package eu.europa.esig.dss.cades.validation;

import eu.europa.esig.dss.cades.CMSUtils;
import eu.europa.esig.dss.enumerations.ArchiveTimestampType;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureForm;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.spi.x509.CertificateRef;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.BaselineRequirementsChecker;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.timestamp.TimestampToken;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.util.Selector;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/cades/validation/CAdESBaselineRequirementsChecker.class */
public class CAdESBaselineRequirementsChecker extends BaselineRequirementsChecker<CAdESSignature> {
    private static final Logger LOG = LoggerFactory.getLogger(CAdESBaselineRequirementsChecker.class);

    public CAdESBaselineRequirementsChecker(CAdESSignature cAdESSignature, CertificateVerifier certificateVerifier) {
        super(cAdESSignature, certificateVerifier);
    }

    protected SignatureForm getBaselineSignatureForm() {
        return SignatureForm.CAdES;
    }

    protected boolean cmsBaselineBRequirements() {
        CMSSignedData cmsSignedData = ((CAdESSignature) this.signature).getCmsSignedData();
        SignerInformation signerInformation = ((CAdESSignature) this.signature).getSignerInformation();
        SignatureForm baselineSignatureForm = getBaselineSignatureForm();
        if (Utils.isCollectionEmpty(cmsSignedData.getCertificates().getMatches((Selector) null))) {
            LOG.warn("SignedData.certificates shall be present for {}-BASELINE-B signature (cardinality == 1)!", baselineSignatureForm);
            return false;
        }
        if (!isContentTypeValid(signerInformation)) {
            LOG.warn("content-type attribute shall be present for {}-BASELINE-B signature (cardinality == 1)!", baselineSignatureForm);
            return false;
        }
        if (!isMessageDigestPresent(signerInformation)) {
            LOG.warn("message-digest attribute shall be present for {}-BASELINE-B signature (cardinality == 1)!", baselineSignatureForm);
            return false;
        }
        if (!isOneSigningCertificatePresent(signerInformation)) {
            LOG.warn("signing-certificate(-v2) attribute shall be present for {}-BASELINE-B signature (cardinality == 1)!", baselineSignatureForm);
            return false;
        }
        boolean z = CMSUtils.getSignedAttribute(signerInformation, PKCSObjectIdentifiers.pkcs_9_at_signingTime) != null;
        boolean equals = SignatureForm.CAdES.equals(baselineSignatureForm);
        if (z != equals) {
            if (equals) {
                LOG.warn("signing-time attribute shall be present for {}-BASELINE-B signature (cardinality == 1})!", baselineSignatureForm);
                return false;
            }
            LOG.warn("signing-time attribute shall not be present for {}-BASELINE-B signature (cardinality == 0})!", baselineSignatureForm);
            return false;
        }
        if (!containsSigningCertificate(((CAdESSignature) this.signature).getCertificateSource().getSignedDataCertificates())) {
            LOG.warn("Signing certificate shall be present in SignedData.certificates for {}-BASELINE-B signature (requirement (a))!", baselineSignatureForm);
            return false;
        }
        if (((CAdESSignature) this.signature).getContentType() != null && !PKCSObjectIdentifiers.data.getId().equals(((CAdESSignature) this.signature).getContentType())) {
            LOG.warn("The content-type attribute shall have value id-data for {}-BASELINE-B signature (requirement (f))!", baselineSignatureForm);
            return false;
        }
        if (isSigningCertificateAttributeValid(signerInformation)) {
            return true;
        }
        LOG.warn("signing-certificate attribute shall be used for SHA1 hash algorithm and signing-certificate-v2 for other hash algorithms for {}-BASELINE-B signature (requirements (h) and (i) 319 122-1)!", baselineSignatureForm);
        return false;
    }

    public boolean hasBaselineBProfile() {
        if (!cmsBaselineBRequirements()) {
            return false;
        }
        if (((CAdESSignature) this.signature).getSignaturePolicyStore() == null || isSignaturePolicyIdentifierHashPresent()) {
            return true;
        }
        LOG.warn("signature-policy-store shall not be present for CAdES-BASELINE-B signature with not defined signature-policy-identifier/sigPolicyHash (requirement (k))!");
        return false;
    }

