package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.SignedAssertion;
import eu.europa.esig.dss.cades.SignedAssertions;
import eu.europa.esig.dss.cades.SignerAttributeV2;
import eu.europa.esig.dss.enumerations.CommitmentType;
import eu.europa.esig.dss.model.CommitmentQualifier;
import eu.europa.esig.dss.model.CommonCommitmentType;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.MimeType;
import eu.europa.esig.dss.model.Policy;
import eu.europa.esig.dss.model.SignerLocation;
import eu.europa.esig.dss.model.SpDocSpecification;
import eu.europa.esig.dss.model.UserNotice;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.OID;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.timestamp.TimestampToken;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.esf.CommitmentTypeIndication;
import org.bouncycastle.asn1.esf.CommitmentTypeQualifier;
import org.bouncycastle.asn1.esf.OtherHashAlgAndValue;
import org.bouncycastle.asn1.esf.SigPolicyQualifierInfo;
import org.bouncycastle.asn1.esf.SigPolicyQualifiers;
import org.bouncycastle.asn1.esf.SignaturePolicyId;
import org.bouncycastle.asn1.esf.SignaturePolicyIdentifier;
import org.bouncycastle.asn1.esf.SignerAttribute;
import org.bouncycastle.asn1.ess.ContentHints;
import org.bouncycastle.asn1.ess.ContentIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Attribute;
import org.bouncycastle.asn1.x509.NoticeReference;
import org.bouncycastle.asn1.x509.Time;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CAdESLevelBaselineB.class */
public class CAdESLevelBaselineB {
    private static final Logger LOG = LoggerFactory.getLogger(CAdESLevelBaselineB.class);
    private final boolean padesUsage;
    private final DSSDocument documentToSign;

    public CAdESLevelBaselineB() {
        this(false);
    }

    public CAdESLevelBaselineB(boolean z) {
        this(null, z);
    }

    public CAdESLevelBaselineB(DSSDocument dSSDocument) {
        this(dSSDocument, false);
    }

    CAdESLevelBaselineB(DSSDocument dSSDocument, boolean z) {
        this.documentToSign = dSSDocument;
        this.padesUsage = z;
    }

    public AttributeTable getUnsignedAttributes() {
        return new AttributeTable(new Hashtable());
    }

    public AttributeTable getSignedAttributes(CAdESSignatureParameters cAdESSignatureParameters) {
        if (Utils.isArrayNotEmpty(cAdESSignatureParameters.getSignedData())) {
            LOG.debug("Using explicit SignedAttributes from parameter");
            return CMSUtils.getAttributesFromByteArray(cAdESSignatureParameters.getSignedData());
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        addSigningCertificateAttribute(cAdESSignatureParameters, aSN1EncodableVector);
        addSigningTimeAttribute(cAdESSignatureParameters, aSN1EncodableVector);
        addSignerAttribute(cAdESSignatureParameters, aSN1EncodableVector);
        addSignaturePolicyId(cAdESSignatureParameters, aSN1EncodableVector);
        addContentHints(cAdESSignatureParameters, aSN1EncodableVector);
        addMimeType(cAdESSignatureParameters, aSN1EncodableVector);
        addContentIdentifier(cAdESSignatureParameters, aSN1EncodableVector);
        addCommitmentType(cAdESSignatureParameters, aSN1EncodableVector);
        addSignerLocation(cAdESSignatureParameters, aSN1EncodableVector);
        addContentTimestamps(cAdESSignatureParameters, aSN1EncodableVector);
        return new AttributeTable(aSN1EncodableVector);
    }

