package eu.europa.ec.markt.dss.signature.cades;

import eu.europa.ec.markt.dss.DSSUtils;
import eu.europa.ec.markt.dss.Digest;
import eu.europa.ec.markt.dss.SignatureAlgorithm;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.signature.DSSDocument;
import eu.europa.ec.markt.dss.signature.DocumentSignatureService;
import eu.europa.ec.markt.dss.signature.SignaturePackaging;
import eu.europa.ec.markt.dss.signature.SignatureParameters;
import eu.europa.ec.markt.dss.signature.provider.SignatureInterceptorProvider;
import eu.europa.ec.markt.dss.signature.token.SignatureTokenConnection;
import eu.europa.ec.markt.dss.validation.CertificateVerifier;
import eu.europa.ec.markt.dss.validation.tsp.TSPSource;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.logging.Logger;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
import org.bouncycastle.cms.SimpleAttributeTableGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/signature/cades/CAdESService.class */
public class CAdESService implements DocumentSignatureService {
    private static final Logger LOG = Logger.getLogger(CAdESService.class.getName());
    private TSPSource tspSource;
    private CertificateVerifier verifier;

    public CAdESService() {
        Security.addProvider(new BouncyCastleProvider());
    }

    @Override // eu.europa.ec.markt.dss.signature.DocumentSignatureService
    public void setTspSource(TSPSource tSPSource) {
        this.tspSource = tSPSource;
    }

    @Override // eu.europa.ec.markt.dss.signature.DocumentSignatureService
    public void setCertificateVerifier(CertificateVerifier certificateVerifier) {
        this.verifier = certificateVerifier;
    }

    private CAdESProfileBES getSigningProfile(SignatureParameters signatureParameters) {
        switch (signatureParameters.getSignatureFormat()) {
            case CAdES_BES:
                return new CAdESProfileBES();
            case CAdES_EPES:
            default:
                return new CAdESProfileEPES();
        }
    }

    private CAdESSignatureExtension getExtensionProfile(SignatureParameters signatureParameters) {
        switch (signatureParameters.getSignatureFormat()) {
            case CAdES_BES:
            case CAdES_EPES:
                return null;
            case CAdES_T:
                CAdESProfileT cAdESProfileT = new CAdESProfileT();
                cAdESProfileT.setSignatureTsa(this.tspSource);
                return cAdESProfileT;
            case CAdES_C:
                CAdESProfileC cAdESProfileC = new CAdESProfileC();
                cAdESProfileC.setSignatureTsa(this.tspSource);
                cAdESProfileC.setCertificateVerifier(this.verifier);
                return cAdESProfileC;
            case CAdES_X:
                CAdESProfileX cAdESProfileX = new CAdESProfileX();
                cAdESProfileX.setSignatureTsa(this.tspSource);
                cAdESProfileX.setExtendedValidationType(1);
                cAdESProfileX.setCertificateVerifier(this.verifier);
                return cAdESProfileX;
            case CAdES_XL:
                CAdESProfileXL cAdESProfileXL = new CAdESProfileXL();
                cAdESProfileXL.setSignatureTsa(this.tspSource);
                cAdESProfileXL.setExtendedValidationType(1);
                cAdESProfileXL.setCertificateVerifier(this.verifier);
                return cAdESProfileXL;
            case CAdES_A:
                CAdESProfileA cAdESProfileA = new CAdESProfileA();
                cAdESProfileA.setSignatureTsa(this.tspSource);
                cAdESProfileA.setCertificateVerifier(this.verifier);
                cAdESProfileA.setExtendedValidationType(1);
                return cAdESProfileA;
            default:
                throw new RuntimeException("Unsupported signature format " + signatureParameters.getSignatureFormat());
        }
    }

