package de.bos_bremen.vii.doctype.cms;

import de.bos_bremen.algorithm_identifier.AlgorithmService;
import de.bos_bremen.algorithm_identifier.DigestAlgorithm;
import de.bos_bremen.algorithm_identifier.PaddingAlgorithm;
import de.bos_bremen.algorithm_identifier.SignatureAlgorithm;
import de.bos_bremen.ci.BSource;
import de.bos_bremen.ci.LengthOutputStream;
import de.bos_bremen.ci.StreamUtil;
import de.bos_bremen.ci.asn1.ANY;
import de.bos_bremen.ci.asn1.AlgorithmIdentifier;
import de.bos_bremen.ci.asn1.GeneralizedTime;
import de.bos_bremen.ci.asn1.OBJECTIDENTIFIER;
import de.bos_bremen.ci.asn1.OCTETSTRING;
import de.bos_bremen.ci.asn1.ParseException;
import de.bos_bremen.ci.asn1.Time;
import de.bos_bremen.ci.asn1.cms.CMSSignedData;
import de.bos_bremen.ci.asn1.cms.CertificateSet;
import de.bos_bremen.ci.asn1.cms.CertifiedAttributesV2;
import de.bos_bremen.ci.asn1.cms.ContentType;
import de.bos_bremen.ci.asn1.cms.EncapsulatedContentInfo;
import de.bos_bremen.ci.asn1.cms.SignedAttribute;
import de.bos_bremen.ci.asn1.cms.SignedAttributes;
import de.bos_bremen.ci.asn1.cms.SignedData;
import de.bos_bremen.ci.asn1.cms.SignerAttributeV2;
import de.bos_bremen.ci.asn1.cms.SignerInfo;
import de.bos_bremen.ci.asn1.cms.UnsignedAttributes;
import de.bos_bremen.ci.asn1.crl.CertificateList;
import de.bos_bremen.ci.asn1.ocsp.BasicOCSPResponse;
import de.bos_bremen.ci.asn1.ocsp.OCSPResponse;
import de.bos_bremen.ci.asn1.ocsp.RevocationValues;
import de.bos_bremen.ci.asn1.tsp.MessageImprint;
import de.bos_bremen.ci.asn1.tsp.SignatureTimeStampToken;
import de.bos_bremen.ci.asn1.tsp.TSTInfo;
import de.bos_bremen.ci.asn1.x509.Attribute;
import de.bos_bremen.ci.asn1.x509.AttributeCertificate;
import de.bos_bremen.ci.asn1.x509.Certificate;
import de.bos_bremen.ci.asn1.x509.FlatCertificate;
import de.bos_bremen.ci.asn1.x509.KeyPurposeId;
import de.bos_bremen.ci.asn1.x509.ext.ExtendedKeyUsageExtension;
import de.bos_bremen.vii.VIIConfiguration;
import de.bos_bremen.vii.VIITempFileManager;
import de.bos_bremen.vii.VIITempFileManagerHolder;
import de.bos_bremen.vii.algo.AlgorithmChecker;
import de.bos_bremen.vii.algo.impl.AlgorithmCatalogFacade;
import de.bos_bremen.vii.common.Signal;
import de.bos_bremen.vii.common.SignalReason;
import de.bos_bremen.vii.common.SignalReasons;
import de.bos_bremen.vii.doctype.AbstractVIIParser;
import de.bos_bremen.vii.doctype.CertificateOwnerTypes;
import de.bos_bremen.vii.doctype.ContentAttachingController;
import de.bos_bremen.vii.doctype.FileDocument;
import de.bos_bremen.vii.doctype.SourceDocument;
import de.bos_bremen.vii.doctype.VIIAttributeCertEntry;
import de.bos_bremen.vii.doctype.VIICertEntry;
import de.bos_bremen.vii.doctype.VIIDocumentEntry;
import de.bos_bremen.vii.doctype.VIIRevocationValueEntry;
import de.bos_bremen.vii.doctype.VIISignatureEntry;
import de.bos_bremen.vii.doctype.VIITimestampSignatureEntry;
import de.bos_bremen.vii.doctype.cms.BaseCMSDocumentEntry;
import de.bos_bremen.vii.doctype.cms.CMSController;
import de.bos_bremen.vii.doctype.cms.CMSDocument;
import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.security.DigestOutputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;