    private void addSignerAttribute(CAdESSignatureParameters cAdESSignatureParameters, ASN1EncodableVector aSN1EncodableVector) {
        List claimedSignerRoles = cAdESSignatureParameters.bLevel().getClaimedSignerRoles();
        if (claimedSignerRoles != null) {
            ArrayList arrayList = new ArrayList(claimedSignerRoles.size());
            Iterator it = claimedSignerRoles.iterator();
            while (it.hasNext()) {
                arrayList.add(new Attribute(OID.id_at_role, new DERSet(new DERUTF8String((String) it.next()))));
            }
            aSN1EncodableVector.add(!cAdESSignatureParameters.isEn319122() ? new org.bouncycastle.asn1.cms.Attribute(PKCSObjectIdentifiers.id_aa_ets_signerAttr, new DERSet(new SignerAttribute((Attribute[]) arrayList.toArray(new Attribute[arrayList.size()])))) : new org.bouncycastle.asn1.cms.Attribute(OID.id_aa_ets_signerAttrV2, new DERSet(new SignerAttributeV2((Attribute[]) arrayList.toArray(new Attribute[arrayList.size()])))));
            return;
        }
        List signedAssertions = cAdESSignatureParameters.bLevel().getSignedAssertions();
        if (signedAssertions == null || !cAdESSignatureParameters.isEn319122()) {
            return;
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it2 = signedAssertions.iterator();
        while (it2.hasNext()) {
            arrayList2.add(new SignedAssertion((String) it2.next()));
        }
        if (arrayList2.isEmpty()) {
            return;
        }
        aSN1EncodableVector.add(new org.bouncycastle.asn1.cms.Attribute(OID.id_aa_ets_signerAttrV2, new DERSet(new SignerAttributeV2(new SignedAssertions(arrayList2)))));
    }

    private void addSigningTimeAttribute(CAdESSignatureParameters cAdESSignatureParameters, ASN1EncodableVector aSN1EncodableVector) {
        Date signingDate;
        if (this.padesUsage || (signingDate = cAdESSignatureParameters.bLevel().getSigningDate()) == null) {
            return;
        }
        aSN1EncodableVector.add(new org.bouncycastle.asn1.cms.Attribute(PKCSObjectIdentifiers.pkcs_9_at_signingTime, new DERSet(new Time(signingDate))));
    }

    private void addSignerLocation(CAdESSignatureParameters cAdESSignatureParameters, ASN1EncodableVector aSN1EncodableVector) {
        SignerLocation signerLocation;
        if (this.padesUsage || (signerLocation = cAdESSignatureParameters.bLevel().getSignerLocation()) == null || signerLocation.isEmpty()) {
            return;
        }
        aSN1EncodableVector.add(new org.bouncycastle.asn1.cms.Attribute(PKCSObjectIdentifiers.id_aa_ets_signerLocation, new DERSet(new org.bouncycastle.asn1.esf.SignerLocation(signerLocation.getCountry() == null ? null : new DERUTF8String(signerLocation.getCountry()), signerLocation.getLocality() == null ? null : new DERUTF8String(signerLocation.getLocality()), getPostalAddressSequence(signerLocation.getPostalAddress())))));
    }

    private DERSequence getPostalAddressSequence(List<String> list) {
        DERSequence dERSequence = null;
        if (Utils.isCollectionNotEmpty(list)) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                aSN1EncodableVector.add(new DERUTF8String(it.next()));
            }
            dERSequence = new DERSequence(aSN1EncodableVector);
        }
        return dERSequence;
    }

    private void addCommitmentType(CAdESSignatureParameters cAdESSignatureParameters, ASN1EncodableVector aSN1EncodableVector) {
        List commitmentTypeIndications = cAdESSignatureParameters.bLevel().getCommitmentTypeIndications();
        if (Utils.isCollectionNotEmpty(commitmentTypeIndications)) {
            int size = commitmentTypeIndications.size();
            ASN1Encodable[] aSN1EncodableArr = new ASN1Encodable[size];
            for (int i = 0; i < size; i++) {
                CommitmentType commitmentType = (CommitmentType) commitmentTypeIndications.get(i);
                if (Utils.isStringEmpty(commitmentType.getOid())) {
                    throw new IllegalArgumentException("The commitmentTypeIndication OID must be defined for CAdES creation!");
                }
                aSN1EncodableArr[i] = new CommitmentTypeIndication(new ASN1ObjectIdentifier(commitmentType.getOid()), getCommitmentQualifiers(commitmentType)).toASN1Primitive();
            }
            aSN1EncodableVector.add(new org.bouncycastle.asn1.cms.Attribute(PKCSObjectIdentifiers.id_aa_ets_commitmentType, new DERSet(aSN1EncodableArr)));
        }
    }

