package eu.europa.ec.markt.dss.signature.cades;

import eu.europa.ec.markt.dss.CertificateIdentifier;
import eu.europa.ec.markt.dss.signature.SignatureParameters;
import eu.europa.ec.markt.dss.validation.CertificateVerifier;
import eu.europa.ec.markt.dss.validation.ValidationContext;
import eu.europa.ec.markt.dss.validation.cades.CAdESSignature;
import eu.europa.ec.markt.dss.validation.certificate.CertificateAndContext;
import eu.europa.ec.markt.dss.validation.certificate.CertificateSource;
import eu.europa.ec.markt.dss.validation.certificate.CompositeCertificateSource;
import eu.europa.ec.markt.dss.validation.certificate.ListCertificateSource;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERGeneralizedTime;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERUTCTime;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.esf.CrlIdentifier;
import org.bouncycastle.asn1.esf.CrlListID;
import org.bouncycastle.asn1.esf.CrlOcspRef;
import org.bouncycastle.asn1.esf.CrlValidatedID;
import org.bouncycastle.asn1.esf.OcspIdentifier;
import org.bouncycastle.asn1.esf.OcspListID;
import org.bouncycastle.asn1.esf.OcspResponsesID;
import org.bouncycastle.asn1.esf.OtherHash;
import org.bouncycastle.asn1.ess.OtherCertID;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.OCSPException;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/signature/cades/CAdESProfileC.class */
public class CAdESProfileC extends CAdESProfileT {
    private static final Logger LOG = Logger.getLogger(CAdESProfileC.class.getName());
    protected CertificateVerifier certificateVerifier;

    public void setCertificateVerifier(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
    }

    private OtherCertID makeOtherCertID(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        byte[] digest = MessageDigest.getInstance(X509ObjectIdentifiers.id_SHA1.getId(), new BouncyCastleProvider()).digest(x509Certificate.getEncoded());
        if (LOG.isLoggable(Level.INFO)) {
            LOG.info("Computing digest for " + CertificateIdentifier.getId(x509Certificate) + ": " + new DEROctetString(digest).getDERObject().toString());
        }
        return new OtherCertID(new DERSequence(new OtherHash(digest).getDERObject()));
    }

    private CrlValidatedID makeCrlValidatedID(X509CRL x509crl) throws NoSuchAlgorithmException, CRLException {
        CrlIdentifier crlIdentifier;
        OtherHash otherHash = new OtherHash(MessageDigest.getInstance(X509ObjectIdentifiers.id_SHA1.getId(), new BouncyCastleProvider()).digest(x509crl.getEncoded()));
        if (x509crl.getExtensionValue("2.5.29.20") != null) {
            crlIdentifier = new CrlIdentifier(new X500Name(x509crl.getIssuerX500Principal().getName()), new DERUTCTime(x509crl.getThisUpdate()), new DERInteger(x509crl.getExtensionValue("2.5.29.20")).getPositiveValue());
        } else {
            crlIdentifier = new CrlIdentifier(new X500Name(x509crl.getIssuerX500Principal().getName()), new DERUTCTime(x509crl.getThisUpdate()));
        }
        return new CrlValidatedID(otherHash, crlIdentifier);
    }

    private OcspResponsesID makeOcspResponsesID(BasicOCSPResp basicOCSPResp) throws NoSuchAlgorithmException, OCSPException, IOException {
        byte[] digest = MessageDigest.getInstance(X509ObjectIdentifiers.id_SHA1.getId(), new BouncyCastleProvider()).digest(basicOCSPResp.getEncoded());
        OcspResponsesID ocspResponsesID = new OcspResponsesID(new OcspIdentifier(basicOCSPResp.getResponderId().toASN1Object(), new DERGeneralizedTime(basicOCSPResp.getProducedAt())), new OtherHash(digest));
        LOG.info("Incorporate OcspResponseId[hash=" + Hex.encodeHexString(digest) + ",producedAt=" + basicOCSPResp.getProducedAt());
        return ocspResponsesID;
    }

