package eu.europa.esig.dss.cades.validation.timestamp;

import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.cades.signature.CadesLevelBaselineLTATimestampExtractor;
import eu.europa.esig.dss.cades.validation.CAdESSignature;
import eu.europa.esig.dss.enumerations.ArchiveTimestampType;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.InMemoryDocument;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.OID;
import eu.europa.esig.dss.spi.x509.ListCertificateSource;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.timestamp.TimestampDataBuilder;
import eu.europa.esig.dss.validation.timestamp.TimestampToken;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.List;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BEROctetString;
import org.bouncycastle.asn1.BERSequence;
import org.bouncycastle.asn1.BERSet;
import org.bouncycastle.asn1.BERTaggedObject;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/cades/validation/timestamp/CAdESTimestampDataBuilder.class */
public class CAdESTimestampDataBuilder implements TimestampDataBuilder {
    private static final Logger LOG = LoggerFactory.getLogger(CAdESTimestampDataBuilder.class);
    private static final String MESSAGE_IMPRINT_ERROR = "Unable to compute message-imprint for TimestampToken with Id '{}'. Reason : {}";
    private final CMSSignedData cmsSignedData;
    private final SignerInformation signerInformation;
    private final List<DSSDocument> detachedDocuments;
    private final CadesLevelBaselineLTATimestampExtractor timestampExtractor;

    /* renamed from: eu.europa.esig.dss.cades.validation.timestamp.CAdESTimestampDataBuilder$1, reason: invalid class name */
    /* loaded from: input_file:eu/europa/esig/dss/cades/validation/timestamp/CAdESTimestampDataBuilder$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$eu$europa$esig$dss$enumerations$ArchiveTimestampType = new int[ArchiveTimestampType.values().length];

        static {
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$ArchiveTimestampType[ArchiveTimestampType.CAdES_V2.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$ArchiveTimestampType[ArchiveTimestampType.CAdES_V3.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public CAdESTimestampDataBuilder(CAdESSignature cAdESSignature, ListCertificateSource listCertificateSource) {
        this.cmsSignedData = cAdESSignature.getCmsSignedData();
        this.signerInformation = cAdESSignature.getSignerInformation();
        this.detachedDocuments = cAdESSignature.getDetachedContents();
        this.timestampExtractor = new CadesLevelBaselineLTATimestampExtractor(this.cmsSignedData, listCertificateSource.getAllCertificateTokens());
    }

    public DSSDocument getContentTimestampData(TimestampToken timestampToken) {
        return getOriginalDocument();
    }

    public DSSDocument getSignatureTimestampData(TimestampToken timestampToken) {
        return new InMemoryDocument(this.signerInformation.getSignature());
    }

    public DSSDocument getTimestampX1Data(TimestampToken timestampToken) {
        try {
            return new InMemoryDocument(getTimestampX1DataBytes());
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.warn(MESSAGE_IMPRINT_ERROR, new Object[]{timestampToken.getDSSIdAsString(), e.getMessage(), e});
                return null;
            }
            LOG.warn(MESSAGE_IMPRINT_ERROR, timestampToken.getDSSIdAsString(), e.getMessage());
            return null;
        }
    }

    protected byte[] getTimestampX1DataBytes() {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                byteArrayOutputStream.write(this.signerInformation.getSignature());
                Attribute unsignedAttribute = CMSUtils.getUnsignedAttribute(this.signerInformation, PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
                if (unsignedAttribute != null) {
                    byteArrayOutputStream.write(DSSASN1Utils.getDEREncoded(unsignedAttribute.getAttrType()));
                    byteArrayOutputStream.write(DSSASN1Utils.getDEREncoded(unsignedAttribute.getAttrValues()));
                }
                byteArrayOutputStream.write(getTimestampX2DataBytes());
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                return byteArray;
            } finally {
            }
        } catch (IOException e) {
            throw new DSSException(String.format("An error occurred while generating message-imprint for escTimeStamp token. Reason : %s", e.getMessage()), e);
        }
    }

    public DSSDocument getTimestampX2Data(TimestampToken timestampToken) {
        try {
            return new InMemoryDocument(getTimestampX2DataBytes());
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.warn(MESSAGE_IMPRINT_ERROR, new Object[]{timestampToken.getDSSIdAsString(), e.getMessage(), e});
                return null;
            }
            LOG.warn(MESSAGE_IMPRINT_ERROR, timestampToken.getDSSIdAsString(), e.getMessage());
            return null;
        }
    }

    protected byte[] getTimestampX2DataBytes() {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                Attribute unsignedAttribute = CMSUtils.getUnsignedAttribute(this.signerInformation, PKCSObjectIdentifiers.id_aa_ets_certificateRefs);
                Attribute unsignedAttribute2 = CMSUtils.getUnsignedAttribute(this.signerInformation, PKCSObjectIdentifiers.id_aa_ets_revocationRefs);
                if (unsignedAttribute != null) {
                    byteArrayOutputStream.write(DSSASN1Utils.getDEREncoded(unsignedAttribute.getAttrType()));
                    byteArrayOutputStream.write(DSSASN1Utils.getDEREncoded(unsignedAttribute.getAttrValues()));
                }
                if (unsignedAttribute2 != null) {
                    byteArrayOutputStream.write(DSSASN1Utils.getDEREncoded(unsignedAttribute2.getAttrType()));
                    byteArrayOutputStream.write(DSSASN1Utils.getDEREncoded(unsignedAttribute2.getAttrValues()));
                }
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                return byteArray;
            } finally {
            }
        } catch (IOException e) {
            throw new DSSException(String.format("An error occurred while generating message-imprint for certCRLTimestamp token. Reason : %s", e.getMessage()), e);
        }
    }

