package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSMessageDigest;
import eu.europa.esig.dss.signature.SignatureRequirementsChecker;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.exception.IllegalInputException;
import eu.europa.esig.dss.spi.signature.AdvancedSignature;
import eu.europa.esig.dss.spi.validation.CertificateVerifier;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.utils.Utils;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;

/* loaded from: input_file:BOOT-INF/lib/dss-cades-6.1.jar:eu/europa/esig/dss/cades/signature/CAdESLevelBaselineT.class */
public class CAdESLevelBaselineT extends CAdESSignatureExtension {
    public CAdESLevelBaselineT(TSPSource tSPSource, CertificateVerifier certificateVerifier) {
        super(tSPSource, certificateVerifier);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public CMSSignedData extendCMSSignatures(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters, List<String> list) {
        ArrayList arrayList = new ArrayList();
        List<AdvancedSignature> signatures = getDocumentValidator(cMSSignedData, cAdESSignatureParameters).getSignatures();
        if (Utils.isCollectionEmpty(signatures)) {
            throw new IllegalInputException("There is no signature to extend!");
        }
        List<AdvancedSignature> extendToTLevelSignatures = getExtendToTLevelSignatures(signatures, list, cAdESSignatureParameters);
        SignatureRequirementsChecker signatureRequirementsChecker = getSignatureRequirementsChecker(cAdESSignatureParameters);
        if (Utils.isCollectionEmpty(extendToTLevelSignatures)) {
            return cMSSignedData;
        }
        signatureRequirementsChecker.assertExtendToTLevelPossible(extendToTLevelSignatures);
        signatureRequirementsChecker.assertSignaturesValid(extendToTLevelSignatures);
        signatureRequirementsChecker.assertSigningCertificateIsValid(extendToTLevelSignatures);
        Iterator<AdvancedSignature> it = signatures.iterator();
        while (it.hasNext()) {
            CAdESSignature cAdESSignature = (CAdESSignature) it.next();
            SignerInformation signerInformation = cAdESSignature.getSignerInformation();
            SignerInformation signerInformation2 = signerInformation;
            if (extendToTLevelSignatures.contains(cAdESSignature)) {
                signerInformation2 = extendSignerInformation(signerInformation, cAdESSignatureParameters);
            }
            arrayList.add(signerInformation2);
        }
        return replaceSigners(cMSSignedData, arrayList);
    }

    private SignerInformation extendSignerInformation(SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters) {
        return SignerInformation.replaceUnsignedAttributes(signerInformation, addSignatureTimestampAttribute(signerInformation, CMSUtils.getUnsignedAttributes(signerInformation), cAdESSignatureParameters));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SignatureRequirementsChecker getSignatureRequirementsChecker(CAdESSignatureParameters cAdESSignatureParameters) {
        return new SignatureRequirementsChecker(this.certificateVerifier, cAdESSignatureParameters);
    }

    private List<AdvancedSignature> getExtendToTLevelSignatures(List<AdvancedSignature> list, List<String> list2, CAdESSignatureParameters cAdESSignatureParameters) {
        ArrayList arrayList = new ArrayList();
        for (AdvancedSignature advancedSignature : list) {
            if (list2.contains(advancedSignature.getId()) && tLevelExtensionRequired(advancedSignature, cAdESSignatureParameters)) {
                arrayList.add(advancedSignature);
            }
        }
        return arrayList;
    }

    private boolean tLevelExtensionRequired(AdvancedSignature advancedSignature, CAdESSignatureParameters cAdESSignatureParameters) {
        return SignatureLevel.CAdES_BASELINE_T.equals(cAdESSignatureParameters.getSignatureLevel()) || !advancedSignature.hasTProfile();
    }

    private AttributeTable addSignatureTimestampAttribute(SignerInformation signerInformation, AttributeTable attributeTable, CAdESSignatureParameters cAdESSignatureParameters) {
        DigestAlgorithm digestAlgorithm = cAdESSignatureParameters.getSignatureTimestampParameters().getDigestAlgorithm();
        return attributeTable.add(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, getTimeStampAttributeValue(new DSSMessageDigest(digestAlgorithm, DSSUtils.digest(digestAlgorithm, signerInformation.getSignature())), digestAlgorithm, new Attribute[0]));
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public /* bridge */ /* synthetic */ CMSSignedData extendCMSSignatures(CMSSignedData cMSSignedData, SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters) {
        return super.extendCMSSignatures(cMSSignedData, signerInformation, cAdESSignatureParameters);
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public /* bridge */ /* synthetic */ CMSSignedData extendCMSSignatures(CMSSignedData cMSSignedData, CAdESSignatureParameters cAdESSignatureParameters) {
        return super.extendCMSSignatures(cMSSignedData, cAdESSignatureParameters);
    }

    @Override // eu.europa.esig.dss.cades.signature.CAdESSignatureExtension
    public /* bridge */ /* synthetic */ CMSSignedDocument extendSignatures(DSSDocument dSSDocument, CAdESSignatureParameters cAdESSignatureParameters) {
        return super.extendSignatures(dSSDocument, cAdESSignatureParameters);
    }
}
