package eu.europa.esig.dss.cades.validation;

import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.SignerAttributeV2;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.DigestMatcherType;
import eu.europa.esig.dss.enumerations.EncryptionAlgorithm;
import eu.europa.esig.dss.enumerations.EndorsementType;
import eu.europa.esig.dss.enumerations.MaskGenerationFunction;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureForm;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.enumerations.TimestampedObjectType;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.DigestDocument;
import eu.europa.esig.dss.model.identifier.TokenIdentifier;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSSecurityProvider;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.OID;
import eu.europa.esig.dss.spi.x509.CertificatePool;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.AdvancedSignature;
import eu.europa.esig.dss.validation.CAdESCertificateSource;
import eu.europa.esig.dss.validation.CandidatesForSigningCertificate;
import eu.europa.esig.dss.validation.CertificateRef;
import eu.europa.esig.dss.validation.CertificateValidity;
import eu.europa.esig.dss.validation.CommitmentType;
import eu.europa.esig.dss.validation.DefaultAdvancedSignature;
import eu.europa.esig.dss.validation.IssuerSerialInfo;
import eu.europa.esig.dss.validation.ManifestEntry;
import eu.europa.esig.dss.validation.ManifestFile;
import eu.europa.esig.dss.validation.ReferenceValidation;
import eu.europa.esig.dss.validation.SignatureCRLSource;
import eu.europa.esig.dss.validation.SignatureCertificateSource;
import eu.europa.esig.dss.validation.SignatureCryptographicVerification;
import eu.europa.esig.dss.validation.SignatureDigestReference;
import eu.europa.esig.dss.validation.SignatureIdentifier;
import eu.europa.esig.dss.validation.SignatureOCSPSource;
import eu.europa.esig.dss.validation.SignaturePolicy;
import eu.europa.esig.dss.validation.SignaturePolicyProvider;
import eu.europa.esig.dss.validation.SignatureProductionPlace;
import eu.europa.esig.dss.validation.SignerRole;
import eu.europa.esig.dss.validation.timestamp.TimestampToken;
import eu.europa.esig.dss.validation.timestamp.TimestampedReference;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.ASN1UTCTime;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.esf.CommitmentTypeIndication;
import org.bouncycastle.asn1.esf.OtherHashAlgAndValue;
import org.bouncycastle.asn1.esf.SigPolicyQualifierInfo;
import org.bouncycastle.asn1.esf.SigPolicyQualifiers;
import org.bouncycastle.asn1.esf.SignaturePolicyId;
import org.bouncycastle.asn1.esf.SignerAttribute;
import org.bouncycastle.asn1.esf.SignerLocation;
import org.bouncycastle.asn1.ess.ContentHints;
import org.bouncycastle.asn1.ess.ContentIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
import org.bouncycastle.asn1.x500.DirectoryString;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AttCertValidityPeriod;
import org.bouncycastle.asn1.x509.AttributeCertificate;
import org.bouncycastle.asn1.x509.AttributeCertificateInfo;
import org.bouncycastle.asn1.x509.RoleSyntax;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataParser;
import org.bouncycastle.cms.CMSSignerDigestMismatchException;
import org.bouncycastle.cms.CMSTypedStream;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/cades/validation/CAdESSignature.class */
public class CAdESSignature extends DefaultAdvancedSignature {
    private static final long serialVersionUID = 8449504364217200965L;
    private static final Logger LOG = LoggerFactory.getLogger(CAdESSignature.class);
    private static final Date JANUARY_1950 = DSSUtils.getUtcDate(1950, 1, 1);
    private static final Date JANUARY_2050 = DSSUtils.getUtcDate(2050, 1, 1);
    private final CMSSignedData cmsSignedData;
    private final SignerInformation signerInformation;
    private CertificateValidity signingCertificateValidity;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: eu.europa.esig.dss.cades.validation.CAdESSignature$1, reason: invalid class name */
    /* loaded from: input_file:eu/europa/esig/dss/cades/validation/CAdESSignature$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel = new int[SignatureLevel.values().length];

        static {
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.CAdES_BASELINE_LTA.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.CAdES_101733_A.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.CAdES_BASELINE_LT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.CAdES_101733_X.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.CAdES_101733_C.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.CAdES_BASELINE_T.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.CAdES_BASELINE_B.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.CMS_NOT_ETSI.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    public CAdESSignature(byte[] bArr) throws CMSException {
        this(bArr, new CertificatePool());
    }

    public CAdESSignature(byte[] bArr, CertificatePool certificatePool) throws CMSException {
        this(new CMSSignedData(bArr), certificatePool);
    }

    public CAdESSignature(CMSSignedData cMSSignedData, CertificatePool certificatePool) {
        this(cMSSignedData, DSSASN1Utils.getFirstSignerInformation(cMSSignedData), certificatePool);
    }

    public CAdESSignature(CMSSignedData cMSSignedData, CertificatePool certificatePool, List<DSSDocument> list) {
        this(cMSSignedData, certificatePool);
        setDetachedContents(list);
    }

    public CAdESSignature(CMSSignedData cMSSignedData, SignerInformation signerInformation) {
        this(cMSSignedData, signerInformation, new CertificatePool());
    }

