package org.demoiselle.signer.policy.impl.cades.pkcs7.impl;

import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSAbsentContent;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.SimpleAttributeTableGenerator;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Store;
import org.demoiselle.signer.core.CertificateManager;
import org.demoiselle.signer.core.ca.manager.CAManager;
import org.demoiselle.signer.core.exception.CertificateValidatorCRLException;
import org.demoiselle.signer.core.repository.ConfigurationRepo;
import org.demoiselle.signer.core.util.MessagesBundle;
import org.demoiselle.signer.policy.engine.asn1.etsi.AlgAndLength;
import org.demoiselle.signer.policy.engine.asn1.etsi.AlgorithmIdentifier;
import org.demoiselle.signer.policy.engine.asn1.etsi.CertificateTrustPoint;
import org.demoiselle.signer.policy.engine.asn1.etsi.ObjectIdentifier;
import org.demoiselle.signer.policy.engine.asn1.etsi.SignaturePolicy;
import org.demoiselle.signer.policy.engine.asn1.icpb.v2.PolicyValidator;
import org.demoiselle.signer.policy.engine.factory.PolicyFactory;
import org.demoiselle.signer.policy.impl.cades.SignerAlgorithmEnum;
import org.demoiselle.signer.policy.impl.cades.SignerException;
import org.demoiselle.signer.policy.impl.cades.factory.PKCS1Factory;
import org.demoiselle.signer.policy.impl.cades.pkcs1.PKCS1Signer;
import org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Signer;
import org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute;
import org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.factory.AttributeFactory;
import org.demoiselle.signer.policy.impl.cades.util.AlgorithmNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/demoiselle/signer/policy/impl/cades/pkcs7/impl/CAdESSigner.class */
public class CAdESSigner implements PKCS7Signer {
    private X509Certificate certificate;
    private String policyName;
    private CertificateManager certificateManager;
    private byte[] escTimeStampContent;
    private Date notAfterSignerCertificate;
    private String signatory;
    private static final Logger logger = LoggerFactory.getLogger(CAdESSigner.class);
    private static MessagesBundle cadesMessagesBundle = new MessagesBundle();
    private final PKCS1Signer pkcs1 = PKCS1Factory.getInstance().m2factoryDefault();
    private Certificate[] certificateChain = null;
    private Certificate[] certificateChainTimeStamp = null;
    private boolean attached = false;
    private SignaturePolicy signaturePolicy = null;
    private boolean defaultCertificateValidators = true;
    private byte[] hash = null;
    private boolean pades = false;

    public CAdESSigner() {
        this.pkcs1.setAlgorithm((String) null);
        setSignaturePolicy(PolicyFactory.Policies.AD_RB_CADES_2_3);
    }

    public CAdESSigner(String str, PolicyFactory.Policies policies) {
        this.pkcs1.setAlgorithm(str);
        setSignaturePolicy(policies);
    }

    public CAdESSigner(String str, PolicyFactory.Policies policies, boolean z) {
        this.pkcs1.setAlgorithm(str);
        setSignaturePolicy(policies);
        setPades(z);
    }

    public Store<?> generatedCertStore(Certificate[] certificateArr) {
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(Arrays.asList(certificateArr));
            boolean z = true;
            for (Certificate certificate : certificateArr) {
                if (certificate.equals(this.certificateChain[0])) {
                    z = false;
                }
            }
            if (z) {
                logger.debug("Adicionando Certificado no CertStore");
                arrayList.addAll(Arrays.asList(this.certificateChain[0]));
            } else {
                logger.debug("Certificado já assinou este arquivo. Não adicionar no CertStore");
            }
            return new JcaCertStore(arrayList);
        } catch (CertificateEncodingException e) {
            throw new SignerException(e);
        }
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public String getAlgorithm() {
        return this.pkcs1.getAlgorithm();
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public PrivateKey getPrivateKey() {
        return this.pkcs1.getPrivateKey();
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public Provider getProvider() {
        return this.pkcs1.getProvider();
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public PublicKey getPublicKey() {
        return this.pkcs1.getPublicKey();
    }

