package eu.europa.esig.dss.spi.x509.tsp;

import eu.europa.esig.dss.enumerations.ArchiveTimestampType;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.EncryptionAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureValidity;
import eu.europa.esig.dss.enumerations.TimestampType;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.DSSMessageDigest;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.ManifestFile;
import eu.europa.esig.dss.model.ReferenceValidation;
import eu.europa.esig.dss.model.identifier.TokenIdentifier;
import eu.europa.esig.dss.model.scope.SignatureScope;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.Token;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSSecurityProvider;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.CandidatesForSigningCertificate;
import eu.europa.esig.dss.spi.x509.CertificateRef;
import eu.europa.esig.dss.spi.x509.SignerIdentifier;
import eu.europa.esig.dss.utils.Utils;
import java.io.IOException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.OperatorException;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/spi/x509/tsp/TimestampToken.class */
public class TimestampToken extends Token {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) TimestampToken.class);
    private final TimeStampToken timeStamp;
    private final TimestampType timeStampType;
    private final TimestampCertificateSource certificateSource;
    private final TimestampCRLSource crlSource;
    private final TimestampOCSPSource ocspSource;
    private final List<TimestampedReference> timestampedReferences;
    private TimestampIdentifierBuilder identifierBuilder;
    private boolean processed;
    private Digest messageImprint;
    private boolean messageImprintData;
    private Boolean messageImprintIntact;
    private String fileName;
    private List<SignatureScope> timestampScopes;
    private ManifestFile manifestFile;
    private List<TimestampInclude> timestampIncludes;
    private List<ReferenceValidation> referenceValidations;
    private ArchiveTimestampType archiveTimestampType;
    private String canonicalizationMethod;
    private X500Principal tsaX500Principal;
    private CandidatesForSigningCertificate candidatesForSigningCertificate;

    public TimestampToken(byte[] bArr, TimestampType timestampType) throws TSPException, IOException, CMSException {
        this(bArr, timestampType, new ArrayList());
    }

    public TimestampToken(byte[] bArr, TimestampType timestampType, List<TimestampedReference> list) throws TSPException, IOException, CMSException {
        this(new CMSSignedData(bArr), timestampType, list);
    }

    public TimestampToken(byte[] bArr, TimestampType timestampType, List<TimestampedReference> list, TimestampIdentifierBuilder timestampIdentifierBuilder) throws TSPException, IOException, CMSException {
        this(new CMSSignedData(bArr), timestampType, list, timestampIdentifierBuilder);
    }

    public TimestampToken(CMSSignedData cMSSignedData, TimestampType timestampType, List<TimestampedReference> list) throws TSPException, IOException {
        this(new TimeStampToken(cMSSignedData), timestampType, list);
    }

    public TimestampToken(CMSSignedData cMSSignedData, TimestampType timestampType, List<TimestampedReference> list, TimestampIdentifierBuilder timestampIdentifierBuilder) throws TSPException, IOException {
        this(new TimeStampToken(cMSSignedData), timestampType, list, timestampIdentifierBuilder);
    }

    public TimestampToken(TimeStampToken timeStampToken, TimestampType timestampType, List<TimestampedReference> list) {
        this(timeStampToken, timestampType, list, (TimestampIdentifierBuilder) null);
    }

    public TimestampToken(TimeStampToken timeStampToken, TimestampType timestampType, List<TimestampedReference> list, TimestampIdentifierBuilder timestampIdentifierBuilder) {
        this.processed = false;
        this.messageImprintIntact = null;
        this.timeStamp = timeStampToken;
        this.timeStampType = timestampType;
        this.certificateSource = new TimestampCertificateSource(timeStampToken);
        this.ocspSource = new TimestampOCSPSource(timeStampToken);
        this.crlSource = new TimestampCRLSource(timeStampToken);
        this.timestampedReferences = list;
        this.identifierBuilder = timestampIdentifierBuilder;
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public X500Principal getIssuerX500Principal() {
        return this.tsaX500Principal;
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public String getAbbreviation() {
        return this.timeStampType.name() + ": " + getDSSIdAsString() + ": " + DSSUtils.formatDateToRFC(this.timeStamp.getTimeStampInfo().getGenTime());
    }

    public TimestampCertificateSource getCertificateSource() {
        return this.certificateSource;
    }

