package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.enumerations.SignaturePackaging;
import eu.europa.esig.dss.enumerations.TimestampType;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.DigestDocument;
import eu.europa.esig.dss.model.InMemoryDocument;
import eu.europa.esig.dss.model.SignaturePolicyStore;
import eu.europa.esig.dss.model.SignatureValue;
import eu.europa.esig.dss.model.ToBeSigned;
import eu.europa.esig.dss.signature.AbstractSignatureService;
import eu.europa.esig.dss.signature.CounterSignatureService;
import eu.europa.esig.dss.signature.SigningOperation;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.timestamp.TimestampToken;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import signservice.org.bouncycastle.cms.CMSException;
import signservice.org.bouncycastle.cms.CMSSignedData;
import signservice.org.bouncycastle.cms.CMSTypedData;
import signservice.org.bouncycastle.cms.SignerInformation;
import signservice.org.bouncycastle.operator.DigestCalculatorProvider;
import signservice.org.bouncycastle.tsp.TSPException;

/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CAdESService.class */
public class CAdESService extends AbstractSignatureService<CAdESSignatureParameters, CAdESTimestampParameters> implements CounterSignatureService<CAdESCounterSignatureParameters> {
    private static final long serialVersionUID = -7744554779153433450L;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CAdESService.class);

    public CAdESService(CertificateVerifier certificateVerifier) {
        super(certificateVerifier);
        LOG.debug("+ CAdESService created");
    }

    @Override // eu.europa.esig.dss.signature.DocumentSignatureService
    public TimestampToken getContentTimestamp(DSSDocument dSSDocument, CAdESSignatureParameters cAdESSignatureParameters) {
        Objects.requireNonNull(this.tspSource, "A TSPSource is required !");
        DigestAlgorithm digestAlgorithm = cAdESSignatureParameters.getContentTimestampParameters().getDigestAlgorithm();
        try {
            return new TimestampToken(this.tspSource.getTimeStampResponse(digestAlgorithm, Utils.fromBase64(dSSDocument.getDigest(digestAlgorithm))).getBytes(), TimestampType.CONTENT_TIMESTAMP);
        } catch (IOException | CMSException | TSPException e) {
            throw new DSSException("Cannot create a content TimestampToken", e);
        }
    }

    @Override // eu.europa.esig.dss.signature.DocumentSignatureService
    public ToBeSigned getDataToSign(DSSDocument dSSDocument, CAdESSignatureParameters cAdESSignatureParameters) {
        Objects.requireNonNull(dSSDocument, "toSignDocument cannot be null!");
        Objects.requireNonNull(cAdESSignatureParameters, "SignatureParameters cannot be null!");
        assertSigningCertificateValid(cAdESSignatureParameters);
        SignaturePackaging signaturePackaging = cAdESSignatureParameters.getSignaturePackaging();
        assertSignaturePackaging(signaturePackaging);
        CustomContentSigner customContentSigner = new CustomContentSigner(cAdESSignatureParameters.getSignatureAlgorithm().getJCEId());
        DigestCalculatorProvider digestCalculatorProvider = CMSUtils.getDigestCalculatorProvider(dSSDocument, cAdESSignatureParameters.getReferenceDigestAlgorithm());
        CMSSignedData cmsSignedData = getCmsSignedData(dSSDocument, cAdESSignatureParameters);
        CMSSignedDataBuilder cMSSignedDataBuilder = new CMSSignedDataBuilder(this.certificateVerifier);
        DSSDocument contentToSign = getContentToSign(dSSDocument, cAdESSignatureParameters, cmsSignedData);
        CMSUtils.generateCMSSignedData(cMSSignedDataBuilder.createCMSSignedDataGenerator(cAdESSignatureParameters, customContentSigner, cMSSignedDataBuilder.getSignerInfoGeneratorBuilder(digestCalculatorProvider, cAdESSignatureParameters, false, contentToSign), cmsSignedData), CMSUtils.getContentToBeSigned(contentToSign), !SignaturePackaging.DETACHED.equals(signaturePackaging));
        return new ToBeSigned(customContentSigner.getOutputStream().toByteArray());
    }