    public boolean hasBaselineTProfile() {
        if (!minimalTRequirement()) {
            return false;
        }
        if (signatureTimestampsCreatedBeforeSignCertExpiration()) {
            return true;
        }
        LOG.warn("signature-time-stamp shall be created before expiration of the signing-certificate for CAdES-BASELINE-T signature (requirement (m))!");
        return false;
    }

    public boolean hasBaselineLTProfile() {
        if (!minimalLTRequirement()) {
            return false;
        }
        SignerInformation signerInformation = ((CAdESSignature) this.signature).getSignerInformation();
        if (CMSUtils.getUnsignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_ets_certValues) != null) {
            LOG.warn("certificate-values attribute shall not be present for CAdES-BASELINE-LT signature (cardinality == 0)!");
            return false;
        }
        if (CMSUtils.getUnsignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_ets_certificateRefs) != null) {
            LOG.warn("complete-certificate-references attribute shall not be present for CAdES-BASELINE-LT signature (cardinality == 0)!");
            return false;
        }
        if (CMSUtils.getUnsignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_ets_revocationValues) != null) {
            LOG.warn("revocation-values attribute shall not be present for CAdES-BASELINE-LT signature (cardinality == 0)!");
            return false;
        }
        if (CMSUtils.getUnsignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_ets_revocationRefs) != null) {
            LOG.warn("complete-revocation-references attribute shall not be present for CAdES-BASELINE-LT signature (cardinality == 0)!");
            return false;
        }
        if (CMSUtils.getUnsignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_ets_certCRLTimestamp) == null) {
            return true;
        }
        LOG.warn("time-stamped-certs-crls-references attribute shall not be present for CAdES-BASELINE-LT signature (cardinality == 0)!");
        return false;
    }

    public boolean hasBaselineLTAProfile() {
        ArrayList<TimestampToken> arrayList = new ArrayList();
        arrayList.addAll(((CAdESSignature) this.signature).getArchiveTimestamps());
        arrayList.addAll(((CAdESSignature) this.signature).getDetachedTimestamps());
        if (Utils.isCollectionEmpty(arrayList)) {
            LOG.trace("ArchiveTimeStamp shall be present for CAdES-BASELINE-LTA signature (cardinality >= 1)!");
            return false;
        }
        boolean z = false;
        for (TimestampToken timestampToken : arrayList) {
            if (ArchiveTimestampType.CAdES_V3.equals(timestampToken.getArchiveTimestampType()) || ArchiveTimestampType.CAdES_DETACHED.equals(timestampToken.getArchiveTimestampType())) {
                z = true;
                break;
            }
        }
        if (z) {
            return true;
        }
        LOG.warn("archive-time-stamp-v3 attribute shall be present for CAdES-BASELINE-LTA signature (cardinality == 1)!");
        return false;
    }

    public boolean hasExtendedBESProfile() {
        SignerInformation signerInformation = ((CAdESSignature) this.signature).getSignerInformation();
        SignatureForm baselineSignatureForm = getBaselineSignatureForm();
        if (!isContentTypeValid(signerInformation)) {
            LOG.warn("content-type attribute shall be present for {}-BES signature (cardinality == 1)!", baselineSignatureForm);
            return false;
        }
        if (!isMessageDigestPresent(signerInformation)) {
            LOG.warn("message-digest attribute shall be present for {}-BES signature (cardinality == 1)!", baselineSignatureForm);
            return false;
        }
        if (!isOneSigningCertificatePresent(signerInformation)) {
            LOG.warn("signing-certificate(-v2) attribute shall be present for {}-BES signature (cardinality == 1)!", baselineSignatureForm);
            return false;
        }
        if (isSigningCertificateAttributeValid(signerInformation)) {
            return true;
        }
        LOG.warn("signing-certificate attribute shall be used for SHA1 hash algorithm and signing-certificate-v2 for other hash algorithms for {}-BES signature (requirements (a) and (b) 319 122-2)!", baselineSignatureForm);
        return false;
    }

