package eu.europa.ec.markt.dss.validation.cades;

import eu.europa.ec.markt.dss.CertificateIdentifier;
import eu.europa.ec.markt.dss.DSSUtils;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.signature.DSSDocument;
import eu.europa.ec.markt.dss.validation.AdvancedSignature;
import eu.europa.ec.markt.dss.validation.CRLRef;
import eu.europa.ec.markt.dss.validation.CertificateRef;
import eu.europa.ec.markt.dss.validation.OCSPRef;
import eu.europa.ec.markt.dss.validation.PolicyValue;
import eu.europa.ec.markt.dss.validation.SignatureForm;
import eu.europa.ec.markt.dss.validation.certificate.CertificateSource;
import eu.europa.ec.markt.dss.validation.x509.TimestampToken;
import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.output.ByteArrayOutputStream;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1UTCTime;
import org.bouncycastle.asn1.BERConstructedOctetString;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.esf.CrlOcspRef;
import org.bouncycastle.asn1.esf.CrlValidatedID;
import org.bouncycastle.asn1.esf.OcspResponsesID;
import org.bouncycastle.asn1.esf.SignaturePolicyId;
import org.bouncycastle.asn1.esf.SignerAttribute;
import org.bouncycastle.asn1.ess.OtherCertID;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataParser;
import org.bouncycastle.cms.CMSTypedStream;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.tsp.TimeStampToken;
import org.linagora.linshare.core.utils.LdapHashUtils;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation/cades/CAdESSignature.class */
public class CAdESSignature implements AdvancedSignature {
    public static final ASN1ObjectIdentifier id_aa_ets_archiveTimestampV2 = PKCSObjectIdentifiers.id_aa.branch("48");
    private static Logger LOG = Logger.getLogger(CAdESSignature.class.getName());
    private final CMSSignedData cmsSignedData;
    private final SignerInformation signerInformation;

    public CAdESSignature(byte[] bArr) throws CMSException {
        this(new CMSSignedData(bArr));
    }

    public CAdESSignature(CMSSignedData cMSSignedData) {
        this(cMSSignedData, (SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next());
    }

    public CAdESSignature(CMSSignedData cMSSignedData, SignerInformation signerInformation) {
        this.cmsSignedData = cMSSignedData;
        this.signerInformation = signerInformation;
    }

    public CAdESSignature(CMSSignedData cMSSignedData, SignerId signerId) {
        this(cMSSignedData, cMSSignedData.getSignerInfos().get(signerId));
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public SignatureForm getSignatureFormat() {
        return SignatureForm.CAdES;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public CAdESCertificateSource getCertificateSource() {
        return new CAdESCertificateSource(this.cmsSignedData, this.signerInformation.getSID(), false);
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public CertificateSource getExtendedCertificateSource() {
        return new CAdESCertificateSource(this.cmsSignedData, this.signerInformation.getSID(), true);
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public CAdESCRLSource getCRLSource() {
        return new CAdESCRLSource(this.cmsSignedData, this.signerInformation.getSID());
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public CAdESOCSPSource getOCSPSource() {
        return new CAdESOCSPSource(this.cmsSignedData, this.signerInformation.getSID());
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public X509Certificate getSigningCertificate() {
        for (X509Certificate x509Certificate : getCertificates()) {
            if (this.signerInformation.getSID().match(x509Certificate)) {
                if (LOG.isLoggable(Level.INFO)) {
                    LOG.info("Signing certificate found: " + CertificateIdentifier.getId(x509Certificate));
                }
                return x509Certificate;
            }
        }
        if (!LOG.isLoggable(Level.INFO)) {
            return null;
        }
        LOG.info("!!! Signing certificate not found: " + this.signerInformation.getSID());
        return null;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<X509Certificate> getCertificates() {
        return getCertificateSource().getCertificates();
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public PolicyValue getPolicyId() {
        Attribute attribute;
        SignaturePolicyId signaturePolicyId;
        if (this.signerInformation.getSignedAttributes() == null || (attribute = this.signerInformation.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId)) == null) {
            return null;
        }
        if (!(attribute.getAttrValues().getObjectAt(0) instanceof DERNull) && (signaturePolicyId = SignaturePolicyId.getInstance(attribute.getAttrValues().getObjectAt(0))) != null) {
            return new PolicyValue(signaturePolicyId.getSigPolicyId().getId());
        }
        return new PolicyValue();
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public Date getSigningTime() {
        if (this.signerInformation.getSignedAttributes() == null || this.signerInformation.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_signingTime) == null) {
            return null;
        }
        try {
            DEREncodable objectAt = this.signerInformation.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_signingTime).getAttrValues().getObjectAt(0);
            if (objectAt instanceof ASN1UTCTime) {
                return ((ASN1UTCTime) objectAt).getDate();
            }
            if (objectAt instanceof Time) {
                return ((Time) objectAt).getDate();
            }
            LOG.log(Level.SEVERE, "Error when reading signing time. Unrecognized " + objectAt.getClass());
            return null;
        } catch (Exception e) {
            LOG.log(Level.SEVERE, "Error when reading signing time ", (Throwable) e);
            return null;
        }
    }

