package eu.europa.esig.dss.cades.validation.timestamp;

import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.signature.CadesLevelBaselineLTATimestampExtractor;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.enumerations.ArchiveTimestampType;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.DSSMessageDigest;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSMessageDigestCalculator;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.OID;
import eu.europa.esig.dss.spi.validation.timestamp.TimestampMessageDigestBuilder;
import eu.europa.esig.dss.spi.x509.ListCertificateSource;
import eu.europa.esig.dss.spi.x509.tsp.TimestampToken;
import eu.europa.esig.dss.utils.Utils;
import java.io.IOException;
import java.util.List;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BEROctetString;
import org.bouncycastle.asn1.BERSequence;
import org.bouncycastle.asn1.BERSet;
import org.bouncycastle.asn1.BERTaggedObject;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.tsp.TimeStampToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-cades-6.1.jar:eu/europa/esig/dss/cades/validation/timestamp/CAdESTimestampMessageDigestBuilder.class */
public class CAdESTimestampMessageDigestBuilder implements TimestampMessageDigestBuilder {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CAdESTimestampMessageDigestBuilder.class);
    private static final String MESSAGE_IMPRINT_ERROR = "Unable to compute message-imprint for TimestampToken with Id '{}'. Reason : {}";
    private final CMSSignedData cmsSignedData;
    private final SignerInformation signerInformation;
    private final List<DSSDocument> detachedDocuments;
    private final CadesLevelBaselineLTATimestampExtractor timestampExtractor;
    private DigestAlgorithm digestAlgorithm;
    private TimestampToken timestampToken;

    public CAdESTimestampMessageDigestBuilder(CAdESSignature cAdESSignature, ListCertificateSource listCertificateSource, DigestAlgorithm digestAlgorithm) {
        this(cAdESSignature, listCertificateSource);
        Objects.requireNonNull(digestAlgorithm, "DigestAlgorithm cannot be null!");
        this.digestAlgorithm = digestAlgorithm;
    }

    public CAdESTimestampMessageDigestBuilder(CAdESSignature cAdESSignature, ListCertificateSource listCertificateSource, TimestampToken timestampToken) {
        this(cAdESSignature, listCertificateSource);
        Objects.requireNonNull(timestampToken, "TimestampToken cannot be null!");
        this.timestampToken = timestampToken;
        this.digestAlgorithm = timestampToken.getDigestAlgorithm();
    }

    private CAdESTimestampMessageDigestBuilder(CAdESSignature cAdESSignature, ListCertificateSource listCertificateSource) {
        Objects.requireNonNull(cAdESSignature, "Signature cannot be null!");
        Objects.requireNonNull(listCertificateSource, "ListCertificateSource cannot be null!");
        this.cmsSignedData = cAdESSignature.getCmsSignedData();
        this.signerInformation = cAdESSignature.getSignerInformation();
        this.detachedDocuments = cAdESSignature.getDetachedContents();
        this.timestampExtractor = new CadesLevelBaselineLTATimestampExtractor(this.cmsSignedData, listCertificateSource.getCertificates());
    }

    @Override // eu.europa.esig.dss.spi.validation.timestamp.TimestampMessageDigestBuilder
    public DSSMessageDigest getContentTimestampMessageDigest() {
        return getOriginalDocumentDigest();
    }

    @Override // eu.europa.esig.dss.spi.validation.timestamp.TimestampMessageDigestBuilder
    public DSSMessageDigest getSignatureTimestampMessageDigest() {
        return new DSSMessageDigest(this.digestAlgorithm, DSSUtils.digest(this.digestAlgorithm, this.signerInformation.getSignature()));
    }

