package eu.europa.esig.dss.cades.validation;

import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.SignedAssertion;
import eu.europa.esig.dss.cades.SignedAssertions;
import eu.europa.esig.dss.cades.SignerAttributeV2;
import eu.europa.esig.dss.cades.validation.scope.CAdESSignatureScopeFinder;
import eu.europa.esig.dss.cades.validation.timestamp.CAdESTimestampSource;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.DigestMatcherType;
import eu.europa.esig.dss.enumerations.EncryptionAlgorithm;
import eu.europa.esig.dss.enumerations.EndorsementType;
import eu.europa.esig.dss.enumerations.MaskGenerationFunction;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureForm;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.DigestDocument;
import eu.europa.esig.dss.model.InMemoryDocument;
import eu.europa.esig.dss.model.ManifestEntry;
import eu.europa.esig.dss.model.ReferenceValidation;
import eu.europa.esig.dss.model.SignaturePolicyStore;
import eu.europa.esig.dss.model.SpDocSpecification;
import eu.europa.esig.dss.model.UserNotice;
import eu.europa.esig.dss.model.scope.SignatureScope;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.OID;
import eu.europa.esig.dss.spi.SignatureCertificateSource;
import eu.europa.esig.dss.spi.x509.CandidatesForSigningCertificate;
import eu.europa.esig.dss.spi.x509.CertificateValidity;
import eu.europa.esig.dss.spi.x509.SignerIdentifier;
import eu.europa.esig.dss.spi.x509.revocation.crl.OfflineCRLSource;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OfflineOCSPSource;
import eu.europa.esig.dss.spi.x509.tsp.TimestampToken;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.AdvancedSignature;
import eu.europa.esig.dss.validation.CommitmentTypeIndication;
import eu.europa.esig.dss.validation.DefaultAdvancedSignature;
import eu.europa.esig.dss.validation.SignatureCryptographicVerification;
import eu.europa.esig.dss.validation.SignatureDigestReference;
import eu.europa.esig.dss.validation.SignatureIdentifierBuilder;
import eu.europa.esig.dss.validation.SignaturePolicy;
import eu.europa.esig.dss.validation.SignatureProductionPlace;
import eu.europa.esig.dss.validation.SignerRole;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.esf.OtherHashAlgAndValue;
import org.bouncycastle.asn1.esf.SPUserNotice;
import org.bouncycastle.asn1.esf.SigPolicyQualifierInfo;
import org.bouncycastle.asn1.esf.SigPolicyQualifiers;
import org.bouncycastle.asn1.esf.SignaturePolicyId;
import org.bouncycastle.asn1.esf.SignerAttribute;
import org.bouncycastle.asn1.esf.SignerLocation;
import org.bouncycastle.asn1.ess.ContentHints;
import org.bouncycastle.asn1.ess.ContentIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
import org.bouncycastle.asn1.x500.DirectoryString;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AttCertValidityPeriod;
import org.bouncycastle.asn1.x509.AttributeCertificate;
import org.bouncycastle.asn1.x509.AttributeCertificateInfo;
import org.bouncycastle.asn1.x509.DisplayText;
import org.bouncycastle.asn1.x509.NoticeReference;
import org.bouncycastle.asn1.x509.RoleSyntax;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataParser;
import org.bouncycastle.cms.CMSTypedStream;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/cades/validation/CAdESSignature.class */
public class CAdESSignature extends DefaultAdvancedSignature {
    private static final long serialVersionUID = 8449504364217200965L;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CAdESSignature.class);
    private final CMSSignedData cmsSignedData;
    private final SignerInformation signerInformation;
    private SignerInformationStore counterSignaturesStore;

    public CAdESSignature(CMSSignedData cMSSignedData, SignerInformation signerInformation) {
        Objects.requireNonNull(cMSSignedData, "CMSSignedData cannot be null!");
        Objects.requireNonNull(signerInformation, "SignerInformation must be provided!");
        this.cmsSignedData = cMSSignedData;
        this.signerInformation = signerInformation;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public SignatureForm getSignatureForm() {
        return SignatureForm.CAdES;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public SignatureCertificateSource getCertificateSource() {
        if (this.offlineCertificateSource == null) {
            this.offlineCertificateSource = new CAdESCertificateSource(this.cmsSignedData, this.signerInformation);
        }
        return this.offlineCertificateSource;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public OfflineCRLSource getCRLSource() {
        if (this.signatureCRLSource == null) {
            try {
                this.signatureCRLSource = new CAdESCRLSource(this.cmsSignedData, this.signerInformation.getUnsignedAttributes());
            } catch (Exception e) {
                LOG.warn("Error in computing or in format of the algorithm: just continue...", (Throwable) e);
            }
        }
        return this.signatureCRLSource;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public OfflineOCSPSource getOCSPSource() {
        if (this.signatureOCSPSource == null) {
            this.signatureOCSPSource = new CAdESOCSPSource(this.cmsSignedData, this.signerInformation.getUnsignedAttributes());
        }
        return this.signatureOCSPSource;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public CAdESTimestampSource getTimestampSource() {
        if (this.signatureTimestampSource == null) {
            this.signatureTimestampSource = new CAdESTimestampSource(this);
        }
        return (CAdESTimestampSource) this.signatureTimestampSource;
    }

    public SignerId getSignerId() {
        return this.signerInformation.getSID();
    }