    public CAdESSignature(CMSSignedData cMSSignedData, SignerInformation signerInformation, CertificatePool certificatePool) {
        super(certificatePool);
        this.cmsSignedData = cMSSignedData;
        this.signerInformation = signerInformation;
    }

    public SignatureForm getSignatureForm() {
        return SignatureForm.CAdES;
    }

    public SignatureCertificateSource getCertificateSource() {
        if (this.offlineCertificateSource == null) {
            this.offlineCertificateSource = new CAdESCertificateSource(this.cmsSignedData, this.signerInformation, this.certPool);
        }
        return this.offlineCertificateSource;
    }

    public SignatureCRLSource getCRLSource() {
        if (this.signatureCRLSource == null) {
            try {
                this.signatureCRLSource = new CAdESCRLSource(this.cmsSignedData, CMSUtils.getUnsignedAttributes(this.signerInformation));
            } catch (Exception e) {
                LOG.warn("Error in computing or in format of the algorithm: just continue...", e);
            }
        }
        return this.signatureCRLSource;
    }

    public SignatureOCSPSource getOCSPSource() {
        if (this.signatureOCSPSource == null) {
            this.signatureOCSPSource = new CAdESOCSPSource(this.cmsSignedData, CMSUtils.getUnsignedAttributes(this.signerInformation));
        }
        return this.signatureOCSPSource;
    }

    /* renamed from: getTimestampSource, reason: merged with bridge method [inline-methods] */
    public CAdESTimestampSource m13getTimestampSource() {
        if (this.signatureTimestampSource == null) {
            this.signatureTimestampSource = new CAdESTimestampSource(this, this.certPool);
        }
        return this.signatureTimestampSource;
    }

    public SignerId getSignerId() {
        return this.signerInformation.getSID();
    }

    public CandidatesForSigningCertificate getCandidatesForSigningCertificate() {
        if (this.candidatesForSigningCertificate != null) {
            return this.candidatesForSigningCertificate;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Searching the signing certificate...");
        }
        this.candidatesForSigningCertificate = new CandidatesForSigningCertificate();
        List keyInfoCertificates = getCertificateSource().getKeyInfoCertificates();
        SignerId signerId = getSignerId();
        Iterator it = keyInfoCertificates.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            CertificateToken certificateToken = (CertificateToken) it.next();
            CertificateValidity certificateValidity = new CertificateValidity(certificateToken);
            this.candidatesForSigningCertificate.add(certificateValidity);
            boolean match = signerId.match(DSSASN1Utils.getX509CertificateHolder(certificateToken));
            certificateValidity.setSignerIdMatch(match);
            if (match) {
                this.signingCertificateValidity = certificateValidity;
                break;
            }
        }
        if (this.signingCertificateValidity == null) {
            LOG.warn("Signing certificate not found: {} {}", signerId.getIssuer(), signerId.getSerialNumber());
        } else if (!verifySignedReferencesToSigningCertificate()) {
            LOG.warn("There is no valid signed reference to the signing certificate: {}", this.signingCertificateValidity.getCertificateToken().getAbbreviation());
        }
        return this.candidatesForSigningCertificate;
    }

    private boolean verifySignedReferencesToSigningCertificate() {
        List<CertificateRef> signingCertificateValues = getCertificateSource().getSigningCertificateValues();
        if (!Utils.isCollectionNotEmpty(signingCertificateValues)) {
            return false;
        }
        this.signingCertificateValidity.setAttributePresent(true);
        CertificateToken certificateToken = this.signingCertificateValidity.getCertificateToken();
        for (CertificateRef certificateRef : signingCertificateValues) {
            Digest certDigest = certificateRef.getCertDigest();
            if (certDigest != null) {
                byte[] digest = certificateToken.getDigest(certDigest.getAlgorithm());
                this.signingCertificateValidity.setDigestPresent(true);
                this.signingCertificateValidity.setDigestEqual(Arrays.equals(digest, certDigest.getValue()));
            }
            IssuerSerialInfo issuerInfo = certificateRef.getIssuerInfo();
            if (issuerInfo != null) {
                this.signingCertificateValidity.setSerialNumberEqual(certificateToken.getSerialNumber().equals(issuerInfo.getSerialNumber()));
                this.signingCertificateValidity.setDistinguishedNameEqual(DSSUtils.x500PrincipalAreEquals(certificateToken.getIssuerX500Principal(), issuerInfo.getIssuerName()));
            }
            if (this.signingCertificateValidity.isDigestEqual()) {
                return true;
            }
        }
        return false;
    }