    @Override // eu.europa.esig.dss.spi.validation.timestamp.TimestampMessageDigestBuilder
    public DSSMessageDigest getTimestampX1MessageDigest() {
        try {
            DSSMessageDigestCalculator dSSMessageDigestCalculator = new DSSMessageDigestCalculator(this.digestAlgorithm);
            dSSMessageDigestCalculator.update(this.signerInformation.getSignature());
            Attribute[] unsignedAttributes = CMSUtils.getUnsignedAttributes(this.signerInformation, PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
            if (Utils.isArrayNotEmpty(unsignedAttributes)) {
                for (Attribute attribute : unsignedAttributes) {
                    dSSMessageDigestCalculator.update(DSSASN1Utils.getDEREncoded(attribute.getAttrType()));
                    dSSMessageDigestCalculator.update(DSSASN1Utils.getDEREncoded(attribute.getAttrValues()));
                }
            }
            writeTimestampX2MessageDigest(dSSMessageDigestCalculator);
            return dSSMessageDigestCalculator.getMessageDigest();
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.warn(MESSAGE_IMPRINT_ERROR, this.timestampToken.getDSSIdAsString(), e.getMessage(), e);
                return null;
            }
            LOG.warn(MESSAGE_IMPRINT_ERROR, this.timestampToken.getDSSIdAsString(), e.getMessage());
            return null;
        }
    }

    @Override // eu.europa.esig.dss.spi.validation.timestamp.TimestampMessageDigestBuilder
    public DSSMessageDigest getTimestampX2MessageDigest() {
        try {
            DSSMessageDigestCalculator dSSMessageDigestCalculator = new DSSMessageDigestCalculator(this.digestAlgorithm);
            writeTimestampX2MessageDigest(dSSMessageDigestCalculator);
            return dSSMessageDigestCalculator.getMessageDigest();
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.warn(MESSAGE_IMPRINT_ERROR, this.timestampToken.getDSSIdAsString(), e.getMessage(), e);
                return null;
            }
            LOG.warn(MESSAGE_IMPRINT_ERROR, this.timestampToken.getDSSIdAsString(), e.getMessage());
            return null;
        }
    }

    private void writeTimestampX2MessageDigest(DSSMessageDigestCalculator dSSMessageDigestCalculator) {
        Attribute[] unsignedAttributes = CMSUtils.getUnsignedAttributes(this.signerInformation, PKCSObjectIdentifiers.id_aa_ets_certificateRefs);
        if (Utils.isArrayNotEmpty(unsignedAttributes)) {
            for (Attribute attribute : unsignedAttributes) {
                dSSMessageDigestCalculator.update(DSSASN1Utils.getDEREncoded(attribute.getAttrType()));
                dSSMessageDigestCalculator.update(DSSASN1Utils.getDEREncoded(attribute.getAttrValues()));
            }
        }
        Attribute[] unsignedAttributes2 = CMSUtils.getUnsignedAttributes(this.signerInformation, PKCSObjectIdentifiers.id_aa_ets_revocationRefs);
        if (Utils.isArrayNotEmpty(unsignedAttributes2)) {
            for (Attribute attribute2 : unsignedAttributes2) {
                dSSMessageDigestCalculator.update(DSSASN1Utils.getDEREncoded(attribute2.getAttrType()));
                dSSMessageDigestCalculator.update(DSSASN1Utils.getDEREncoded(attribute2.getAttrValues()));
            }
        }
    }

    @Override // eu.europa.esig.dss.spi.validation.timestamp.TimestampMessageDigestBuilder
    public DSSMessageDigest getArchiveTimestampMessageDigest() {
        DSSMessageDigest archiveTimestampDataV3;
        ArchiveTimestampType archiveTimestampType = this.timestampToken != null ? this.timestampToken.getArchiveTimestampType() : ArchiveTimestampType.CAdES_V3;
        switch (archiveTimestampType) {
            case CAdES_V2:
                archiveTimestampDataV3 = getArchiveTimestampDataV2(true);
                if (!this.timestampToken.matchData(archiveTimestampDataV3, true)) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Unable to match message imprint for an Archive TimestampToken V2 with Id '{}' by including unsigned attribute tags and length, try to compute the data without...", this.timestampToken.getDSSIdAsString());
                    }
                    archiveTimestampDataV3 = getArchiveTimestampDataV2(false);
                    break;
                }
                break;
            case CAdES_V3:
                archiveTimestampDataV3 = getArchiveTimestampDataV3();
                break;
            default:
                throw new DSSException("Unsupported ArchiveTimestampType " + archiveTimestampType);
        }
        return archiveTimestampDataV3;
    }