/* loaded from: input_file:de/bos_bremen/vii/doctype/cms/AbstractCMSParser.class */
public abstract class AbstractCMSParser<CONTROLLER extends CMSController, SOURCE extends CMSDocument, DOC extends VIIDocumentEntry & BaseCMSDocumentEntry> extends AbstractVIIParser<SOURCE, DOC> {
    protected CONTROLLER controller;
    protected ContentAttachingController contextDependentController;
    private final Class<SOURCE> sourceDocumentClass;
    private final String parserType;
    private Constructor<SOURCE> declaredConstructor;

    public AbstractCMSParser(VIIConfiguration vIIConfiguration) {
        super(vIIConfiguration);
        this.contextDependentController = null;
        this.sourceDocumentClass = null;
        this.declaredConstructor = null;
        this.parserType = null;
    }

    public AbstractCMSParser(VIIConfiguration vIIConfiguration, Class<SOURCE> cls, String str) {
        super(vIIConfiguration);
        this.contextDependentController = null;
        this.sourceDocumentClass = cls;
        Constructor<SOURCE> constructor = null;
        if (this.sourceDocumentClass != null) {
            try {
                constructor = this.sourceDocumentClass.getDeclaredConstructor(CMSSignedData.class);
            } catch (Throwable th) {
            }
        }
        this.declaredConstructor = constructor;
        this.parserType = str;
        if (vIIConfiguration instanceof VIITempFileManagerHolder) {
            this.tempFileManager = vIIConfiguration.getTempFileManager();
        }
    }

    protected static boolean isTimestamp(CMSSignedData cMSSignedData) {
        if (cMSSignedData == null) {
            return false;
        }
        return isTimestamp(cMSSignedData.getSignedData());
    }

    protected static boolean isTimestamp(SignedData signedData) {
        if (signedData == null) {
            return false;
        }
        return isTimestamp(signedData.getEncapsulatedContentInfo());
    }

    protected static boolean isTimestamp(EncapsulatedContentInfo encapsulatedContentInfo) {
        if (encapsulatedContentInfo == null) {
            return false;
        }
        return ContentType.id_ct_TSTInfo.equals(encapsulatedContentInfo.getContentType());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean canOpenSpecific(SourceDocument sourceDocument) {
        if (sourceDocument == null || this.sourceDocumentClass == null || this.declaredConstructor == null) {
            return false;
        }
        this.filename = null;
        if (this.sourceDocumentClass.isInstance(sourceDocument)) {
            SOURCE cast = this.sourceDocumentClass.cast(sourceDocument);
            if (cast.cms != null) {
                this.currentSource = cast;
                return true;
            }
            sourceDocument = new FileDocument(((CMSDocument) cast).signatureFile, ((CMSDocument) cast).contentFile);
        }
        if (!(sourceDocument instanceof FileDocument)) {
            return false;
        }
        File file = sourceDocument.signatureFile;
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                this.filename = file.getName();
                this.currentSource = this.declaredConstructor.newInstance(new CMSSignedData(new BSource(fileInputStream)));
                ((CMSDocument) this.currentSource).signatureFile = file;
                if (sourceDocument.contentFile != null && !((CMSDocument) this.currentSource).cms.hasEnvelopedContent()) {
                    linkContentFile(sourceDocument.contentFile);
                }
                boolean z = !isTimestamp(((CMSDocument) this.currentSource).cms);
                StreamUtil.close(fileInputStream);
                return z;
            } catch (Exception e) {
                this.LOG.warn("Cannot create " + this.parserType + " parser for source document " + sourceDocument);
                this.LOG.debug("Cannot create " + this.parserType + " parser for source document " + sourceDocument, e);
                StreamUtil.close(fileInputStream);
                return false;
            }
        } catch (Throwable th) {
            StreamUtil.close(fileInputStream);
            throw th;
        }
    }

    protected void linkContentFile(File file) {
        ((CMSDocument) this.currentSource).contentFile = file;
        ((CMSDocument) this.currentSource).sd.linkContent(file);
    }

