package eu.europa.esig.dss.jades.signature;

import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.exception.IllegalInputException;
import eu.europa.esig.dss.jades.JAdESHeaderParameterNames;
import eu.europa.esig.dss.jades.JAdESSignatureParameters;
import eu.europa.esig.dss.jades.JsonObject;
import eu.europa.esig.dss.jades.validation.JAdESEtsiUHeader;
import eu.europa.esig.dss.jades.validation.JAdESSignature;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLToken;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPToken;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.AdvancedSignature;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.SignatureCryptographicVerification;
import eu.europa.esig.dss.validation.ValidationData;
import eu.europa.esig.dss.validation.ValidationDataContainer;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.jose4j.json.internal.json_simple.JSONArray;
import org.jose4j.json.internal.json_simple.JSONObject;

/* loaded from: input_file:eu/europa/esig/dss/jades/signature/JAdESLevelBaselineLT.class */
public class JAdESLevelBaselineLT extends JAdESLevelBaselineT {
    public JAdESLevelBaselineLT(CertificateVerifier certificateVerifier) {
        super(certificateVerifier);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.jades.signature.JAdESLevelBaselineT
    public void extendSignatures(List<AdvancedSignature> list, JAdESSignatureParameters jAdESSignatureParameters) {
        super.extendSignatures(list, jAdESSignatureParameters);
        boolean z = false;
        Iterator<AdvancedSignature> it = list.iterator();
        while (it.hasNext()) {
            JAdESSignature jAdESSignature = (JAdESSignature) it.next();
            if (ltLevelExtensionRequired(jAdESSignature, jAdESSignatureParameters)) {
                checkSignatureIntegrity(jAdESSignature);
                jAdESSignature.resetCertificateSource();
                jAdESSignature.resetRevocationSources();
                jAdESSignature.resetTimestampSource();
                z = true;
            }
        }
        if (z) {
            ValidationDataContainer validationData = this.documentValidator.getValidationData(list);
            for (AdvancedSignature advancedSignature : list) {
                JAdESSignature jAdESSignature2 = (JAdESSignature) advancedSignature;
                if (ltLevelExtensionRequired(jAdESSignature2, jAdESSignatureParameters)) {
                    assertExtendSignatureToLTPossible(jAdESSignature2, jAdESSignatureParameters);
                    JAdESEtsiUHeader etsiUHeader = jAdESSignature2.getEtsiUHeader();
                    removeOldCertificateValues(jAdESSignature2, etsiUHeader);
                    removeOldRevocationValues(jAdESSignature2, etsiUHeader);
                    ValidationData completeValidationDataForSignature = validationData.getCompleteValidationDataForSignature(advancedSignature);
                    Set<CertificateToken> certificateTokens = completeValidationDataForSignature.getCertificateTokens();
                    Set<CRLToken> crlTokens = completeValidationDataForSignature.getCrlTokens();
                    Set<OCSPToken> ocspTokens = completeValidationDataForSignature.getOcspTokens();
                    incorporateXVals(etsiUHeader, certificateTokens, jAdESSignatureParameters.isBase64UrlEncodedEtsiUComponents());
                    incorporateRVals(etsiUHeader, crlTokens, ocspTokens, jAdESSignatureParameters.isBase64UrlEncodedEtsiUComponents());
                }
            }
        }
    }

    private void removeOldCertificateValues(JAdESSignature jAdESSignature, JAdESEtsiUHeader jAdESEtsiUHeader) {
        jAdESEtsiUHeader.removeComponent(JAdESHeaderParameterNames.X_VALS);
        jAdESSignature.resetCertificateSource();
    }

    private void removeOldRevocationValues(JAdESSignature jAdESSignature, JAdESEtsiUHeader jAdESEtsiUHeader) {
        jAdESEtsiUHeader.removeComponent(JAdESHeaderParameterNames.R_VALS);
        jAdESSignature.resetRevocationSources();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JSONArray getXVals(Set<CertificateToken> set) {
        JSONArray jSONArray = new JSONArray();
        Iterator<CertificateToken> it = set.iterator();
        while (it.hasNext()) {
            jSONArray.add(getX509CertObject(it.next()));
        }
        return jSONArray;
    }

