package eu.europa.esig.dss.cades.signature;

import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.signature.BaselineBCertificateSelector;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLToken;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPToken;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.ValidationData;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
import org.bouncycastle.cms.SimpleAttributeTableGenerator;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;

/* loaded from: input_file:eu/europa/esig/dss/cades/signature/CMSSignedDataBuilder.class */
public class CMSSignedDataBuilder {
    private final CertificateVerifier certificateVerifier;

    public CMSSignedDataBuilder(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CMSSignedDataGenerator createCMSSignedDataGenerator(CAdESSignatureParameters cAdESSignatureParameters, ContentSigner contentSigner, SignerInfoGeneratorBuilder signerInfoGeneratorBuilder, CMSSignedData cMSSignedData) {
        try {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(getSignerInfoGenerator(signerInfoGeneratorBuilder, contentSigner, cAdESSignatureParameters));
            LinkedList linkedList = new LinkedList();
            if (cMSSignedData != null) {
                cMSSignedDataGenerator.addSigners(cMSSignedData.getSignerInfos());
                cMSSignedDataGenerator.addAttributeCertificates(cMSSignedData.getAttributeCertificates());
                cMSSignedDataGenerator.addCRLs(cMSSignedData.getCRLs());
                cMSSignedDataGenerator.addOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic, cMSSignedData.getOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic));
                cMSSignedDataGenerator.addOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response, cMSSignedData.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response));
                Iterator it = cMSSignedData.getCertificates().getMatches((Selector) null).iterator();
                while (it.hasNext()) {
                    CertificateToken certificate = DSSASN1Utils.getCertificate((X509CertificateHolder) it.next());
                    if (!linkedList.contains(certificate)) {
                        linkedList.add(certificate);
                    }
                }
            }
            cMSSignedDataGenerator.addCertificates(getJcaCertStore(linkedList, cAdESSignatureParameters));
            return cMSSignedDataGenerator;
        } catch (CMSException | OperatorCreationException e) {
            throw new DSSException(String.format("Unable to create a CMSSignedDataGenerator. Reason : %s", e.getMessage()), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignerInfoGeneratorBuilder getSignerInfoGeneratorBuilder(DigestCalculatorProvider digestCalculatorProvider, CAdESSignatureParameters cAdESSignatureParameters, boolean z) {
        return getSignerInfoGeneratorBuilder(digestCalculatorProvider, cAdESSignatureParameters, z, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignerInfoGeneratorBuilder getSignerInfoGeneratorBuilder(DigestCalculatorProvider digestCalculatorProvider, CAdESSignatureParameters cAdESSignatureParameters, boolean z, DSSDocument dSSDocument) {
        CAdESLevelBaselineB cAdESLevelBaselineB = new CAdESLevelBaselineB(dSSDocument);
        AttributeTable signedAttributes = cAdESLevelBaselineB.getSignedAttributes(cAdESSignatureParameters);
        AttributeTable attributeTable = null;
        if (z) {
            attributeTable = cAdESLevelBaselineB.getUnsignedAttributes();
        }
        return getSignerInfoGeneratorBuilder(digestCalculatorProvider, signedAttributes, attributeTable);
    }

    private SignerInfoGeneratorBuilder getSignerInfoGeneratorBuilder(DigestCalculatorProvider digestCalculatorProvider, AttributeTable attributeTable, AttributeTable attributeTable2) {
        if (DSSASN1Utils.isEmpty(attributeTable)) {
            attributeTable = null;
        }
        DefaultSignedAttributeTableGenerator defaultSignedAttributeTableGenerator = new DefaultSignedAttributeTableGenerator(attributeTable);
        if (DSSASN1Utils.isEmpty(attributeTable2)) {
            attributeTable2 = null;
        }
        SimpleAttributeTableGenerator simpleAttributeTableGenerator = new SimpleAttributeTableGenerator(attributeTable2);
        SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(digestCalculatorProvider);
        signerInfoGeneratorBuilder.setSignedAttributeGenerator(defaultSignedAttributeTableGenerator);
        signerInfoGeneratorBuilder.setUnsignedAttributeGenerator(simpleAttributeTableGenerator);
        return signerInfoGeneratorBuilder;
    }