    protected VIISignatureEntry createSignatureEntry(SignerInfo signerInfo) {
        return new VIISignatureEntry(signerInfo);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final <T extends VIIDocumentEntry & BaseCMSDocumentEntry> void parseSignedData(T t, SignedData signedData) throws Exception {
        t.setFilename(getFilename());
        if (signedData == null) {
            this.LOG.debug("SignedData element is null, so there are no signatures present");
            return;
        }
        EncapsulatedContentInfo encapsulatedContentInfo = signedData.getEncapsulatedContentInfo();
        List<SignerInfo> signerInfos = signedData.getSignerInfos().getSignerInfos();
        t.setDetached(!signedData.hasEnvelopedContent());
        boolean z = false;
        if (ContentType.id_pkcs7_data.equals(encapsulatedContentInfo.getContentType())) {
            if (encapsulatedContentInfo.getContent() != null) {
                t.setContentFile(writeContentToFile(((AbstractVIIParser) this).tempFileManager, encapsulatedContentInfo, signerInfos));
            } else {
                t.setContentFile(encapsulatedContentInfo.getLinkedContent());
            }
        } else if (ContentType.id_ct_TSTInfo.equals(encapsulatedContentInfo.getContentType())) {
            z = true;
            t.setContentFile(((CMSDocument) this.currentSource).contentFile);
            if (encapsulatedContentInfo.getLinkedContent() != null) {
                t.setDetached(true);
                t.setContentFile(encapsulatedContentInfo.getLinkedContent());
            }
        }
        RevocationValues collectRevocationValues = CMSHelper.collectRevocationValues(signedData, (RevocationValues) null);
        if (collectRevocationValues != null) {
            OCSPResponse.dumpBasicOCSPResponses(collectRevocationValues.getOcspVals());
        }
        CertificateSet certificates = signedData.getCertificates();
        Iterator<SignerInfo> it = signerInfos.iterator();
        while (it.hasNext()) {
            VIISignatureEntry parseSignerInfoSignature = parseSignerInfoSignature(encapsulatedContentInfo, certificates, it.next(), collectRevocationValues);
            if (z) {
                parseSignerInfoSignature = toTimstampSignatureEntry(t, parseSignerInfoSignature, encapsulatedContentInfo);
            }
            t.addSignatureEntry(parseSignerInfoSignature);
        }
        if (t.getContentFile() == null || !this.controller.isProcessingDesiredFor(t.getContentFile(), t)) {
            return;
        }
        this.vii.newParser(t.getContentFile(), this.tempFileManager).parse(t);
    }

    private VIITimestampSignatureEntry toTimstampSignatureEntry(VIIDocumentEntry vIIDocumentEntry, VIISignatureEntry vIISignatureEntry, EncapsulatedContentInfo encapsulatedContentInfo) {
        vIIDocumentEntry.getSignatureChilds().remove(vIISignatureEntry);
        VIITimestampSignatureEntry vIITimestampSignatureEntry = new VIITimestampSignatureEntry((SignatureTimeStampToken) null);
        vIITimestampSignatureEntry.copy(vIISignatureEntry);
        VIICertEntry author = vIITimestampSignatureEntry.getAuthor();
        if (author != null) {
            author.setParent(vIITimestampSignatureEntry);
        }
        List<VIIAttributeCertEntry> attCerts = vIISignatureEntry.getAttCerts();
        if (attCerts != null) {
            for (VIIAttributeCertEntry vIIAttributeCertEntry : attCerts) {
                if (vIIAttributeCertEntry != null) {
                    vIIAttributeCertEntry.setParent(vIITimestampSignatureEntry);
                }
            }
        }
        updateTimestampSignatureEntry(vIITimestampSignatureEntry, encapsulatedContentInfo);
        checkTSACertificateKeyUsage(vIITimestampSignatureEntry);
        return vIITimestampSignatureEntry;
    }

    private VIISignatureEntry parseSignerInfoSignature(EncapsulatedContentInfo encapsulatedContentInfo, CertificateSet certificateSet, SignerInfo signerInfo, RevocationValues revocationValues) throws ParseException, IOException, GeneralSecurityException {
        return parseSignerInfoSignature(createSignatureEntry(signerInfo), encapsulatedContentInfo, certificateSet, signerInfo, revocationValues, true);
    }

