package uz.yt.cams.pki;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.ASN1UTCTime;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DERUTCTime;
import org.spongycastle.asn1.cms.Attribute;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.asn1.cms.CMSAttributes;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.PolicyInformation;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.CMSSignedDataParser;
import org.spongycastle.cms.CMSTypedStream;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.SignerInformationStore;
import org.spongycastle.cms.jcajce.YTSimpleSignerInfoVerifierBuilder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.spongycastle.util.Store;
import uz.yt.cams.pki.dto.Pkcs7Info;
import uz.yt.cams.pki.dto.Pkcs7SignerInfo;
import uz.yt.cams.pki.exception.CertificatePathBuildException;
import uz.yt.cams.pki.exception.CertificatePathValidationException;
import uz.yt.cams.pki.provider.TrustedCertificateProvider;

/* loaded from: classes2.dex */
public class DocumentVerifier extends MessageVerifier {
    private static final Logger LOG = Logger.getLogger(DocumentVerifier.class.getName());
    protected TrustedCertificateProvider trustedCertificateProvider;

    public DocumentVerifier(Provider provider, TrustedCertificateProvider trustedCertificateProvider) {
        super(provider);
        this.trustedCertificateProvider = trustedCertificateProvider;
    }

    private Pkcs7Info verify(Pkcs7Info pkcs7Info, Store store, SignerInformationStore signerInformationStore, Date date) {
        Iterator it = store.getMatches(null).iterator();
        while (it.hasNext()) {
            try {
                pkcs7Info.addCertificates(new JcaX509CertificateConverter().setProvider(this.provider).getCertificate((X509CertificateHolder) it.next()));
            } catch (CertificateException e) {
                LOG.log(Level.SEVERE, "", (Throwable) e);
            }
        }
        for (SignerInformation signerInformation : signerInformationStore.getSigners()) {
            Pkcs7SignerInfo pkcs7SignerInfo = new Pkcs7SignerInfo(signerInformation.getSID());
            pkcs7SignerInfo.setSignature(signerInformation.getSignature());
            X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) store.getMatches(signerInformation.getSID()).iterator().next();
            try {
                AttributeTable signedAttributes = signerInformation.getSignedAttributes();
                if (signedAttributes != null) {
                    try {
                        Attribute attribute = signedAttributes.get(CMSAttributes.signingTime);
                        if (attribute != null) {
                            Enumeration objects = attribute.getAttrValues().getObjects();
                            while (objects.hasMoreElements()) {
                                Object nextElement = objects.nextElement();
                                if (nextElement instanceof ASN1UTCTime) {
                                    pkcs7SignerInfo.setSigningTime(((ASN1UTCTime) nextElement).getDate());
                                } else if (nextElement instanceof DERUTCTime) {
                                    pkcs7SignerInfo.setSigningTime(((DERUTCTime) nextElement).getDate());
                                }
                            }
                        }
                    } catch (ParseException e2) {
                        LOG.log(Level.SEVERE, "", (Throwable) e2);
                    }
                    Attribute attribute2 = signedAttributes.get(CMSAttributes.messageDigest);
                    if (attribute2 != null && attribute2.getAttrValues().getObjects().hasMoreElements()) {
                        pkcs7SignerInfo.setDigest(((ASN1OctetString) attribute2.getAttrValues().getObjectAt(0).toASN1Primitive()).getOctets());
                    }
                }
                pkcs7SignerInfo.setUnsignedAttributes(signerInformation.getUnsignedAttributes());
                X509Certificate certificate = new JcaX509CertificateConverter().setProvider(this.provider).getCertificate(x509CertificateHolder);
                verifyCertificateChain(pkcs7SignerInfo, certificate, pkcs7Info.getCertificates(), date != null ? date : pkcs7SignerInfo.getSigningTime());
                if (certificate.getPublicKey() != null && signerInformation.verify(new YTSimpleSignerInfoVerifierBuilder().setProvider(this.provider).build(certificate.getPublicKey()))) {
                    pkcs7SignerInfo.setVerified(true);
                }
                try {
                    pkcs7SignerInfo.setPolicyIdentifiers(getPolicyIdentifiers(certificate));
                } catch (IOException e3) {
                    LOG.log(Level.WARNING, "POLICY IDENTIFIERS ERROR {2} : {0} - {1}", new Object[]{pkcs7SignerInfo.getSignerId().getSerialNumber().toString(16), e3.getClass().getSimpleName(), e3.getMessage()});
                }
            } catch (CertificateException e4) {
                e = e4;
                pkcs7SignerInfo.setException(e);
            } catch (CMSException e5) {
                pkcs7SignerInfo.setException(e5);
            } catch (OperatorCreationException e6) {
                e = e6;
                pkcs7SignerInfo.setException(e);
            }
            if (pkcs7SignerInfo.getException() != null) {
                LOG.log(Level.WARNING, "{2} : {0} - {1}", new Object[]{pkcs7SignerInfo.getSignerId().getSerialNumber().toString(16), pkcs7SignerInfo.getException().getClass().getSimpleName(), pkcs7SignerInfo.getException().getMessage()});
            } else {
                if (pkcs7SignerInfo.isVerified()) {
                    LOG.log(Level.INFO, "{2} : {0} - {1}", new Object[]{pkcs7SignerInfo.getCertificate()[0].getSerialNumber().toString(16), pkcs7SignerInfo.getCertificate()[0].getSubjectDN().toString(), "SIGNATURE VERIFIED"});
                } else {
                    LOG.log(Level.WARNING, "{2} : {0} - {1}", new Object[]{pkcs7SignerInfo.getCertificate()[0].getSerialNumber().toString(16), pkcs7SignerInfo.getCertificate()[0].getSubjectDN().toString(), "SIGNATURE NOT VERIFIED"});
                }
                if (pkcs7SignerInfo.isCertificateVerified()) {
                    LOG.log(Level.INFO, "{2} : {0} - {1}", new Object[]{pkcs7SignerInfo.getCertificate()[0].getSerialNumber().toString(16), pkcs7SignerInfo.getCertificate()[0].getSubjectDN().toString(), "CERTIFICATE CHAIN VERIFIED"});
                } else {
                    LOG.log(Level.WARNING, "{2} : {0} - {1}", new Object[]{pkcs7SignerInfo.getCertificate()[0].getSerialNumber().toString(16), pkcs7SignerInfo.getCertificate()[0].getSubjectDN().toString(), "CERTIFICATE CHAIN NOT VERIFIED"});
                }
            }
            pkcs7Info.add(pkcs7SignerInfo);
        }
        return pkcs7Info;
    }