    private DSSMessageDigest getArchiveTimestampDataV3() throws DSSException {
        Attribute verifiedAtsHashIndex = this.timestampExtractor.getVerifiedAtsHashIndex(this.signerInformation, this.timestampToken);
        DSSDocument originalDocument = getOriginalDocument();
        if (originalDocument != null) {
            return this.timestampExtractor.getArchiveTimestampV3MessageImprint(this.signerInformation, verifiedAtsHashIndex, originalDocument, this.digestAlgorithm);
        }
        LOG.warn("The original document is not found for TimestampToken with Id '{}'! Unable to compute message imprint.", this.timestampToken.getDSSIdAsString());
        return DSSMessageDigest.createEmptyDigest();
    }

    private DSSMessageDigest getOriginalDocumentDigest() {
        DSSDocument originalDocument = getOriginalDocument();
        if (originalDocument != null) {
            return new DSSMessageDigest(this.digestAlgorithm, originalDocument.getDigestValue(this.digestAlgorithm));
        }
        LOG.warn("The original document is not found for TimestampToken with Id '{}'! Unable to compute message imprint.", this.timestampToken.getDSSIdAsString());
        return DSSMessageDigest.createEmptyDigest();
    }

    private DSSMessageDigest getArchiveTimestampDataV2(boolean z) throws DSSException {
        try {
            DSSMessageDigestCalculator dSSMessageDigestCalculator = new DSSMessageDigestCalculator(this.digestAlgorithm);
            SignedData signedData = SignedData.getInstance(this.cmsSignedData.toASN1Structure().getContent());
            dSSMessageDigestCalculator.update(getContentInfoBytes(signedData));
            if (CMSUtils.isDetachedSignature(this.cmsSignedData)) {
                byte[] originalDocumentBinaries = getOriginalDocumentBinaries();
                if (originalDocumentBinaries == null) {
                    LOG.warn("The detached content is not provided for a TimestampToken with Id '{}'. Not possible to compute message imprint!", this.timestampToken.getDSSIdAsString());
                    return DSSMessageDigest.createEmptyDigest();
                }
                dSSMessageDigestCalculator.update(originalDocumentBinaries);
            }
            byte[] certificateDataBytes = getCertificateDataBytes(signedData);
            if (Utils.isArrayNotEmpty(certificateDataBytes)) {
                dSSMessageDigestCalculator.update(certificateDataBytes);
            }
            byte[] cRLDataBytes = getCRLDataBytes(signedData);
            if (Utils.isArrayNotEmpty(cRLDataBytes)) {
                dSSMessageDigestCalculator.update(cRLDataBytes);
            }
            writeSignerInfoBytes(dSSMessageDigestCalculator, z);
            return dSSMessageDigestCalculator.getMessageDigest();
        } catch (Exception e) {
            LOG.warn("An error in computing of message-imprint for a TimestampToken with Id : {}. Reason : {}", this.timestampToken.getDSSIdAsString(), e.getMessage(), e);
            return null;
        }
    }

    private byte[] getContentInfoBytes(SignedData signedData) {
        ContentInfo encapContentInfo = signedData.getEncapContentInfo();
        byte[] bEREncoded = encapContentInfo.getContent() instanceof BEROctetString ? DSSASN1Utils.getBEREncoded(encapContentInfo) : DSSASN1Utils.getDEREncoded(encapContentInfo);
        if (LOG.isTraceEnabled()) {
            LOG.trace("Content Info: {}", DSSUtils.toHex(bEREncoded));
        }
        return bEREncoded;
    }

    private byte[] getOriginalDocumentBinaries() {
        if (getOriginalDocument() != null) {
            return DSSUtils.toByteArray(getOriginalDocument());
        }
        return null;
    }

    private byte[] getCertificateDataBytes(SignedData signedData) throws IOException {
        byte[] bArr = null;
        ASN1Set certificates = signedData.getCertificates();
        if (certificates != null) {
            bArr = certificates instanceof BERSet ? new BERTaggedObject(false, 0, (ASN1Encodable) new BERSequence(certificates.toArray())).getEncoded() : new DERTaggedObject(false, 0, (ASN1Encodable) new DERSequence(certificates.toArray())).getEncoded();
            if (LOG.isTraceEnabled()) {
                LOG.trace("Certificates: {}", DSSUtils.toHex(bArr));
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Certificates are not present in the SignedData.");
        }
        return bArr;
    }