    public byte[] getHash() {
        return this.hash;
    }

    public void setHash(byte[] bArr) {
        this.hash = bArr;
    }

    public boolean isDefaultCertificateValidators() {
        return this.defaultCertificateValidators;
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public void setAlgorithm(SignerAlgorithmEnum signerAlgorithmEnum) {
        this.pkcs1.setAlgorithm(signerAlgorithmEnum);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public void setAlgorithm(String str) {
        this.pkcs1.setAlgorithm(str);
    }

    public boolean isAttached() {
        return this.attached;
    }

    public void setAttached(boolean z) {
        this.attached = z;
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Signer
    public void setCertificates(Certificate[] certificateArr) {
        this.certificateChain = certificateArr;
    }

    public void setDefaultCertificateValidators(boolean z) {
        this.defaultCertificateValidators = z;
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public void setPrivateKey(PrivateKey privateKey) {
        this.pkcs1.setPrivateKey(privateKey);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public void setProvider(Provider provider) {
        this.pkcs1.setProvider(provider);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public void setPublicKey(PublicKey publicKey) {
        this.pkcs1.setPublicKey(publicKey);
    }

    private byte[] doSign(byte[] bArr) {
        return doSign(bArr, null);
    }

    private Collection<X509Certificate> getSignersCertificates(CMSSignedData cMSSignedData) {
        HashSet hashSet = new HashSet();
        Store certificates = cMSSignedData.getCertificates();
        Iterator it = cMSSignedData.getSignerInfos().getSigners().iterator();
        while (it.hasNext()) {
            try {
                hashSet.add(new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) certificates.getMatches(((SignerInformation) it.next()).getSID()).iterator().next()));
            } catch (CertificateException e) {
            }
        }
        return hashSet;
    }

    /* JADX WARN: Removed duplicated region for block: B:70:0x040c  */
    /* JADX WARN: Removed duplicated region for block: B:82:0x0476  */
    /* JADX WARN: Removed duplicated region for block: B:99:0x05a5  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private byte[] doSign(byte[] r10, byte[] r11) {
        /*
            Method dump skipped, instructions count: 1788
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.demoiselle.signer.policy.impl.cades.pkcs7.impl.CAdESSigner.doSign(byte[], byte[]):byte[]");
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Signer
    public void setSignaturePolicy(PolicyFactory.Policies policies) {
        setPolicyName(policies.name());
        this.signaturePolicy = PolicyFactory.getInstance().loadPolicy(policies);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public byte[] doAttachedSign(byte[] bArr) {
        setAttached(true);
        return doSign(bArr);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public byte[] doDetachedSign(byte[] bArr) {
        return doSign(bArr);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Signer
    public byte[] doAttachedSign(byte[] bArr, byte[] bArr2) {
        setAttached(true);
        return doSign(bArr, bArr2);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Signer
    public byte[] doDetachedSign(byte[] bArr, byte[] bArr2) {
        return doSign(bArr, bArr2);
    }

    private CMSSignedData updateWithCounterSignature(CMSSignedData cMSSignedData, CMSSignedData cMSSignedData2, SignerId signerId) {
        SignerInformationStore signerInfos = cMSSignedData2.getSignerInfos();
        SignerInformationStore signerInfos2 = cMSSignedData.getSignerInfos();
        cMSSignedData2.getSignerInfos().get(signerId);
        SignerInformation addCounterSigners = SignerInformation.addCounterSigners(signerInfos.get(signerId), signerInfos2);
        ArrayList arrayList = new ArrayList();
        arrayList.add(addCounterSigners);
        return CMSSignedData.replaceSigners(cMSSignedData2, new SignerInformationStore(arrayList));
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Signer
    public byte[] doCounterSign(byte[] bArr) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                cMSSignedData = updateWithCounterSignature(new CMSSignedData(doSign(signerInformation.getSignature())), cMSSignedData, signerInformation.getSID());
            }
            return cMSSignedData.getEncoded();
        } catch (Throwable th) {
            throw new SignerException(th);
        }
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Signer, org.demoiselle.signer.policy.impl.cades.Signer
    public byte[] doHashSign(byte[] bArr) {
        this.hash = bArr;
        return doSign(null);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Signer
    public byte[] doHashCoSign(byte[] bArr, byte[] bArr2) {
        this.hash = bArr;
        return doSign(null, bArr2);
    }