    public void checkSignaturePolicy(SignaturePolicyProvider signaturePolicyProvider) {
        Attribute signedAttribute = getSignedAttribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId);
        if (signedAttribute == null) {
            return;
        }
        ASN1Encodable objectAt = signedAttribute.getAttrValues().getObjectAt(0);
        if (objectAt instanceof DERNull) {
            this.signaturePolicy = new SignaturePolicy();
            return;
        }
        SignaturePolicyId signaturePolicyId = SignaturePolicyId.getInstance(objectAt);
        if (signaturePolicyId == null) {
            return;
        }
        String id = signaturePolicyId.getSigPolicyId().getId();
        this.signaturePolicy = new SignaturePolicy(id);
        OtherHashAlgAndValue sigPolicyHash = signaturePolicyId.getSigPolicyHash();
        byte[] octets = sigPolicyHash.getHashValue().getOctets();
        boolean isZeroHash = isZeroHash(octets);
        this.signaturePolicy.setZeroHash(isZeroHash);
        if (!isZeroHash) {
            this.signaturePolicy.setDigest(new Digest(DigestAlgorithm.forOID(sigPolicyHash.getHashAlgorithm().getAlgorithm().getId()), octets));
        }
        SigPolicyQualifiers sigPolicyQualifiers = signaturePolicyId.getSigPolicyQualifiers();
        if (sigPolicyQualifiers == null) {
            this.signaturePolicy.setPolicyContent(signaturePolicyProvider.getSignaturePolicyById(id));
            return;
        }
        for (int i = 0; i < sigPolicyQualifiers.size(); i++) {
            try {
                SigPolicyQualifierInfo infoAt = sigPolicyQualifiers.getInfoAt(i);
                ASN1ObjectIdentifier sigPolicyQualifierId = infoAt.getSigPolicyQualifierId();
                String obj = infoAt.getSigQualifier().toString();
                if (PKCSObjectIdentifiers.id_spq_ets_unotice.equals(sigPolicyQualifierId)) {
                    this.signaturePolicy.setNotice(obj);
                } else if (PKCSObjectIdentifiers.id_spq_ets_uri.equals(sigPolicyQualifierId)) {
                    this.signaturePolicy.setUrl(obj);
                    this.signaturePolicy.setPolicyContent(signaturePolicyProvider.getSignaturePolicyByUrl(obj));
                } else {
                    LOG.error("Unknown signature policy qualifier id: {} with value: {}", sigPolicyQualifierId, obj);
                }
            } catch (Exception e) {
                LOG.error("Unable to read SigPolicyQualifierInfo " + i, e.getMessage());
            }
        }
        if (this.signaturePolicy.getPolicyContent() != null) {
            signaturePolicyProvider.getSignaturePoliciesById().put(id, this.signaturePolicy.getPolicyContent());
        }
    }

    private boolean isZeroHash(byte[] bArr) {
        return bArr != null && bArr.length == 1 && bArr[0] == 0;
    }

    public Date getSigningTime() {
        Attribute signedAttribute = getSignedAttribute(PKCSObjectIdentifiers.pkcs_9_at_signingTime);
        if (signedAttribute == null) {
            return null;
        }
        ASN1Encodable objectAt = signedAttribute.getAttrValues().getObjectAt(0);
        Date date = DSSASN1Utils.getDate(objectAt);
        if (date == null) {
            if (!LOG.isErrorEnabled()) {
                return null;
            }
            LOG.error("Error when reading signing time. Unrecognized {}", objectAt.getClass());
            return null;
        }
        if ((date.before(JANUARY_1950) && date.after(JANUARY_2050)) || (objectAt instanceof ASN1UTCTime)) {
            return date;
        }
        LOG.error("RFC 3852 states that dates between January 1, 1950 and December 31, 2049 (inclusive) must be encoded as UTCTime. Any dates with year values before 1950 or after 2049 must be encoded as GeneralizedTime. Date found is {} encoded as {}", date, objectAt.getClass());
        return null;
    }

    public CMSSignedData getCmsSignedData() {
        return this.cmsSignedData;
    }

    public SignatureProductionPlace getSignatureProductionPlace() {
        Attribute signedAttribute = getSignedAttribute(PKCSObjectIdentifiers.id_aa_ets_signerLocation);
        if (signedAttribute == null) {
            return null;
        }
        SignerLocation signerLocation = null;
        try {
            signerLocation = SignerLocation.getInstance(signedAttribute.getAttrValues().getObjectAt(0));
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
        }
        if (signerLocation == null) {
            return null;
        }
        SignatureProductionPlace signatureProductionPlace = new SignatureProductionPlace();
        DirectoryString country = signerLocation.getCountry();
        if (country != null) {
            signatureProductionPlace.setCountryName(country.getString());
        }
        DirectoryString locality = signerLocation.getLocality();
        if (locality != null) {
            signatureProductionPlace.setCity(locality.getString());
        }
        StringBuilder sb = new StringBuilder();
        ASN1Sequence postalAddress = signerLocation.getPostalAddress();
        if (postalAddress != null) {
            for (int i = 0; i < postalAddress.size(); i++) {
                if (postalAddress.getObjectAt(i) instanceof DEROctetString) {
                    if (sb.length() > 0) {
                        sb.append(" / ");
                    }
                    sb.append(new String(postalAddress.getObjectAt(i).getOctets()));
                } else if (postalAddress.getObjectAt(i) instanceof DERUTF8String) {
                    if (sb.length() > 0) {
                        sb.append(" / ");
                    }
                    sb.append(postalAddress.getObjectAt(i).getString());
                }
            }
        }
        signatureProductionPlace.setStreetAddress(sb.toString());
        return signatureProductionPlace;
    }