    @Override // eu.europa.esig.dss.validation.DefaultAdvancedSignature
    protected List<SignatureScope> findSignatureScopes() {
        return new CAdESSignatureScopeFinder().findSignatureScope(this);
    }

    @Override // eu.europa.esig.dss.validation.DefaultAdvancedSignature
    protected SignaturePolicy buildSignaturePolicy() {
        Attribute signedAttribute = CMSUtils.getSignedAttribute(this.signerInformation, PKCSObjectIdentifiers.id_aa_ets_sigPolicyId);
        if (signedAttribute == null) {
            return null;
        }
        ASN1Encodable objectAt = signedAttribute.getAttrValues().getObjectAt(0);
        if (objectAt instanceof DERNull) {
            this.signaturePolicy = new SignaturePolicy();
            return this.signaturePolicy;
        }
        SignaturePolicyId signaturePolicyId = SignaturePolicyId.getInstance(objectAt);
        if (signaturePolicyId == null) {
            return null;
        }
        this.signaturePolicy = new SignaturePolicy(signaturePolicyId.getSigPolicyId().getId());
        OtherHashAlgAndValue sigPolicyHash = signaturePolicyId.getSigPolicyHash();
        byte[] octets = sigPolicyHash.getHashValue().getOctets();
        boolean isZeroHash = isZeroHash(octets);
        this.signaturePolicy.setZeroHash(isZeroHash);
        if (!isZeroHash) {
            this.signaturePolicy.setDigest(new Digest(DigestAlgorithm.forOID(sigPolicyHash.getHashAlgorithm().getAlgorithm().getId()), octets));
        }
        SigPolicyQualifiers sigPolicyQualifiers = signaturePolicyId.getSigPolicyQualifiers();
        if (sigPolicyQualifiers != null) {
            for (int i = 0; i < sigPolicyQualifiers.size(); i++) {
                try {
                    SigPolicyQualifierInfo infoAt = sigPolicyQualifiers.getInfoAt(i);
                    ASN1ObjectIdentifier sigPolicyQualifierId = infoAt.getSigPolicyQualifierId();
                    String aSN1Encodable = infoAt.getSigQualifier().toString();
                    if (PKCSObjectIdentifiers.id_spq_ets_uri.equals((ASN1Primitive) sigPolicyQualifierId)) {
                        this.signaturePolicy.setUri(aSN1Encodable);
                    } else if (PKCSObjectIdentifiers.id_spq_ets_unotice.equals((ASN1Primitive) sigPolicyQualifierId)) {
                        this.signaturePolicy.setUserNotice(buildSPUserNoticeString(SPUserNotice.getInstance(infoAt.getSigQualifier())));
                    } else if (OID.id_sp_doc_specification.equals((ASN1Primitive) sigPolicyQualifierId)) {
                        SpDocSpecification spDocSpecification = new SpDocSpecification();
                        spDocSpecification.setId(aSN1Encodable);
                        this.signaturePolicy.setDocSpecification(spDocSpecification);
                    } else {
                        LOG.warn("Unknown signature policy qualifier id: {} with value: {}", sigPolicyQualifierId, aSN1Encodable);
                    }
                } catch (Exception e) {
                    LOG.warn("Unable to read SigPolicyQualifierInfo {} : {}", Integer.valueOf(i), e.getMessage());
                }
            }
        }
        return this.signaturePolicy;
    }

    private UserNotice buildSPUserNoticeString(SPUserNotice sPUserNotice) {
        UserNotice userNotice = new UserNotice();
        NoticeReference noticeRef = sPUserNotice.getNoticeRef();
        if (noticeRef != null) {
            DisplayText organization = noticeRef.getOrganization();
            if (organization != null) {
                userNotice.setOrganization(organization.getString());
            }
            ASN1Integer[] noticeNumbers = noticeRef.getNoticeNumbers();
            if (noticeNumbers != null && noticeNumbers.length != 0) {
                int[] iArr = new int[noticeNumbers.length];
                for (int i = 0; i < noticeNumbers.length; i++) {
                    iArr[i] = noticeNumbers[i].intValueExact();
                }
                userNotice.setNoticeNumbers(iArr);
            }
        }
        DisplayText explicitText = sPUserNotice.getExplicitText();
        if (explicitText != null) {
            userNotice.setExplicitText(explicitText.getString());
        }
        return userNotice;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public SignaturePolicyStore getSignaturePolicyStore() {
        Attribute attribute = CMSUtils.getUnsignedAttributes(this.signerInformation).get(OID.id_aa_ets_sigPolicyStore);
        if (attribute == null || attribute.getAttrValues().size() <= 0) {
            return null;
        }
        SignaturePolicyStore signaturePolicyStore = new SignaturePolicyStore();
        SpDocSpecification spDocSpecification = new SpDocSpecification();
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(attribute.getAttrValues().getObjectAt(0));
        if (aSN1Sequence.size() != 2) {
            LOG.warn("Unable to extract a signature-policy-store. The element shall contain two attributes.");
            return null;
        }
        spDocSpecification.setId(aSN1Sequence.getObjectAt(0).toString());
        ASN1Encodable objectAt = aSN1Sequence.getObjectAt(1);
        if (objectAt instanceof ASN1OctetString) {
            signaturePolicyStore.setSignaturePolicyContent(new InMemoryDocument(ASN1OctetString.getInstance(objectAt).getOctets()));
        } else if (objectAt instanceof ASN1IA5String) {
            signaturePolicyStore.setSigPolDocLocalURI(ASN1IA5String.getInstance(objectAt).getString());
        } else {
            LOG.warn("Unable to extract a signature-policy-store spDocument. One of 'sigPolicyEncoded' or 'sigPolicyLocalURI' is expected!");
        }
        signaturePolicyStore.setSpDocSpecification(spDocSpecification);
        return signaturePolicyStore;
    }