    public String getPolicyName() {
        return this.policyName;
    }

    public void setPolicyName(String str) {
        this.policyName = str;
    }

    public CertificateManager getCertificateManager() {
        return this.certificateManager;
    }

    public void setCertificateManager(CertificateManager certificateManager) {
        this.certificateManager = certificateManager;
    }

    public boolean isPades() {
        return this.pades;
    }

    public void setPades(boolean z) {
        this.pades = z;
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public Date getNotAfterSignerCertificate() {
        return this.notAfterSignerCertificate;
    }

    public void setNotAfterSignerCertificate(Date date) {
        this.notAfterSignerCertificate = date;
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Signer
    public void setCertificatesForTimeStamp(Certificate[] certificateArr) {
        this.certificateChainTimeStamp = certificateArr;
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public void setPrivateKeyForTimeStamp(PrivateKey privateKey) {
        this.pkcs1.setPrivateKeyForTimeStamp(privateKey);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public PrivateKey getPrivateKeyForTimeStamp() {
        return this.pkcs1.getPrivateKeyForTimeStamp();
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public String getSignatory() {
        return this.signatory;
    }

    public void setSignatory(String str) {
        this.signatory = str;
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public CMSSignedData prepareDetachedSign(byte[] bArr) {
        return prepareSignature(bArr, null);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public CMSSignedData prepareAttachedSign(byte[] bArr) {
        setAttached(true);
        return prepareSignature(bArr, null);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public CMSSignedData prepareHashSign(byte[] bArr) {
        this.hash = bArr;
        return prepareSignature(null, null);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public byte[] envelopDetachedSign(CMSSignedData cMSSignedData) {
        return envelopSignature(cMSSignedData, null);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public byte[] envelopAttachedSign(CMSSignedData cMSSignedData) {
        return envelopSignature(cMSSignedData, null);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Signer
    public byte[] envelopHashSign(CMSSignedData cMSSignedData) {
        return envelopSignature(cMSSignedData, null);
    }

    private CMSSignedData prepareSignature(byte[] bArr, byte[] bArr2) {
        AttributeTable prepareSignedAttributes = prepareSignedAttributes(bArr, bArr2);
        validateCertificatesAndPolicy();
        if (getPrivateKey() == null) {
            logger.error(cadesMessagesBundle.getString("error.privatekey.null"));
            throw new SignerException(cadesMessagesBundle.getString("error.privatekey.null"));
        }
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        try {
            cMSSignedDataGenerator.addCertificates(generatedCertStore(extractCertificates(bArr2)));
            String value = prepareAlgAndLength().getAlgID().getValue();
            SimpleAttributeTableGenerator simpleAttributeTableGenerator = isPades() ? new SimpleAttributeTableGenerator(prepareSignedAttributes) : new DefaultSignedAttributeTableGenerator(prepareSignedAttributes);
            logger.debug(cadesMessagesBundle.getString("info.algorithm.id", new Object[]{value}));
            try {
                cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setSignedAttributeGenerator(simpleAttributeTableGenerator).setUnsignedAttributeGenerator((CMSAttributeTableGenerator) null).build(AlgorithmNames.getAlgorithmNameByOID(value), this.pkcs1.getPrivateKey(), this.certificate));
                try {
                    CMSSignedData generate = cMSSignedDataGenerator.generate(bArr == null ? new CMSAbsentContent() : new CMSProcessableByteArray(bArr), this.attached);
                    setAttached(false);
                    return generate;
                } catch (CMSException e) {
                    logger.error(e.getMessage());
                    throw new SignerException((Throwable) e);
                }
            } catch (CertificateEncodingException | OperatorCreationException e2) {
                logger.error(e2.getMessage());
                throw new SignerException(e2);
            }
        } catch (CMSException e3) {
            logger.error(e3.getMessage());
            throw new SignerException((Throwable) e3);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x0100  */
    /* JADX WARN: Removed duplicated region for block: B:28:0x016a  */
    /* JADX WARN: Removed duplicated region for block: B:46:0x0299  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public byte[] envelopSignature(org.bouncycastle.cms.CMSSignedData r10, byte[] r11) {
        /*
            Method dump skipped, instructions count: 1062
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.demoiselle.signer.policy.impl.cades.pkcs7.impl.CAdESSigner.envelopSignature(org.bouncycastle.cms.CMSSignedData, byte[]):byte[]");
    }