    private SignerInfoGenerator getSignerInfoGenerator(SignerInfoGeneratorBuilder signerInfoGeneratorBuilder, ContentSigner contentSigner, CAdESSignatureParameters cAdESSignatureParameters) throws OperatorCreationException {
        CertificateToken signingCertificate = cAdESSignatureParameters.getSigningCertificate();
        if (signingCertificate != null) {
            return signerInfoGeneratorBuilder.build(contentSigner, DSSASN1Utils.getX509CertificateHolder(signingCertificate));
        }
        if (cAdESSignatureParameters.isGenerateTBSWithoutCertificate()) {
            return signerInfoGeneratorBuilder.build(contentSigner, new SignerId(DSSUtils.EMPTY_BYTE_ARRAY).getSubjectKeyIdentifier());
        }
        throw new IllegalArgumentException("Signing certificate is not provided! Provide a certificate or use parameters.setGenerateTBSWithoutCertificate(true).");
    }

    private JcaCertStore getJcaCertStore(Collection<CertificateToken> collection, CAdESSignatureParameters cAdESSignatureParameters) {
        for (CertificateToken certificateToken : (cAdESSignatureParameters.getSigningCertificate() == null && cAdESSignatureParameters.isGenerateTBSWithoutCertificate()) ? new ArrayList() : new BaselineBCertificateSelector(this.certificateVerifier, cAdESSignatureParameters).getCertificates()) {
            if (!collection.contains(certificateToken)) {
                collection.add(certificateToken);
            }
        }
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<CertificateToken> it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getCertificate());
            }
            return new JcaCertStore(arrayList);
        } catch (CertificateEncodingException e) {
            throw new DSSException(String.format("Unable to get JcaCertStore. Reason : %s", e.getMessage()), e);
        }
    }

    public CMSSignedData extendCMSSignedData(CMSSignedData cMSSignedData, ValidationData validationData) {
        Store certificates = cMSSignedData.getCertificates();
        Set certificateTokens = validationData.getCertificateTokens();
        HashSet hashSet = new HashSet(certificates.getMatches((Selector) null));
        Iterator it = certificateTokens.iterator();
        while (it.hasNext()) {
            X509CertificateHolder x509CertificateHolder = DSSASN1Utils.getX509CertificateHolder((CertificateToken) it.next());
            if (!hashSet.contains(x509CertificateHolder)) {
                hashSet.add(x509CertificateHolder);
            }
        }
        CollectionStore collectionStore = new CollectionStore(hashSet);
        Store attributeCertificates = cMSSignedData.getAttributeCertificates();
        HashSet hashSet2 = new HashSet(cMSSignedData.getCRLs().getMatches((Selector) null));
        Iterator it2 = validationData.getCrlTokens().iterator();
        while (it2.hasNext()) {
            X509CRLHolder x509CrlHolder = getX509CrlHolder((CRLToken) it2.next());
            if (!hashSet2.contains(x509CrlHolder)) {
                hashSet2.add(x509CrlHolder);
            }
        }
        HashSet hashSet3 = new HashSet(cMSSignedData.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response).getMatches((Selector) null));
        Iterator it3 = validationData.getOcspTokens().iterator();
        while (it3.hasNext()) {
            ASN1Primitive aSN1Primitive = DSSASN1Utils.toASN1Primitive(((OCSPToken) it3.next()).getEncoded());
            if (!hashSet3.contains(aSN1Primitive)) {
                hashSet3.add(aSN1Primitive);
            }
        }
        Iterator it4 = new CollectionStore(hashSet3).getMatches((Selector) null).iterator();
        while (it4.hasNext()) {
            hashSet2.add(new OtherRevocationInfoFormat(CMSObjectIdentifiers.id_ri_ocsp_response, (ASN1Encodable) it4.next()));
        }
        Iterator it5 = cMSSignedData.getOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic).getMatches((Selector) null).iterator();
        while (it5.hasNext()) {
            hashSet2.add(new OtherRevocationInfoFormat(OCSPObjectIdentifiers.id_pkix_ocsp_basic, (ASN1Encodable) it5.next()));
        }
        try {
            return CMSSignedData.replaceCertificatesAndCRLs(cMSSignedData, collectionStore, attributeCertificates, new CollectionStore(hashSet2));
        } catch (CMSException e) {
            throw new DSSException(String.format("Unable to re-create a CMS signature. Reason : %s", e.getMessage()), e);
        }
    }

    private X509CRLHolder getX509CrlHolder(CRLToken cRLToken) {
        try {
            InputStream cRLStream = cRLToken.getCRLStream();
            try {
                X509CRLHolder x509CRLHolder = new X509CRLHolder(cRLStream);
                if (cRLStream != null) {
                    cRLStream.close();
                }
                return x509CRLHolder;
            } finally {
            }
        } catch (IOException e) {
            throw new DSSException("Unable to convert X509CRL to X509CRLHolder", e);
        }
    }
}