    public DSSDocument getArchiveTimestampData(TimestampToken timestampToken) throws DSSException {
        DSSDocument archiveTimestampDataV3;
        ArchiveTimestampType archiveTimestampType = timestampToken.getArchiveTimestampType();
        switch (AnonymousClass1.$SwitchMap$eu$europa$esig$dss$enumerations$ArchiveTimestampType[archiveTimestampType.ordinal()]) {
            case 1:
                archiveTimestampDataV3 = getArchiveTimestampDataV2(timestampToken, true);
                if (!timestampToken.matchData(archiveTimestampDataV3, true)) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Unable to match message imprint for an Archive TimestampToken V2 with Id '{}' by including unsigned attribute tags and length, try to compute the data without...", timestampToken.getDSSIdAsString());
                    }
                    archiveTimestampDataV3 = getArchiveTimestampDataV2(timestampToken, false);
                    break;
                }
                break;
            case 2:
                archiveTimestampDataV3 = getArchiveTimestampDataV3(timestampToken);
                break;
            default:
                throw new DSSException("Unsupported ArchiveTimestampType " + archiveTimestampType);
        }
        return archiveTimestampDataV3;
    }

    private DSSDocument getArchiveTimestampDataV3(TimestampToken timestampToken) throws DSSException {
        Attribute verifiedAtsHashIndex = this.timestampExtractor.getVerifiedAtsHashIndex(this.signerInformation, timestampToken);
        byte[] originalDocumentDigest = getOriginalDocumentDigest(timestampToken.getMessageImprint().getAlgorithm());
        if (originalDocumentDigest != null) {
            return new InMemoryDocument(this.timestampExtractor.getArchiveTimestampV3MessageImprint(this.signerInformation, verifiedAtsHashIndex, originalDocumentDigest));
        }
        LOG.error("The original document is not found for TimestampToken with Id '{}'! Unable to compute message imprint.", timestampToken.getDSSIdAsString());
        return null;
    }

    private byte[] getOriginalDocumentDigest(DigestAlgorithm digestAlgorithm) {
        DSSDocument originalDocument = getOriginalDocument();
        if (originalDocument != null) {
            return Utils.fromBase64(originalDocument.getDigest(digestAlgorithm));
        }
        return null;
    }

    private DSSDocument getArchiveTimestampDataV2(TimestampToken timestampToken, boolean z) throws DSSException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                SignedData signedData = SignedData.getInstance(this.cmsSignedData.toASN1Structure().getContent());
                byteArrayOutputStream.write(getContentInfoBytes(signedData));
                if (CMSUtils.isDetachedSignature(this.cmsSignedData)) {
                    byte[] originalDocumentBinaries = getOriginalDocumentBinaries();
                    if (originalDocumentBinaries == null) {
                        LOG.warn("The detached content is not provided for a TimestampToken with Id '{}'. Not possible to compute message imprint!", timestampToken.getDSSIdAsString());
                        byteArrayOutputStream.close();
                        return null;
                    }
                    byteArrayOutputStream.write(originalDocumentBinaries);
                }
                byte[] certificateDataBytes = getCertificateDataBytes(signedData);
                if (Utils.isArrayNotEmpty(certificateDataBytes)) {
                    byteArrayOutputStream.write(certificateDataBytes);
                }
                byte[] cRLDataBytes = getCRLDataBytes(signedData);
                if (Utils.isArrayNotEmpty(cRLDataBytes)) {
                    byteArrayOutputStream.write(cRLDataBytes);
                }
                byteArrayOutputStream.write(getSignerInfoBytes(timestampToken, z, this.signerInformation.toASN1Structure()));
                InMemoryDocument inMemoryDocument = new InMemoryDocument(byteArrayOutputStream.toByteArray());
                byteArrayOutputStream.close();
                return inMemoryDocument;
            } catch (Throwable th) {
                try {
                    byteArrayOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException e) {
            throw new DSSException(String.format("An error occurred while generating message-imprint for archive-time-stamp-v3 token. Reason : %s", e.getMessage()), e);
        } catch (Exception e2) {
            LOG.error("An error in computing of message-imprint for a TimestampToken with Id : {}. Reason : {}", new Object[]{timestampToken.getDSSIdAsString(), e2.getMessage(), e2});
            return null;
        }
    }

