package eu.europa.esig.dss.xades.signature;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.exception.IllegalInputException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.DSSRevocationUtils;
import eu.europa.esig.dss.spi.x509.ResponderId;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLToken;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPToken;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.AdvancedSignature;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.ValidationData;
import eu.europa.esig.dss.validation.ValidationDataContainer;
import eu.europa.esig.dss.xades.validation.XAdESSignature;
import eu.europa.esig.dss.xml.utils.DomUtils;
import eu.europa.esig.xades.definition.xades141.XAdES141Element;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/dss-xades-6.0.jar:eu/europa/esig/dss/xades/signature/XAdESLevelC.class */
public class XAdESLevelC extends XAdESLevelBaselineT {
    public XAdESLevelC(CertificateVerifier certificateVerifier) {
        super(certificateVerifier);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.xades.signature.XAdESLevelBaselineT
    public void extendSignatures(List<AdvancedSignature> list) {
        super.extendSignatures(list);
        boolean z = false;
        Iterator<AdvancedSignature> it = list.iterator();
        while (it.hasNext()) {
            initializeSignatureBuilder((XAdESSignature) it.next());
            if (cLevelExtensionRequired()) {
                this.xadesSignature.resetCertificateSource();
                this.xadesSignature.resetRevocationSources();
                this.xadesSignature.resetTimestampSource();
                z = true;
            }
        }
        if (z) {
            ValidationDataContainer validationData = this.documentValidator.getValidationData(list);
            for (AdvancedSignature advancedSignature : list) {
                initializeSignatureBuilder((XAdESSignature) advancedSignature);
                if (cLevelExtensionRequired()) {
                    assertExtendSignatureToCPossible();
                    String removeOldCertificateRefs = removeOldCertificateRefs();
                    removeOldRevocationRefs();
                    ValidationData validationDataForCLevelInclusion = getValidationDataForCLevelInclusion(validationData, advancedSignature);
                    Element element = (Element) this.unsignedSignaturePropertiesDom.cloneNode(true);
                    incorporateCertificateRefs(this.unsignedSignaturePropertiesDom, validationDataForCLevelInclusion.getCertificateTokens(), removeOldCertificateRefs);
                    if (Utils.isCollectionNotEmpty(validationDataForCLevelInclusion.getCrlTokens()) || Utils.isCollectionNotEmpty(validationDataForCLevelInclusion.getOcspTokens())) {
                        Element addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementCompleteRevocationRefs());
                        incorporateCRLRefs(addElement, validationDataForCLevelInclusion.getCrlTokens());
                        incorporateOCSPRefs(addElement, validationDataForCLevelInclusion.getOcspTokens());
                    }
                    this.unsignedSignaturePropertiesDom = indentIfPrettyPrint(this.unsignedSignaturePropertiesDom, element);
                }
            }
        }
    }

    private boolean cLevelExtensionRequired() {
        return SignatureLevel.XAdES_C.equals(this.params.getSignatureLevel()) || SignatureLevel.XAdES_XL.equals(this.params.getSignatureLevel()) || !this.xadesSignature.hasCProfile();
    }

    private String removeOldCertificateRefs() {
        String str = null;
        Element completeCertificateRefs = this.xadesSignature.getCompleteCertificateRefs();
        if (completeCertificateRefs != null) {
            str = removeNode(completeCertificateRefs);
            this.xadesSignature.resetCertificateSource();
        }
        return str;
    }

    private void removeOldRevocationRefs() {
        Element completeRevocationRefs = this.xadesSignature.getCompleteRevocationRefs();
        if (completeRevocationRefs != null) {
            removeNode(completeRevocationRefs);
            this.xadesSignature.resetRevocationSources();
        }
    }

    private void incorporateCertificateRefs(Element element, Collection<CertificateToken> collection, String str) {
        if (Utils.isCollectionNotEmpty(collection)) {
            Element createCertRefsDom = createCertRefsDom(createCompleteCertificateRefsDom(element));
            DigestAlgorithm tokenReferencesDigestAlgorithm = this.params.getTokenReferencesDigestAlgorithm();
            Iterator<CertificateToken> it = collection.iterator();
            while (it.hasNext()) {
                incorporateCert(createCertRefsDom, it.next(), tokenReferencesDigestAlgorithm);
            }
        }
    }

    private Element createCompleteCertificateRefsDom(Element element) {
        return this.params.isEn319132() ? DomUtils.addElement(this.documentDom, element, getXades141Namespace(), XAdES141Element.COMPLETE_CERTIFICATE_REFS_V2) : DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementCompleteCertificateRefs());
    }

    private Element createCertRefsDom(Element element) {
        return this.params.isEn319132() ? DomUtils.addElement(this.documentDom, element, getXades141Namespace(), XAdES141Element.CERT_REFS) : DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementCertRefs());
    }