    public TimestampCRLSource getCRLSource() {
        return this.crlSource;
    }

    public TimestampOCSPSource getOCSPSource() {
        return this.ocspSource;
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public boolean isValid() {
        return isSignatureIntact() && isMessageImprintDataFound() && isMessageImprintDataIntact() && areReferenceValidationsValid();
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public synchronized boolean isSignedBy(CertificateToken certificateToken) {
        if (this.publicKeyOfTheSigner != null) {
            return this.publicKeyOfTheSigner.equals(certificateToken.getPublicKey());
        }
        if (SignatureValidity.VALID != checkIsSignedBy(certificateToken)) {
            return false;
        }
        if (isSelfSigned()) {
            return true;
        }
        this.publicKeyOfTheSigner = certificateToken.getPublicKey();
        return true;
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public synchronized boolean isSignedBy(PublicKey publicKey) {
        throw new UnsupportedOperationException("Use method isSignedBy(certificateToken) for a TimestampToken validation!");
    }

    protected SignatureValidity checkIsSignedBy(CertificateToken certificateToken) {
        if (!this.timeStamp.getSID().match(DSSASN1Utils.getX509CertificateHolder(certificateToken))) {
            return SignatureValidity.INVALID;
        }
        SignerInformationVerifier signerInformationVerifier = getSignerInformationVerifier(certificateToken);
        if (isValidTimestamp(signerInformationVerifier) || isValidCMSSignedData(signerInformationVerifier)) {
            this.signatureValidity = SignatureValidity.VALID;
            this.tsaX500Principal = certificateToken.getSubject().getPrincipal();
            SignerInformation signerInformation = this.timeStamp.toCMSSignedData().getSignerInfos().get(this.timeStamp.getSID());
            if (SignatureAlgorithm.RSA_SSA_PSS_SHA1_MGF1.getOid().equals(signerInformation.getEncryptionAlgOID())) {
                this.signatureAlgorithm = SignatureAlgorithm.forOidAndParams(signerInformation.getEncryptionAlgOID(), signerInformation.getEncryptionAlgParams());
            } else {
                this.signatureAlgorithm = SignatureAlgorithm.getAlgorithm(EncryptionAlgorithm.forName(certificateToken.getPublicKey().getAlgorithm()), DigestAlgorithm.forOID(signerInformation.getDigestAlgorithmID().getAlgorithm().getId()));
            }
        } else {
            this.signatureValidity = SignatureValidity.INVALID;
        }
        return this.signatureValidity;
    }

    private boolean isValidTimestamp(SignerInformationVerifier signerInformationVerifier) {
        try {
            this.timeStamp.validate(signerInformationVerifier);
            return true;
        } catch (TSPException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Unable to validate timestamp token : ", (Throwable) e);
            } else {
                LOG.warn("Unable to validate timestamp token : {}", e.getMessage());
            }
            this.signatureInvalidityReason = e.getClass().getSimpleName() + " : " + e.getMessage();
            return false;
        }
    }

    private boolean isValidCMSSignedData(SignerInformationVerifier signerInformationVerifier) {
        try {
            return this.timeStamp.toCMSSignedData().getSignerInfos().get(this.timeStamp.getSID()).verify(signerInformationVerifier);
        } catch (CMSException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Unable to validate the related CMSSignedData : ", (Throwable) e);
            } else {
                LOG.warn("Unable to validate the related CMSSignedData : {}", e.getMessage());
            }
            this.signatureInvalidityReason = e.getClass().getSimpleName() + " : " + e.getMessage();
            return false;
        }
    }

    private SignerInformationVerifier getSignerInformationVerifier(CertificateToken certificateToken) {
        try {
            JcaSimpleSignerInfoVerifierBuilder jcaSimpleSignerInfoVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder();
            jcaSimpleSignerInfoVerifierBuilder.setProvider(DSSSecurityProvider.getSecurityProviderName());
            return jcaSimpleSignerInfoVerifierBuilder.build(certificateToken.getCertificate());
        } catch (OperatorException e) {
            throw new DSSException("Unable to build an instance of SignerInformationVerifier", e);
        }
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    protected SignatureValidity checkIsSignedBy(PublicKey publicKey) {
        throw new UnsupportedOperationException("Use method checkIsSignedBy(certificateToken) for a TimestampToken validation!");
    }

    public boolean matchData(DSSDocument dSSDocument) {
        return matchData(dSSDocument, false);
    }