    public CMSSignedData getCmsSignedData() {
        return this.cmsSignedData;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public String getLocation() {
        return null;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public String[] getClaimedSignerRoles() {
        Attribute attribute;
        SignerAttribute signerAttribute;
        if (this.signerInformation.getSignedAttributes() == null || (attribute = this.signerInformation.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_signerAttr)) == null || (signerAttribute = SignerAttribute.getInstance(attribute.getAttrValues().getObjectAt(0))) == null) {
            return null;
        }
        String[] strArr = new String[signerAttribute.getClaimedAttributes().size()];
        for (int i = 0; i < signerAttribute.getClaimedAttributes().size(); i++) {
            if (signerAttribute.getClaimedAttributes().getObjectAt(i) instanceof DEROctetString) {
                strArr[i] = new String(((DEROctetString) signerAttribute.getClaimedAttributes().getObjectAt(i)).getOctets());
            } else {
                strArr[i] = signerAttribute.getClaimedAttributes().getObjectAt(i).toString();
            }
        }
        return strArr;
    }

    private List<TimestampToken> getTimestampList(ASN1ObjectIdentifier aSN1ObjectIdentifier, TimestampToken.TimestampType timestampType) {
        Attribute attribute;
        if (this.signerInformation.getUnsignedAttributes() == null || (attribute = this.signerInformation.getUnsignedAttributes().get(aSN1ObjectIdentifier)) == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (ASN1Encodable aSN1Encodable : attribute.getAttrValues().toArray()) {
            try {
                arrayList.add(new TimestampToken(new TimeStampToken(new CMSSignedData(aSN1Encodable.getDEREncoded())), timestampType));
            } catch (Exception e) {
                throw new RuntimeException("Parsing error", e);
            }
        }
        return arrayList;
    }

    protected List<TimestampToken> getContentTimestamps() {
        return getTimestampList(PKCSObjectIdentifiers.id_aa_ets_contentTimestamp, TimestampToken.TimestampType.CONTENT_TIMESTAMP);
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<TimestampToken> getSignatureTimestamps() throws RuntimeException {
        return getTimestampList(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, TimestampToken.TimestampType.SIGNATURE_TIMESTAMP);
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<TimestampToken> getTimestampsX1() {
        return getTimestampList(PKCSObjectIdentifiers.id_aa_ets_escTimeStamp, TimestampToken.TimestampType.VALIDATION_DATA_TIMESTAMP);
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<TimestampToken> getTimestampsX2() {
        return getTimestampList(PKCSObjectIdentifiers.id_aa_ets_certCRLTimestamp, TimestampToken.TimestampType.VALIDATION_DATA_REFSONLY_TIMESTAMP);
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<TimestampToken> getArchiveTimestamps() {
        return getTimestampList(id_aa_ets_archiveTimestampV2, TimestampToken.TimestampType.ARCHIVE_TIMESTAMP);
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public String getSignatureAlgorithm() {
        return this.signerInformation.getEncryptionAlgOID();
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public boolean checkIntegrity(DSSDocument dSSDocument) throws DSSException {
        SignerInformation signerInformation;
        JcaSimpleSignerInfoVerifierBuilder jcaSimpleSignerInfoVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder();
        try {
            if (dSSDocument != null) {
                CMSSignedDataParser cMSSignedDataParser = new CMSSignedDataParser(new CMSTypedStream(dSSDocument.openStream()), this.cmsSignedData.getEncoded());
                cMSSignedDataParser.getSignedContent().drain();
                signerInformation = cMSSignedDataParser.getSignerInfos().get(this.signerInformation.getSID());
            } else {
                signerInformation = this.signerInformation;
            }
            return signerInformation.verify(jcaSimpleSignerInfoVerifierBuilder.build(getSigningCertificate()));
        } catch (IOException e) {
            return false;
        } catch (CMSException e2) {
            return false;
        } catch (OperatorCreationException e3) {
            return false;
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public String getContentType() {
        return this.signerInformation.getContentType().toString();
    }