    public CommitmentType getCommitmentTypeIndication() {
        Attribute signedAttribute = getSignedAttribute(PKCSObjectIdentifiers.id_aa_ets_commitmentType);
        if (signedAttribute == null) {
            return null;
        }
        try {
            CommitmentType commitmentType = null;
            ASN1Set attrValues = signedAttribute.getAttrValues();
            int size = attrValues.size();
            if (size > 0) {
                commitmentType = new CommitmentType();
                for (int i = 0; i < size; i++) {
                    if (attrValues.getObjectAt(i) instanceof DERSequence) {
                        commitmentType.addIdentifier(CommitmentTypeIndication.getInstance(attrValues.getObjectAt(i)).getCommitmentTypeId().getId());
                    } else {
                        LOG.warn("Unsupported type for CommitmentType : {}", attrValues.getObjectAt(i).getClass());
                    }
                }
            }
            return commitmentType;
        } catch (Exception e) {
            throw new DSSException("Error when dealing with CommitmentTypeIndication!", e);
        }
    }

    public List<SignerRole> getClaimedSignerRoles() {
        SignerAttribute signerAttributeV1 = getSignerAttributeV1();
        SignerAttributeV2 signerAttributeV2 = getSignerAttributeV2();
        Object[] objArr = null;
        try {
            if (signerAttributeV1 != null) {
                objArr = signerAttributeV1.getValues();
            } else if (signerAttributeV2 != null) {
                objArr = signerAttributeV2.getValues();
            }
            if (objArr == null) {
                return Collections.emptyList();
            }
            ArrayList arrayList = new ArrayList();
            for (Object obj : objArr) {
                if (obj instanceof org.bouncycastle.asn1.x509.Attribute[]) {
                    for (org.bouncycastle.asn1.x509.Attribute attribute : (org.bouncycastle.asn1.x509.Attribute[]) obj) {
                        for (ASN1String aSN1String : attribute.getAttrValues().toArray()) {
                            if (aSN1String instanceof ASN1String) {
                                arrayList.add(new SignerRole(aSN1String.getString(), EndorsementType.CLAIMED));
                            }
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            LOG.error("Error when dealing with claimed signer roles: [" + ((Object) null) + "]", e);
            return Collections.emptyList();
        }
    }

    public List<SignerRole> getCertifiedSignerRoles() {
        SignerAttribute signerAttributeV1 = getSignerAttributeV1();
        SignerAttributeV2 signerAttributeV2 = getSignerAttributeV2();
        Object[] objArr = null;
        try {
            if (signerAttributeV1 != null) {
                objArr = signerAttributeV1.getValues();
            } else if (signerAttributeV2 != null) {
                objArr = signerAttributeV2.getValues();
            }
            if (objArr == null) {
                return Collections.emptyList();
            }
            ArrayList arrayList = new ArrayList();
            for (Object obj : objArr) {
                if (obj instanceof AttributeCertificate) {
                    AttributeCertificateInfo acinfo = ((AttributeCertificate) obj).getAcinfo();
                    AttCertValidityPeriod attrCertValidityPeriod = acinfo.getAttrCertValidityPeriod();
                    ASN1Sequence attributes = acinfo.getAttributes();
                    for (int i = 0; i < attributes.size(); i++) {
                        SignerRole signerRole = new SignerRole(RoleSyntax.getInstance(org.bouncycastle.asn1.x509.Attribute.getInstance(attributes.getObjectAt(i)).getAttrValues().getObjectAt(0)).getRoleNameAsString(), EndorsementType.CERTIFIED);
                        signerRole.setNotBefore(DSSASN1Utils.toDate(attrCertValidityPeriod.getNotBeforeTime()));
                        signerRole.setNotAfter(DSSASN1Utils.toDate(attrCertValidityPeriod.getNotAfterTime()));
                        arrayList.add(signerRole);
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            LOG.error("Error when dealing with certified signer roles: [" + ((Object) null) + "]", e);
            return Collections.emptyList();
        }
    }

    private SignerAttribute getSignerAttributeV1() {
        Attribute signedAttribute = getSignedAttribute(PKCSObjectIdentifiers.id_aa_ets_signerAttr);
        if (signedAttribute == null) {
            return null;
        }
        ASN1Encodable objectAt = signedAttribute.getAttrValues().getObjectAt(0);
        try {
            return SignerAttribute.getInstance(objectAt);
        } catch (Exception e) {
            LOG.warn("Unable to parse signerAttr " + Utils.toBase64(DSSASN1Utils.getDEREncoded(objectAt)) + "", e);
            return null;
        }
    }

    private SignerAttributeV2 getSignerAttributeV2() {
        Attribute signedAttribute = getSignedAttribute(OID.id_aa_ets_signerAttrV2);
        if (signedAttribute == null) {
            return null;
        }
        ASN1Encodable objectAt = signedAttribute.getAttrValues().getObjectAt(0);
        try {
            return SignerAttributeV2.getInstance(objectAt);
        } catch (Exception e) {
            LOG.warn("Unable to parse signerAttrV2 " + Utils.toBase64(DSSASN1Utils.getDEREncoded(objectAt)) + "", e);
            return null;
        }
    }

    public List<TimestampedReference> getTimestampReferencesForArchiveTimestamp(List<TimestampToken> list) {
        List<TimestampedReference> signatureTimestampReferences = getSignatureTimestampReferences();
        addReferencesForPreviousTimestamps(signatureTimestampReferences, list);
        addReferences(signatureTimestampReferences, getTimestampedReferences());
        return signatureTimestampReferences;
    }