    private ASN1Sequence getCommitmentQualifiers(CommitmentType commitmentType) {
        ASN1Primitive dERUTF8String;
        DERSequence dERSequence = null;
        if (commitmentType instanceof CommonCommitmentType) {
            CommitmentQualifier[] commitmentTypeQualifiers = ((CommonCommitmentType) commitmentType).getCommitmentTypeQualifiers();
            if (Utils.isArrayNotEmpty(commitmentTypeQualifiers)) {
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector(commitmentTypeQualifiers.length);
                for (CommitmentQualifier commitmentQualifier : commitmentTypeQualifiers) {
                    Objects.requireNonNull(commitmentQualifier, "CommitmentTypeQualifier cannot be null!");
                    if (Utils.isStringEmpty(commitmentQualifier.getOid())) {
                        throw new IllegalArgumentException("CommitmentTypeQualifier OID cannot be null for CAdES!");
                    }
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(commitmentQualifier.getOid());
                    DSSDocument content = commitmentQualifier.getContent();
                    if (content == null) {
                        throw new IllegalArgumentException("CommitmentTypeQualifier content cannot be null!");
                    }
                    byte[] byteArray = DSSUtils.toByteArray(content);
                    if (DSSASN1Utils.isAsn1Encoded(byteArray)) {
                        dERUTF8String = DSSASN1Utils.toASN1Primitive(byteArray);
                    } else {
                        LOG.info("None ASN.1 encoded CommitmentTypeQualifier has been provided. Incorporate as DERUTF8String.");
                        dERUTF8String = new DERUTF8String(new String(byteArray));
                    }
                    aSN1EncodableVector.add(new CommitmentTypeQualifier(aSN1ObjectIdentifier, dERUTF8String));
                }
                dERSequence = new DERSequence(aSN1EncodableVector);
            }
        }
        return dERSequence;
    }

    private void addContentTimestamps(CAdESSignatureParameters cAdESSignatureParameters, ASN1EncodableVector aSN1EncodableVector) {
        if (Utils.isCollectionNotEmpty(cAdESSignatureParameters.getContentTimestamps())) {
            Iterator it = cAdESSignatureParameters.getContentTimestamps().iterator();
            while (it.hasNext()) {
                aSN1EncodableVector.add(new org.bouncycastle.asn1.cms.Attribute(PKCSObjectIdentifiers.id_aa_ets_contentTimestamp, new DERSet(DSSASN1Utils.toASN1Primitive(((TimestampToken) it.next()).getEncoded()))));
            }
        }
    }

    private void addContentHints(CAdESSignatureParameters cAdESSignatureParameters, ASN1EncodableVector aSN1EncodableVector) {
        if (Utils.isStringNotBlank(cAdESSignatureParameters.getContentHintsType())) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(cAdESSignatureParameters.getContentHintsType());
            String contentHintsDescription = cAdESSignatureParameters.getContentHintsDescription();
            aSN1EncodableVector.add(new org.bouncycastle.asn1.cms.Attribute(PKCSObjectIdentifiers.id_aa_contentHint, new DERSet(new ContentHints(aSN1ObjectIdentifier, Utils.isStringBlank(contentHintsDescription) ? null : new DERUTF8String(contentHintsDescription)))));
        }
    }

    private void addContentIdentifier(CAdESSignatureParameters cAdESSignatureParameters, ASN1EncodableVector aSN1EncodableVector) {
        if (this.padesUsage) {
            return;
        }
        String contentIdentifierPrefix = cAdESSignatureParameters.getContentIdentifierPrefix();
        if (Utils.isStringNotBlank(contentIdentifierPrefix)) {
            if (Utils.isStringBlank(cAdESSignatureParameters.getContentIdentifierSuffix())) {
                cAdESSignatureParameters.setContentIdentifierSuffix(new ASN1GeneralizedTime(new Date()).getTimeString() + new SecureRandom().nextLong());
            }
            aSN1EncodableVector.add(new org.bouncycastle.asn1.cms.Attribute(PKCSObjectIdentifiers.id_aa_contentIdentifier, new DERSet(new ContentIdentifier((contentIdentifierPrefix + cAdESSignatureParameters.getContentIdentifierSuffix()).getBytes()))));
        }
    }