    @Deprecated
    public Digest digest(DSSDocument dSSDocument, SignatureParameters signatureParameters) throws DSSException {
        try {
            return new Digest(signatureParameters.getDigestAlgorithm(), MessageDigest.getInstance(signatureParameters.getDigestAlgorithm().getName()).digest(IOUtils.toByteArray(toBeSigned(dSSDocument, signatureParameters))));
        } catch (IOException e) {
            throw new DSSException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new DSSException(e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17, types: [org.bouncycastle.cms.CMSTypedData, org.bouncycastle.cms.CMSProcessableByteArray] */
    @Override // eu.europa.ec.markt.dss.signature.DocumentSignatureService
    public InputStream toBeSigned(DSSDocument dSSDocument, SignatureParameters signatureParameters) throws DSSException {
        SignaturePackaging signaturePackaging = signatureParameters.getSignaturePackaging();
        if (!signaturePackaging.equals(SignaturePackaging.ENVELOPING) && !signaturePackaging.equals(SignaturePackaging.DETACHED)) {
            throw new IllegalArgumentException("Unsupported signature packaging " + signaturePackaging);
        }
        InputStream inputStream = null;
        try {
            try {
                PreComputedContentSigner preComputedContentSigner = new PreComputedContentSigner(SignatureAlgorithm.getAlgorithm(signatureParameters.getEncryptionAlgorithm(), signatureParameters.getDigestAlgorithm()).getJAVAId());
                CMSSignedDataGenerator createCMSSignedDataGenerator = createCMSSignedDataGenerator(preComputedContentSigner, new BcDigestCalculatorProvider(), signatureParameters, getSigningProfile(signatureParameters), false, null);
                inputStream = dSSDocument.openStream();
                createCMSSignedDataGenerator.generate((CMSTypedData) new CMSProcessableByteArray(IOUtils.toByteArray(inputStream)), !signaturePackaging.equals(SignaturePackaging.DETACHED));
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(preComputedContentSigner.getByteOutputStream().toByteArray());
                DSSUtils.closeQuietly(inputStream);
                return byteArrayInputStream;
            } catch (Exception e) {
                throw new DSSException(e);
            }
        } catch (Throwable th) {
            DSSUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v18, types: [org.bouncycastle.cms.CMSTypedData, org.bouncycastle.cms.CMSProcessableByteArray] */
    @Override // eu.europa.ec.markt.dss.signature.DocumentSignatureService
    public DSSDocument signDocument(DSSDocument dSSDocument, SignatureParameters signatureParameters, byte[] bArr) throws DSSException {
        SignaturePackaging signaturePackaging = signatureParameters.getSignaturePackaging();
        if (!signaturePackaging.equals(SignaturePackaging.ENVELOPING) && !signaturePackaging.equals(SignaturePackaging.DETACHED)) {
            throw new IllegalArgumentException("Unsupported signature packaging " + signaturePackaging);
        }
        InputStream inputStream = null;
        try {
            try {
                CMSSignedDataGenerator createCMSSignedDataGenerator = createCMSSignedDataGenerator(new PreComputedContentSigner(SignatureAlgorithm.getAlgorithm(signatureParameters.getEncryptionAlgorithm(), signatureParameters.getDigestAlgorithm()).getJAVAId(), bArr), new BcDigestCalculatorProvider(), signatureParameters, getSigningProfile(signatureParameters), true, null);
                InputStream openStream = dSSDocument.openStream();
                CMSSignedData generate = createCMSSignedDataGenerator.generate((CMSTypedData) new CMSProcessableByteArray(IOUtils.toByteArray(openStream)), !signaturePackaging.equals(SignaturePackaging.DETACHED));
                DSSDocument cMSSignedDocument = new CMSSignedDocument(generate);
                CAdESSignatureExtension extensionProfile = getExtensionProfile(signatureParameters);
                if (extensionProfile != null) {
                    signatureParameters.setOriginalDocument(dSSDocument);
                    cMSSignedDocument = extensionProfile.extendSignatures(new CMSSignedDocument(generate), signatureParameters);
                }
                return inputStream;
            } catch (IOException e) {
                throw new DSSException(e);
            } catch (CMSException e2) {
                throw new DSSException(e2);
            }
        } finally {
            DSSUtils.closeQuietly(inputStream);
        }
    }