    private boolean isZeroHash(byte[] bArr) {
        return isZeroHashEmpty(bArr) || doesZeroHashContainSigneZeroByte(bArr);
    }

    private boolean isZeroHashEmpty(byte[] bArr) {
        return bArr != null && bArr.length == 0;
    }

    private boolean doesZeroHashContainSigneZeroByte(byte[] bArr) {
        return bArr != null && bArr.length == 1 && (bArr[0] == 48 || bArr[0] == 0);
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public Date getSigningTime() {
        Attribute signedAttribute = CMSUtils.getSignedAttribute(this.signerInformation, PKCSObjectIdentifiers.pkcs_9_at_signingTime);
        if (signedAttribute == null) {
            return null;
        }
        return CMSUtils.readSigningDate(signedAttribute.getAttrValues().getObjectAt(0));
    }

    public CMSSignedData getCmsSignedData() {
        return this.cmsSignedData;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public SignatureProductionPlace getSignatureProductionPlace() {
        Attribute signedAttribute = CMSUtils.getSignedAttribute(this.signerInformation, PKCSObjectIdentifiers.id_aa_ets_signerLocation);
        if (signedAttribute == null) {
            return null;
        }
        SignerLocation signerLocation = null;
        try {
            signerLocation = SignerLocation.getInstance(signedAttribute.getAttrValues().getObjectAt(0));
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.warn("Unable to build a SignerLocation instance. Reason : {}", e.getMessage(), e);
            } else {
                LOG.warn("Unable to build a SignerLocation instance. Reason : {}", e.getMessage());
            }
        }
        if (signerLocation == null) {
            return null;
        }
        SignatureProductionPlace signatureProductionPlace = new SignatureProductionPlace();
        DirectoryString country = signerLocation.getCountry();
        if (country != null) {
            signatureProductionPlace.setCountryName(country.getString());
        }
        DirectoryString locality = signerLocation.getLocality();
        if (locality != null) {
            signatureProductionPlace.setCity(locality.getString());
        }
        ASN1Sequence postalAddress = signerLocation.getPostalAddress();
        if (postalAddress != null) {
            for (int i = 0; i < postalAddress.size(); i++) {
                String directoryStringValue = DSSASN1Utils.getDirectoryStringValue(postalAddress.getObjectAt(i));
                if (Utils.isStringNotEmpty(directoryStringValue)) {
                    signatureProductionPlace.getPostalAddress().add(directoryStringValue);
                }
            }
        }
        return signatureProductionPlace;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public List<CommitmentTypeIndication> getCommitmentTypeIndications() {
        Attribute signedAttribute = CMSUtils.getSignedAttribute(this.signerInformation, PKCSObjectIdentifiers.id_aa_ets_commitmentType);
        if (signedAttribute == null) {
            return Collections.emptyList();
        }
        try {
            ArrayList arrayList = null;
            ASN1Set attrValues = signedAttribute.getAttrValues();
            int size = attrValues.size();
            if (size > 0) {
                arrayList = new ArrayList();
                for (int i = 0; i < size; i++) {
                    if (attrValues.getObjectAt(i) instanceof ASN1Sequence) {
                        arrayList.add(new CommitmentTypeIndication(org.bouncycastle.asn1.esf.CommitmentTypeIndication.getInstance((ASN1Sequence) attrValues.getObjectAt(i)).getCommitmentTypeId().getId()));
                    } else {
                        LOG.warn("Unsupported type for CommitmentType : {}", attrValues.getObjectAt(i).getClass());
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            LOG.warn("An error while extracting CommitmentTypeIndication. Reason : {}", e.getMessage(), e);
            return Collections.emptyList();
        }
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public List<SignerRole> getSignedAssertions() {
        ArrayList arrayList = new ArrayList();
        SignerAttributeV2 signerAttributeV2 = getSignerAttributeV2();
        if (signerAttributeV2 != null) {
            for (Object obj : signerAttributeV2.getValues()) {
                if (obj instanceof SignedAssertions) {
                    Iterator<SignedAssertion> it = ((SignedAssertions) obj).getAssertions().iterator();
                    while (it.hasNext()) {
                        arrayList.add(new SignerRole(it.next().toString(), EndorsementType.SIGNED));
                    }
                }
            }
        }
        return arrayList;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public List<SignerRole> getClaimedSignerRoles() {
        SignerAttribute signerAttributeV1 = getSignerAttributeV1();
        SignerAttributeV2 signerAttributeV2 = getSignerAttributeV2();
        Object[] objArr = null;
        try {
            if (signerAttributeV1 != null) {
                objArr = signerAttributeV1.getValues();
            } else if (signerAttributeV2 != null) {
                objArr = signerAttributeV2.getValues();
            }
            if (objArr == null) {
                return Collections.emptyList();
            }
            ArrayList arrayList = new ArrayList();
            for (Object obj : objArr) {
                if (obj instanceof org.bouncycastle.asn1.x509.Attribute[]) {
                    for (org.bouncycastle.asn1.x509.Attribute attribute : (org.bouncycastle.asn1.x509.Attribute[]) obj) {
                        arrayList.addAll(getClaimedSignerRoles(attribute));
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            LOG.warn("Error when dealing with claimed signer roles : {}", (Object) null, e);
            return Collections.emptyList();
        }
    }