    public boolean matchData(DSSDocument dSSDocument, boolean z) {
        this.processed = true;
        this.messageImprintData = dSSDocument != null;
        this.messageImprintIntact = false;
        if (this.messageImprintData) {
            return matchData(Utils.fromBase64(dSSDocument.getDigest(getMessageImprint().getAlgorithm())), z);
        }
        LOG.warn("Timestamped data not found !");
        return false;
    }

    public boolean matchData(DSSMessageDigest dSSMessageDigest) {
        return matchData(dSSMessageDigest, false);
    }

    public boolean matchData(DSSMessageDigest dSSMessageDigest, boolean z) {
        this.processed = true;
        if (dSSMessageDigest == null || dSSMessageDigest.isEmpty()) {
            this.messageImprintIntact = false;
            if (!z) {
                LOG.warn("Invalid or incomplete message-digest has been provided for timestamp verification!");
            }
        } else if (getDigestAlgorithm() != dSSMessageDigest.getAlgorithm()) {
            this.messageImprintIntact = false;
            if (!z) {
                LOG.warn("DigestAlgorithm '{}' used in the provided message-digest does not match the one used in the timestamp token '{}'!", dSSMessageDigest.getAlgorithm(), getDigestAlgorithm());
            }
        } else {
            this.messageImprintIntact = Boolean.valueOf(matchData(dSSMessageDigest.getValue(), z));
        }
        return this.messageImprintIntact.booleanValue();
    }

    public boolean matchData(byte[] bArr) {
        return matchData(bArr, false);
    }

    public boolean matchData(byte[] bArr, boolean z) {
        this.processed = true;
        this.messageImprintData = bArr != null;
        this.messageImprintIntact = false;
        if (this.messageImprintData) {
            Digest messageImprint = getMessageImprint();
            this.messageImprintIntact = Boolean.valueOf(Arrays.equals(bArr, messageImprint.getValue()));
            if (!this.messageImprintIntact.booleanValue() && !z) {
                LOG.warn("Provided digest value for TimestampToken matchData : {}", Utils.toBase64(bArr));
                LOG.warn("Digest ({}) present in TimestampToken : {}", messageImprint.getAlgorithm(), Utils.toBase64(messageImprint.getValue()));
                LOG.warn("Digest in TimestampToken matches digest of extracted data from document: {}", this.messageImprintIntact);
            }
        } else {
            LOG.warn("Timestamped data not found !");
        }
        return this.messageImprintIntact.booleanValue();
    }

    public boolean isProcessed() {
        return this.processed;
    }

    public TimestampType getTimeStampType() {
        return this.timeStampType;
    }

    public Date getGenerationTime() {
        return this.timeStamp.getTimeStampInfo().getGenTime();
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public Date getCreationDate() {
        return getGenerationTime();
    }

    public Digest getMessageImprint() {
        if (this.messageImprint == null) {
            this.messageImprint = new Digest(getDigestAlgorithm(), this.timeStamp.getTimeStampInfo().getMessageImprintDigest());
        }
        return this.messageImprint;
    }

    public DigestAlgorithm getDigestAlgorithm() {
        return DigestAlgorithm.forOID(this.timeStamp.getTimeStampInfo().getMessageImprintAlgOID().getId());
    }

    public boolean isMessageImprintDataFound() {
        return Utils.isTrue(Boolean.valueOf(this.messageImprintData));
    }

    public boolean isMessageImprintDataIntact() {
        if (this.processed) {
            return Utils.isTrue(this.messageImprintIntact);
        }
        throw new IllegalStateException("Invoke matchData(byte[] data) method before!");
    }

    public String getFileName() {
        return this.fileName;
    }

    public void setFileName(String str) {
        this.fileName = str;
    }

    public ManifestFile getManifestFile() {
        return this.manifestFile;
    }

    public void setManifestFile(ManifestFile manifestFile) {
        this.manifestFile = manifestFile;
    }

    public List<TimestampedReference> getTimestampedReferences() {
        return this.timestampedReferences;
    }

    public ArchiveTimestampType getArchiveTimestampType() {
        return this.archiveTimestampType;
    }

    public void setArchiveTimestampType(ArchiveTimestampType archiveTimestampType) {
        this.archiveTimestampType = archiveTimestampType;
    }

    public String getCanonicalizationMethod() {
        return this.canonicalizationMethod;
    }

    public void setCanonicalizationMethod(String str) {
        this.canonicalizationMethod = str;
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public byte[] getEncoded() {
        return DSSASN1Utils.getDEREncoded(this.timeStamp);
    }