    private byte[] getCRLDataBytes(SignedData signedData) throws IOException {
        byte[] bArr = null;
        ASN1Set cRLs = signedData.getCRLs();
        if (cRLs != null) {
            bArr = signedData.getCRLs() instanceof BERSet ? new BERTaggedObject(false, 1, (ASN1Encodable) new BERSequence(cRLs.toArray())).getEncoded() : new DERTaggedObject(false, 1, (ASN1Encodable) new DERSequence(cRLs.toArray())).getEncoded();
            if (LOG.isTraceEnabled()) {
                LOG.trace("CRLs: {}", DSSUtils.toHex(bArr));
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("CRLs are not present in the SignedData.");
        }
        return bArr;
    }

    private void writeSignerInfoBytes(DSSMessageDigestCalculator dSSMessageDigestCalculator, boolean z) {
        SignerInfo aSN1Structure = this.signerInformation.toASN1Structure();
        ASN1Sequence signerInfoEncoded = getSignerInfoEncoded(aSN1Structure, filterUnauthenticatedAttributes(aSN1Structure.getUnauthenticatedAttributes(), this.timestampToken), z);
        for (int i = 0; i < signerInfoEncoded.size(); i++) {
            byte[] dEREncoded = DSSASN1Utils.getDEREncoded(signerInfoEncoded.getObjectAt(i).toASN1Primitive());
            if (LOG.isTraceEnabled()) {
                LOG.trace("SignerInfoBytes: {}", DSSUtils.toHex(dEREncoded));
            }
            dSSMessageDigestCalculator.update(dEREncoded);
        }
    }

    private ASN1Sequence filterUnauthenticatedAttributes(ASN1Set aSN1Set, TimestampToken timestampToken) {
        int i;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (0; i < aSN1Set.size(); i + 1) {
            Attribute attribute = Attribute.getInstance(aSN1Set.getObjectAt(i));
            ASN1ObjectIdentifier attrType = attribute.getAttrType();
            if (OID.id_aa_ets_archiveTimestampV2.equals((ASN1Primitive) attrType) || OID.id_aa_ets_archiveTimestampV3.equals((ASN1Primitive) attrType)) {
                try {
                    TimeStampToken timeStampToken = CMSUtils.getTimeStampToken(attribute);
                    i = (timeStampToken == null || !timeStampToken.getTimeStampInfo().getGenTime().before(timestampToken.getGenerationTime())) ? i + 1 : 0;
                } catch (Exception e) {
                    throw new DSSException(String.format("Unexpected error occurred on reading unsigned properties : %s", e.getMessage()), e);
                }
            }
            aSN1EncodableVector.add(aSN1Set.getObjectAt(i));
        }
        return new DERSequence(aSN1EncodableVector);
    }

    private ASN1Sequence getSignerInfoEncoded(SignerInfo signerInfo, ASN1Sequence aSN1Sequence, boolean z) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(signerInfo.getVersion());
        aSN1EncodableVector.add(signerInfo.getSID());
        aSN1EncodableVector.add(signerInfo.getDigestAlgorithm());
        DERTaggedObject dERSignedAttributes = CMSUtils.getDERSignedAttributes(this.signerInformation);
        if (dERSignedAttributes != null) {
            aSN1EncodableVector.add(dERSignedAttributes);
        }
        aSN1EncodableVector.add(signerInfo.getDigestEncryptionAlgorithm());
        aSN1EncodableVector.add(signerInfo.getEncryptedDigest());
        if (aSN1Sequence != null) {
            if (z) {
                aSN1EncodableVector.add(new DERTaggedObject(false, 1, (ASN1Encodable) aSN1Sequence));
            } else {
                for (int i = 0; i < aSN1Sequence.size(); i++) {
                    aSN1EncodableVector.add(aSN1Sequence.getObjectAt(i));
                }
            }
        }
        return new DERSequence(aSN1EncodableVector);
    }

    private DSSDocument getOriginalDocument() {
        try {
            return CMSUtils.getOriginalDocument(this.cmsSignedData, this.detachedDocuments);
        } catch (DSSException e) {
            LOG.warn("Cannot extract original document! Reason : {}", e.getMessage());
            return null;
        }
    }
}
