package eu.europa.ec.markt.dss.signature.xades;

import eu.europa.ec.markt.dss.CertificateIdentifier;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.signature.SignatureFormat;
import eu.europa.ec.markt.dss.validation.ValidationContext;
import eu.europa.ec.markt.dss.validation.certificate.CertificateAndContext;
import eu.europa.ec.markt.dss.validation.certificate.ListCertificateSource;
import eu.europa.ec.markt.dss.validation.ocsp.OCSPUtils;
import eu.europa.ec.markt.tsl.jaxb.xades.CRLValuesType;
import eu.europa.ec.markt.tsl.jaxb.xades.CertificateValuesType;
import eu.europa.ec.markt.tsl.jaxb.xades.EncapsulatedPKIDataType;
import eu.europa.ec.markt.tsl.jaxb.xades.OCSPValuesType;
import eu.europa.ec.markt.tsl.jaxb.xades.RevocationValuesType;
import java.io.IOException;
import java.io.Serializable;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import java.util.logging.Logger;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.w3c.dom.Element;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/signature/xades/XAdESProfileXL.class */
public class XAdESProfileXL extends XAdESProfileX {
    private static final Logger LOG = Logger.getLogger(XAdESProfileXL.class.getName());

    public XAdESProfileXL() {
        LOG.info("XAdESProfileXL new instance created.");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.ec.markt.dss.signature.xades.XAdESProfileX, eu.europa.ec.markt.dss.signature.xades.XAdESProfileC, eu.europa.ec.markt.dss.signature.xades.XAdESProfileT
    public void extendSignatureTag() throws DSSException {
        super.extendSignatureTag();
        if (!this.xadesSignature.hasXLExtension() || SignatureFormat.XAdES_XL.equals(this.params.getSignatureFormat())) {
            try {
                List<X509Certificate> certificates = this.xadesSignature.getCertificates();
                X509Certificate signingCertificate = this.xadesSignature.getSigningCertificate(certificates);
                Date signingTime = this.xadesSignature.getSigningTime();
                LOG.info("Certificate validation for XAdES-XL");
                ValidationContext validateCertificate = this.certificateVerifier.validateCertificate(signingCertificate, signingTime, new ListCertificateSource(certificates), null, null);
                CertificateValuesType createCertificateValuesType = xadesFactory.createCertificateValuesType();
                List<Serializable> encapsulatedX509CertificateOrOtherCertificate = createCertificateValuesType.getEncapsulatedX509CertificateOrOtherCertificate();
                List<X509Certificate> keyInfoCertificates = this.xadesSignature.getKeyInfoCertificates();
                for (CertificateAndContext certificateAndContext : validateCertificate.getNeededCertificates()) {
                    if (keyInfoCertificates.contains(certificateAndContext.getCertificate())) {
                        LOG.info("####### Already exists: " + CertificateIdentifier.getIdAsString(certificateAndContext.getCertificate()));
                    } else {
                        LOG.info("Add certificate value for " + certificateAndContext);
                        EncapsulatedPKIDataType createEncapsulatedPKIDataType = xadesFactory.createEncapsulatedPKIDataType();
                        try {
                            createEncapsulatedPKIDataType.setValue(certificateAndContext.getCertificate().getEncoded());
                            encapsulatedX509CertificateOrOtherCertificate.add(createEncapsulatedPKIDataType);
                        } catch (CertificateEncodingException e) {
                            throw new DSSException("certificate encoding error: " + e.getMessage(), e);
                        }
                    }
                }
                RevocationValuesType createRevocationValuesType = xadesFactory.createRevocationValuesType();
                if (!validateCertificate.getNeededCRL().isEmpty()) {
                    CRLValuesType createCRLValuesType = xadesFactory.createCRLValuesType();
                    createRevocationValuesType.setCRLValues(createCRLValuesType);
                    List<EncapsulatedPKIDataType> encapsulatedCRLValue = createCRLValuesType.getEncapsulatedCRLValue();
                    for (X509CRL x509crl : validateCertificate.getNeededCRL()) {
                        EncapsulatedPKIDataType createEncapsulatedPKIDataType2 = xadesFactory.createEncapsulatedPKIDataType();
                        createEncapsulatedPKIDataType2.setValue(x509crl.getEncoded());
                        encapsulatedCRLValue.add(createEncapsulatedPKIDataType2);
                    }
                }
                if (!validateCertificate.getNeededOCSPResp().isEmpty()) {
                    OCSPValuesType createOCSPValuesType = xadesFactory.createOCSPValuesType();
                    createRevocationValuesType.setOCSPValues(createOCSPValuesType);
                    List<EncapsulatedPKIDataType> encapsulatedOCSPValue = createOCSPValuesType.getEncapsulatedOCSPValue();
                    for (BasicOCSPResp basicOCSPResp : validateCertificate.getNeededOCSPResp()) {
                        EncapsulatedPKIDataType createEncapsulatedPKIDataType3 = xadesFactory.createEncapsulatedPKIDataType();
                        createEncapsulatedPKIDataType3.setValue(OCSPUtils.fromBasicToResp(basicOCSPResp).getEncoded());
                        encapsulatedOCSPValue.add(createEncapsulatedPKIDataType3);
                    }
                }
                Element certificateValues = this.xadesSignature.getCertificateValues();
                Element unsignedSignatureProperties = this.xadesSignature.getUnsignedSignatureProperties();
                if (certificateValues != null) {
                    unsignedSignatureProperties.removeChild(certificateValues);
                }
                marshal(xadesFactory.createCertificateValues(createCertificateValuesType), unsignedSignatureProperties);
                Element revocationValues = this.xadesSignature.getRevocationValues();
                if (revocationValues != null) {
                    unsignedSignatureProperties.removeChild(revocationValues);
                }
                marshal(xadesFactory.createRevocationValues(createRevocationValuesType), unsignedSignatureProperties);
            } catch (IOException e2) {
                throw new DSSException(e2);
            } catch (CRLException e3) {
                throw new DSSException(e3);
            }
        }
    }
}