    private List<SignerRole> getClaimedSignerRoles(org.bouncycastle.asn1.x509.Attribute attribute) {
        ArrayList arrayList = new ArrayList();
        for (ASN1Encodable aSN1Encodable : attribute.getAttrValues().toArray()) {
            if (aSN1Encodable instanceof ASN1String) {
                arrayList.add(new SignerRole(((ASN1String) aSN1Encodable).getString(), EndorsementType.CLAIMED));
            }
        }
        return arrayList;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public List<SignerRole> getCertifiedSignerRoles() {
        SignerAttribute signerAttributeV1 = getSignerAttributeV1();
        SignerAttributeV2 signerAttributeV2 = getSignerAttributeV2();
        Object[] objArr = null;
        try {
            if (signerAttributeV1 != null) {
                objArr = signerAttributeV1.getValues();
            } else if (signerAttributeV2 != null) {
                objArr = signerAttributeV2.getValues();
            }
            if (objArr == null) {
                return Collections.emptyList();
            }
            ArrayList arrayList = new ArrayList();
            for (Object obj : objArr) {
                if (obj instanceof AttributeCertificate) {
                    arrayList.addAll(getCertifiedSignerRoles((AttributeCertificate) obj));
                }
            }
            return arrayList;
        } catch (Exception e) {
            LOG.warn("Error when dealing with certified signer roles : {}", (Object) null, e);
            return Collections.emptyList();
        }
    }

    private List<SignerRole> getCertifiedSignerRoles(AttributeCertificate attributeCertificate) {
        ArrayList arrayList = new ArrayList();
        AttributeCertificateInfo acinfo = attributeCertificate.getAcinfo();
        AttCertValidityPeriod attrCertValidityPeriod = acinfo.getAttrCertValidityPeriod();
        ASN1Sequence attributes = acinfo.getAttributes();
        for (int i = 0; i < attributes.size(); i++) {
            ASN1Encodable objectAt = org.bouncycastle.asn1.x509.Attribute.getInstance(attributes.getObjectAt(i)).getAttrValues().getObjectAt(0);
            if (objectAt instanceof ASN1Sequence) {
                SignerRole signerRole = new SignerRole(RoleSyntax.getInstance((ASN1Sequence) objectAt).getRoleNameAsString(), EndorsementType.CERTIFIED);
                signerRole.setNotBefore(DSSASN1Utils.toDate(attrCertValidityPeriod.getNotBeforeTime()));
                signerRole.setNotAfter(DSSASN1Utils.toDate(attrCertValidityPeriod.getNotAfterTime()));
                arrayList.add(signerRole);
            } else {
                LOG.warn("Unsupported type for RoleSyntax : {}", objectAt == null ? null : objectAt.getClass().getSimpleName());
            }
        }
        return arrayList;
    }

    private SignerAttribute getSignerAttributeV1() {
        Attribute signedAttribute = CMSUtils.getSignedAttribute(this.signerInformation, PKCSObjectIdentifiers.id_aa_ets_signerAttr);
        if (signedAttribute == null) {
            return null;
        }
        ASN1Encodable objectAt = signedAttribute.getAttrValues().getObjectAt(0);
        try {
            return SignerAttribute.getInstance(objectAt);
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.warn("Unable to parse signerAttr - [{}]. Reason : {}", Utils.toBase64(DSSASN1Utils.getDEREncoded(objectAt)), e.getMessage(), e);
                return null;
            }
            LOG.warn("Unable to parse signerAttr - [{}]. Reason : {}", Utils.toBase64(DSSASN1Utils.getDEREncoded(objectAt)), e.getMessage());
            return null;
        }
    }