    public List<String> getPolicyIdentifiers(X509Certificate x509Certificate) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.certificatePolicies.getId());
        if (extensionValue == null) {
            return Collections.emptyList();
        }
        ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets())).readObject();
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < aSN1Sequence.size(); i++) {
            arrayList.add(PolicyInformation.getInstance(aSN1Sequence.getObjectAt(i)).getPolicyIdentifier().getId());
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifyCertificateChain(Pkcs7SignerInfo pkcs7SignerInfo, X509Certificate x509Certificate, List<X509Certificate> list, Date date) {
        pkcs7SignerInfo.setCertificate(new X509Certificate[]{x509Certificate});
        try {
            LinkedList linkedList = new LinkedList();
            X509Certificate verifyCertificateChainReturnTrust = verifyCertificateChainReturnTrust(x509Certificate, list, date, linkedList);
            pkcs7SignerInfo.setCertificate((X509Certificate[]) linkedList.toArray(new X509Certificate[0]));
            pkcs7SignerInfo.setCertificateVerified(true);
            pkcs7SignerInfo.setTrustedCertificate(verifyCertificateChainReturnTrust);
        } catch (Throwable th) {
            LOG.log(Level.WARNING, "CERTIFICATE PATH VALIDATION ERROR : {0}", new Object[]{th.getMessage()});
            pkcs7SignerInfo.setException(new Exception(th));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509Certificate verifyCertificateChainReturnTrust(X509Certificate x509Certificate, List<X509Certificate> list, Date date, List<X509Certificate> list2) throws CertificatePathBuildException, CertificatePathValidationException, CertificateEncodingException, CertificateException, IOException {
        CertificatePathBuilderValidator certificatePathBuilderValidator = new CertificatePathBuilderValidator(this.provider, this.trustedCertificateProvider);
        Iterator<? extends Certificate> it = certificatePathBuilderValidator.buildCertPath(x509Certificate, list, date).getCertPath().getCertificates().iterator();
        while (it.hasNext()) {
            list2.add(new JcaX509CertificateConverter().setProvider(this.provider).getCertificate(new X509CertificateHolder(it.next().getEncoded())));
        }
        return certificatePathBuilderValidator.validateCertPath().getTrustAnchor().getTrustedCert();
    }

    public Pkcs7Info verifyPkcs7Attached(byte[] bArr) throws CMSException {
        return verifyPkcs7Attached(bArr, null);
    }

    public Pkcs7Info verifyPkcs7Attached(byte[] bArr, Date date) throws CMSException {
        Pkcs7Info pkcs7Info = new Pkcs7Info();
        CMSSignedData cMSSignedData = new CMSSignedData(bArr);
        try {
            pkcs7Info.setDocument((byte[]) cMSSignedData.getSignedContent().getContent());
        } catch (Throwable th) {
            LOG.log(Level.SEVERE, "", th);
        }
        return verify(pkcs7Info, cMSSignedData.getCertificates(), cMSSignedData.getSignerInfos(), date);
    }

    public Pkcs7Info verifyPkcs7Detached(byte[] bArr, byte[] bArr2) throws OperatorCreationException, CMSException, IOException {
        return verifyPkcs7Detached(bArr, bArr2, null);
    }

    public Pkcs7Info verifyPkcs7Detached(byte[] bArr, byte[] bArr2, Date date) throws OperatorCreationException, CMSException, IOException {
        Pkcs7Info pkcs7Info = new Pkcs7Info();
        CMSSignedDataParser cMSSignedDataParser = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(this.provider).build(), new CMSTypedStream(new ByteArrayInputStream(bArr2)), bArr);
        cMSSignedDataParser.getSignedContent().drain();
        return verify(pkcs7Info, cMSSignedDataParser.getCertificates(), cMSSignedDataParser.getSignerInfos(), date);
    }
}
