package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.TimeStampTokenProductionComparator;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.cades.validation.CMSDocumentAnalyzer;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.signature.SignatureRequirementsChecker;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.signature.AdvancedSignature;
import eu.europa.esig.dss.spi.validation.CertificateVerifier;
import eu.europa.esig.dss.spi.validation.ValidationData;
import eu.europa.esig.dss.spi.validation.ValidationDataContainer;
import eu.europa.esig.dss.spi.x509.CMSSignedDataBuilder;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.utils.Utils;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.tsp.TimeStampToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-cades-6.1.jar:eu/europa/esig/dss/cades/signature/CAdESLevelBaselineLT.class */
public class CAdESLevelBaselineLT extends CAdESLevelBaselineT {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CAdESLevelBaselineLT.class);

    public CAdESLevelBaselineLT(TSPSource tSPSource, CertificateVerifier certificateVerifier) {
        super(tSPSource, certificateVerifier);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.cades.signature.CAdESLevelBaselineT, eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public CMSSignedData extendCMSSignatures(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters, List<String> list) {
        CMSSignedData extendWithValidationData;
        CMSSignedData extendCMSSignatures = super.extendCMSSignatures(cMSSignedData, cAdESSignatureParameters, list);
        CMSDocumentAnalyzer documentValidator = getDocumentValidator(extendCMSSignatures, cAdESSignatureParameters);
        List<AdvancedSignature> signatures = documentValidator.getSignatures();
        List<AdvancedSignature> extendToLTLevelSignatures = getExtendToLTLevelSignatures(signatures, list);
        if (Utils.isCollectionEmpty(extendToLTLevelSignatures)) {
            return extendCMSSignatures;
        }
        SignatureRequirementsChecker signatureRequirementsChecker = getSignatureRequirementsChecker(cAdESSignatureParameters);
        if (SignatureLevel.CAdES_BASELINE_LT.equals(cAdESSignatureParameters.getSignatureLevel())) {
            signatureRequirementsChecker.assertExtendToLTLevelPossible(extendToLTLevelSignatures);
        }
        signatureRequirementsChecker.assertSignaturesValid(extendToLTLevelSignatures);
        signatureRequirementsChecker.assertCertificateChainValidForLTLevel(extendToLTLevelSignatures);
        ValidationDataContainer validationData = documentValidator.getValidationData(extendToLTLevelSignatures);
        if (includesATSv2(extendCMSSignatures)) {
            ArrayList arrayList = new ArrayList();
            Iterator<AdvancedSignature> it = signatures.iterator();
            while (it.hasNext()) {
                CAdESSignature cAdESSignature = (CAdESSignature) it.next();
                SignerInformation signerInformation = cAdESSignature.getSignerInformation();
                SignerInformation signerInformation2 = signerInformation;
                if (extendToLTLevelSignatures.contains(cAdESSignature)) {
                    signerInformation2 = extendSignerInformation(signerInformation, validationData.getCompleteValidationDataForSignature(cAdESSignature));
                }
                arrayList.add(signerInformation2);
            }
            extendWithValidationData = replaceSigners(extendCMSSignatures, arrayList);
        } else {
            ValidationData allValidationData = validationData.getAllValidationData();
            for (AdvancedSignature advancedSignature : extendToLTLevelSignatures) {
                allValidationData.excludeCertificateTokens(advancedSignature.getCertificateSource().getCertificateValues());
                allValidationData.excludeCRLTokens(advancedSignature.getCRLSource().getAllRevocationBinaries());
                allValidationData.excludeOCSPTokens(advancedSignature.getOCSPSource().getAllRevocationBinaries());
            }
            extendWithValidationData = extendWithValidationData(extendCMSSignatures, allValidationData);
        }
        return extendWithValidationData;
    }

    private SignerInformation extendSignerInformation(SignerInformation signerInformation, ValidationData validationData) {
        return SignerInformation.replaceUnsignedAttributes(signerInformation, addValidationData(CMSUtils.getUnsignedAttributes(signerInformation), validationData));
    }

    private AttributeTable addValidationData(AttributeTable attributeTable, ValidationData validationData) {
        TimeStampToken lastArchiveTimestamp = getLastArchiveTimestamp(attributeTable);
        if (lastArchiveTimestamp != null) {
            CMSSignedData cMSSignedData = lastArchiveTimestamp.toCMSSignedData();
            attributeTable = replaceTimeStampAttribute(attributeTable, cMSSignedData, extendWithValidationData(cMSSignedData, validationData));
        }
        return attributeTable;
    }

    private TimeStampToken getLastArchiveTimestamp(AttributeTable attributeTable) {
        TimeStampToken timeStampToken = null;
        TimeStampTokenProductionComparator timeStampTokenProductionComparator = new TimeStampTokenProductionComparator();
        for (TimeStampToken timeStampToken2 : CMSUtils.findArchiveTimeStampTokens(attributeTable)) {
            if (timeStampToken == null || timeStampTokenProductionComparator.after(timeStampToken2, timeStampToken)) {
                timeStampToken = timeStampToken2;
            }
        }
        return timeStampToken;
    }

    private AttributeTable replaceTimeStampAttribute(AttributeTable attributeTable, CMSSignedData cMSSignedData, CMSSignedData cMSSignedData2) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (Attribute attribute : attributeTable.toASN1Structure().getAttributes()) {
            Attribute attribute2 = attribute;
            if (CMSUtils.isArchiveTimeStampToken(attribute)) {
                try {
                    CMSSignedData cMSSignedData3 = CMSUtils.getCMSSignedData(attribute);
                    if (cMSSignedData3 != null && CMSUtils.isCMSSignedDataEqual(cMSSignedData, cMSSignedData3)) {
                        attribute2 = new Attribute(attribute.getAttrType(), new DERSet(DSSASN1Utils.toASN1Primitive(cMSSignedData2.getEncoded())));
                    }
                } catch (Exception e) {
                    LOG.warn("Unable to build a CMSSignedData object from an unsigned attribute. Reason : {}", e.getMessage(), e);
                }
            }
            aSN1EncodableVector.add(attribute2);
        }
        return new AttributeTable(aSN1EncodableVector);
    }

    private CMSSignedData extendWithValidationData(CMSSignedData cMSSignedData, ValidationData validationData) {
        return new CMSSignedDataBuilder().setOriginalCMSSignedData(cMSSignedData).extendCMSSignedData(validationData.getCertificateTokens(), validationData.getCrlTokens(), validationData.getOcspTokens());
    }

    protected boolean includesATSv2(CMSSignedData cMSSignedData) {
        Iterator<SignerInformation> it = cMSSignedData.getSignerInfos().iterator();
        while (it.hasNext()) {
            if (CMSUtils.containsATSTv2(it.next())) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<AdvancedSignature> getExtendToLTLevelSignatures(List<AdvancedSignature> list, List<String> list2) {
        ArrayList arrayList = new ArrayList();
        for (AdvancedSignature advancedSignature : list) {
            if (list2.contains(advancedSignature.getId())) {
                arrayList.add(advancedSignature);
            }
        }
        return arrayList;
    }
}