    private Hashtable<ASN1ObjectIdentifier, ASN1Encodable> extendUnsignedAttributes(Hashtable<ASN1ObjectIdentifier, ASN1Encodable> hashtable, X509Certificate x509Certificate, SignatureParameters signatureParameters, Date date, CertificateSource certificateSource) throws IOException {
        ValidationContext validateCertificate = this.certificateVerifier.validateCertificate(x509Certificate, date, new CompositeCertificateSource(new ListCertificateSource(signatureParameters.getCertificateChain()), certificateSource), null, null);
        try {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            for (CertificateAndContext certificateAndContext : validateCertificate.getNeededCertificates()) {
                if (!certificateAndContext.getCertificate().equals(x509Certificate)) {
                    arrayList.add(makeOtherCertID(certificateAndContext.getCertificate()));
                }
                ArrayList arrayList3 = new ArrayList();
                ArrayList arrayList4 = new ArrayList();
                Iterator<X509CRL> it2 = validateCertificate.getRelatedCRLs(certificateAndContext).iterator();
                while (it2.hasNext()) {
                    arrayList3.add(makeCrlValidatedID(it2.next()));
                }
                Iterator<BasicOCSPResp> it3 = validateCertificate.getRelatedOCSPResp(certificateAndContext).iterator();
                while (it3.hasNext()) {
                    arrayList4.add(makeOcspResponsesID(it3.next()));
                }
                arrayList2.add(new CrlOcspRef(new CrlListID((CrlValidatedID[]) arrayList3.toArray(new CrlValidatedID[arrayList3.size()])), new OcspListID((OcspResponsesID[]) arrayList4.toArray(new OcspResponsesID[arrayList4.size()])), null));
            }
            OtherCertID[] otherCertIDArr = new OtherCertID[arrayList.size()];
            CrlOcspRef[] crlOcspRefArr = new CrlOcspRef[arrayList2.size()];
            hashtable.put(PKCSObjectIdentifiers.id_aa_ets_certificateRefs, new Attribute(PKCSObjectIdentifiers.id_aa_ets_certificateRefs, new DERSet(new DERSequence((ASN1Encodable[]) arrayList.toArray(otherCertIDArr)))));
            hashtable.put(PKCSObjectIdentifiers.id_aa_ets_revocationRefs, new Attribute(PKCSObjectIdentifiers.id_aa_ets_revocationRefs, new DERSet(new DERSequence((ASN1Encodable[]) arrayList2.toArray(crlOcspRefArr)))));
            return hashtable;
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        } catch (CRLException e3) {
            throw new RuntimeException(e3);
        } catch (CertificateEncodingException e4) {
            throw new RuntimeException(e4);
        } catch (OCSPException e5) {
            throw new RuntimeException(e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.ec.markt.dss.signature.cades.CAdESProfileT, eu.europa.ec.markt.dss.signature.cades.CAdESSignatureExtension
    public SignerInformation extendCMSSignature(CMSSignedData cMSSignedData, SignerInformation signerInformation, SignatureParameters signatureParameters) throws IOException {
        SignerInformation extendCMSSignature = super.extendCMSSignature(cMSSignedData, signerInformation, signatureParameters);
        LOG.info(">>>CAdESProfileC::extendCMSSignature");
        Hashtable hashtable = extendCMSSignature.getUnsignedAttributes().toHashtable();
        CAdESSignature cAdESSignature = new CAdESSignature(cMSSignedData, signerInformation.getSID());
        return SignerInformation.replaceUnsignedAttributes(extendCMSSignature, new AttributeTable(extendUnsignedAttributes(hashtable, cAdESSignature.getSigningCertificate(), signatureParameters, cAdESSignature.getSigningTime(), cAdESSignature.getCertificateSource())));
    }
}