    private ValidationData getValidationDataForCLevelInclusion(ValidationDataContainer validationDataContainer, AdvancedSignature advancedSignature) {
        ValidationData allValidationDataForSignature = validationDataContainer.getAllValidationDataForSignature(advancedSignature);
        allValidationDataForSignature.excludeCertificateTokens(getCertificateTokensForExclusion());
        return allValidationDataForSignature;
    }

    private Collection<CertificateToken> getCertificateTokensForExclusion() {
        CertificateToken signingCertificateToken = this.xadesSignature.getSigningCertificateToken();
        return signingCertificateToken != null ? Collections.singletonList(signingCertificateToken) : Collections.emptyList();
    }

    private void incorporateCRLRefs(Element element, Collection<CRLToken> collection) {
        if (collection.isEmpty()) {
            return;
        }
        Element addElement = DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementCRLRefs());
        for (CRLToken cRLToken : collection) {
            Element addElement2 = DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementCRLRef());
            DigestAlgorithm tokenReferencesDigestAlgorithm = this.params.getTokenReferencesDigestAlgorithm();
            Element addElement3 = DomUtils.addElement(this.documentDom, addElement2, getXadesNamespace(), getCurrentXAdESElements().getElementDigestAlgAndValue());
            incorporateDigestMethod(addElement3, tokenReferencesDigestAlgorithm);
            incorporateDigestValue(addElement3, tokenReferencesDigestAlgorithm, cRLToken);
            Element addElement4 = DomUtils.addElement(this.documentDom, addElement2, getXadesNamespace(), getCurrentXAdESElements().getElementCRLIdentifier());
            DomUtils.addTextElement(this.documentDom, addElement4, getXadesNamespace(), getCurrentXAdESElements().getElementIssuer(), cRLToken.getIssuerX500Principal().getName());
            DomUtils.addTextElement(this.documentDom, addElement4, getXadesNamespace(), getCurrentXAdESElements().getElementIssueTime(), DomUtils.createXMLGregorianCalendar(cRLToken.getThisUpdate()).toXMLFormat());
        }
    }

    private void incorporateOCSPRefs(Element element, Collection<OCSPToken> collection) {
        if (collection.isEmpty()) {
            return;
        }
        Element addElement = DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementOCSPRefs());
        for (OCSPToken oCSPToken : collection) {
            BasicOCSPResp basicOCSPResp = oCSPToken.getBasicOCSPResp();
            if (basicOCSPResp != null) {
                Element addElement2 = DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementOCSPRef());
                Element addElement3 = DomUtils.addElement(this.documentDom, addElement2, getXadesNamespace(), getCurrentXAdESElements().getElementOCSPIdentifier());
                Element addElement4 = DomUtils.addElement(this.documentDom, addElement3, getXadesNamespace(), getCurrentXAdESElements().getElementResponderID());
                ResponderId dSSResponderId = DSSRevocationUtils.getDSSResponderId(basicOCSPResp.getResponderId());
                if (dSSResponderId.getX500Principal() != null) {
                    DomUtils.addTextElement(this.documentDom, addElement4, getXadesNamespace(), getCurrentXAdESElements().getElementByName(), dSSResponderId.getX500Principal().toString());
                } else {
                    DomUtils.addTextElement(this.documentDom, addElement4, getXadesNamespace(), getCurrentXAdESElements().getElementByKey(), Utils.toBase64(dSSResponderId.getSki()));
                }
                DomUtils.addTextElement(this.documentDom, addElement3, getXadesNamespace(), getCurrentXAdESElements().getElementProducedAt(), DomUtils.createXMLGregorianCalendar(basicOCSPResp.getProducedAt()).toXMLFormat());
                DigestAlgorithm tokenReferencesDigestAlgorithm = this.params.getTokenReferencesDigestAlgorithm();
                Element addElement5 = DomUtils.addElement(this.documentDom, addElement2, getXadesNamespace(), getCurrentXAdESElements().getElementDigestAlgAndValue());
                incorporateDigestMethod(addElement5, tokenReferencesDigestAlgorithm);
                incorporateDigestValue(addElement5, tokenReferencesDigestAlgorithm, oCSPToken);
            }
        }
    }

    private void assertExtendSignatureToCPossible() {
        SignatureLevel signatureLevel = this.params.getSignatureLevel();
        if ((SignatureLevel.XAdES_C.equals(signatureLevel) && (this.xadesSignature.hasXProfile() || this.xadesSignature.hasAProfile() || (this.xadesSignature.hasXLProfile() && !this.xadesSignature.areAllSelfSignedCertificates()))) || (SignatureLevel.XAdES_XL.equals(signatureLevel) && this.xadesSignature.hasAProfile())) {
            throw new IllegalInputException(String.format("Cannot extend signature to '%s'. The signature is already extended with higher level.", signatureLevel));
        }
        if (this.xadesSignature.areAllSelfSignedCertificates()) {
            throw new IllegalInputException("Cannot extend the signature. The signature contains only self-signed certificate chains!");
        }
    }
}
