package eu.europa.esig.dss.spi.x509;

import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.DigestDocument;
import eu.europa.esig.dss.model.FileDocument;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLToken;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPToken;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSAbsentContent;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSProcessableFile;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Store;

/* loaded from: input_file:eu/europa/esig/dss/spi/x509/CMSSignedDataBuilder.class */
public class CMSSignedDataBuilder {
    private CertificateToken signingCertificate;
    private Collection<CertificateToken> certificateChain;
    private CertificateSource trustedCertificateSource;
    private CMSSignedData originalCMSSignedData;
    private boolean generateWithoutCertificates = false;
    private boolean trustAnchorBPPolicy = true;
    private boolean encapsulate = true;

    public CMSSignedDataBuilder setSigningCertificate(CertificateToken certificateToken) {
        this.signingCertificate = certificateToken;
        return this;
    }

    public CMSSignedDataBuilder setCertificateChain(Collection<CertificateToken> collection) {
        this.certificateChain = collection;
        return this;
    }

    public CMSSignedDataBuilder setGenerateWithoutCertificates(boolean z) {
        this.generateWithoutCertificates = z;
        return this;
    }

    public CMSSignedDataBuilder setTrustedCertificateSource(CertificateSource certificateSource) {
        this.trustedCertificateSource = certificateSource;
        return this;
    }

    public CMSSignedDataBuilder setTrustAnchorBPPolicy(boolean z) {
        this.trustAnchorBPPolicy = z;
        return this;
    }

    public CMSSignedDataBuilder setOriginalCMSSignedData(CMSSignedData cMSSignedData) {
        this.originalCMSSignedData = cMSSignedData;
        return this;
    }

    public CMSSignedDataBuilder setEncapsulate(boolean z) {
        this.encapsulate = z;
        return this;
    }

    public CMSSignedData createCMSSignedData(SignerInfoGenerator signerInfoGenerator, DSSDocument dSSDocument) {
        return generateCMSSignedData(createCMSSignedDataGenerator(signerInfoGenerator), getContentToBeSigned(dSSDocument));
    }

    public CMSSignedDataGenerator createCMSSignedDataGenerator(SignerInfoGenerator signerInfoGenerator) {
        try {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(signerInfoGenerator);
            LinkedList linkedList = new LinkedList();
            if (this.originalCMSSignedData != null) {
                cMSSignedDataGenerator.addSigners(this.originalCMSSignedData.getSignerInfos());
                cMSSignedDataGenerator.addAttributeCertificates(this.originalCMSSignedData.getAttributeCertificates());
                cMSSignedDataGenerator.addCRLs(this.originalCMSSignedData.getCRLs());
                cMSSignedDataGenerator.addOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic, this.originalCMSSignedData.getOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic));
                cMSSignedDataGenerator.addOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response, this.originalCMSSignedData.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response));
                Iterator<X509CertificateHolder> it = this.originalCMSSignedData.getCertificates().getMatches(null).iterator();
                while (it.hasNext()) {
                    CertificateToken certificate = DSSASN1Utils.getCertificate(it.next());
                    if (!linkedList.contains(certificate)) {
                        linkedList.add(certificate);
                    }
                }
            }
            cMSSignedDataGenerator.addCertificates(getJcaCertStore(linkedList));
            return cMSSignedDataGenerator;
        } catch (CMSException e) {
            throw new DSSException(String.format("Unable to create a CMSSignedDataGenerator. Reason : %s", e.getMessage()), e);
        }
    }

    protected CMSTypedData getContentToBeSigned(DSSDocument dSSDocument) {
        Objects.requireNonNull(dSSDocument, "Document to be signed is missing");
        return dSSDocument instanceof DigestDocument ? new CMSAbsentContent() : dSSDocument instanceof FileDocument ? new CMSProcessableFile(((FileDocument) dSSDocument).getFile()) : new CMSProcessableByteArray(DSSUtils.toByteArray(dSSDocument));
    }

    private CMSSignedData generateCMSSignedData(CMSSignedDataGenerator cMSSignedDataGenerator, CMSTypedData cMSTypedData) {
        try {
            return populateDigestAlgorithmSet(cMSSignedDataGenerator.generate(cMSTypedData, this.encapsulate));
        } catch (CMSException e) {
            throw new DSSException("Unable to generate the CMSSignedData", e);
        }
    }

