package eu.europa.esig.dss.pades.signature;

import eu.europa.esig.dss.FileNameBuilder;
import eu.europa.esig.dss.cades.validation.CAdESAttribute;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.cades.validation.CAdESUnsignedAttributes;
import eu.europa.esig.dss.enumerations.MimeTypeEnum;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.enumerations.SignaturePackaging;
import eu.europa.esig.dss.exception.IllegalInputException;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSMessageDigest;
import eu.europa.esig.dss.model.DigestDocument;
import eu.europa.esig.dss.pades.PAdESSignatureParameters;
import eu.europa.esig.dss.pades.validation.CMSForPAdESBaselineRequirementsChecker;
import eu.europa.esig.dss.pdf.IPdfObjFactory;
import eu.europa.esig.dss.pdf.PDFSignatureService;
import eu.europa.esig.dss.pdf.ServiceLoaderPdfObjFactory;
import eu.europa.esig.dss.signature.SigningOperation;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.validation.CertificateVerifier;
import java.io.Serializable;
import java.util.Collections;
import java.util.Iterator;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cms.CMSSignedData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-pades-6.0.jar:eu/europa/esig/dss/pades/signature/PAdESWithExternalCMSService.class */
public class PAdESWithExternalCMSService implements Serializable {
    private static final long serialVersionUID = -6168823023670905054L;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) PAdESWithExternalCMSService.class);
    private CertificateVerifier certificateVerifier;
    private TSPSource tspSource;
    private IPdfObjFactory pdfObjFactory = new ServiceLoaderPdfObjFactory();

    public void setCertificateVerifier(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
    }

    public void setTspSource(TSPSource tSPSource) {
        this.tspSource = tSPSource;
    }

    public void setPdfObjFactory(IPdfObjFactory iPdfObjFactory) {
        Objects.requireNonNull(iPdfObjFactory, "PdfObjFactory is null");
        this.pdfObjFactory = iPdfObjFactory;
    }

    public DSSMessageDigest getMessageDigest(DSSDocument dSSDocument, PAdESSignatureParameters pAdESSignatureParameters) {
        Objects.requireNonNull(dSSDocument, "toSignDocument cannot be null!");
        Objects.requireNonNull(pAdESSignatureParameters, "SignatureParameters cannot be null!");
        assertDocumentValid(dSSDocument);
        return getPAdESSignatureService().messageDigest(dSSDocument, pAdESSignatureParameters);
    }

    public DSSDocument signDocument(DSSDocument dSSDocument, PAdESSignatureParameters pAdESSignatureParameters, DSSDocument dSSDocument2) {
        Objects.requireNonNull(dSSDocument, "toSignDocument cannot be null!");
        Objects.requireNonNull(pAdESSignatureParameters, "SignatureParameters cannot be null!");
        Objects.requireNonNull(pAdESSignatureParameters.getSignatureLevel(), "SignatureLevel shall be defined within parameters!");
        Objects.requireNonNull(dSSDocument2, "CMSDocument cannot be null!");
        assertDocumentValid(dSSDocument);
        assertDocumentValid(dSSDocument2);
        CMSSignedData cMSSignedData = toCMSSignedData(dSSDocument2);
        DSSDocument sign = getPAdESSignatureService().sign(dSSDocument, DSSASN1Utils.getDEREncoded(cMSSignedData), pAdESSignatureParameters);
        if (SignatureLevel.PAdES_BASELINE_B != pAdESSignatureParameters.getSignatureLevel() && isExtensionRequired(cMSSignedData, pAdESSignatureParameters)) {
            pAdESSignatureParameters.getContext().setDetachedContents(Collections.singletonList(dSSDocument));
            sign = getPAdESService().extendDocument(sign, pAdESSignatureParameters);
        }
        sign.setName(getFinalDocumentName(dSSDocument, pAdESSignatureParameters.getSignatureLevel()));
        pAdESSignatureParameters.reinit();
        return sign;
    }

    private CMSSignedData toCMSSignedData(DSSDocument dSSDocument) {
        try {
            return DSSUtils.toCMSSignedData(dSSDocument);
        } catch (Exception e) {
            throw new IllegalInputException(String.format("A CMS file is expected : %s", e.getMessage()), e);
        }
    }

