package cz.abclinuxu.datoveschranky.impl;

import cz.abclinuxu.datoveschranky.common.entities.Hash;
import cz.abclinuxu.datoveschranky.common.entities.TimeStamp;
import cz.abclinuxu.datoveschranky.common.impl.DataBoxException;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.Principal;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import org.apache.log4j.Logger;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenInfo;

/* loaded from: input_file:cz/abclinuxu/datoveschranky/impl/Validator.class */
public class Validator {
    private static Map<String, String> OIDToAlgorithmName = new HashMap();
    private Collection<X509Certificate> certs;
    private boolean isValidating;
    private Logger logger = Logger.getLogger(Validator.class.getCanonicalName());

    public Validator(Collection<X509Certificate> collection, boolean z) {
        this.certs = null;
        this.isValidating = false;
        this.certs = collection;
        this.isValidating = z;
    }

    public Validator() {
        this.certs = null;
        this.isValidating = false;
        this.certs = new ArrayList();
        this.isValidating = false;
    }

    public TimeStamp readTimeStamp(byte[] bArr) {
        try {
            TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(bArr));
            TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
            X509Certificate findCertificate = findCertificate(timeStampToken.getSID());
            if (this.isValidating) {
                try {
                    timeStampToken.validate(findCertificate, "BC");
                } catch (Exception e) {
                    if (e instanceof RuntimeException) {
                        throw ((RuntimeException) e);
                    }
                    throw new DataBoxException(e.toString(), e);
                }
            }
            return new TimeStamp(new Hash(OIDToAlgorithmName.get(timeStampInfo.getMessageImprintAlgOID()), timeStampInfo.getMessageImprintDigest()), findCertificate, timeStampInfo.getGenTime());
        } catch (CMSException e2) {
            throw new DataBoxException("Chyba pri cteni casoveho razitka.", e2);
        } catch (TSPException e3) {
            throw new DataBoxException("Chyba pri cteni casoveho razitka.", e3);
        } catch (IOException e4) {
            throw new DataBoxException("IO chyba pri cteni casoveho razitka.", e4);
        }
    }

    public byte[] readPKCS7(byte[] bArr) throws DataBoxException {
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            verifySignature(cMSSignedData);
            return (byte[]) cMSSignedData.getSignedContent().getContent();
        } catch (Exception e) {
            throw new DataBoxException("Nemohu otevrit PKCS#7 obalku.", e);
        }
    }

    public InputStream readPKCS7(InputStream inputStream) throws DataBoxException {
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(inputStream);
            CMSProcessable signedContent = cMSSignedData.getSignedContent();
            verifySignature(cMSSignedData);
            return (InputStream) signedContent.getContent();
        } catch (Exception e) {
            throw new DataBoxException("Nemohu otevrit PKCS#7 obalku.", e);
        }
    }

    public static Collection<X509Certificate> readX509Certificates(InputStream inputStream) {
        ArrayList arrayList = new ArrayList();
        BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (bufferedInputStream.available() > 0) {
                arrayList.add((X509Certificate) certificateFactory.generateCertificate(bufferedInputStream));
            }
            return arrayList;
        } catch (IOException e) {
            throw new DataBoxException("IO chyba pri cteni X.509 certifikatu.", e);
        } catch (CertificateException e2) {
            throw new DataBoxException("Nemohu precist X.509 certifikat.", e2);
        }
    }

    private void verifySignature(CMSSignedData cMSSignedData) throws Exception {
        if (this.isValidating) {
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                X509Certificate findCertificate = findCertificate(signerInformation.getSID());
                if (findCertificate == null) {
                    throw new DataBoxException("Nemohu najit certifikat.");
                }
                if (!signerInformation.verify(findCertificate, "BC")) {
                    throw new DataBoxException("Nemohu overit oproti certifikatu stazenou zpravu.");
                }
            }
        }
    }

    private X509Certificate findCertificate(SignerId signerId) {
        return findCertificate(signerId.getIssuer(), signerId.getSerialNumber());
    }

    private X509Certificate findCertificate(Principal principal, BigInteger bigInteger) {
        for (X509Certificate x509Certificate : this.certs) {
            if (x509Certificate.getIssuerX500Principal().getName().equals(principal.getName()) && x509Certificate.getSerialNumber().equals(bigInteger)) {
                return x509Certificate;
            }
        }
        this.logger.info(String.format("Nemohu najit certifikat, vydavatel je %s , seriove cislo je %d.", principal.getName(), bigInteger));
        return null;
    }

    static {
        OIDToAlgorithmName.put("1.3.14.3.2.26", "SHA-1");
        OIDToAlgorithmName.put("2.16.840.1.101.3.4.2.1", "SHA-256");
        OIDToAlgorithmName.put("2.16.840.1.101.3.4.2.2", "SHA-384");
        OIDToAlgorithmName.put("2.16.840.1.101.3.4.2.3", "SHA-512");
        Security.addProvider(new BouncyCastleProvider());
    }
}
