }
                Attribute attribute2 = this.signedAttributes.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2);
                if (attribute2 != null) {
                    this.signingCertificateValues.addAll(extractSigningCertificateV2(attribute2));
                }
            }
        }
        return this.signingCertificateValues;
    }

    private List<CertificateRef> extractSigningCertificateV1(Attribute attribute) {
        ArrayList arrayList = new ArrayList();
        ASN1Set attrValues = attribute.getAttrValues();
        for (int i = 0; i < attrValues.size(); i++) {
            SigningCertificate signingCertificate = SigningCertificate.getInstance(attrValues.getObjectAt(i));
            if (signingCertificate != null) {
                arrayList.addAll(extractESSCertIDs(signingCertificate.getCerts(), CertificateRefOrigin.SIGNING_CERTIFICATE));
            } else {
                LOG.warn("SigningCertificate attribute is not well defined!");
            }
        }
        return arrayList;
    }

    private List<CertificateRef> extractESSCertIDs(ESSCertID[] eSSCertIDArr, CertificateRefOrigin certificateRefOrigin) {
        ArrayList arrayList = new ArrayList();
        for (ESSCertID eSSCertID : eSSCertIDArr) {
            CertificateRef certificateRef = new CertificateRef();
            byte[] certHash = eSSCertID.getCertHash();
            if (Utils.isArrayNotEmpty(certHash)) {
                certificateRef.setCertDigest(new Digest(DigestAlgorithm.SHA1, certHash));
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Found Certificate Hash in signingCertificateAttributeV1 {} with algorithm {}", Utils.toHex(certHash), DigestAlgorithm.SHA1);
                }
            }
            IssuerSerial issuerSerial = eSSCertID.getIssuerSerial();
            if (issuerSerial != null) {
                certificateRef.setIssuerInfo(getIssuerInfo(issuerSerial));
            }
            certificateRef.setOrigin(certificateRefOrigin);
            arrayList.add(certificateRef);
        }
        return arrayList;
    }

    private List<CertificateRef> extractSigningCertificateV2(Attribute attribute) {
        ArrayList arrayList = new ArrayList();
        ASN1Set attrValues = attribute.getAttrValues();
        for (int i = 0; i < attrValues.size(); i++) {
            SigningCertificateV2 signingCertificateV2 = SigningCertificateV2.getInstance(attrValues.getObjectAt(i));
            if (signingCertificateV2 != null) {
                arrayList.addAll(extractESSCertIDv2s(signingCertificateV2.getCerts(), CertificateRefOrigin.SIGNING_CERTIFICATE));
            }
        }
        return arrayList;
    }

    private List<CertificateRef> extractESSCertIDv2s(ESSCertIDv2[] eSSCertIDv2Arr, CertificateRefOrigin certificateRefOrigin) {
        ArrayList arrayList = new ArrayList();
        for (ESSCertIDv2 eSSCertIDv2 : eSSCertIDv2Arr) {
            CertificateRef certificateRef = new CertificateRef();
            DigestAlgorithm forOID = DigestAlgorithm.forOID(eSSCertIDv2.getHashAlgorithm().getAlgorithm().getId());
            byte[] certHash = eSSCertIDv2.getCertHash();
            certificateRef.setCertDigest(new Digest(forOID, certHash));
            if (LOG.isDebugEnabled()) {
                LOG.debug("Found Certificate Hash in SigningCertificateV2 {} with algorithm {}", Utils.toHex(certHash), forOID);
            }
            IssuerSerial issuerSerial = eSSCertIDv2.getIssuerSerial();
            if (issuerSerial != null) {
                certificateRef.setIssuerInfo(getIssuerInfo(issuerSerial));
            }
            certificateRef.setOrigin(certificateRefOrigin);
            arrayList.add(certificateRef);
        }
        return arrayList;
    }
}