    @Override // eu.europa.ec.markt.dss.signature.DocumentSignatureService
    public DSSDocument signDocument(DSSDocument dSSDocument, SignatureParameters signatureParameters) throws DSSException {
        SignaturePackaging signaturePackaging = signatureParameters.getSignaturePackaging();
        if (!signaturePackaging.equals(SignaturePackaging.ENVELOPING) && !signaturePackaging.equals(SignaturePackaging.DETACHED)) {
            throw new IllegalArgumentException("Unsupported signature packaging " + signaturePackaging);
        }
        SignatureTokenConnection signingToken = signatureParameters.getSigningToken();
        if (signingToken == null) {
            throw new IllegalArgumentException("SigningToken is null, the connection through available API to the SSCD must be set.");
        }
        InputStream inputStream = null;
        try {
            try {
                inputStream = toBeSigned(dSSDocument, signatureParameters);
                DSSDocument signDocument = signDocument(dSSDocument, signatureParameters, signingToken.sign(inputStream, signatureParameters.getDigestAlgorithm(), signatureParameters.getPrivateKeyEntry()));
                DSSUtils.closeQuietly(inputStream);
                return signDocument;
            } catch (IOException e) {
                throw new DSSException("Signed info input stream read error.", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new DSSException("The digest algorythm is not supported: " + signatureParameters.getDigestAlgorithm(), e2);
            }
        } catch (Throwable th) {
            DSSUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v26, types: [org.bouncycastle.cms.CMSTypedData, org.bouncycastle.cms.CMSProcessableByteArray] */
    public DSSDocument addASignatureToDocument(DSSDocument dSSDocument, SignatureParameters signatureParameters, byte[] bArr) throws IOException {
        if (signatureParameters.getSignaturePackaging() != SignaturePackaging.ENVELOPING) {
            throw new IllegalArgumentException("Unsupported signature packaging " + signatureParameters.getSignaturePackaging());
        }
        try {
            try {
                InputStream openStream = dSSDocument.openStream();
                CMSSignedData cMSSignedData = new CMSSignedData(openStream);
                CMSSignedDataGenerator createCMSSignedDataGenerator = createCMSSignedDataGenerator(new PreComputedContentSigner(SignatureAlgorithm.getAlgorithm(signatureParameters.getEncryptionAlgorithm(), signatureParameters.getDigestAlgorithm()).getJAVAId(), bArr), new BcDigestCalculatorProvider(), signatureParameters, getSigningProfile(signatureParameters), true, cMSSignedData);
                if (cMSSignedData == null || cMSSignedData.getSignedContent().getContent() == null) {
                    throw new RuntimeException("Cannot retrieve orignal content");
                }
                CMSSignedData generate = createCMSSignedDataGenerator.generate((CMSTypedData) new CMSProcessableByteArray((byte[]) cMSSignedData.getSignedContent().getContent()), true);
                DSSDocument cMSSignedDocument = new CMSSignedDocument(generate);
                CAdESSignatureExtension extensionProfile = getExtensionProfile(signatureParameters);
                if (extensionProfile != null) {
                    signatureParameters.setOriginalDocument(null);
                    cMSSignedDocument = extensionProfile.extendSignatures(new CMSSignedDocument(generate), signatureParameters);
                }
                DSSDocument dSSDocument2 = cMSSignedDocument;
                DSSUtils.closeQuietly(openStream);
                return dSSDocument2;
            } catch (CMSException e) {
                throw new DSSException(e);
            }
        } catch (Throwable th) {
            DSSUtils.closeQuietly((InputStream) null);
            throw th;
        }
    }

    @Override // eu.europa.ec.markt.dss.signature.DocumentSignatureService
    public DSSDocument extendDocument(DSSDocument dSSDocument, DSSDocument dSSDocument2, SignatureParameters signatureParameters) throws IOException {
        CAdESSignatureExtension extensionProfile = getExtensionProfile(signatureParameters);
        if (extensionProfile != null) {
            signatureParameters.setOriginalDocument(dSSDocument2);
            return extensionProfile.extendSignatures(dSSDocument, signatureParameters);
        }
        LOG.info("No extension for " + signatureParameters.getSignatureFormat());
        return dSSDocument;
    }

    @Override // eu.europa.ec.markt.dss.signature.DocumentSignatureService
    public DSSDocument extendDocument(DSSDocument dSSDocument, SignatureParameters signatureParameters) throws DSSException {
        CAdESSignatureExtension extensionProfile = getExtensionProfile(signatureParameters);
        if (extensionProfile != null) {
            return extensionProfile.extendSignatures(dSSDocument, signatureParameters);
        }
        LOG.info("No extension for " + signatureParameters.getSignatureFormat());
        return dSSDocument;
    }

    private CMSSignedDataGenerator createCMSSignedDataGenerator(ContentSigner contentSigner, DigestCalculatorProvider digestCalculatorProvider, SignatureParameters signatureParameters, CAdESProfileBES cAdESProfileBES, boolean z, CMSSignedData cMSSignedData) throws IOException {
        try {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(signatureParameters.getSigningCertificate().getEncoded());
            SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(digestCalculatorProvider);
            signerInfoGeneratorBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(cAdESProfileBES.getSignedAttributes(signatureParameters))));
            signerInfoGeneratorBuilder.setUnsignedAttributeGenerator(new SimpleAttributeTableGenerator(z ? new AttributeTable(cAdESProfileBES.getUnsignedAttributes(signatureParameters)) : null));
            cMSSignedDataGenerator.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(contentSigner, x509CertificateHolder));
            if (cMSSignedData != null) {
                cMSSignedDataGenerator.addSigners(cMSSignedData.getSignerInfos());
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(signatureParameters.getSigningCertificate());
            if (signatureParameters.getCertificateChain() != null) {
                for (X509Certificate x509Certificate : signatureParameters.getCertificateChain()) {
                    if (!x509Certificate.getSubjectX500Principal().equals(signatureParameters.getSigningCertificate().getSubjectX500Principal())) {
                        arrayList.add(x509Certificate);
                    }
                }
            }
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(arrayList));
            if (cMSSignedData != null) {
                cMSSignedDataGenerator.addCertificates(cMSSignedData.getCertificates());
            }
            return cMSSignedDataGenerator;
        } catch (CertificateEncodingException e) {
            throw new IOException(e);
        } catch (CMSException e2) {
            throw new IOException(e2);
        } catch (OperatorCreationException e3) {
            throw new IOException(e3);
        }
    }

    static {
        Security.addProvider(new SignatureInterceptorProvider());
    }
}