    private byte[] getContentInfoBytes(SignedData signedData) {
        ContentInfo encapContentInfo = signedData.getEncapContentInfo();
        byte[] bEREncoded = encapContentInfo.getContent() instanceof BEROctetString ? DSSASN1Utils.getBEREncoded(encapContentInfo) : DSSASN1Utils.getDEREncoded(encapContentInfo);
        if (LOG.isTraceEnabled()) {
            LOG.trace("Content Info: {}", DSSUtils.toHex(bEREncoded));
        }
        return bEREncoded;
    }

    private byte[] getOriginalDocumentBinaries() {
        if (getOriginalDocument() != null) {
            return DSSUtils.toByteArray(getOriginalDocument());
        }
        return null;
    }

    private byte[] getCertificateDataBytes(SignedData signedData) throws IOException {
        byte[] bArr = null;
        ASN1Set certificates = signedData.getCertificates();
        if (certificates != null) {
            bArr = certificates instanceof BERSet ? new BERTaggedObject(false, 0, new BERSequence(certificates.toArray())).getEncoded() : new DERTaggedObject(false, 0, new DERSequence(certificates.toArray())).getEncoded();
            if (LOG.isTraceEnabled()) {
                LOG.trace("Certificates: {}", DSSUtils.toHex(bArr));
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Certificates are not present in the SignedData.");
        }
        return bArr;
    }

    private byte[] getCRLDataBytes(SignedData signedData) throws IOException {
        byte[] bArr = null;
        ASN1Set cRLs = signedData.getCRLs();
        if (cRLs != null) {
            bArr = signedData.getCRLs() instanceof BERSet ? new BERTaggedObject(false, 1, new BERSequence(cRLs.toArray())).getEncoded() : new DERTaggedObject(false, 1, new DERSequence(cRLs.toArray())).getEncoded();
            if (LOG.isTraceEnabled()) {
                LOG.trace("CRLs: {}", DSSUtils.toHex(bArr));
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("CRLs are not present in the SignedData.");
        }
        return bArr;
    }

    private byte[] getSignerInfoBytes(TimestampToken timestampToken, boolean z, SignerInfo signerInfo) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            ASN1Sequence signerInfoEncoded = getSignerInfoEncoded(signerInfo, filterUnauthenticatedAttributes(signerInfo.getUnauthenticatedAttributes(), timestampToken), z);
            for (int i = 0; i < signerInfoEncoded.size(); i++) {
                byteArrayOutputStream.write(DSSASN1Utils.getDEREncoded(signerInfoEncoded.getObjectAt(i).toASN1Primitive()));
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (LOG.isTraceEnabled()) {
                LOG.trace("SignerInfoBytes: {}", DSSUtils.toHex(byteArray));
            }
            byteArrayOutputStream.close();
            return byteArray;
        } catch (Throwable th) {
            try {
                byteArrayOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private ASN1Sequence filterUnauthenticatedAttributes(ASN1Set aSN1Set, TimestampToken timestampToken) {
        int i;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (0; i < aSN1Set.size(); i + 1) {
            Attribute attribute = Attribute.getInstance(aSN1Set.getObjectAt(i));
            ASN1ObjectIdentifier attrType = attribute.getAttrType();
            if (OID.id_aa_ets_archiveTimestampV2.equals(attrType) || OID.id_aa_ets_archiveTimestampV3.equals(attrType)) {
                try {
                    i = DSSASN1Utils.getTimeStampToken(attribute).getTimeStampInfo().getGenTime().before(timestampToken.getGenerationTime()) ? 0 : i + 1;
                } catch (Exception e) {
                    throw new DSSException(String.format("Unexpected error occurred on reading unsigned properties : %s", e.getMessage()), e);
                }
            }
            aSN1EncodableVector.add(aSN1Set.getObjectAt(i));
        }
        return new DERSequence(aSN1EncodableVector);
    }

    private ASN1Sequence getSignerInfoEncoded(SignerInfo signerInfo, ASN1Sequence aSN1Sequence, boolean z) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(signerInfo.getVersion());
        aSN1EncodableVector.add(signerInfo.getSID());
        aSN1EncodableVector.add(signerInfo.getDigestAlgorithm());
        DERTaggedObject dERSignedAttributes = CMSUtils.getDERSignedAttributes(this.signerInformation);
        if (dERSignedAttributes != null) {
            aSN1EncodableVector.add(dERSignedAttributes);
        }
        aSN1EncodableVector.add(signerInfo.getDigestEncryptionAlgorithm());
        aSN1EncodableVector.add(signerInfo.getEncryptedDigest());
        if (aSN1Sequence != null) {
            if (z) {
                aSN1EncodableVector.add(new DERTaggedObject(false, 1, aSN1Sequence));
            } else {
                for (int i = 0; i < aSN1Sequence.size(); i++) {
                    aSN1EncodableVector.add(aSN1Sequence.getObjectAt(i));
                }
            }
        }
        return new DERSequence(aSN1EncodableVector);
    }

    private DSSDocument getOriginalDocument() {
        try {
            return CMSUtils.getOriginalDocument(this.cmsSignedData, this.detachedDocuments);
        } catch (DSSException e) {
            LOG.error("Cannot extract original document! Reason : {}", e.getMessage());
            return null;
        }
    }
}