    private JcaCertStore getJcaCertStore(Collection<CertificateToken> collection) {
        for (CertificateToken certificateToken : (this.signingCertificate == null && this.generateWithoutCertificates) ? new ArrayList() : new BaselineBCertificateSelector(this.signingCertificate, this.certificateChain).setTrustedCertificateSource(this.trustedCertificateSource).setTrustAnchorBPPolicy(this.trustAnchorBPPolicy).getCertificates()) {
            if (!collection.contains(certificateToken)) {
                collection.add(certificateToken);
            }
        }
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<CertificateToken> it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getCertificate());
            }
            return new JcaCertStore(arrayList);
        } catch (CertificateEncodingException e) {
            throw new DSSException(String.format("Unable to get JcaCertStore. Reason : %s", e.getMessage()), e);
        }
    }

    public CMSSignedData extendCMSSignedData(Collection<CertificateToken> collection, Collection<CRLToken> collection2, Collection<OCSPToken> collection3) {
        if (this.originalCMSSignedData == null) {
            throw new NullPointerException("Original CMSSignedData shall be provided! Use #setOriginalCMSSignedData(CMSSignedData) method.");
        }
        HashSet hashSet = new HashSet(this.originalCMSSignedData.getCertificates().getMatches(null));
        Iterator<CertificateToken> it = collection.iterator();
        while (it.hasNext()) {
            X509CertificateHolder x509CertificateHolder = DSSASN1Utils.getX509CertificateHolder(it.next());
            if (!hashSet.contains(x509CertificateHolder)) {
                hashSet.add(x509CertificateHolder);
            }
        }
        CollectionStore collectionStore = new CollectionStore(hashSet);
        Store<X509AttributeCertificateHolder> attributeCertificates = this.originalCMSSignedData.getAttributeCertificates();
        HashSet hashSet2 = new HashSet(this.originalCMSSignedData.getCRLs().getMatches(null));
        Iterator<CRLToken> it2 = collection2.iterator();
        while (it2.hasNext()) {
            X509CRLHolder x509CrlHolder = getX509CrlHolder(it2.next());
            if (!hashSet2.contains(x509CrlHolder)) {
                hashSet2.add(x509CrlHolder);
            }
        }
        HashSet hashSet3 = new HashSet(this.originalCMSSignedData.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response).getMatches(null));
        Iterator<OCSPToken> it3 = collection3.iterator();
        while (it3.hasNext()) {
            ASN1Primitive aSN1Primitive = DSSASN1Utils.toASN1Primitive(it3.next().getEncoded());
            if (!hashSet3.contains(aSN1Primitive)) {
                hashSet3.add(aSN1Primitive);
            }
        }
        Iterator it4 = new CollectionStore(hashSet3).getMatches(null).iterator();
        while (it4.hasNext()) {
            hashSet2.add(new OtherRevocationInfoFormat(CMSObjectIdentifiers.id_ri_ocsp_response, (ASN1Encodable) it4.next()));
        }
        Iterator it5 = this.originalCMSSignedData.getOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic).getMatches(null).iterator();
        while (it5.hasNext()) {
            hashSet2.add(new OtherRevocationInfoFormat(OCSPObjectIdentifiers.id_pkix_ocsp_basic, (ASN1Encodable) it5.next()));
        }
        try {
            return CMSSignedData.replaceCertificatesAndCRLs(this.originalCMSSignedData, collectionStore, attributeCertificates, new CollectionStore(hashSet2));
        } catch (CMSException e) {
            throw new DSSException(String.format("Unable to re-create a CMS signature. Reason : %s", e.getMessage()), e);
        }
    }

    private X509CRLHolder getX509CrlHolder(CRLToken cRLToken) {
        try {
            InputStream cRLStream = cRLToken.getCRLStream();
            try {
                X509CRLHolder x509CRLHolder = new X509CRLHolder(cRLStream);
                if (cRLStream != null) {
                    cRLStream.close();
                }
                return x509CRLHolder;
            } finally {
            }
        } catch (IOException e) {
            throw new DSSException("Unable to convert X509CRL to X509CRLHolder", e);
        }
    }

    protected CMSSignedData populateDigestAlgorithmSet(CMSSignedData cMSSignedData) {
        if (this.originalCMSSignedData != null) {
            Iterator<AlgorithmIdentifier> it = this.originalCMSSignedData.getDigestAlgorithmIDs().iterator();
            while (it.hasNext()) {
                cMSSignedData = addDigestAlgorithm(cMSSignedData, it.next());
            }
        }
        return cMSSignedData;
    }

    protected CMSSignedData addDigestAlgorithm(CMSSignedData cMSSignedData, AlgorithmIdentifier algorithmIdentifier) {
        return CMSSignedData.addDigestAlgorithm(cMSSignedData, algorithmIdentifier);
    }
}