    private JSONObject getX509CertObject(CertificateToken certificateToken) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(JAdESHeaderParameterNames.VAL, Utils.toBase64(certificateToken.getEncoded()));
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put(JAdESHeaderParameterNames.X509_CERT, jSONObject);
        return jSONObject2;
    }

    protected void incorporateXVals(JAdESEtsiUHeader jAdESEtsiUHeader, Set<CertificateToken> set, boolean z) {
        if (Utils.isCollectionNotEmpty(set)) {
            jAdESEtsiUHeader.addComponent(JAdESHeaderParameterNames.X_VALS, getXVals(set), z);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JsonObject getRVals(Set<CRLToken> set, Set<OCSPToken> set2) {
        JsonObject jsonObject = new JsonObject();
        if (Utils.isCollectionNotEmpty(set)) {
            jsonObject.put(JAdESHeaderParameterNames.CRL_VALS, (Object) getCrlVals(set));
        }
        if (Utils.isCollectionNotEmpty(set2)) {
            jsonObject.put(JAdESHeaderParameterNames.OCSP_VALS, (Object) getOcspVals(set2));
        }
        return jsonObject;
    }

    private JSONArray getCrlVals(Set<CRLToken> set) {
        JSONArray jSONArray = new JSONArray();
        for (CRLToken cRLToken : set) {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(JAdESHeaderParameterNames.VAL, Utils.toBase64(cRLToken.getEncoded()));
            jSONArray.add(jSONObject);
        }
        return jSONArray;
    }

    private JSONArray getOcspVals(Set<OCSPToken> set) {
        JSONArray jSONArray = new JSONArray();
        for (OCSPToken oCSPToken : set) {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(JAdESHeaderParameterNames.VAL, Utils.toBase64(oCSPToken.getEncoded()));
            jSONArray.add(jSONObject);
        }
        return jSONArray;
    }

    protected void incorporateRVals(JAdESEtsiUHeader jAdESEtsiUHeader, Set<CRLToken> set, Set<OCSPToken> set2, boolean z) {
        if (Utils.isCollectionNotEmpty(set) || Utils.isCollectionNotEmpty(set2)) {
            jAdESEtsiUHeader.addComponent(JAdESHeaderParameterNames.R_VALS, getRVals(set, set2), z);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkSignatureIntegrity(JAdESSignature jAdESSignature) throws DSSException {
        SignatureCryptographicVerification signatureCryptographicVerification = jAdESSignature.getSignatureCryptographicVerification();
        if (signatureCryptographicVerification.isSignatureIntact()) {
            return;
        }
        String errorMessage = signatureCryptographicVerification.getErrorMessage();
        throw new DSSException("Cryptographic signature verification has failed" + (errorMessage.isEmpty() ? "." : " / " + errorMessage));
    }

    private boolean ltLevelExtensionRequired(JAdESSignature jAdESSignature, JAdESSignatureParameters jAdESSignatureParameters) {
        return SignatureLevel.JAdES_BASELINE_LT.equals(jAdESSignatureParameters.getSignatureLevel()) || !jAdESSignature.hasLTAProfile();
    }

    private void assertExtendSignatureToLTPossible(JAdESSignature jAdESSignature, JAdESSignatureParameters jAdESSignatureParameters) {
        SignatureLevel signatureLevel = jAdESSignatureParameters.getSignatureLevel();
        if (SignatureLevel.JAdES_BASELINE_LT.equals(signatureLevel) && jAdESSignature.hasLTAProfile()) {
            throw new IllegalInputException(String.format("Cannot extend signature to '%s'. The signature is already extended with LTA level.", signatureLevel));
        }
        if (jAdESSignature.areAllSelfSignedCertificates()) {
            throw new IllegalInputException("Cannot extend the signature. The signature contains only self-signed certificate chains!");
        }
    }
}