    private List<TimestampedReference> getTimestampedReferences() {
        ArrayList arrayList = new ArrayList();
        Iterator it = getCertificateSource().getCompleteCertificates().iterator();
        while (it.hasNext()) {
            arrayList.add(new TimestampedReference(((CertificateToken) it.next()).getDSSIdAsString(), TimestampedObjectType.CERTIFICATE));
        }
        addReferencesFromRevocationData(arrayList);
        return arrayList;
    }

    public EncryptionAlgorithm getEncryptionAlgorithm() {
        String encryptionAlgOID = this.signerInformation.getEncryptionAlgOID();
        try {
            return EncryptionAlgorithm.forOID(encryptionAlgOID);
        } catch (IllegalArgumentException e) {
            return SignatureAlgorithm.forOID(encryptionAlgOID).getEncryptionAlgorithm();
        }
    }

    public DigestAlgorithm getDigestAlgorithm() {
        SignatureAlgorithm encryptedDigestAlgo = getEncryptedDigestAlgo();
        if (encryptedDigestAlgo != null) {
            return SignatureAlgorithm.RSA_SSA_PSS_SHA1_MGF1.equals(encryptedDigestAlgo) ? getPSSHashAlgorithm() : encryptedDigestAlgo.getDigestAlgorithm();
        }
        try {
            return DigestAlgorithm.forOID(this.signerInformation.getDigestAlgOID());
        } catch (IllegalArgumentException e) {
            LOG.warn(e.getMessage());
            return null;
        }
    }

    private SignatureAlgorithm getEncryptedDigestAlgo() {
        try {
            return SignatureAlgorithm.forOID(this.signerInformation.getEncryptionAlgOID());
        } catch (RuntimeException e) {
            return null;
        }
    }

    public DigestAlgorithm getPSSHashAlgorithm() {
        try {
            byte[] encryptionAlgParams = this.signerInformation.getEncryptionAlgParams();
            if (!Utils.isArrayNotEmpty(encryptionAlgParams) || Arrays.equals(DERNull.INSTANCE.getEncoded(), encryptionAlgParams)) {
                return null;
            }
            return DigestAlgorithm.forOID(RSASSAPSSparams.getInstance(encryptionAlgParams).getHashAlgorithm().getAlgorithm().getId());
        } catch (IOException e) {
            LOG.warn("Unable to analyze EncryptionAlgParams", e);
            return null;
        }
    }

    public MaskGenerationFunction getMaskGenerationFunction() {
        try {
            SignatureAlgorithm encryptedDigestAlgo = getEncryptedDigestAlgo();
            if (encryptedDigestAlgo != null && SignatureAlgorithm.RSA_SSA_PSS_SHA1_MGF1.equals(encryptedDigestAlgo)) {
                byte[] encryptionAlgParams = this.signerInformation.getEncryptionAlgParams();
                if (Utils.isArrayNotEmpty(encryptionAlgParams) && !Arrays.equals(DERNull.INSTANCE.getEncoded(), encryptionAlgParams)) {
                    AlgorithmIdentifier maskGenAlgorithm = RSASSAPSSparams.getInstance(encryptionAlgParams).getMaskGenAlgorithm();
                    if (PKCSObjectIdentifiers.id_mgf1.equals(maskGenAlgorithm.getAlgorithm())) {
                        return MaskGenerationFunction.MGF1;
                    }
                    LOG.warn("Unsupported mask algorithm : {}", maskGenAlgorithm.getAlgorithm());
                }
            }
            return null;
        } catch (IOException e) {
            LOG.warn("Unable to analyze EncryptionAlgParams", e);
            return null;
        }
    }

    public SignatureAlgorithm getSignatureAlgorithm() {
        return SignatureAlgorithm.getAlgorithm(getEncryptionAlgorithm(), getDigestAlgorithm(), getMaskGenerationFunction());
    }