    public List<TimestampInclude> getTimestampIncludes() {
        return this.timestampIncludes;
    }

    public void setTimestampIncludes(List<TimestampInclude> list) {
        this.timestampIncludes = list;
    }

    public List<ReferenceValidation> getReferenceValidations() {
        return this.referenceValidations;
    }

    public void setReferenceValidations(List<ReferenceValidation> list) {
        this.referenceValidations = list;
    }

    protected boolean areReferenceValidationsValid() {
        if (!Utils.isCollectionNotEmpty(this.referenceValidations)) {
            return true;
        }
        for (ReferenceValidation referenceValidation : this.referenceValidations) {
            if (!referenceValidation.isFound() || !referenceValidation.isIntact()) {
                return false;
            }
        }
        return true;
    }

    public List<SignatureScope> getTimestampScopes() {
        return this.timestampScopes;
    }

    public void setTimestampScopes(List<SignatureScope> list) {
        this.timestampScopes = list;
    }

    public List<CertificateToken> getCertificates() {
        return this.certificateSource.getCertificates();
    }

    public Set<CertificateRef> getCertificateRefs() {
        return this.certificateSource.getAllCertificateRefs();
    }

    public AttributeTable getUnsignedAttributes() {
        return this.timeStamp.getUnsignedAttributes();
    }

    public X500Principal getTSTInfoTsa() {
        GeneralName tsa = this.timeStamp.getTimeStampInfo().getTsa();
        if (tsa == null) {
            return null;
        }
        try {
            return new X500Principal(X500Name.getInstance(tsa.getName()).getEncoded());
        } catch (IOException e) {
            LOG.warn("Unable to decode TSTInfo.tsa attribute value to X500Principal. Reason : {}", e.getMessage(), e);
            return null;
        }
    }

    public TimeStampToken getTimeStamp() {
        return this.timeStamp;
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public String toString(String str) {
        try {
            StringBuilder sb = new StringBuilder();
            sb.append(str).append("TimestampToken[signedBy=").append(getIssuerX500Principal());
            sb.append(", generated: ").append(DSSUtils.formatDateToRFC(this.timeStamp.getTimeStampInfo().getGenTime()));
            sb.append(" / ").append(this.timeStampType).append('\n');
            if (isSignatureIntact()) {
                String str2 = str + "\t";
                sb.append(str2).append("Timestamp's signature validity: VALID").append('\n');
                str = str2.substring(1);
            } else if (!this.signatureInvalidityReason.isEmpty()) {
                String str3 = str + "\t";
                sb.append(str3).append("Timestamp's signature validity: INVALID").append(" - ").append(this.signatureInvalidityReason).append('\n');
                str = str3.substring(1);
            }
            String str4 = str + "\t";
            if (this.messageImprintIntact != null) {
                if (this.messageImprintIntact.booleanValue()) {
                    sb.append(str4).append("Timestamp MATCHES the signed data.").append('\n');
                } else {
                    sb.append(str4).append("Timestamp DOES NOT MATCH the signed data.").append('\n');
                }
            }
            sb.append(']');
            return sb.toString();
        } catch (Exception e) {
            return getClass().getName();
        }
    }

    public Set<SignerIdentifier> getSignerInformationStoreInfos() {
        return getCertificateSource().getAllCertificateIdentifiers();
    }

    public CandidatesForSigningCertificate getCandidatesForSigningCertificate() {
        if (this.candidatesForSigningCertificate == null) {
            this.candidatesForSigningCertificate = getCertificateSource().getCandidatesForSigningCertificate(null);
        }
        return this.candidatesForSigningCertificate;
    }

    public SignerInformation getSignerInformation() {
        return this.timeStamp.toCMSSignedData().getSignerInfos().getSigners(this.timeStamp.getSID()).iterator().next();
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    protected TokenIdentifier buildTokenIdentifier() {
        return getTimestampIdentifierBuilder().build();
    }

    protected TimestampIdentifierBuilder getTimestampIdentifierBuilder() {
        if (this.identifierBuilder == null) {
            this.identifierBuilder = new TimestampIdentifierBuilder(getEncoded()).setFilename(this.fileName);
        }
        return this.identifierBuilder;
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public byte[] getDigest(DigestAlgorithm digestAlgorithm) {
        return DSSUtils.digest(digestAlgorithm, getEncoded());
    }
}
