package eu.europa.esig.dss.jades.signature;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.exception.IllegalInputException;
import eu.europa.esig.dss.jades.DSSJsonUtils;
import eu.europa.esig.dss.jades.JAdESHeaderParameterNames;
import eu.europa.esig.dss.jades.JAdESSignatureParameters;
import eu.europa.esig.dss.jades.JAdESTimestampParameters;
import eu.europa.esig.dss.jades.JsonObject;
import eu.europa.esig.dss.jades.validation.JAdESEtsiUHeader;
import eu.europa.esig.dss.jades.validation.JAdESSignature;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DigestDocument;
import eu.europa.esig.dss.model.TimestampBinary;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLToken;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPToken;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.AdvancedSignature;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.ValidationData;
import eu.europa.esig.dss.validation.ValidationDataContainer;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:eu/europa/esig/dss/jades/signature/JAdESLevelBaselineLTA.class */
public class JAdESLevelBaselineLTA extends JAdESLevelBaselineLT {
    public JAdESLevelBaselineLTA(CertificateVerifier certificateVerifier) {
        super(certificateVerifier);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.jades.signature.JAdESLevelBaselineLT, eu.europa.esig.dss.jades.signature.JAdESLevelBaselineT
    public void extendSignatures(List<AdvancedSignature> list, JAdESSignatureParameters jAdESSignatureParameters) {
        super.extendSignatures(list, jAdESSignatureParameters);
        boolean z = false;
        Iterator<AdvancedSignature> it = list.iterator();
        while (it.hasNext()) {
            JAdESSignature jAdESSignature = (JAdESSignature) it.next();
            assertExtendSignatureToLTAPossible(jAdESSignature, jAdESSignatureParameters);
            checkSignatureIntegrity(jAdESSignature);
            if (jAdESSignature.hasLTAProfile()) {
                z = true;
            }
        }
        ValidationDataContainer validationData = z ? this.documentValidator.getValidationData(list) : null;
        for (AdvancedSignature advancedSignature : list) {
            JAdESSignature jAdESSignature2 = (JAdESSignature) advancedSignature;
            JAdESEtsiUHeader etsiUHeader = jAdESSignature2.getEtsiUHeader();
            if (jAdESSignature2.hasLTAProfile() && z) {
                removeLastTimestampValidationData(jAdESSignature2, etsiUHeader);
                ValidationData completeValidationDataForSignature = validationData.getCompleteValidationDataForSignature(advancedSignature);
                if (!completeValidationDataForSignature.isEmpty()) {
                    etsiUHeader.addComponent(JAdESHeaderParameterNames.TST_VD, getTstVd(completeValidationDataForSignature), jAdESSignatureParameters.isBase64UrlEncodedEtsiUComponents());
                }
            }
            etsiUHeader.addComponent(JAdESHeaderParameterNames.ARC_TST, DSSJsonUtils.getTstContainer(Collections.singletonList(getArchiveTimestamp(jAdESSignature2, jAdESSignatureParameters)), jAdESSignatureParameters.m1getArchiveTimestampParameters().getCanonicalizationMethod()), jAdESSignatureParameters.isBase64UrlEncodedEtsiUComponents());
        }
    }

    private void removeLastTimestampValidationData(JAdESSignature jAdESSignature, JAdESEtsiUHeader jAdESEtsiUHeader) {
        jAdESEtsiUHeader.removeLastComponent(JAdESHeaderParameterNames.TST_VD);
        jAdESSignature.resetCertificateSource();
        jAdESSignature.resetRevocationSources();
    }

    private JsonObject getTstVd(ValidationData validationData) {
        Set<CertificateToken> certificateTokens = validationData.getCertificateTokens();
        Set<CRLToken> crlTokens = validationData.getCrlTokens();
        Set<OCSPToken> ocspTokens = validationData.getOcspTokens();
        JsonObject jsonObject = new JsonObject();
        if (Utils.isCollectionNotEmpty(certificateTokens)) {
            jsonObject.put(JAdESHeaderParameterNames.X_VALS, (Object) getXVals(certificateTokens));
        }
        if (Utils.isCollectionNotEmpty(crlTokens) || Utils.isCollectionNotEmpty(ocspTokens)) {
            jsonObject.put(JAdESHeaderParameterNames.R_VALS, (Object) getRVals(crlTokens, ocspTokens));
        }
        return jsonObject;
    }

    private TimestampBinary getArchiveTimestamp(JAdESSignature jAdESSignature, JAdESSignatureParameters jAdESSignatureParameters) {
        JAdESTimestampParameters m1getArchiveTimestampParameters = jAdESSignatureParameters.m1getArchiveTimestampParameters();
        DigestAlgorithm digestAlgorithm = m1getArchiveTimestampParameters.getDigestAlgorithm();
        return this.tspSource.getTimeStampResponse(digestAlgorithm, DSSUtils.digest(digestAlgorithm, jAdESSignature.m23getTimestampSource().getArchiveTimestampData(m1getArchiveTimestampParameters.getCanonicalizationMethod())));
    }

    private void assertExtendSignatureToLTAPossible(JAdESSignature jAdESSignature, JAdESSignatureParameters jAdESSignatureParameters) {
        checkArchiveTimestampParameters(jAdESSignatureParameters);
        assertDetachedDocumentsContainBinaries(jAdESSignatureParameters);
        checkEtsiUContentUnicity(jAdESSignature);
    }

    private void checkArchiveTimestampParameters(JAdESSignatureParameters jAdESSignatureParameters) {
        JAdESTimestampParameters m1getArchiveTimestampParameters = jAdESSignatureParameters.m1getArchiveTimestampParameters();
        if (!jAdESSignatureParameters.isBase64UrlEncodedEtsiUComponents() && Utils.isStringEmpty(m1getArchiveTimestampParameters.getCanonicalizationMethod())) {
            throw new IllegalInputException("Unable to extend JAdES-LTA level. Clear 'etsiU' incorporation requires a canonicalization method!");
        }
    }

    private void assertDetachedDocumentsContainBinaries(JAdESSignatureParameters jAdESSignatureParameters) {
        List detachedContents = jAdESSignatureParameters.getDetachedContents();
        if (Utils.isCollectionNotEmpty(detachedContents)) {
            Iterator it = detachedContents.iterator();
            while (it.hasNext()) {
                if (((DSSDocument) it.next()) instanceof DigestDocument) {
                    throw new IllegalArgumentException("JAdES-LTA with All data Timestamp requires complete binaries of signed documents! Extension with a DigestDocument is not possible.");
                }
            }
        }
    }

    private void checkEtsiUContentUnicity(JAdESSignature jAdESSignature) {
        if (!DSSJsonUtils.checkComponentsUnicity(DSSJsonUtils.getEtsiU(jAdESSignature.getJws()))) {
            throw new IllegalInputException("Unsupported 'etsiU' container structure! Extension is not possible.");
        }
    }
}