    public void checkSignatureIntegrity() {
        CertificateValidity theBestCandidate;
        SignerInformation signerInformation;
        if (this.signatureCryptographicVerification != null) {
            return;
        }
        this.signatureCryptographicVerification = new SignatureCryptographicVerification();
        try {
            theBestCandidate = getTheBestCandidate();
        } catch (CMSException | IOException e) {
            LOG.error(e.getMessage(), e);
            this.signatureCryptographicVerification.setErrorMessage(e.getMessage());
        }
        if (theBestCandidate == null) {
            this.signatureCryptographicVerification.setErrorMessage("There is no signing certificate within the signature.");
            return;
        }
        if (!CMSUtils.isDetachedSignature(this.cmsSignedData)) {
            signerInformation = this.signerInformation;
        } else {
            if (Utils.isCollectionEmpty(this.detachedContents)) {
                this.candidatesForSigningCertificate.setTheCertificateValidity(theBestCandidate);
                this.signatureCryptographicVerification.setErrorMessage("Detached file not found!");
                return;
            }
            signerInformation = recreateSignerInformation();
        }
        LOG.debug("CHECK SIGNATURE VALIDITY: ");
        if (this.signingCertificateValidity != null) {
            try {
                this.candidatesForSigningCertificate.setTheCertificateValidity(this.signingCertificateValidity);
                JcaSimpleSignerInfoVerifierBuilder jcaSimpleSignerInfoVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder();
                jcaSimpleSignerInfoVerifierBuilder.setProvider(DSSSecurityProvider.getSecurityProviderName());
                CertificateToken certificateToken = this.signingCertificateValidity.getCertificateToken();
                SignerInformationVerifier build = jcaSimpleSignerInfoVerifierBuilder.build(certificateToken.getPublicKey());
                LOG.debug(" - WITH SIGNING CERTIFICATE: {}", certificateToken.getAbbreviation());
                this.signatureCryptographicVerification.setSignatureIntact(signerInformation.verify(build));
            } catch (CMSSignerDigestMismatchException e2) {
                LOG.warn("Unable to validate CMS Signature : {}", e2.getMessage());
                this.signatureCryptographicVerification.setErrorMessage(e2.getMessage());
                this.signatureCryptographicVerification.setSignatureIntact(false);
            } catch (Exception e3) {
                LOG.error("Unable to validate CMS Signature : " + e3.getMessage(), e3);
                this.signatureCryptographicVerification.setErrorMessage(e3.getMessage());
                this.signatureCryptographicVerification.setSignatureIntact(false);
            }
        }
        boolean z = true;
        boolean z2 = true;
        for (ReferenceValidation referenceValidation : getReferenceValidations(signerInformation)) {
            z = z && referenceValidation.isFound();
            z2 = z2 && referenceValidation.isIntact();
        }
        this.signatureCryptographicVerification.setReferenceDataFound(z);
        this.signatureCryptographicVerification.setReferenceDataIntact(z2);
        LOG.debug(" - RESULT: {}", this.signatureCryptographicVerification);
    }

    public List<ReferenceValidation> getReferenceValidations(SignerInformation signerInformation) {
        if (this.referenceValidations == null) {
            this.referenceValidations = new ArrayList();
            ReferenceValidation referenceValidation = new ReferenceValidation();
            referenceValidation.setType(DigestMatcherType.MESSAGE_DIGEST);
            DSSDocument dSSDocument = null;
            try {
                dSSDocument = getOriginalDocument();
            } catch (DSSException e) {
                referenceValidation.setFound(false);
            }
            Set<DigestAlgorithm> messageDigestAlgorithms = getMessageDigestAlgorithms();
            byte[] messageDigestValue = getMessageDigestValue();
            if (dSSDocument == null) {
                LOG.warn("The original document is not found or cannot be extracted. Reference validation is not possible.");
            } else if (Utils.isArrayNotEmpty(messageDigestValue)) {
                Digest digest = new Digest();
                digest.setValue(messageDigestValue);
                referenceValidation.setFound(true);
                if (Utils.isCollectionNotEmpty(messageDigestAlgorithms)) {
                    Iterator<DigestAlgorithm> it = messageDigestAlgorithms.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        DigestAlgorithm next = it.next();
                        if (Arrays.equals(messageDigestValue, Utils.fromBase64(dSSDocument.getDigest(next)))) {
                            digest.setAlgorithm(next);
                            referenceValidation.setIntact(true);
                            break;
                        }
                    }
                    if (digest.getAlgorithm() == null && messageDigestAlgorithms.size() == 1) {
                        digest.setAlgorithm(messageDigestAlgorithms.iterator().next());
                    }
                    referenceValidation.setDigest(digest);
                } else {
                    LOG.warn("Message DigestAlgorithms not found in SignedData! Reference validation is not possible.");
                }
                if (referenceValidation.isFound()) {
                    referenceValidation.getDependentValidations().addAll(getManifestEntryValidation(dSSDocument, digest));
                }
            } else {
                LOG.warn("message-digest is not present in SignedData!");
                if (signerInformation != null) {
                    LOG.warn("Extracting digests from content SignatureValue...");
                    referenceValidation = getContentReferenceValidation(dSSDocument, signerInformation);
                }
            }
            this.referenceValidations.add(referenceValidation);
        }
        return this.referenceValidations;
    }

    private List<ReferenceValidation> getManifestEntryValidation(DSSDocument dSSDocument, Digest digest) {
        ArrayList arrayList = new ArrayList();
        ManifestFile signedManifest = getSignedManifest(dSSDocument, digest);
        if (signedManifest == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("No related manifest file found for a signature with name [{}]", getSignatureFilename());
            }
            return arrayList;
        }
        for (ManifestEntry manifestEntry : signedManifest.getEntries()) {
            ReferenceValidation referenceValidation = new ReferenceValidation();
            referenceValidation.setType(DigestMatcherType.MANIFEST_ENTRY);
            referenceValidation.setName(manifestEntry.getFileName());
            referenceValidation.setDigest(manifestEntry.getDigest());
            referenceValidation.setFound(manifestEntry.isFound());
            referenceValidation.setIntact(manifestEntry.isIntact());
            arrayList.add(referenceValidation);
        }
        return arrayList;
    }

    private ManifestFile getSignedManifest(DSSDocument dSSDocument, Digest digest) {
        if (!Utils.isCollectionNotEmpty(this.manifestFiles)) {
            return null;
        }
        DigestAlgorithm algorithm = digest.getAlgorithm() != null ? digest.getAlgorithm() : DigestAlgorithm.SHA256;
        String digest2 = dSSDocument.getDigest(algorithm);
        for (ManifestFile manifestFile : this.manifestFiles) {
            if (digest2.equals(manifestFile.getDigestBase64String(algorithm))) {
                return manifestFile;
            }
        }
        return null;
    }