    public SignerInformation getSignerInformation() {
        return this.signerInformation;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<AdvancedSignature> getCounterSignatures() {
        ArrayList arrayList = new ArrayList();
        Iterator it2 = this.signerInformation.getCounterSignatures().getSigners().iterator();
        while (it2.hasNext()) {
            arrayList.add(new CAdESSignature(this.cmsSignedData, ((SignerInformation) it2.next()).getSID()));
        }
        return arrayList;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<CertificateRef> getCertificateRefs() {
        Attribute attribute;
        ArrayList arrayList = new ArrayList();
        if (this.signerInformation.getUnsignedAttributes() != null && (attribute = this.signerInformation.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs)) != null && attribute.getAttrValues().size() > 0) {
            DERSequence dERSequence = (DERSequence) attribute.getAttrValues().getObjectAt(0);
            for (int i = 0; i < dERSequence.size(); i++) {
                OtherCertID otherCertID = OtherCertID.getInstance(dERSequence.getObjectAt(i));
                CertificateRef certificateRef = new CertificateRef();
                certificateRef.setDigestAlgorithm(otherCertID.getAlgorithmHash().getAlgorithm().getId());
                certificateRef.setDigestValue(otherCertID.getCertHash());
                if (otherCertID.getIssuerSerial() != null) {
                    if (otherCertID.getIssuerSerial().getIssuer() != null) {
                        certificateRef.setIssuerName(otherCertID.getIssuerSerial().getIssuer().toString());
                    }
                    if (otherCertID.getIssuerSerial().getSerial() != null) {
                        certificateRef.setIssuerSerial(otherCertID.getIssuerSerial().getSerial().toString());
                    }
                }
                arrayList.add(certificateRef);
            }
        }
        return arrayList;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<CRLRef> getCRLRefs() {
        Attribute attribute;
        ArrayList arrayList = new ArrayList();
        if (this.signerInformation.getUnsignedAttributes() != null && (attribute = this.signerInformation.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs)) != null && attribute.getAttrValues().size() > 0) {
            DERSequence dERSequence = (DERSequence) attribute.getAttrValues().getObjectAt(0);
            for (int i = 0; i < dERSequence.size(); i++) {
                for (CrlValidatedID crlValidatedID : CrlOcspRef.getInstance(dERSequence.getObjectAt(i)).getCrlids().getCrls()) {
                    arrayList.add(new CRLRef(crlValidatedID));
                }
            }
        }
        return arrayList;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<OCSPRef> getOCSPRefs() {
        Attribute attribute;
        ArrayList arrayList = new ArrayList();
        if (this.signerInformation.getUnsignedAttributes() != null && (attribute = this.signerInformation.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs)) != null && attribute.getAttrValues().size() > 0) {
            DERSequence dERSequence = (DERSequence) attribute.getAttrValues().getObjectAt(0);
            for (int i = 0; i < dERSequence.size(); i++) {
                for (OcspResponsesID ocspResponsesID : CrlOcspRef.getInstance(dERSequence.getObjectAt(i)).getOcspids().getOcspResponses()) {
                    arrayList.add(new OCSPRef(ocspResponsesID, true));
                }
            }
        }
        return arrayList;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<X509CRL> getCRLs() {
        return getCRLSource().getContainedCRLs();
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<BasicOCSPResp> getOCSPs() {
        return getOCSPSource().getContainedOCSPResponses();
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public byte[] getSignatureTimestampData() {
        return this.signerInformation.getSignature();
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public byte[] getTimestampX1Data() {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(this.signerInformation.getSignature());
            if (this.signerInformation.getUnsignedAttributes() != null) {
                byteArrayOutputStream.write(this.signerInformation.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken).getAttrType().getDEREncoded());
                byteArrayOutputStream.write(this.signerInformation.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken).getAttrValues().getDEREncoded());
            }