    private SignerAttributeV2 getSignerAttributeV2() {
        Attribute signedAttribute = CMSUtils.getSignedAttribute(this.signerInformation, OID.id_aa_ets_signerAttrV2);
        if (signedAttribute == null) {
            return null;
        }
        ASN1Encodable objectAt = signedAttribute.getAttrValues().getObjectAt(0);
        try {
            return SignerAttributeV2.getInstance(objectAt);
        } catch (Exception e) {
            LOG.warn("Unable to parse signerAttrV2 : {}", Utils.toBase64(DSSASN1Utils.getDEREncoded(objectAt)), e);
            return null;
        }
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public EncryptionAlgorithm getEncryptionAlgorithm() {
        String encryptionAlgOID = this.signerInformation.getEncryptionAlgOID();
        try {
            return EncryptionAlgorithm.forOID(encryptionAlgOID);
        } catch (IllegalArgumentException e) {
            try {
                return SignatureAlgorithm.forOID(encryptionAlgOID).getEncryptionAlgorithm();
            } catch (IllegalArgumentException e2) {
                LOG.error("Unable to identify encryption algorithm for OID '{}'. Reason : {}", encryptionAlgOID, e2.getMessage());
                return null;
            }
        }
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public DigestAlgorithm getDigestAlgorithm() {
        SignatureAlgorithm encryptedDigestAlgo = getEncryptedDigestAlgo();
        if (encryptedDigestAlgo != null) {
            return SignatureAlgorithm.RSA_SSA_PSS_SHA1_MGF1.equals(encryptedDigestAlgo) ? getPSSHashAlgorithm() : encryptedDigestAlgo.getDigestAlgorithm();
        }
        String digestAlgOID = this.signerInformation.getDigestAlgOID();
        try {
            return DigestAlgorithm.forOID(digestAlgOID);
        } catch (IllegalArgumentException e) {
            LOG.error("Unable to identify DigestAlgorithm for OID '{}'. Reason : {}", digestAlgOID, e.getMessage());
            return null;
        }
    }

    private SignatureAlgorithm getEncryptedDigestAlgo() {
        try {
            return SignatureAlgorithm.forOID(this.signerInformation.getEncryptionAlgOID());
        } catch (RuntimeException e) {
            return null;
        }
    }

    private DigestAlgorithm getPSSHashAlgorithm() {
        try {
            byte[] encryptionAlgParams = this.signerInformation.getEncryptionAlgParams();
            if (!Utils.isArrayNotEmpty(encryptionAlgParams) || Arrays.equals(DERNull.INSTANCE.getEncoded(), encryptionAlgParams)) {
                return null;
            }
            return DigestAlgorithm.forOID(RSASSAPSSparams.getInstance(encryptionAlgParams).getHashAlgorithm().getAlgorithm().getId());
        } catch (IOException e) {
            LOG.error("Unable to analyze EncryptionAlgParams", (Throwable) e);
            return null;
        }
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public MaskGenerationFunction getMaskGenerationFunction() {
        try {
            if (SignatureAlgorithm.RSA_SSA_PSS_SHA1_MGF1.equals(getEncryptedDigestAlgo())) {
                byte[] encryptionAlgParams = this.signerInformation.getEncryptionAlgParams();
                if (Utils.isArrayNotEmpty(encryptionAlgParams) && !Arrays.equals(DERNull.INSTANCE.getEncoded(), encryptionAlgParams)) {
                    AlgorithmIdentifier maskGenAlgorithm = RSASSAPSSparams.getInstance(encryptionAlgParams).getMaskGenAlgorithm();
                    if (PKCSObjectIdentifiers.id_mgf1.equals((ASN1Primitive) maskGenAlgorithm.getAlgorithm())) {
                        return MaskGenerationFunction.MGF1;
                    }
                    LOG.warn("Unsupported mask algorithm : {}", maskGenAlgorithm.getAlgorithm());
                }
            }
            return null;
        } catch (IOException e) {
            LOG.warn("Unable to analyze EncryptionAlgParams", (Throwable) e);
            return null;
        }
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public SignatureAlgorithm getSignatureAlgorithm() {
        return SignatureAlgorithm.getAlgorithm(getEncryptionAlgorithm(), getDigestAlgorithm(), getMaskGenerationFunction());
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public void checkSignatureIntegrity() {
        SignerInformation signerInformation;
        if (this.signatureCryptographicVerification != null) {
            return;
        }
        this.signatureCryptographicVerification = new SignatureCryptographicVerification();
        try {
            if (!CMSUtils.isDetachedSignature(this.cmsSignedData) || isCounterSignature()) {
                signerInformation = this.signerInformation;
            } else {
                if (Utils.isCollectionEmpty(this.detachedContents)) {
                    this.signatureCryptographicVerification.setErrorMessage("Detached file not found!");
                    getReferenceValidations(null);
                    return;
                }
                signerInformation = recreateSignerInformation();
            }
            CandidatesForSigningCertificate candidatesForSigningCertificate = getCandidatesForSigningCertificate();
            CAdESSignatureIntegrityValidator cAdESSignatureIntegrityValidator = new CAdESSignatureIntegrityValidator(signerInformation);
            CertificateValidity validate = cAdESSignatureIntegrityValidator.validate(candidatesForSigningCertificate);
            if (validate != null) {
                candidatesForSigningCertificate.setTheCertificateValidity(validate);
            }
            this.signatureCryptographicVerification.setErrorMessages(cAdESSignatureIntegrityValidator.getErrorMessages());
            this.signatureCryptographicVerification.setSignatureIntact(validate != null);
            boolean z = true;
            boolean z2 = true;
            for (ReferenceValidation referenceValidation : getReferenceValidations(signerInformation)) {
                z = z && referenceValidation.isFound();
                z2 = z2 && referenceValidation.isIntact();
            }
            this.signatureCryptographicVerification.setReferenceDataFound(z);
            this.signatureCryptographicVerification.setReferenceDataIntact(z2);
        } catch (IOException | CMSException e) {
            LOG.error(e.getMessage(), (Throwable) e);
            this.signatureCryptographicVerification.setErrorMessage(e.getMessage());
        }
        LOG.debug(" - RESULT: {}", this.signatureCryptographicVerification);
    }