    public AttributeTable prepareSignedAttributes(byte[] bArr, byte[] bArr2) {
        checkCertificateChain();
        AttributeFactory attributeFactory = AttributeFactory.getInstance();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (this.signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedSignedAttr().getObjectIdentifiers() != null) {
            Iterator it = this.signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedSignedAttr().getObjectIdentifiers().iterator();
            while (it.hasNext()) {
                SignedOrUnsignedAttribute factory = attributeFactory.factory(((ObjectIdentifier) it.next()).getValue());
                factory.initialize(this.pkcs1.getPrivateKey(), this.certificateChain, bArr, this.signaturePolicy, getHash());
                aSN1EncodableVector.add(factory.getValue());
            }
        }
        return new AttributeTable(aSN1EncodableVector);
    }

    public AlgAndLength prepareAlgAndLength() {
        ArrayList<AlgAndLength> arrayList = new ArrayList();
        Iterator it = this.signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getAlgorithmConstraintSet().getSignerAlgorithmConstraints().getAlgAndLengths().iterator();
        while (it.hasNext()) {
            arrayList.add((AlgAndLength) it.next());
        }
        AlgAndLength algAndLength = null;
        if (this.pkcs1.getAlgorithm() != null) {
            String oIDByAlgorithmName = AlgorithmNames.getOIDByAlgorithmName(this.pkcs1.getAlgorithm());
            for (AlgAndLength algAndLength2 : arrayList) {
                if (algAndLength2.getAlgID().getValue().equalsIgnoreCase(oIDByAlgorithmName)) {
                    algAndLength = algAndLength2;
                    String oIDAlgorithmHash = SignerAlgorithmEnum.valueOf(this.pkcs1.getAlgorithm()).getOIDAlgorithmHash();
                    ObjectIdentifier algorithm = this.signaturePolicy.getSignPolicyHashAlg().getAlgorithm();
                    algorithm.setValue(oIDAlgorithmHash);
                    AlgorithmIdentifier signPolicyHashAlg = this.signaturePolicy.getSignPolicyHashAlg();
                    signPolicyHashAlg.setAlgorithm(algorithm);
                    this.signaturePolicy.setSignPolicyHashAlg(signPolicyHashAlg);
                }
            }
        } else {
            algAndLength = (AlgAndLength) arrayList.get(1);
            this.pkcs1.setAlgorithm(AlgorithmNames.getAlgorithmNameByOID(algAndLength.getAlgID().getValue()));
            String oIDAlgorithmHash2 = SignerAlgorithmEnum.valueOf(this.pkcs1.getAlgorithm()).getOIDAlgorithmHash();
            ObjectIdentifier algorithm2 = this.signaturePolicy.getSignPolicyHashAlg().getAlgorithm();
            algorithm2.setValue(oIDAlgorithmHash2);
            AlgorithmIdentifier signPolicyHashAlg2 = this.signaturePolicy.getSignPolicyHashAlg();
            signPolicyHashAlg2.setAlgorithm(algorithm2);
            this.signaturePolicy.setSignPolicyHashAlg(signPolicyHashAlg2);
        }
        if (algAndLength == null) {
            throw new SignerException(cadesMessagesBundle.getString("error.no.algorithm.policy"));
        }
        logger.debug(cadesMessagesBundle.getString("info.algorithm.id", new Object[]{algAndLength.getAlgID().getValue()}));
        logger.debug(cadesMessagesBundle.getString("info.algorithm.name", new Object[]{AlgorithmNames.getAlgorithmNameByOID(algAndLength.getAlgID().getValue())}));
        logger.debug(cadesMessagesBundle.getString("info.min.key.length", new Object[]{algAndLength.getMinKeyLength()}));
        logger.debug(cadesMessagesBundle.getString("info.validating.key.length"));
        int bitLength = ((RSAKey) this.certificate.getPublicKey()).getModulus().bitLength();
        if (bitLength < algAndLength.getMinKeyLength().intValue()) {
            throw new SignerException(cadesMessagesBundle.getString("error.min.key.length", new Object[]{algAndLength.getMinKeyLength().toString(), Integer.valueOf(bitLength)}));
        }
        return algAndLength;
    }