    protected VIISignatureEntry parseSignerInfoSignature(VIISignatureEntry vIISignatureEntry, EncapsulatedContentInfo encapsulatedContentInfo, CertificateSet certificateSet, SignerInfo signerInfo, RevocationValues revocationValues, boolean z) throws ParseException, IOException, GeneralSecurityException {
        AlgorithmIdentifier algorithmIdentifier = null;
        try {
            algorithmIdentifier = signerInfo.getSignatureAlgorithm();
        } catch (NoSuchAlgorithmException e) {
            this.LOG.error(e.getMessage());
        }
        vIISignatureEntry.setSignatureAlgorithm(algorithmIdentifier);
        vIISignatureEntry.setSigningTime(getSigningTime(encapsulatedContentInfo, signerInfo));
        if (signerInfo.getSignature() != null && signerInfo.getSignature().getOctets() != null && signerInfo.getSignature().getOctets().length != 0) {
            vIISignatureEntry.setSignatureValue(signerInfo.getSignature().getOctets());
        }
        Certificate certificate = null;
        if (certificateSet != null) {
            List matchingCertificates = certificateSet.getMatchingCertificates(signerInfo.getSignerIdentifier());
            if (!matchingCertificates.isEmpty()) {
                certificate = (Certificate) matchingCertificates.get(0);
                VIICertEntry vIICertEntry = new VIICertEntry(vIISignatureEntry, CertificateOwnerTypes.SIGNER, certificate, VIICertEntry.SourceType.SIGNATURE);
                buildChain(vIICertEntry, certificateSet);
                UnsignedAttributes unsignedAttributes = signerInfo.getUnsignedAttributes();
                SignedAttributes signedAttributes = signerInfo.getSignedAttributes();
                addRevocationValues(vIICertEntry, unsignedAttributes != null ? unsignedAttributes.getValue(Attribute.REVOCATION_VALUES) : null, revocationValues);
                vIISignatureEntry.setAuthor(vIICertEntry);
                if (z) {
                    VIITimestampSignatureEntry vIITimestampSignatureEntry = null;
                    if (signedAttributes != null) {
                        ANY value = signedAttributes.getValue(SignedAttribute.messageDigest);
                        vIITimestampSignatureEntry = parseTimeStamp(signedAttributes, ContentType.id_aa_content_timeStampToken, value == null ? new byte[0] : value.getValueAsByteArray(), false, revocationValues);
                        if (vIITimestampSignatureEntry != null) {
                            vIISignatureEntry.setContentTimestamp(vIITimestampSignatureEntry);
                        }
                    }
                    if (unsignedAttributes != null) {
                        VIITimestampSignatureEntry parseTimeStamp = parseTimeStamp(unsignedAttributes, ContentType.id_aa_timeStampToken, signerInfo.getSignature().getOctets(), true, revocationValues);
                        if (vIITimestampSignatureEntry != null && vIITimestampSignatureEntry.getAuthor().getCertificate().equals(parseTimeStamp.getAuthor().getCertificate())) {
                            parseTimeStamp.setAuthor(vIITimestampSignatureEntry.getAuthor());
                        }
                        if (parseTimeStamp != null) {
                            vIISignatureEntry.setSignatureTimestamp(parseTimeStamp);
                        }
                    }
                }
                verifySignature(encapsulatedContentInfo, signerInfo, vIISignatureEntry, certificate);
            }
        }
        if (certificate == null) {
            vIISignatureEntry.setIntegrity(Signal.YELLOW);
            vIISignatureEntry.setIntegrityReason(SignalReasons.INT_ESSCERT_IDyellow);
        }
        List signedAttributeValues = signerInfo.getSignedAttributeValues(SignedAttribute.attributeCertificate);
        if (signedAttributeValues != null) {
            Iterator it = signedAttributeValues.iterator();
            while (it.hasNext()) {
                VIIAttributeCertEntry vIIAttributeCertEntry = new VIIAttributeCertEntry(vIISignatureEntry, (AttributeCertificate) it.next());
                vIIAttributeCertEntry.setAttributeOwner(vIISignatureEntry.getAuthor());
                vIISignatureEntry.addAttCert(vIIAttributeCertEntry);
            }
        }
        List signedAttributeValues2 = signerInfo.getSignedAttributeValues(SignedAttribute.SIGNER_ATTRIBUTES_V2);
        if (signedAttributeValues2 != null) {
            Iterator it2 = signedAttributeValues2.iterator();
            while (it2.hasNext()) {
                List certifiedAttributes = ((SignerAttributeV2) it2.next()).getCertifiedAttributes();
                if (certifiedAttributes != null) {
                    Iterator it3 = certifiedAttributes.iterator();
                    while (it3.hasNext()) {
                        AttributeCertificate attributeCertificate = ((CertifiedAttributesV2) it3.next()).getAttributeCertificate();
                        if (attributeCertificate != null) {
                            VIIAttributeCertEntry vIIAttributeCertEntry2 = new VIIAttributeCertEntry(vIISignatureEntry, attributeCertificate);
                            vIIAttributeCertEntry2.setAttributeOwner(vIISignatureEntry.getAuthor());
                            vIISignatureEntry.addAttCert(vIIAttributeCertEntry2);
                        }
                    }
                }
            }
        }
        vIISignatureEntry.setDigestAlgorithm((DigestAlgorithm) AlgorithmService.getForOID(signerInfo.getDigestAlgorithm().getOID().getOID()).get(0));
        return vIISignatureEntry;
    }