    public List<ReferenceValidation> getReferenceValidations(SignerInformation signerInformation) {
        ReferenceValidation contentReferenceValidation;
        if (this.referenceValidations == null) {
            this.referenceValidations = new ArrayList();
            DSSDocument dSSDocument = null;
            try {
                dSSDocument = getSignerDocumentContent();
            } catch (DSSException e) {
                LOG.warn("Original document not found");
            }
            byte[] messageDigestValue = getMessageDigestValue();
            if (messageDigestValue != null) {
                contentReferenceValidation = getMessageDigestReferenceValidation(dSSDocument, messageDigestValue);
            } else {
                LOG.warn("message-digest is not present in SignedData! Extracting digests from content SignatureValue...");
                contentReferenceValidation = getContentReferenceValidation(dSSDocument, signerInformation);
            }
            this.referenceValidations.add(contentReferenceValidation);
        }
        return this.referenceValidations;
    }

    protected DSSDocument getSignerDocumentContent() {
        return getOriginalDocument();
    }

    private boolean verifyDigestAlgorithm(DSSDocument dSSDocument, Set<DigestAlgorithm> set, Digest digest) {
        if (!Utils.isCollectionNotEmpty(set)) {
            LOG.warn("Message DigestAlgorithms not found in SignedData! Reference validation is not possible.");
            return false;
        }
        for (DigestAlgorithm digestAlgorithm : set) {
            if (Arrays.equals(digest.getValue(), Utils.fromBase64(dSSDocument.getDigest(digestAlgorithm)))) {
                digest.setAlgorithm(digestAlgorithm);
                return true;
            }
        }
        return false;
    }

    private List<ReferenceValidation> getManifestEntryValidation() {
        ArrayList arrayList = new ArrayList();
        if (this.manifestFile == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("No related manifest file found for a signature with name [{}]", getSignatureFilename());
            }
            return arrayList;
        }
        for (ManifestEntry manifestEntry : this.manifestFile.getEntries()) {
            ReferenceValidation referenceValidation = new ReferenceValidation();
            referenceValidation.setType(DigestMatcherType.MANIFEST_ENTRY);
            referenceValidation.setName(manifestEntry.getFileName());
            referenceValidation.setDigest(manifestEntry.getDigest());
            referenceValidation.setFound(manifestEntry.isFound());
            referenceValidation.setIntact(manifestEntry.isIntact());
            arrayList.add(referenceValidation);
        }
        return arrayList;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public List<ReferenceValidation> getReferenceValidations() {
        checkSignatureIntegrity();
        return this.referenceValidations;
    }

    private ReferenceValidation getMessageDigestReferenceValidation(DSSDocument dSSDocument, byte[] bArr) {
        ReferenceValidation referenceValidation = new ReferenceValidation();
        referenceValidation.setType(DigestMatcherType.MESSAGE_DIGEST);
        Digest digest = new Digest();
        digest.setValue(bArr);
        referenceValidation.setDigest(digest);
        HashSet hashSet = new HashSet();
        DigestAlgorithm digestAlgorithm = getDigestAlgorithm();
        if (digestAlgorithm != null) {
            hashSet.add(digestAlgorithm);
        }
        hashSet.addAll(getMessageDigestAlgorithms());
        if (Utils.collectionSize(hashSet) == 1) {
            digest.setAlgorithm(hashSet.iterator().next());
        }
        if (dSSDocument != null) {
            referenceValidation.setFound(true);
            referenceValidation.setIntact(verifyDigestAlgorithm(dSSDocument, hashSet, digest));
            if (this.manifestFile != null && Utils.toBase64(digest.getValue()).equals(this.manifestFile.getDigestBase64String(digest.getAlgorithm()))) {
                referenceValidation.setName(this.manifestFile.getFilename());
                referenceValidation.getDependentValidations().addAll(getManifestEntryValidation());
            }
        } else {
            LOG.warn("The original document is not found or cannot be extracted. Reference validation is not possible.");
        }
        return referenceValidation;
    }