    private void validateCertificatesAndPolicy() {
        HashSet hashSet = new HashSet();
        for (CertificateTrustPoint certificateTrustPoint : this.signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSigningCertTrustCondition().getSignerTrustTrees().getCertificateTrustPoints()) {
            logger.debug(cadesMessagesBundle.getString("info.trust.point", new Object[]{certificateTrustPoint.getTrustpoint().getSubjectDN().toString()}));
            hashSet.add(certificateTrustPoint.getTrustpoint());
        }
        HashSet<X509Certificate> hashSet2 = new HashSet();
        for (Certificate certificate : this.certificateChain) {
            hashSet2.add((X509Certificate) certificate);
        }
        X509Certificate x509Certificate = null;
        for (X509Certificate x509Certificate2 : hashSet2) {
            logger.debug(x509Certificate2.getIssuerDN().toString());
            if (CAManager.getInstance().isRootCA(x509Certificate2)) {
                x509Certificate = x509Certificate2;
            }
        }
        if (hashSet.contains(x509Certificate)) {
            logger.debug(cadesMessagesBundle.getString("info.trust.in.point", new Object[]{x509Certificate.getSubjectDN()}));
        } else {
            logger.debug(cadesMessagesBundle.getString("info.trust.poin.homolog"));
            CAManager.getInstance().validateRootCAs(hashSet2, this.certificate);
        }
        logger.debug(cadesMessagesBundle.getString("info.policy.valid.period"));
        new PolicyValidator(this.signaturePolicy, this.policyName).validate();
    }

    public Certificate[] extractCertificates(byte[] bArr) {
        Certificate[] certificateArr = new Certificate[0];
        if (bArr != null && bArr.length > 0) {
            try {
                certificateArr = (Certificate[]) getSignersCertificates(new CMSSignedData(new CMSAbsentContent(), bArr)).toArray(new Certificate[0]);
            } catch (CMSException e) {
                logger.error(e.getMessage());
                throw new SignerException((Throwable) e);
            }
        }
        return certificateArr;
    }

    void checkCertificateChain() {
        Security.addProvider(new BouncyCastleProvider());
        if (this.certificateChain == null) {
            logger.error(cadesMessagesBundle.getString("error.certificate.null"));
            throw new SignerException(cadesMessagesBundle.getString("error.certificate.null"));
        }
        if (this.certificate == null && this.certificateChain != null && this.certificateChain.length > 0) {
            this.certificate = (X509Certificate) this.certificateChain[0];
        }
        this.certificateChain = CAManager.getInstance().getCertificateChainArray(this.certificate);
        if (this.certificateChain.length < 3) {
            throw new SignerException(cadesMessagesBundle.getString("error.no.ca", new Object[]{this.certificate.getIssuerDN()}));
        }
        try {
            setCertificateManager(new CertificateManager(this.certificate));
        } catch (CertificateValidatorCRLException e) {
            logger.warn(e.getMessage());
            ConfigurationRepo.getInstance().setOnline(true);
            try {
                setCertificateManager(new CertificateManager(this.certificate));
            } catch (CertificateValidatorCRLException e2) {
                logger.error(e2.getMessage());
                throw new CertificateValidatorCRLException(e2.getMessage());
            }
        }
    }
}