    private void buildChain(VIICertEntry vIICertEntry, CertificateSet certificateSet) {
        VIICertEntry addIssuer;
        VIICertEntry vIICertEntry2 = vIICertEntry;
        FlatCertificate certificate = vIICertEntry2.getCertificate();
        ArrayList arrayList = new ArrayList();
        arrayList.add(certificate);
        do {
            addIssuer = addIssuer(certificateSet, vIICertEntry2, arrayList);
            vIICertEntry2 = addIssuer;
        } while (addIssuer != null);
    }

    private VIICertEntry addIssuer(CertificateSet certificateSet, VIICertEntry vIICertEntry, List<FlatCertificate> list) {
        FlatCertificate certificate;
        Certificate issuer;
        if (vIICertEntry == null || certificateSet == null || (certificate = vIICertEntry.getCertificate()) == null || (issuer = certificateSet.getIssuer(certificate)) == null || list.contains(issuer)) {
            return null;
        }
        list.add(issuer);
        vIICertEntry.setIssuerCertificate(issuer);
        return vIICertEntry.getIssuer();
    }

    private void addRevocationValues(VIICertEntry vIICertEntry, RevocationValues revocationValues) {
        List certificateChain;
        if (vIICertEntry == null || revocationValues == null || revocationValues.getOcspVals() == null || revocationValues.getOcspVals().isEmpty()) {
            return;
        }
        FlatCertificate certificate = vIICertEntry.getCertificate();
        Certificate certificate2 = Certificate.class.isInstance(certificate) ? (Certificate) Certificate.class.cast(certificate) : null;
        List<BasicOCSPResponse> ocspVals = certificate2 == null ? null : revocationValues.getOcspVals(certificate2);
        if (ocspVals != null) {
            for (BasicOCSPResponse basicOCSPResponse : ocspVals) {
                vIICertEntry.addRevocationValue(VIIRevocationValueEntry.createRevocationValue(this.vii.getSecurityProviderName(), vIICertEntry, basicOCSPResponse, false));
                if (vIICertEntry.getIssuer() == null && (certificateChain = basicOCSPResponse.getCertificateChain(certificate2)) != null && !certificateChain.isEmpty() && vIICertEntry.getCertificate() != certificateChain.get(0)) {
                    vIICertEntry.setIssuerCertificate((FlatCertificate) certificateChain.get(0));
                }
            }
        }
        List crlVals = revocationValues.getCrlVals();
        if (crlVals != null) {
            Iterator it = crlVals.iterator();
            while (it.hasNext()) {
                VIIRevocationValueEntry vIIRevocationValueEntry = new VIIRevocationValueEntry(vIICertEntry, VIIRevocationValueEntry.RevocationType.CRL, (CertificateList) it.next(), false);
                if (vIIRevocationValueEntry != null) {
                    vIICertEntry.addRevocationValue(vIIRevocationValueEntry);
                }
            }
        }
        VIICertEntry issuer = vIICertEntry.getIssuer();
        if (issuer != null) {
            FlatCertificate certificate3 = issuer.getCertificate();
            if (Certificate.class.isInstance(certificate3)) {
                SignatureAlgorithm signatureAlgorithm = AlgorithmCatalogFacade.getSignatureAlgorithm(((Certificate) Certificate.class.cast(certificate3)).getSignatureAlgorithm());
                vIICertEntry.setHashAlgName(signatureAlgorithm.getDigestAlgorithm().getJCAName());
                vIICertEntry.setSigBaseAlgName(signatureAlgorithm.getBaseAlgorithm().toString());
                PaddingAlgorithm paddingAlgorithm = signatureAlgorithm.getPaddingAlgorithm();
                if (paddingAlgorithm != null) {
                    vIICertEntry.setPaddingAlgName(paddingAlgorithm.getJCAName());
                }
                vIICertEntry.setSignatureAlgName(signatureAlgorithm.getJCAName());
                vIICertEntry.setSignatureAlgDisplayName(signatureAlgorithm.getName());
            }
            addRevocationValues(vIICertEntry.getIssuer(), revocationValues);
        }
    }

