package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.OID;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.timestamp.TimeStampTokenProductionComparator;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CAdESLevelBaselineLTA.class */
public class CAdESLevelBaselineLTA extends CAdESSignatureExtension {
    private final CAdESLevelBaselineLT cadesProfileLT;
    private static final Logger LOG = LoggerFactory.getLogger(CAdESLevelBaselineLTA.class);
    private static final List<ASN1ObjectIdentifier> archiveTimestampOIDs = new ArrayList();

    public CAdESLevelBaselineLTA(TSPSource tSPSource, CertificateVerifier certificateVerifier, boolean z) {
        super(tSPSource, z);
        this.cadesProfileLT = new CAdESLevelBaselineLT(tSPSource, certificateVerifier, z);
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    protected CMSSignedData preExtendCMSSignedData(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters) {
        if (!includesArchiveTimestamps(cMSSignedData)) {
            cMSSignedData = this.cadesProfileLT.extendCMSSignatures(cMSSignedData, cAdESSignatureParameters);
        }
        return cMSSignedData;
    }

    private boolean includesArchiveTimestamps(CMSSignedData cMSSignedData) {
        return getLastArchiveTimestamp(CMSUtils.getUnsignedAttributes((SignerInformation) cMSSignedData.getSignerInfos().iterator().next())) != null;
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    protected SignerInformation extendCMSSignature(CMSSignedData cMSSignedData, SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters) throws DSSException {
        AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation);
        try {
            unsignedAttributes = addValidationData(unsignedAttributes, cAdESSignatureParameters);
            signerInformation = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes);
        } catch (IOException | CMSException | TSPException e) {
            LOG.warn("Validation data to a timestamp was not added due the error : {}", e.getMessage());
        }
        CAdESSignature cAdESSignature = new CAdESSignature(cMSSignedData, signerInformation);
        cAdESSignature.setDetachedContents(cAdESSignatureParameters.getDetachedContents());
        return SignerInformation.replaceUnsignedAttributes(signerInformation, addArchiveTimestampV3Attribute(cAdESSignature, signerInformation, cAdESSignatureParameters, unsignedAttributes));
    }

    private AttributeTable addValidationData(AttributeTable attributeTable, CAdESSignatureParameters cAdESSignatureParameters) throws IOException, CMSException, TSPException {
        TimeStampToken lastArchiveTimestamp = getLastArchiveTimestamp(attributeTable);
        if (lastArchiveTimestamp != null) {
            CMSSignedData cMSSignedData = lastArchiveTimestamp.toCMSSignedData();
            attributeTable = CMSUtils.replaceAttribute(attributeTable, cMSSignedData, this.cadesProfileLT.postExtendCMSSignedData(cMSSignedData, getFirstSigner(cMSSignedData), cAdESSignatureParameters.getDetachedContents()));
        }
        return attributeTable;
    }

    private TimeStampToken getLastArchiveTimestamp(AttributeTable attributeTable) {
        TimeStampToken timeStampToken = null;
        Iterator<ASN1ObjectIdentifier> it = archiveTimestampOIDs.iterator();
        while (it.hasNext()) {
            timeStampToken = getLastTimeStampTokenWithOid(timeStampToken, attributeTable, it.next());
        }
        return timeStampToken;
    }

    private TimeStampToken getLastTimeStampTokenWithOid(TimeStampToken timeStampToken, AttributeTable attributeTable, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        TimeStampTokenProductionComparator timeStampTokenProductionComparator = new TimeStampTokenProductionComparator();
        for (TimeStampToken timeStampToken2 : DSSASN1Utils.findTimeStampTokens(attributeTable, aSN1ObjectIdentifier)) {
            if (timeStampToken == null || timeStampTokenProductionComparator.after(timeStampToken2, timeStampToken)) {
                timeStampToken = timeStampToken2;
            }
        }
        return timeStampToken;
    }

    private AttributeTable addArchiveTimestampV3Attribute(CAdESSignature cAdESSignature, SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters, AttributeTable attributeTable) {
        CadesLevelBaselineLTATimestampExtractor cadesLevelBaselineLTATimestampExtractor = new CadesLevelBaselineLTATimestampExtractor(cAdESSignature);
        DigestAlgorithm digestAlgorithm = cAdESSignatureParameters.getSignatureTimestampParameters().getDigestAlgorithm();
        byte[] fromBase64 = Utils.fromBase64(cAdESSignature.getOriginalDocument().getDigest(digestAlgorithm));
        Attribute atsHashIndex = cadesLevelBaselineLTATimestampExtractor.getAtsHashIndex(signerInformation, digestAlgorithm);
        return attributeTable.add(OID.id_aa_ets_archiveTimestampV3, getTimeStampAttributeValue(cadesLevelBaselineLTATimestampExtractor.getArchiveTimestampDataV3(signerInformation, atsHashIndex, fromBase64), digestAlgorithm, new Attribute[]{atsHashIndex}));
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public /* bridge */ /* synthetic */ ASN1Object getTimeStampAttributeValue(byte[] bArr, DigestAlgorithm digestAlgorithm, Attribute[] attributeArr) {
        return super.getTimeStampAttributeValue(bArr, digestAlgorithm, attributeArr);
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public /* bridge */ /* synthetic */ CMSSignedData postExtendCMSSignedData(CMSSignedData cMSSignedData, SignerInformation signerInformation, List list) {
        return super.postExtendCMSSignedData(cMSSignedData, signerInformation, list);
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public /* bridge */ /* synthetic */ CMSSignedData extendCMSSignatures(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters) {
        return super.extendCMSSignatures(cMSSignedData, cAdESSignatureParameters);
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public /* bridge */ /* synthetic */ CMSSignedDocument extendSignatures(DSSDocument dSSDocument, CAdESSignatureParameters cAdESSignatureParameters) {
        return super.extendSignatures(dSSDocument, cAdESSignatureParameters);
    }

    static {
        archiveTimestampOIDs.add(OID.id_aa_ets_archiveTimestampV2);
        archiveTimestampOIDs.add(OID.id_aa_ets_archiveTimestampV3);
    }
}
