package eu.europa.ec.markt.dss.signature.xades;

import eu.europa.ec.markt.dss.DigestAlgorithm;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.signature.SignatureFormat;
import eu.europa.ec.markt.dss.validation.CertificateVerifier;
import eu.europa.ec.markt.dss.validation.ValidationContext;
import eu.europa.ec.markt.dss.validation.certificate.CertificateAndContext;
import eu.europa.ec.markt.dss.validation.certificate.ListCertificateSource;
import eu.europa.ec.markt.dss.validation.ocsp.OCSPUtils;
import eu.europa.ec.markt.tsl.jaxb.xades.CRLIdentifierType;
import eu.europa.ec.markt.tsl.jaxb.xades.CRLRefType;
import eu.europa.ec.markt.tsl.jaxb.xades.CRLRefsType;
import eu.europa.ec.markt.tsl.jaxb.xades.CertIDListType;
import eu.europa.ec.markt.tsl.jaxb.xades.CertIDType;
import eu.europa.ec.markt.tsl.jaxb.xades.CompleteCertificateRefsType;
import eu.europa.ec.markt.tsl.jaxb.xades.CompleteRevocationRefsType;
import eu.europa.ec.markt.tsl.jaxb.xades.OCSPIdentifierType;
import eu.europa.ec.markt.tsl.jaxb.xades.OCSPRefType;
import eu.europa.ec.markt.tsl.jaxb.xades.OCSPRefsType;
import eu.europa.ec.markt.tsl.jaxb.xades.ResponderIDType;
import java.io.IOException;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.w3c.dom.Element;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/signature/xades/XAdESProfileC.class */
public class XAdESProfileC extends XAdESProfileT {
    private static final Logger LOG = Logger.getLogger(XAdESProfileC.class.getName());
    protected CertificateVerifier certificateVerifier;

    public XAdESProfileC() {
        LOG.info("XAdESProfileC new instance created.");
    }

    public void setCertificateVerifier(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
    }

    private void incorporateCRLRefs(CompleteRevocationRefsType completeRevocationRefsType, ValidationContext validationContext) throws DSSException {
        if (validationContext.getNeededCRL().isEmpty()) {
            return;
        }
        CRLRefsType createCRLRefsType = xadesFactory.createCRLRefsType();
        completeRevocationRefsType.setCRLRefs(createCRLRefsType);
        List<CRLRefType> cRLRef = createCRLRefsType.getCRLRef();
        for (X509CRL x509crl : validationContext.getNeededCRL()) {
            try {
                CRLRefType createCRLRefType = xadesFactory.createCRLRefType();
                CRLIdentifierType createCRLIdentifierType = xadesFactory.createCRLIdentifierType();
                createCRLRefType.setCRLIdentifier(createCRLIdentifierType);
                createCRLIdentifierType.setIssuer(x509crl.getIssuerX500Principal().getName());
                GregorianCalendar gregorianCalendar = (GregorianCalendar) GregorianCalendar.getInstance();
                gregorianCalendar.setTime(x509crl.getThisUpdate());
                createCRLIdentifierType.setIssueTime(_dataFactory.newXMLGregorianCalendar(gregorianCalendar));
                createCRLRefType.setDigestAlgAndValue(getDigestAlgAndValue(x509crl.getEncoded(), DigestAlgorithm.SHA1));
                cRLRef.add(createCRLRefType);
            } catch (CRLException e) {
                throw new DSSException(e);
            }
        }
    }