    public List<ReferenceValidation> getReferenceValidations() {
        return getReferenceValidations(null);
    }

    private ReferenceValidation getContentReferenceValidation(DSSDocument dSSDocument, SignerInformation signerInformation) {
        ReferenceValidation referenceValidation = new ReferenceValidation();
        referenceValidation.setType(DigestMatcherType.CONTENT_DIGEST);
        DigestAlgorithm digestAlgorithmForOID = getDigestAlgorithmForOID(signerInformation.getDigestAlgOID());
        if (dSSDocument != null && digestAlgorithmForOID != null) {
            byte[] contentDigest = signerInformation.getContentDigest();
            if (Utils.isArrayNotEmpty(contentDigest)) {
                referenceValidation.setFound(true);
                referenceValidation.setDigest(new Digest(digestAlgorithmForOID, contentDigest));
                if (Arrays.equals(contentDigest, Utils.fromBase64(dSSDocument.getDigest(digestAlgorithmForOID)))) {
                    referenceValidation.setIntact(true);
                }
            }
        }
        return referenceValidation;
    }

    public SignatureDigestReference getSignatureDigestReference(DigestAlgorithm digestAlgorithm) {
        return new SignatureDigestReference(new Digest(digestAlgorithm, DSSUtils.digest(digestAlgorithm, DSSASN1Utils.getDEREncoded(this.signerInformation.toASN1Structure()))));
    }

    private SignerInformation recreateSignerInformation() throws CMSException, IOException {
        CMSSignedDataParser cMSSignedDataParser;
        DigestDocument digestDocument = (DSSDocument) this.detachedContents.get(0);
        if (digestDocument instanceof DigestDocument) {
            cMSSignedDataParser = new CMSSignedDataParser(new PrecomputedDigestCalculatorProvider(digestDocument), this.cmsSignedData.getEncoded());
        } else {
            InputStream openStream = digestDocument.openStream();
            try {
                cMSSignedDataParser = new CMSSignedDataParser(new BcDigestCalculatorProvider(), new CMSTypedStream(openStream), this.cmsSignedData.getEncoded());
                cMSSignedDataParser.getSignedContent().drain();
                if (openStream != null) {
                    openStream.close();
                }
            } catch (Throwable th) {
                if (openStream != null) {
                    try {
                        openStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        return cMSSignedDataParser.getSignerInfos().get(getSignerId());
    }

    private CertificateValidity getTheBestCandidate() {
        if (this.providedSigningCertificateToken == null) {
            this.candidatesForSigningCertificate = getCandidatesForSigningCertificate();
        } else {
            this.candidatesForSigningCertificate = new CandidatesForSigningCertificate();
            this.candidatesForSigningCertificate.add(new CertificateValidity(this.providedSigningCertificateToken));
        }
        return this.candidatesForSigningCertificate.getTheBestCandidate();
    }

    public void checkSigningCertificate() {
    }

    public Set<DigestAlgorithm> getMessageDigestAlgorithms() {
        HashSet hashSet = new HashSet();
        Iterator it = this.cmsSignedData.getDigestAlgorithmIDs().iterator();
        while (it.hasNext()) {
            String id = ((AlgorithmIdentifier) it.next()).getAlgorithm().getId();
            if (getDigestAlgorithmForOID(id) != null) {
                hashSet.add(DigestAlgorithm.forOID(id));
            }
        }
        return hashSet;
    }

    private DigestAlgorithm getDigestAlgorithmForOID(String str) {
        try {
            return DigestAlgorithm.forOID(str);
        } catch (IllegalArgumentException e) {
            LOG.warn("Not a digest algorithm {} : {}", str, e.getMessage());
            return null;
        }
    }

    public byte[] getMessageDigestValue() {
        Attribute signedAttribute = getSignedAttribute(PKCSObjectIdentifiers.pkcs_9_at_messageDigest);
        if (signedAttribute == null) {
            return null;
        }
        return signedAttribute.getAttrValues().getObjectAt(0).getOctets();
    }

    public String getContentType() {
        Attribute signedAttribute = getSignedAttribute(PKCSObjectIdentifiers.pkcs_9_at_contentType);
        if (signedAttribute == null) {
            return null;
        }
        return signedAttribute.getAttrValues().getObjectAt(0).getId();
    }

    public String getMimeType() {
        Attribute signedAttribute = getSignedAttribute(OID.id_aa_ets_mimeType);
        if (signedAttribute == null) {
            return null;
        }
        return DSSASN1Utils.getString(signedAttribute.getAttrValues().getObjectAt(0));
    }

    public String getContentIdentifier() {
        Attribute signedAttribute = getSignedAttribute(PKCSObjectIdentifiers.id_aa_contentIdentifier);
        if (signedAttribute == null) {
            return null;
        }
        return DSSASN1Utils.toString(ContentIdentifier.getInstance(signedAttribute.getAttrValues().getObjectAt(0)).getValue());
    }