            byteArrayOutputStream.write(getTimestampX2Data());
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public byte[] getTimestampX2Data() {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (this.signerInformation.getUnsignedAttributes() != null) {
                byteArrayOutputStream.write(this.signerInformation.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs).getAttrType().getDEREncoded());
                byteArrayOutputStream.write(this.signerInformation.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs).getAttrValues().getDEREncoded());
                byteArrayOutputStream.write(this.signerInformation.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs).getAttrType().getDEREncoded());
                byteArrayOutputStream.write(this.signerInformation.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs).getAttrValues().getDEREncoded());
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public byte[] getArchiveTimestampData(int i, DSSDocument dSSDocument) throws DSSException {
        int i2;
        InputStream inputStream = null;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            try {
                SignedData signedData = SignedData.getInstance(this.cmsSignedData.getContentInfo().getContent());
                if (signedData.getEncapContentInfo() == null || signedData.getEncapContentInfo().getContent() == null) {
                    if (dSSDocument == null) {
                        throw new RuntimeException("Signature is detached and no original data provided.");
                    }
                    inputStream = dSSDocument.openStream();
                    byteArrayOutputStream.write(inputStream);
                } else {
                    byteArrayOutputStream.write(new ContentInfo(new ASN1ObjectIdentifier("1.2.840.113549.1.7.1"), (DEREncodable) new BERConstructedOctetString(((DEROctetString) signedData.getEncapContentInfo().getContent()).getOctets())).getEncoded());
                }
                if (signedData.getCertificates() != null) {
                    DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
                    dEROutputStream.writeObject(signedData.getCertificates());
                    dEROutputStream.close();
                }
                if (signedData.getCRLs() != null) {
                    byteArrayOutputStream.write(signedData.getCRLs().getEncoded());
                }
                int i3 = 0;
                if (this.signerInformation.getUnsignedAttributes() != null) {
                    ASN1EncodableVector aSN1EncodableVector = this.signerInformation.getUnsignedAttributes().toASN1EncodableVector();
                    List<Attribute> timestampToRemove = getTimestampToRemove(i);
                    ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                    for (0; i2 < aSN1EncodableVector.size(); i2 + 1) {
                        if (timestampToRemove.contains(aSN1EncodableVector.get(i2))) {
                            int i4 = i3;
                            i3++;
                            i2 = i4 >= i ? i2 + 1 : 0;
                        }
                        aSN1EncodableVector2.add(aSN1EncodableVector.get(i2));
                    }
                    byteArrayOutputStream.write(SignerInformation.replaceUnsignedAttributes(this.signerInformation, new AttributeTable(aSN1EncodableVector2)).toASN1Structure().getEncoded());
                }
                inputStream = inputStream;
                return byteArrayOutputStream.toByteArray();
            } catch (IOException e) {
                throw new DSSException(e);
            }
        } finally {
            DSSUtils.closeQuietly((InputStream) null);
        }
    }

    private List<Attribute> getTimestampToRemove(int i) {
        ArrayList arrayList = new ArrayList();
        if (this.signerInformation.getUnsignedAttributes() != null) {
            ASN1EncodableVector all = this.signerInformation.getUnsignedAttributes().getAll(id_aa_ets_archiveTimestampV2);
            for (int i2 = 0; i2 < all.size(); i2++) {
                arrayList.add((Attribute) all.get(i2));
            }
        }
        return arrayList;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public String getId() {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(LdapHashUtils.MD5);
            messageDigest.update(Long.toString(getSigningTime().getTime()).getBytes());
            messageDigest.update(getSigningCertificate().getEncoded());
            return Hex.encodeHexString(messageDigest.digest());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