    private void incorporateOCSPRefs(CompleteRevocationRefsType completeRevocationRefsType, ValidationContext validationContext) throws DSSException {
        if (validationContext.getNeededOCSPResp().isEmpty()) {
            return;
        }
        OCSPRefsType createOCSPRefsType = xadesFactory.createOCSPRefsType();
        completeRevocationRefsType.setOCSPRefs(createOCSPRefsType);
        List<OCSPRefType> oCSPRef = createOCSPRefsType.getOCSPRef();
        for (BasicOCSPResp basicOCSPResp : validationContext.getNeededOCSPResp()) {
            try {
                OCSPRefType createOCSPRefType = xadesFactory.createOCSPRefType();
                createOCSPRefType.setDigestAlgAndValue(getDigestAlgAndValue(OCSPUtils.fromBasicToResp(basicOCSPResp).getEncoded(), DigestAlgorithm.SHA1));
                OCSPIdentifierType createOCSPIdentifierType = xadesFactory.createOCSPIdentifierType();
                createOCSPRefType.setOCSPIdentifier(createOCSPIdentifierType);
                Date producedAt = basicOCSPResp.getProducedAt();
                GregorianCalendar gregorianCalendar = (GregorianCalendar) GregorianCalendar.getInstance();
                gregorianCalendar.setTime(producedAt);
                createOCSPIdentifierType.setProducedAt(_dataFactory.newXMLGregorianCalendar(gregorianCalendar));
                ResponderIDType createResponderIDType = xadesFactory.createResponderIDType();
                createOCSPIdentifierType.setResponderID(createResponderIDType);
                DERTaggedObject dERTaggedObject = (DERTaggedObject) basicOCSPResp.getResponderId().toASN1Object().toASN1Object();
                if (2 == dERTaggedObject.getTagNo()) {
                    createResponderIDType.setByKey(((ASN1OctetString) dERTaggedObject.getObject()).getOctets());
                } else {
                    createResponderIDType.setByName(X500Name.getInstance(dERTaggedObject.getObject()).toString());
                }
                oCSPRef.add(createOCSPRefType);
            } catch (IOException e) {
                throw new DSSException(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.ec.markt.dss.signature.xades.XAdESProfileT
    public void extendSignatureTag() throws DSSException {
        super.extendSignatureTag();
        SignatureFormat signatureFormat = this.params.getSignatureFormat();
        if (!this.xadesSignature.hasCExtension() || SignatureFormat.XAdES_C.equals(signatureFormat) || SignatureFormat.XAdES_XL.equals(signatureFormat)) {
            try {
                List<X509Certificate> certificates = this.xadesSignature.getCertificates();
                X509Certificate signingCertificate = this.xadesSignature.getSigningCertificate(certificates);
                ValidationContext validateCertificate = this.certificateVerifier.validateCertificate(signingCertificate, this.xadesSignature.getSigningTime(), new ListCertificateSource(certificates), null, null);
                CompleteCertificateRefsType createCompleteCertificateRefsType = xadesFactory.createCompleteCertificateRefsType();
                CertIDListType createCertIDListType = xadesFactory.createCertIDListType();
                createCompleteCertificateRefsType.setCertRefs(createCertIDListType);
                List<CertIDType> cert = createCertIDListType.getCert();
                Iterator<CertificateAndContext> it2 = validateCertificate.getNeededCertificates().iterator();
                while (it2.hasNext()) {
                    X509Certificate certificate = it2.next().getCertificate();
                    if (!certificate.equals(signingCertificate)) {
                        cert.add(getCertID(certificate, DigestAlgorithm.SHA1));
                    }
                }
                CompleteRevocationRefsType createCompleteRevocationRefsType = xadesFactory.createCompleteRevocationRefsType();
                incorporateCRLRefs(createCompleteRevocationRefsType, validateCertificate);
                incorporateOCSPRefs(createCompleteRevocationRefsType, validateCertificate);
                Element unsignedSignatureProperties = this.xadesSignature.getUnsignedSignatureProperties();
                Element completeCertificateRefs = this.xadesSignature.getCompleteCertificateRefs();
                if (completeCertificateRefs != null) {
                    unsignedSignatureProperties.removeChild(completeCertificateRefs);
                }
                marshal(xadesFactory.createCompleteCertificateRefs(createCompleteCertificateRefsType), unsignedSignatureProperties);
                Element completeRevocationRefs = this.xadesSignature.getCompleteRevocationRefs();
                if (completeRevocationRefs != null) {
                    unsignedSignatureProperties.removeChild(completeRevocationRefs);
                }
                marshal(xadesFactory.createCompleteRevocationRefs(createCompleteRevocationRefsType), unsignedSignatureProperties);
            } catch (IOException e) {
                throw new DSSException(e);
            }
        }
    }
}