    public boolean hasExtendedEPESProfile() {
        SignerInformation signerInformation = ((CAdESSignature) this.signature).getSignerInformation();
        SignatureForm baselineSignatureForm = getBaselineSignatureForm();
        if (CMSUtils.getSignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_ets_sigPolicyId) == null) {
            LOG.debug("signature-policy-identifier attribute shall be present for {}-EPES signature (cardinality == 1)!", baselineSignatureForm);
            return false;
        }
        if (((CAdESSignature) this.signature).getSignaturePolicyStore() == null || isSignaturePolicyIdentifierHashPresent()) {
            return true;
        }
        LOG.debug("signature-policy-store may be present for {}-EPES signature only if signature-policy-identifier is present and it contains sigPolicyHash element (requirement (c))!", baselineSignatureForm);
        return false;
    }

    public boolean hasExtendedTProfile() {
        if (!minimalTRequirement()) {
            return false;
        }
        if (signatureTimestampsCreatedBeforeSignCertExpiration()) {
            return true;
        }
        LOG.warn("signature-time-stamp shall be created before expiration of the signing-certificate for CAdES-T signature (requirement (f))!");
        return false;
    }

    public boolean hasExtendedCProfile() {
        SignerInformation signerInformation = ((CAdESSignature) this.signature).getSignerInformation();
        if (CMSUtils.getUnsignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_ets_certificateRefs) == null) {
            LOG.debug("complete-certificate-references attribute shall be present for CAdES-C signature (cardinality == 1)!");
            return false;
        }
        if (getCertificateSourcesExceptLastArchiveTimestamp().isAllSelfSigned() || CMSUtils.getUnsignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_ets_revocationRefs) != null) {
            return true;
        }
        LOG.debug("complete-revocation-references attribute shall be present for CAdES-C signature (cardinality == 1)!");
        return false;
    }

    public boolean hasExtendedXProfile() {
        SignerInformation signerInformation = ((CAdESSignature) this.signature).getSignerInformation();
        if (CMSUtils.getUnsignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_ets_certCRLTimestamp) != null || CMSUtils.getUnsignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_ets_escTimeStamp) != null) {
            return true;
        }
        LOG.debug("complete-revocation-references attribute shall be present for CAdES-C signature (cardinality == 1)!");
        return false;
    }

    public boolean hasExtendedXLProfile() {
        return minimalLTRequirement();
    }

    public boolean hasExtendedAProfile() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(((CAdESSignature) this.signature).getArchiveTimestamps());
        arrayList.addAll(((CAdESSignature) this.signature).getDetachedTimestamps());
        if (!Utils.isCollectionEmpty(arrayList)) {
            return true;
        }
        LOG.trace("ArchiveTimeStamp shall be present for CAdES-A signature (cardinality >= 1)!");
        return false;
    }

    private boolean isContentTypeValid(SignerInformation signerInformation) {
        return ((CAdESSignature) this.signature).isCounterSignature() || CMSUtils.getSignedAttribute(signerInformation, PKCSObjectIdentifiers.pkcs_9_at_contentType) != null;
    }

    private boolean isMessageDigestPresent(SignerInformation signerInformation) {
        return CMSUtils.getSignedAttribute(signerInformation, PKCSObjectIdentifiers.pkcs_9_at_messageDigest) != null;
    }

    private boolean isOneSigningCertificatePresent(SignerInformation signerInformation) {
        return (CMSUtils.getSignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_signingCertificate) != null) ^ (CMSUtils.getSignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_signingCertificateV2) != null);
    }

    private boolean isSigningCertificateAttributeValid(SignerInformation signerInformation) {
        Digest certDigest;
        List signingCertificateRefs = ((CAdESSignature) this.signature).getCertificateSource().getSigningCertificateRefs();
        if (!Utils.isCollectionNotEmpty(signingCertificateRefs) || (certDigest = ((CertificateRef) signingCertificateRefs.iterator().next()).getCertDigest()) == null) {
            return true;
        }
        return DigestAlgorithm.SHA1.equals(certDigest.getAlgorithm()) ? CMSUtils.getSignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_signingCertificate) != null : CMSUtils.getSignedAttribute(signerInformation, PKCSObjectIdentifiers.id_aa_signingCertificateV2) != null;
    }
}