    private void addRevocationValues(VIICertEntry vIICertEntry, ANY any, RevocationValues revocationValues) {
        RevocationValues merge;
        if (any == null) {
            merge = revocationValues;
        } else {
            merge = RevocationValues.merge(RevocationValues.class.isInstance(any) ? (RevocationValues) RevocationValues.class.cast(any) : null, revocationValues);
        }
        RevocationValues revocationValues2 = merge;
        OCSPResponse.dumpBasicOCSPResponses(revocationValues2.getOcspVals());
        addRevocationValues(vIICertEntry, revocationValues2);
    }

    protected VIITimestampSignatureEntry parseTimeStamp(SignedAttributes signedAttributes, OBJECTIDENTIFIER objectidentifier, byte[] bArr, boolean z, RevocationValues revocationValues) throws ParseException, IOException, GeneralSecurityException {
        if (signedAttributes == null) {
            return null;
        }
        SignatureTimeStampToken value = signedAttributes.getValue(objectidentifier);
        if (!(value instanceof SignatureTimeStampToken)) {
            return null;
        }
        VIITimestampSignatureEntry parseTimestampInternal = parseTimestampInternal(revocationValues, value);
        CMSHelper.checkTimeStampReference(parseTimestampInternal, bArr, z);
        return parseTimestampInternal;
    }

    protected VIITimestampSignatureEntry parseTimestampInternal(RevocationValues revocationValues, SignatureTimeStampToken signatureTimeStampToken) throws ParseException, IOException, GeneralSecurityException, NoSuchAlgorithmException {
        VIITimestampSignatureEntry vIITimestampSignatureEntry = new VIITimestampSignatureEntry(signatureTimeStampToken);
        SignedData signedData = signatureTimeStampToken.getSignedData();
        EncapsulatedContentInfo encapsulatedContentInfo = signedData.getEncapsulatedContentInfo();
        if (!ContentType.id_ct_TSTInfo.equals(encapsulatedContentInfo.getContentType())) {
            vIITimestampSignatureEntry.setIntegrity(Signal.RED);
            vIITimestampSignatureEntry.setIntegrityReason(SignalReasons.EN_319102_INVALID_FORMAT_FAILURE);
        }
        parseSignerInfoSignature(vIITimestampSignatureEntry, encapsulatedContentInfo, signedData.getCertificates(), (SignerInfo) signedData.getSignerInfos().getSignerInfos().get(0), CMSHelper.collectRevocationValues(signedData, revocationValues), false);
        updateTimestampSignatureEntry(vIITimestampSignatureEntry, encapsulatedContentInfo);
        return vIITimestampSignatureEntry;
    }

    private void updateTimestampSignatureEntry(VIITimestampSignatureEntry vIITimestampSignatureEntry, EncapsulatedContentInfo encapsulatedContentInfo) {
        AlgorithmChecker algorithmCheckerFor = this.vii.getAlgorithmCheckerFor(vIITimestampSignatureEntry);
        algorithmCheckerFor.checkCipherAlgorithm(vIITimestampSignatureEntry);
        algorithmCheckerFor.checkDigestAlgorithm(vIITimestampSignatureEntry);
        algorithmCheckerFor.checkPaddingAlgorithm(vIITimestampSignatureEntry);
        vIITimestampSignatureEntry.setMessageImprint(getMessageImprint(encapsulatedContentInfo));
        TSTInfo content = encapsulatedContentInfo.getContent();
        vIITimestampSignatureEntry.setGenerationTime(content.getGenTime().getDate());
        vIITimestampSignatureEntry.setSigningTime(content.getGenTime().getDate());
        checkTSACertificateKeyUsage(vIITimestampSignatureEntry);
    }

    private void checkTSACertificateKeyUsage(VIISignatureEntry vIISignatureEntry) {
        checkCertificateKeyUsage(vIISignatureEntry, KeyPurposeId.id_kp_timeStamping, true, 1);
    }