    @Override // eu.europa.esig.dss.signature.DocumentSignatureService
    public DSSDocument signDocument(DSSDocument dSSDocument, CAdESSignatureParameters cAdESSignatureParameters, SignatureValue signatureValue) {
        Objects.requireNonNull(dSSDocument, "toSignDocument cannot be null!");
        Objects.requireNonNull(cAdESSignatureParameters, "SignatureParameters cannot be null!");
        Objects.requireNonNull(signatureValue, "SignatureValue cannot be null!");
        assertSigningCertificateValid(cAdESSignatureParameters);
        SignaturePackaging signaturePackaging = cAdESSignatureParameters.getSignaturePackaging();
        assertSignaturePackaging(signaturePackaging);
        SignatureAlgorithm signatureAlgorithm = cAdESSignatureParameters.getSignatureAlgorithm();
        CustomContentSigner customContentSigner = new CustomContentSigner(signatureAlgorithm.getJCEId(), ensureSignatureValue(signatureAlgorithm, signatureValue).getValue());
        DigestCalculatorProvider digestCalculatorProvider = CMSUtils.getDigestCalculatorProvider(dSSDocument, cAdESSignatureParameters.getReferenceDigestAlgorithm());
        CMSSignedData cmsSignedData = getCmsSignedData(dSSDocument, cAdESSignatureParameters);
        if (cmsSignedData == null && SignaturePackaging.DETACHED.equals(signaturePackaging) && Utils.isCollectionEmpty(cAdESSignatureParameters.getDetachedContents())) {
            cAdESSignatureParameters.getContext().setDetachedContents(Arrays.asList(dSSDocument));
        }
        CMSSignedDataBuilder cMSSignedDataBuilder = new CMSSignedDataBuilder(this.certificateVerifier);
        DSSDocument contentToSign = getContentToSign(dSSDocument, cAdESSignatureParameters, cmsSignedData);
        CMSSignedData populateDigestAlgorithmSet = CMSUtils.populateDigestAlgorithmSet(CMSUtils.generateCMSSignedData(cMSSignedDataBuilder.createCMSSignedDataGenerator(cAdESSignatureParameters, customContentSigner, cMSSignedDataBuilder.getSignerInfoGeneratorBuilder(digestCalculatorProvider, cAdESSignatureParameters, true, contentToSign), cmsSignedData), CMSUtils.getContentToBeSigned(contentToSign), !SignaturePackaging.DETACHED.equals(signaturePackaging)), cmsSignedData);
        CMSSignedDocument cMSSignedDocument = new CMSSignedDocument(populateDigestAlgorithmSet);
        if (!SignatureLevel.CAdES_BASELINE_B.equals(cAdESSignatureParameters.getSignatureLevel())) {
            cMSSignedDocument = new CMSSignedDocument(getExtensionProfile(cAdESSignatureParameters).extendCMSSignatures(populateDigestAlgorithmSet, getNewSignerInformation(cmsSignedData, populateDigestAlgorithmSet), cAdESSignatureParameters));
        }
        cMSSignedDocument.setName(getFinalFileName(dSSDocument, SigningOperation.SIGN, cAdESSignatureParameters.getSignatureLevel(), cAdESSignatureParameters.getSignaturePackaging()));
        cAdESSignatureParameters.reinit();
        return cMSSignedDocument;
    }

    @Override // eu.europa.esig.dss.signature.DocumentSignatureService
    public DSSDocument extendDocument(DSSDocument dSSDocument, CAdESSignatureParameters cAdESSignatureParameters) {
        Objects.requireNonNull(dSSDocument, "toExtendDocument is not defined!");
        Objects.requireNonNull(cAdESSignatureParameters, "Cannot extend the signature. SignatureParameters are not defined!");
        CMSSignedDocument extendSignatures = getExtensionProfile(cAdESSignatureParameters).extendSignatures(dSSDocument, cAdESSignatureParameters);
        extendSignatures.setName(getFinalFileName(dSSDocument, SigningOperation.EXTEND, cAdESSignatureParameters.getSignatureLevel()));
        return extendSignatures;
    }