    private ReferenceValidation getContentReferenceValidation(DSSDocument dSSDocument, SignerInformation signerInformation) {
        ReferenceValidation referenceValidation = new ReferenceValidation();
        referenceValidation.setType(DigestMatcherType.CONTENT_DIGEST);
        if (signerInformation != null) {
            DigestAlgorithm digestAlgorithmForOID = getDigestAlgorithmForOID(signerInformation.getDigestAlgOID());
            if (dSSDocument != null && digestAlgorithmForOID != null) {
                byte[] contentDigest = signerInformation.getContentDigest();
                if (Utils.isArrayNotEmpty(contentDigest)) {
                    referenceValidation.setFound(true);
                    referenceValidation.setDigest(new Digest(digestAlgorithmForOID, contentDigest));
                    if (Arrays.equals(contentDigest, Utils.fromBase64(dSSDocument.getDigest(digestAlgorithmForOID)))) {
                        referenceValidation.setIntact(true);
                    }
                }
            }
        }
        return referenceValidation;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public SignatureDigestReference getSignatureDigestReference(DigestAlgorithm digestAlgorithm) {
        return new SignatureDigestReference(new Digest(digestAlgorithm, DSSUtils.digest(digestAlgorithm, DSSASN1Utils.getDEREncoded(this.signerInformation.toASN1Structure()))));
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public Digest getDataToBeSignedRepresentation() {
        ReferenceValidation next = getReferenceValidations().iterator().next();
        switch (next.getType()) {
            case MESSAGE_DIGEST:
                DigestAlgorithm digestAlgorithm = getDigestAlgorithm();
                if (digestAlgorithm != null) {
                    return new Digest(digestAlgorithm, DSSUtils.digest(digestAlgorithm, DSSASN1Utils.getDEREncoded(CMSUtils.getSignedAttributes(this.signerInformation).toASN1Structure())));
                }
                return null;
            case CONTENT_DIGEST:
                return next.getDigest();
            default:
                throw new DSSException(String.format("The found referenceValidation type '%s' is not supported! Unable to compute DTBSR.", next.getType()));
        }
    }

    private SignerInformation recreateSignerInformation() throws CMSException, IOException {
        CMSSignedDataParser cMSSignedDataParser;
        DSSDocument dSSDocument = this.detachedContents.get(0);
        if (dSSDocument instanceof DigestDocument) {
            cMSSignedDataParser = new CMSSignedDataParser(new PrecomputedDigestCalculatorProvider((DigestDocument) dSSDocument), this.cmsSignedData.getEncoded());
        } else {
            InputStream openStream = dSSDocument.openStream();
            try {
                cMSSignedDataParser = new CMSSignedDataParser(new BcDigestCalculatorProvider(), new CMSTypedStream(openStream), this.cmsSignedData.getEncoded());
                cMSSignedDataParser.getSignedContent().drain();
                if (openStream != null) {
                    openStream.close();
                }
            } catch (Throwable th) {
                if (openStream != null) {
                    try {
                        openStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        return cMSSignedDataParser.getSignerInfos().get(getSignerId());
    }

    public Set<DigestAlgorithm> getMessageDigestAlgorithms() {
        HashSet hashSet = new HashSet();
        Iterator<AlgorithmIdentifier> it = this.cmsSignedData.getDigestAlgorithmIDs().iterator();
        while (it.hasNext()) {
            DigestAlgorithm digestAlgorithmForOID = getDigestAlgorithmForOID(it.next().getAlgorithm().getId());
            if (digestAlgorithmForOID != null) {
                hashSet.add(digestAlgorithmForOID);
            }
        }
        return hashSet;
    }

    private DigestAlgorithm getDigestAlgorithmForOID(String str) {
        try {
            return DigestAlgorithm.forOID(str);
        } catch (IllegalArgumentException e) {
            LOG.warn("Not a digest algorithm {} : {}", str, e.getMessage());
            return null;
        }
    }

    public byte[] getMessageDigestValue() {
        Attribute signedAttribute = CMSUtils.getSignedAttribute(this.signerInformation, PKCSObjectIdentifiers.pkcs_9_at_messageDigest);
        if (signedAttribute == null) {
            return null;
        }
        return ((ASN1OctetString) signedAttribute.getAttrValues().getObjectAt(0)).getOctets();
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public String getContentType() {
        Attribute signedAttribute = CMSUtils.getSignedAttribute(this.signerInformation, PKCSObjectIdentifiers.pkcs_9_at_contentType);
        if (signedAttribute == null) {
            return null;
        }
        return ((ASN1ObjectIdentifier) signedAttribute.getAttrValues().getObjectAt(0)).getId();
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public String getMimeType() {
        Attribute signedAttribute = CMSUtils.getSignedAttribute(this.signerInformation, OID.id_aa_ets_mimeType);
        if (signedAttribute == null) {
            return null;
        }
        return DSSASN1Utils.getString(signedAttribute.getAttrValues().getObjectAt(0));
    }

    public String getContentIdentifier() {
        Attribute signedAttribute = CMSUtils.getSignedAttribute(this.signerInformation, PKCSObjectIdentifiers.id_aa_contentIdentifier);
        if (signedAttribute == null) {
            return null;
        }
        return DSSASN1Utils.toString(ContentIdentifier.getInstance(signedAttribute.getAttrValues().getObjectAt(0)).getValue());
    }

    public String getContentHints() {
        Attribute signedAttribute = CMSUtils.getSignedAttribute(this.signerInformation, PKCSObjectIdentifiers.id_aa_contentHint);
        if (signedAttribute == null) {
            return null;
        }
        ASN1Encodable objectAt = signedAttribute.getAttrValues().getObjectAt(0);
        String str = null;
        try {
            ContentHints contentHints = ContentHints.getInstance(objectAt);
            if (contentHints != null) {
                str = contentHints.getContentType().toString();
                if (contentHints.getContentDescriptionUTF8() != null) {
                    str = str + " [" + contentHints.getContentDescriptionUTF8().toString() + "]";
                }
            }
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.warn("Unable to parse ContentHints - [{}]. Reason : {}", Utils.toBase64(DSSASN1Utils.getDEREncoded(objectAt)), e.getMessage(), e);
            } else {
                LOG.warn("Unable to parse ContentHints - [{}]. Reason : {}", Utils.toBase64(DSSASN1Utils.getDEREncoded(objectAt)), e.getMessage());
            }
        }
        return str;
    }

    public SignerInformation getSignerInformation() {
        return this.signerInformation;
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public byte[] getSignatureValue() {
        return this.signerInformation.getSignature();
    }