    private void checkCertificateKeyUsage(VIISignatureEntry vIISignatureEntry, KeyPurposeId keyPurposeId, Boolean bool, Integer num) {
        Integer valueOf = Integer.valueOf((bool == null || !bool.booleanValue()) ? num.intValue() : 1);
        FlatCertificate certificate = vIISignatureEntry.getAuthor().getCertificate();
        if (Certificate.class.isInstance(certificate)) {
            ExtendedKeyUsageExtension extendedKeyUsageExtension = ((Certificate) Certificate.class.cast(certificate)).getExtensions().get(ExtendedKeyUsageExtension.class, "2.5.29.37");
            if (extendedKeyUsageExtension == null) {
                setCertificateNotUsableMissingRequiredPurposeId(vIISignatureEntry);
                return;
            }
            if (bool != null && bool.booleanValue() != extendedKeyUsageExtension.isCritical()) {
                setCertificateNotUsableMissingRequiredPurposeId(vIISignatureEntry);
                return;
            }
            if (!extendedKeyUsageExtension.isCritical()) {
                setCertificateNotUsableMissingRequiredPurposeId(vIISignatureEntry);
                return;
            }
            List keyPurposeIDs = extendedKeyUsageExtension.getKeyPurposeIDs();
            if (keyPurposeIDs == null) {
                setCertificateNotUsableMissingRequiredPurposeId(vIISignatureEntry);
            } else if (!keyPurposeIDs.contains(keyPurposeId)) {
                setCertificateNotUsableMissingRequiredPurposeId(vIISignatureEntry);
            }
            if (valueOf == null || valueOf.intValue() == keyPurposeIDs.size()) {
                return;
            }
            setCertificateNotUsableMissingRequiredPurposeId(vIISignatureEntry);
        }
    }

    private void setCertificateNotUsableMissingRequiredPurposeId(VIISignatureEntry vIISignatureEntry) {
        SignalReason signalReason = SignalReasons.INVALID_KEY_USAGE_TIMESTAMP_RED;
        Signal signal = signalReason.getSignal();
        vIISignatureEntry.setCumulated(signal);
        VIICertEntry author = vIISignatureEntry.getAuthor();
        author.setCumulated(signal);
        author.getCumulatedReasons().add(signalReason);
        author.getIdentityObject().setPurposeState(signal);
        author.getReIdentityObject().setPurposeState(signal);
    }

    private static Date getSigningTime(EncapsulatedContentInfo encapsulatedContentInfo, SignerInfo signerInfo) {
        GeneralizedTime genTime = ContentType.id_ct_TSTInfo.equals(encapsulatedContentInfo.getContentType()) ? encapsulatedContentInfo.getContent().getGenTime() : (Time) signerInfo.getSignedAttributeValue(SignedAttribute.signingTime);
        if (genTime == null) {
            return null;
        }
        return genTime.getDate();
    }

    protected static MessageImprint getMessageImprint(EncapsulatedContentInfo encapsulatedContentInfo) {
        if (ContentType.id_ct_TSTInfo.equals(encapsulatedContentInfo.getContentType())) {
            return encapsulatedContentInfo.getContent().getMessageImprint();
        }
        return null;
    }

    protected void verifySignature(EncapsulatedContentInfo encapsulatedContentInfo, SignerInfo signerInfo, VIISignatureEntry vIISignatureEntry, Certificate certificate) throws ParseException, GeneralSecurityException, IOException {
        Signal signal;
        SignalReason signalReason;
        Signal signal2 = Signal.YELLOW;
        try {
            boolean verify = signerInfo.verify(certificate.getTBSCertificate().getSubjectPublicKeyInfo().getPublicKey(), encapsulatedContentInfo, this.vii.getSecurityProviderName());
            signal = Signal.forBoolean(verify);
            signalReason = verify ? null : SignalReasons.INTred;
        } catch (SignatureException e) {
            signal = Signal.RED;
            signalReason = SignalReasons.INTred;
        } catch (SignerInfo.NoSignedContentFoundException e2) {
            signal = Signal.YELLOW;
            signalReason = SignalReasons.INT_NO_CONTENTyellow;
        } catch (NullPointerException e3) {
            vIISignatureEntry.getAuthor().setAlgorithmUnknown(e3.getMessage());
            signal = Signal.YELLOW;
            signalReason = SignalReasons.INTyellow;
        } catch (NoSuchAlgorithmException e4) {
            vIISignatureEntry.getAuthor().setAlgorithmUnknown(e4.getMessage());
            signal = Signal.YELLOW;
            signalReason = SignalReasons.INTyellow;
        }
        vIISignatureEntry.setIntegrity(signal);
        vIISignatureEntry.setIntegrityReason(signalReason);
    }