    private DSSDocument getContentToSign(DSSDocument dSSDocument, CAdESSignatureParameters cAdESSignatureParameters, CMSSignedData cMSSignedData) {
        List<DSSDocument> detachedContents = cAdESSignatureParameters.getDetachedContents();
        return Utils.isCollectionNotEmpty(detachedContents) ? detachedContents.get(0) : cMSSignedData == null ? dSSDocument : getSignedContent(cMSSignedData);
    }

    private DSSDocument getSignedContent(CMSSignedData cMSSignedData) {
        CMSTypedData signedContent = cMSSignedData.getSignedContent();
        if (signedContent == null) {
            throw new DSSException("Unknown SignedContent");
        }
        return new InMemoryDocument((byte[]) signedContent.getContent());
    }

    private SignerInformation getNewSignerInformation(CMSSignedData cMSSignedData, CMSSignedData cMSSignedData2) {
        Collection<SignerInformation> signers = cMSSignedData2.getSignerInfos().getSigners();
        if (cMSSignedData != null) {
            for (SignerInformation signerInformation : signers) {
                if (!containsSignerInfo(cMSSignedData, signerInformation)) {
                    return signerInformation;
                }
            }
        }
        return signers.iterator().next();
    }

    private boolean containsSignerInfo(CMSSignedData cMSSignedData, SignerInformation signerInformation) {
        Iterator<SignerInformation> it = cMSSignedData.getSignerInfos().iterator();
        while (it.hasNext()) {
            if (signerInformation.toASN1Structure() == it.next().toASN1Structure()) {
                return true;
            }
        }
        return false;
    }

    private CAdESSignatureExtension getExtensionProfile(CAdESSignatureParameters cAdESSignatureParameters) {
        SignatureLevel signatureLevel = cAdESSignatureParameters.getSignatureLevel();
        Objects.requireNonNull(signatureLevel, "SignatureLevel must be defined!");
        switch (signatureLevel) {
            case CAdES_BASELINE_T:
                return new CAdESLevelBaselineT(this.tspSource, this.certificateVerifier);
            case CAdES_BASELINE_LT:
                return new CAdESLevelBaselineLT(this.tspSource, this.certificateVerifier);
            case CAdES_BASELINE_LTA:
                return new CAdESLevelBaselineLTA(this.tspSource, this.certificateVerifier);
            default:
                throw new UnsupportedOperationException(String.format("Unsupported signature format '%s' for extension.", signatureLevel));
        }
    }

    private CMSSignedData getCmsSignedData(DSSDocument dSSDocument, CAdESSignatureParameters cAdESSignatureParameters) {
        CMSSignedData cMSSignedData = null;
        if (!(dSSDocument instanceof DigestDocument) && DSSASN1Utils.isASN1SequenceTag(DSSUtils.readFirstByte(dSSDocument))) {
            try {
                cMSSignedData = new CMSSignedData(DSSUtils.toByteArray(dSSDocument));
                if (SignaturePackaging.ENVELOPING == cAdESSignatureParameters.getSignaturePackaging()) {
                    if (cMSSignedData.getSignedContent().getContent() == null) {
                        cMSSignedData = null;
                    }
                }
            } catch (Exception e) {
            }
        }
        return cMSSignedData;
    }

    private void assertSignaturePackaging(SignaturePackaging signaturePackaging) {
        if (signaturePackaging != SignaturePackaging.ENVELOPING && signaturePackaging != SignaturePackaging.DETACHED) {
            throw new IllegalArgumentException("Unsupported signature packaging: " + signaturePackaging);
        }
    }

    public DSSDocument addSignaturePolicyStore(DSSDocument dSSDocument, SignaturePolicyStore signaturePolicyStore) {
        Objects.requireNonNull(dSSDocument, "The document cannot be null");
        Objects.requireNonNull(signaturePolicyStore, "The signaturePolicyStore cannot be null");
        DSSDocument addSignaturePolicyStore = new CAdESSignaturePolicyStoreBuilder().addSignaturePolicyStore(dSSDocument, signaturePolicyStore);
        addSignaturePolicyStore.setName(getFinalFileName(dSSDocument, SigningOperation.EXTEND, null));
        return addSignaturePolicyStore;
    }