    @Override // eu.europa.esig.dss.validation.DefaultAdvancedSignature, eu.europa.esig.dss.validation.AdvancedSignature
    public boolean isCounterSignature() {
        return this.signerInformation.isCounterSignature();
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public List<AdvancedSignature> getCounterSignatures() {
        if (this.counterSignatures != null) {
            return this.counterSignatures;
        }
        this.counterSignatures = new ArrayList();
        Iterator<SignerInformation> it = getCounterSignatureStore().iterator();
        while (it.hasNext()) {
            CAdESSignature cAdESSignature = new CAdESSignature(this.cmsSignedData, it.next());
            cAdESSignature.setSignatureFilename(getSignatureFilename());
            cAdESSignature.setMasterSignature(this);
            this.counterSignatures.add(cAdESSignature);
        }
        return this.counterSignatures;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SignerInformationStore getCounterSignatureStore() {
        if (this.counterSignaturesStore == null) {
            this.counterSignaturesStore = this.signerInformation.getCounterSignatures();
        }
        return this.counterSignaturesStore;
    }

    public DSSDocument getOriginalDocument() {
        return isCounterSignature() ? new InMemoryDocument(getMasterSignature().getSignatureValue()) : CMSUtils.getOriginalDocument(this.cmsSignedData, this.detachedContents);
    }

    @Override // eu.europa.esig.dss.validation.DefaultAdvancedSignature
    protected SignatureIdentifierBuilder getSignatureIdentifierBuilder() {
        return new CAdESSignatureIdentifierBuilder(this);
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public String getDAIdentifier() {
        return null;
    }

    public Set<SignerIdentifier> getSignerInformationStoreInfos() {
        return getCertificateSource().getAllCertificateIdentifiers();
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public void addExternalTimestamp(TimestampToken timestampToken) {
        if (!timestampToken.isProcessed()) {
            throw new DSSException("Timestamp token must be validated first !");
        }
        getTimestampSource().addExternalTimestamp(timestampToken);
    }

    @Override // eu.europa.esig.dss.validation.AdvancedSignature
    public SignatureLevel getDataFoundUpToLevel() {
        if (!hasBESProfile()) {
            return SignatureLevel.CMS_NOT_ETSI;
        }
        boolean hasBProfile = hasBProfile();
        if (!hasExtendedTProfile()) {
            return hasBProfile ? SignatureLevel.CAdES_BASELINE_B : hasEPESProfile() ? SignatureLevel.CAdES_EPES : SignatureLevel.CAdES_BES;
        }
        boolean z = hasBProfile && hasTProfile();
        if (z && hasLTProfile()) {
            return hasLTAProfile() ? SignatureLevel.CAdES_BASELINE_LTA : SignatureLevel.CAdES_BASELINE_LT;
        }
        if (!hasCProfile()) {
            return hasXLProfile() ? hasAProfile() ? SignatureLevel.CAdES_A : SignatureLevel.CAdES_LT : z ? SignatureLevel.CAdES_BASELINE_T : SignatureLevel.CAdES_T;
        }
        if (hasXLProfile()) {
            if (hasAProfile()) {
                return SignatureLevel.CAdES_A;
            }
            if (hasXProfile()) {
                return SignatureLevel.CAdES_XL;
            }
        }
        return hasXProfile() ? SignatureLevel.CAdES_X : SignatureLevel.CAdES_C;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.validation.DefaultAdvancedSignature
    public CAdESBaselineRequirementsChecker getBaselineRequirementsChecker() {
        return (CAdESBaselineRequirementsChecker) super.getBaselineRequirementsChecker();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.europa.esig.dss.validation.DefaultAdvancedSignature
    public CAdESBaselineRequirementsChecker createBaselineRequirementsChecker() {
        return new CAdESBaselineRequirementsChecker(this, this.offlineCertificateVerifier);
    }

    public boolean hasBESProfile() {
        return getBaselineRequirementsChecker().hasExtendedBESProfile();
    }

    public boolean hasEPESProfile() {
        return getBaselineRequirementsChecker().hasExtendedEPESProfile();
    }

    public boolean hasExtendedTProfile() {
        return getBaselineRequirementsChecker().hasExtendedTProfile();
    }

    public boolean hasCProfile() {
        return getBaselineRequirementsChecker().hasExtendedCProfile();
    }

    public boolean hasXProfile() {
        return getBaselineRequirementsChecker().hasExtendedXProfile();
    }

    public boolean hasXLProfile() {
        return getBaselineRequirementsChecker().hasExtendedXLProfile();
    }

    public boolean hasAProfile() {
        return getBaselineRequirementsChecker().hasExtendedAProfile();
    }
}