    private File writeContentToFile(VIITempFileManager vIITempFileManager, EncapsulatedContentInfo encapsulatedContentInfo, List<SignerInfo> list) throws IOException {
        OCTETSTRING content = encapsulatedContentInfo.getContent();
        File createNewTempFile = vIITempFileManager.createNewTempFile(determineContentFileName(list));
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(createNewTempFile);
            if (content instanceof OCTETSTRING) {
                content.writeContent(fileOutputStream);
            } else {
                content.encode(fileOutputStream);
            }
            StreamUtil.close(fileOutputStream);
            return createNewTempFile;
        } catch (Throwable th) {
            StreamUtil.close((Closeable) null);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void linkContentByController(CMSDocument cMSDocument) {
        if (this.contextDependentController != null) {
            linkContentByController(cMSDocument, this.contextDependentController);
        } else {
            linkContentByController(cMSDocument, this.controller);
        }
    }

    private void linkContentByController(CMSDocument cMSDocument, ContentAttachingController contentAttachingController) {
        SignedData signedData = cMSDocument.cms == null ? cMSDocument.sd : cMSDocument.cms.getSignedData();
        File file = cMSDocument.signatureFile;
        if (signedData == null) {
            this.LOG.debug("SignedData element is null -> skip linking content");
            return;
        }
        List contentFileCandidates = contentAttachingController.getContentFileCandidates(file);
        for (int i = 0; i < contentFileCandidates.size(); i++) {
            signedData.linkContent((File) contentFileCandidates.get(i));
            if (isLinkedContentSuitable(signedData)) {
                return;
            }
        }
    }

    private boolean isLinkedContentSuitable(SignedData signedData) {
        for (SignerInfo signerInfo : signedData.getSignerInfos().getSignerInfos()) {
            byte[] calculateDigest = calculateDigest(signedData.getEncapsulatedContentInfo(), signerInfo.getDigestAlgorithm());
            if (calculateDigest == null) {
                return false;
            }
            OCTETSTRING signedAttributeValue = signerInfo.getSignedAttributeValue(SignedAttribute.messageDigest);
            if (signedAttributeValue != null && MessageDigest.isEqual(calculateDigest, signedAttributeValue.getOctets())) {
                return true;
            }
        }
        return false;
    }

    private byte[] calculateDigest(EncapsulatedContentInfo encapsulatedContentInfo, AlgorithmIdentifier algorithmIdentifier) {
        DigestOutputStream digestOutputStream = null;
        try {
            try {
                try {
                    MessageDigest messageDigest = MessageDigest.getInstance(algorithmIdentifier.getAlgorithmName(), this.vii.getSecurityProviderName());
                    digestOutputStream = new DigestOutputStream(new LengthOutputStream(), messageDigest);
                    encapsulatedContentInfo.writeContentOctets(digestOutputStream);
                    byte[] digest = messageDigest.digest();
                    StreamUtil.close(digestOutputStream);
                    return digest;
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException("Cannot calculate digest", e);
                }
            } catch (IOException e2) {
                throw new RuntimeException("Cannot calculate digest", e2);
            } catch (NoSuchProviderException e3) {
                throw new RuntimeException("Cannot calculate digest", e3);
            }
        } catch (Throwable th) {
            StreamUtil.close(digestOutputStream);
            throw th;
        }
    }

    protected static String determineContentFileName(List<SignerInfo> list) {
        String str = "no_friendly_name_given" + UUID.randomUUID().toString();
        Iterator<SignerInfo> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ANY signedAttributeValue = it.next().getSignedAttributeValue(SignedAttribute.friendlyName);
            if (signedAttributeValue != null) {
                str = UUID.randomUUID().toString() + signedAttributeValue.getValueAsString().replaceAll("[^a-zA-Z0-9_.\\- ]", "");
                break;
            }
        }
        return str;
    }
}