    protected PDFSignatureService getPAdESSignatureService() {
        return this.pdfObjFactory.newPAdESSignatureService();
    }

    protected PAdESService getPAdESService() {
        Objects.requireNonNull(this.certificateVerifier, "CertificateVerifier shall be provided for PAdES extension!");
        Objects.requireNonNull(this.tspSource, "TSPSource shall be provided for PAdES extension!");
        PAdESService pAdESService = new PAdESService(this.certificateVerifier);
        pAdESService.setTspSource(this.tspSource);
        pAdESService.setPdfObjFactory(this.pdfObjFactory);
        return pAdESService;
    }

    protected String getFinalDocumentName(DSSDocument dSSDocument, SignatureLevel signatureLevel) {
        return new FileNameBuilder().setOriginalFilename(dSSDocument.getName()).setSigningOperation(SigningOperation.SIGN).setSignatureLevel(signatureLevel).setSignaturePackaging(SignaturePackaging.ENVELOPED).setMimeType(MimeTypeEnum.PDF).build();
    }

    private void assertDocumentValid(DSSDocument dSSDocument) {
        if (dSSDocument instanceof DigestDocument) {
            throw new IllegalArgumentException("DigestDocument cannot be used for PAdES!");
        }
    }

    private boolean isExtensionRequired(CMSSignedData cMSSignedData, PAdESSignatureParameters pAdESSignatureParameters) {
        if (!SignatureLevel.PAdES_BASELINE_T.equals(pAdESSignatureParameters.getSignatureLevel())) {
            return true;
        }
        Iterator<CAdESAttribute> it = CAdESUnsignedAttributes.build(cMSSignedData.getSignerInfos().iterator().next()).getAttributes().iterator();
        while (it.hasNext()) {
            if (PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.equals((ASN1Primitive) it.next().getASN1Oid())) {
                LOG.info("The CMS signature already contains a signature-time-stamp attribute! The extension to '%s' level is skipped.");
                return false;
            }
        }
        return true;
    }

    public boolean isValidCMSSignedData(DSSMessageDigest dSSMessageDigest, DSSDocument dSSDocument) {
        Objects.requireNonNull(dSSMessageDigest, "messageDigest shall be provided!");
        Objects.requireNonNull(dSSDocument, "CMSSignedDocument shall be provided!");
        try {
            CMSSignedData cMSSignedData = DSSUtils.toCMSSignedData(dSSDocument);
            if (cMSSignedData.getSignerInfos().size() != 1) {
                LOG.error("CMSSignedData shall contain one and only one SignerInformation for signature signing process!");
                return false;
            }
            if (toCAdESSignature(cMSSignedData, dSSMessageDigest).getSignatureCryptographicVerification().isSignatureValid()) {
                return true;
            }
            LOG.error("CMSSignedData signature is not valid!");
            return false;
        } catch (Exception e) {
            LOG.error("Unable to decode the provided CMS document : {}", e.getMessage());
            return false;
        }
    }

    public boolean isValidPAdESBaselineCMSSignedData(DSSMessageDigest dSSMessageDigest, DSSDocument dSSDocument) {
        Objects.requireNonNull(dSSMessageDigest, "messageDigest shall be provided!");
        Objects.requireNonNull(dSSDocument, "CMSSignedDocument shall be provided!");
        try {
            return new CMSForPAdESBaselineRequirementsChecker(toCAdESSignature(DSSUtils.toCMSSignedData(dSSDocument), dSSMessageDigest)).isValidForPAdESBaselineBProfile();
        } catch (Exception e) {
            LOG.error("Unable to decode the provided CMS document : {}", e.getMessage());
            return false;
        }
    }

    private CAdESSignature toCAdESSignature(CMSSignedData cMSSignedData, DSSMessageDigest dSSMessageDigest) {
        CAdESSignature cAdESSignature = new CAdESSignature(cMSSignedData, cMSSignedData.getSignerInfos().iterator().next());
        cAdESSignature.setDetachedContents(Collections.singletonList(DSSUtils.toDigestDocument(dSSMessageDigest)));
        return cAdESSignature;
    }
}
