package kr.jclab.javautils.jverify;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import kr.jclab.javautils.jverify.asn1.SpcIndirectDataContent;
import kr.jclab.javautils.jverify.internal.Resources;
import net.jsign.Signable;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;

/* loaded from: input_file:kr/jclab/javautils/jverify/Jverify.class */
public class Jverify {
    private final Provider provider;
    private final JcaX509CertificateConverter x509CertificateConverter;
    private final CertificateVerifier certificateVerifier;

    public Jverify() {
        this(x509Certificate -> {
            return true;
        }, Resources.getBouncyCastleProvider());
    }

    public Jverify(CertificateVerifier certificateVerifier) {
        this(certificateVerifier, Resources.getBouncyCastleProvider());
    }

    public Jverify(CertificateVerifier certificateVerifier, Provider provider) {
        this.x509CertificateConverter = new JcaX509CertificateConverter();
        this.certificateVerifier = certificateVerifier;
        this.provider = provider;
    }

    public boolean verify(Signable signable) throws IOException, NoSuchAlgorithmException {
        List signatures = signable.getSignatures();
        if (signatures.isEmpty()) {
            return false;
        }
        try {
            Iterator it = signatures.iterator();
            while (it.hasNext()) {
                SpcIndirectDataContent verifiedContent = getVerifiedContent((CMSSignedData) it.next());
                if (verifiedContent == null || !Arrays.equals(signable.computeDigest(MessageDigest.getInstance(verifiedContent.getMessageDigest().getAlgorithmId().getAlgorithm().getId(), this.provider)), verifiedContent.getMessageDigest().getDigest())) {
                    return false;
                }
            }
            return true;
        } catch (CMSException e) {
            return false;
        }
    }

    public SpcIndirectDataContent getVerifiedContent(CMSSignedData cMSSignedData) throws IOException, CMSException {
        CMSSignedData cMSSignedData2 = new CMSSignedData(cMSSignedData.getEncoded());
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(cMSSignedData2.getSignedContent().getContent());
        byte[] encoded = ((DLSequence) cMSSignedData2.getSignedContent().getContent()).getEncoded();
        CMSSignedData cMSSignedData3 = new CMSSignedData(new CMSProcessableByteArray(cMSSignedData2.getSignedContent().getContentType(), Arrays.copyOfRange(encoded, 2, encoded.length)), cMSSignedData.getEncoded());
        if (cMSSignedData3.verifySignatures(signerId -> {
            X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) cMSSignedData2.getCertificates().getMatches(cMSSignedData3.getSignerInfos().get(signerId).getSID()).stream().findFirst().orElse(null);
            if (x509CertificateHolder == null) {
                return null;
            }
            try {
                X509Certificate certificate = this.x509CertificateConverter.getCertificate(x509CertificateHolder);
                if (this.certificateVerifier.verify(certificate)) {
                    return new JcaSimpleSignerInfoVerifierBuilder().setProvider(this.provider).build(certificate);
                }
                return null;
            } catch (CertificateException e) {
                return null;
            }
        })) {
            return SpcIndirectDataContent.getInstance(aSN1Sequence);
        }
        return null;
    }
}