    public String getContentHints() {
        Attribute signedAttribute = getSignedAttribute(PKCSObjectIdentifiers.id_aa_contentHint);
        if (signedAttribute == null) {
            return null;
        }
        ContentHints contentHints = ContentHints.getInstance(signedAttribute.getAttrValues().getObjectAt(0));
        String str = null;
        if (contentHints != null) {
            str = contentHints.getContentType().toString();
            if (contentHints.getContentDescription() != null) {
                str = str + " [" + contentHints.getContentDescription().toString() + "]";
            }
        }
        return str;
    }

    public SignerInformation getSignerInformation() {
        return this.signerInformation;
    }

    public byte[] getSignatureValue() {
        return this.signerInformation.getSignature();
    }

    public List<AdvancedSignature> getCounterSignatures() {
        ArrayList arrayList = new ArrayList();
        Iterator it = this.signerInformation.getCounterSignatures().getSigners().iterator();
        while (it.hasNext()) {
            CAdESSignature cAdESSignature = new CAdESSignature(this.cmsSignedData, (SignerInformation) it.next(), this.certPool);
            cAdESSignature.setMasterSignature(this);
            arrayList.add(cAdESSignature);
        }
        return arrayList;
    }

    public List<CertificateRef> getCertificateRefs() {
        return getCertificateSource().getCompleteCertificateRefs();
    }

    public DSSDocument getOriginalDocument() throws DSSException {
        return CMSUtils.getOriginalDocument(this.cmsSignedData, this.detachedContents);
    }

    protected SignatureIdentifier buildSignatureIdentifier() {
        CertificateToken signingCertificateToken = getSigningCertificateToken();
        TokenIdentifier dSSId = signingCertificateToken == null ? null : signingCertificateToken.getDSSId();
        Integer valueOf = Integer.valueOf(getUniqueIntegerIfNeeded());
        if (valueOf.intValue() == 0) {
            valueOf = null;
        }
        return SignatureIdentifier.buildSignatureIdentifier(getSigningTime(), dSSId, valueOf, new String[]{getMasterSignatureId(), getSignatureFilename()});
    }

    private String getMasterSignatureId() {
        AdvancedSignature masterSignature = getMasterSignature();
        if (masterSignature != null) {
            return masterSignature.getId();
        }
        return null;
    }

    private int getUniqueIntegerIfNeeded() {
        int i = 0;
        Iterator it = (getMasterSignature() == null ? this.cmsSignedData.getSignerInfos().getSigners(getSignerId()) : this.signerInformation.getCounterSignatures().getSigners(getSignerId())).iterator();
        while (it.hasNext()) {
            if (this.signerInformation == ((SignerInformation) it.next())) {
                break;
            }
            i++;
        }
        return i;
    }

    public String getDAIdentifier() {
        return null;
    }

    private Attribute getSignedAttribute(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        AttributeTable signedAttributes = this.signerInformation.getSignedAttributes();
        if (signedAttributes == null) {
            return null;
        }
        return signedAttributes.get(aSN1ObjectIdentifier);
    }

    public boolean isDataForSignatureLevelPresent(SignatureLevel signatureLevel) {
        boolean z;
        AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(this.signerInformation);
        AttributeTable signedAttributes = CMSUtils.getSignedAttributes(this.signerInformation);
        switch (AnonymousClass1.$SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[signatureLevel.ordinal()]) {
            case 1:
                z = hasLTAProfile() && isDataForSignatureLevelPresent(SignatureLevel.CAdES_BASELINE_LT);
                break;
            case 2:
                z = ((unsignedAttributes.get(OID.id_aa_ets_archiveTimestampV2) != null) && isDataForSignatureLevelPresent(SignatureLevel.CAdES_BASELINE_LT)) && isDataForSignatureLevelPresent(SignatureLevel.CAdES_101733_X);
                break;
            case 3:
                z = hasLTProfile() && isDataForSignatureLevelPresent(SignatureLevel.CAdES_BASELINE_T);
                break;
            case 4:
                z = (unsignedAttributes.get(PKCSObjectIdentifiers.id_aa_ets_certCRLTimestamp) != null || unsignedAttributes.get(PKCSObjectIdentifiers.id_aa_ets_escTimeStamp) != null) && isDataForSignatureLevelPresent(SignatureLevel.CAdES_101733_C);
                break;
            case 5:
                z = (unsignedAttributes.get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs) != null) && isDataForSignatureLevelPresent(SignatureLevel.CAdES_BASELINE_T);
                break;
            case 6:
                z = hasTProfile() && isDataForSignatureLevelPresent(SignatureLevel.CAdES_BASELINE_B);
                break;
            case 7:
                z = (signedAttributes.get(PKCSObjectIdentifiers.id_aa_signingCertificate) == null && signedAttributes.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2) == null) ? false : true;
                break;
            case 8:
                z = true;
                break;
            default:
                throw new IllegalArgumentException("Unknown level " + signatureLevel);
        }
        return z;
    }

    public SignatureLevel[] getSignatureLevels() {
        return new SignatureLevel[]{SignatureLevel.CMS_NOT_ETSI, SignatureLevel.CAdES_BASELINE_B, SignatureLevel.CAdES_BASELINE_T, SignatureLevel.CAdES_101733_C, SignatureLevel.CAdES_101733_X, SignatureLevel.CAdES_BASELINE_LT, SignatureLevel.CAdES_101733_A, SignatureLevel.CAdES_BASELINE_LTA};
    }
}