    @Override // eu.europa.esig.dss.signature.CounterSignatureService
    public ToBeSigned getDataToBeCounterSigned(DSSDocument dSSDocument, CAdESCounterSignatureParameters cAdESCounterSignatureParameters) {
        Objects.requireNonNull(dSSDocument, "signatureDocument cannot be null!");
        Objects.requireNonNull(cAdESCounterSignatureParameters, "parameters cannot be null!");
        Objects.requireNonNull(cAdESCounterSignatureParameters.getSignatureIdToCounterSign(), "The signature to be counter-signed must be specified");
        assertSigningCertificateValid(cAdESCounterSignatureParameters);
        assertCounterSignaturePossible(cAdESCounterSignatureParameters);
        return getDataToBeCounterSigned(dSSDocument, new CAdESCounterSignatureBuilder(this.certificateVerifier).getSignerInformationToBeCounterSigned(dSSDocument, cAdESCounterSignatureParameters), cAdESCounterSignatureParameters);
    }

    public ToBeSigned getDataToBeCounterSigned(DSSDocument dSSDocument, SignerInformation signerInformation, CAdESSignatureParameters cAdESSignatureParameters) {
        InMemoryDocument inMemoryDocument = new InMemoryDocument(signerInformation.getSignature());
        CustomContentSigner customContentSigner = new CustomContentSigner(cAdESSignatureParameters.getSignatureAlgorithm().getJCEId());
        DigestCalculatorProvider digestCalculatorProvider = CMSUtils.getDigestCalculatorProvider(inMemoryDocument, cAdESSignatureParameters.getReferenceDigestAlgorithm());
        CMSSignedDataBuilder cMSSignedDataBuilder = new CMSSignedDataBuilder(this.certificateVerifier);
        CMSUtils.generateCounterSigners(cMSSignedDataBuilder.createCMSSignedDataGenerator(cAdESSignatureParameters, customContentSigner, cMSSignedDataBuilder.getSignerInfoGeneratorBuilder(digestCalculatorProvider, cAdESSignatureParameters, false), DSSUtils.toCMSSignedData(dSSDocument)), signerInformation);
        return new ToBeSigned(customContentSigner.getOutputStream().toByteArray());
    }

    @Override // eu.europa.esig.dss.signature.CounterSignatureService
    public DSSDocument counterSignSignature(DSSDocument dSSDocument, CAdESCounterSignatureParameters cAdESCounterSignatureParameters, SignatureValue signatureValue) {
        Objects.requireNonNull(dSSDocument, "signatureDocument cannot be null!");
        Objects.requireNonNull(cAdESCounterSignatureParameters, "parameters cannot be null!");
        Objects.requireNonNull(cAdESCounterSignatureParameters.getSignatureIdToCounterSign(), "The signature to be counter-signed must be specified");
        Objects.requireNonNull(signatureValue, "signatureValue cannot be null!");
        assertSigningCertificateValid(cAdESCounterSignatureParameters);
        assertCounterSignaturePossible(cAdESCounterSignatureParameters);
        SignatureValue ensureSignatureValue = ensureSignatureValue(cAdESCounterSignatureParameters.getSignatureAlgorithm(), signatureValue);
        CMSSignedDocument addCounterSignature = new CAdESCounterSignatureBuilder(this.certificateVerifier).addCounterSignature(DSSUtils.toCMSSignedData(dSSDocument), cAdESCounterSignatureParameters, ensureSignatureValue);
        addCounterSignature.setName(getFinalFileName(dSSDocument, SigningOperation.COUNTER_SIGN, cAdESCounterSignatureParameters.getSignatureLevel()));
        addCounterSignature.setMimeType(dSSDocument.getMimeType());
        return addCounterSignature;
    }

    private void assertCounterSignaturePossible(CAdESCounterSignatureParameters cAdESCounterSignatureParameters) {
        if (!SignatureLevel.CAdES_BASELINE_B.equals(cAdESCounterSignatureParameters.getSignatureLevel())) {
            throw new UnsupportedOperationException(String.format("A counter signature with a level '%s' is not supported! Please, use CAdES-BASELINE-B", cAdESCounterSignatureParameters.getSignatureLevel()));
        }
    }
}