    private void addSignaturePolicyId(CAdESSignatureParameters cAdESSignatureParameters, ASN1EncodableVector aSN1EncodableVector) {
        SignaturePolicyIdentifier signaturePolicyIdentifier;
        Policy signaturePolicy = cAdESSignatureParameters.bLevel().getSignaturePolicy();
        if (signaturePolicy != null) {
            String id = signaturePolicy.getId();
            if (Utils.isStringEmpty(id)) {
                signaturePolicyIdentifier = new SignaturePolicyIdentifier();
            } else {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(id);
                OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(new AlgorithmIdentifier(new ASN1ObjectIdentifier(signaturePolicy.getDigestAlgorithm().getOid())), new DEROctetString(signaturePolicy.getDigestValue()));
                signaturePolicyIdentifier = signaturePolicy.isSPQualifierPresent() ? new SignaturePolicyIdentifier(new SignaturePolicyId(aSN1ObjectIdentifier, otherHashAlgAndValue, buildSigPolicyQualifiers(signaturePolicy))) : new SignaturePolicyIdentifier(new SignaturePolicyId(aSN1ObjectIdentifier, otherHashAlgAndValue));
            }
            aSN1EncodableVector.add(new org.bouncycastle.asn1.cms.Attribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, new DERSet(signaturePolicyIdentifier)));
        }
    }

    private SigPolicyQualifiers buildSigPolicyQualifiers(Policy policy) {
        ArrayList arrayList = new ArrayList();
        if (Utils.isStringNotEmpty(policy.getSpuri())) {
            arrayList.add(new SigPolicyQualifierInfo(PKCSObjectIdentifiers.id_spq_ets_uri, new DERIA5String(policy.getSpuri())));
        }
        UserNotice userNotice = policy.getUserNotice();
        if (userNotice != null && !userNotice.isEmpty()) {
            DSSUtils.assertSPUserNoticeConfigurationValid(userNotice);
            NoticeReference noticeReference = null;
            String str = null;
            String organization = userNotice.getOrganization();
            int[] noticeNumbers = userNotice.getNoticeNumbers();
            if (Utils.isStringNotEmpty(organization) && noticeNumbers != null && noticeNumbers.length > 0) {
                noticeReference = new NoticeReference(organization, new Vector(DSSUtils.toBigIntegerList(noticeNumbers)));
            }
            if (Utils.isStringNotEmpty(userNotice.getExplicitText())) {
                str = userNotice.getExplicitText();
            }
            arrayList.add(new SigPolicyQualifierInfo(PKCSObjectIdentifiers.id_spq_ets_unotice, new org.bouncycastle.asn1.x509.UserNotice(noticeReference, str)));
        }
        SpDocSpecification spDocSpecification = policy.getSpDocSpecification();
        if (spDocSpecification != null && Utils.isStringNotEmpty(spDocSpecification.getId())) {
            arrayList.add(new SigPolicyQualifierInfo(OID.id_sp_doc_specification, DSSASN1Utils.buildSPDocSpecificationId(spDocSpecification.getId())));
        }
        return new SigPolicyQualifiers((SigPolicyQualifierInfo[]) arrayList.toArray(new SigPolicyQualifierInfo[0]));
    }

    private void addSigningCertificateAttribute(CAdESSignatureParameters cAdESSignatureParameters, ASN1EncodableVector aSN1EncodableVector) {
        if (cAdESSignatureParameters.getSigningCertificate() == null && cAdESSignatureParameters.isGenerateTBSWithoutCertificate()) {
            LOG.debug("Signing certificate not available and must be added to signed attributes later");
        } else {
            CMSUtils.addSigningCertificateAttribute(aSN1EncodableVector, cAdESSignatureParameters.getDigestAlgorithm(), cAdESSignatureParameters.getSigningCertificate());
        }
    }

    private void addMimeType(CAdESSignatureParameters cAdESSignatureParameters, ASN1EncodableVector aSN1EncodableVector) {
        if (this.padesUsage || (cAdESSignatureParameters instanceof CAdESCounterSignatureParameters) || Utils.isStringNotBlank(cAdESSignatureParameters.getContentHintsType())) {
            return;
        }
        MimeType mimeType = MimeType.BINARY;
        if (this.documentToSign != null && this.documentToSign.getMimeType() != null) {
            mimeType = this.documentToSign.getMimeType();
        }
        aSN1EncodableVector.add(new org.bouncycastle.asn1.cms.Attribute(OID.id_aa_ets_mimeType, new DERSet(new DERUTF8String(mimeType.getMimeTypeString()))));
    }
}
