package eu.europa.esig.dss.validation.policy;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.SignaturePolicy;
import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import signservice.org.bouncycastle.asn1.ASN1OctetString;
import signservice.org.bouncycastle.asn1.ASN1Sequence;
import signservice.org.bouncycastle.asn1.x509.AlgorithmIdentifier;

/* loaded from: input_file:eu/europa/esig/dss/validation/policy/BasicASNSignaturePolicyValidator.class */
public class BasicASNSignaturePolicyValidator extends AbstractSignaturePolicyValidator {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) BasicASNSignaturePolicyValidator.class);

    @Override // eu.europa.esig.dss.validation.policy.SignaturePolicyValidator
    public boolean canValidate(SignaturePolicy signaturePolicy) {
        if (signaturePolicy.getPolicyContent() != null) {
            return DSSASN1Utils.isASN1SequenceTag(DSSUtils.readFirstByte(signaturePolicy.getPolicyContent()));
        }
        return false;
    }

    @Override // eu.europa.esig.dss.validation.policy.SignaturePolicyValidator
    public SignaturePolicyValidationResult validate(SignaturePolicy signaturePolicy) {
        SignaturePolicyValidationResult signaturePolicyValidationResult = new SignaturePolicyValidationResult();
        DSSDocument policyContent = signaturePolicy.getPolicyContent();
        if (policyContent == null) {
            signaturePolicyValidationResult.addError("general", "The signature policy content is not obtained.");
            return signaturePolicyValidationResult;
        }
        signaturePolicyValidationResult.setIdentified(true);
        Digest digest = signaturePolicy.getDigest();
        if (digest == null) {
            signaturePolicyValidationResult.addError("general", "The policy digest value is not defined.");
            return signaturePolicyValidationResult;
        }
        signaturePolicyValidationResult.setDigestValid(true);
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) DSSASN1Utils.toASN1Primitive(DSSUtils.toByteArray(policyContent));
            if (aSN1Sequence != null) {
                signaturePolicyValidationResult.setAsn1Processable(true);
                DigestAlgorithm forOID = DigestAlgorithm.forOID(AlgorithmIdentifier.getInstance((ASN1Sequence) aSN1Sequence.getObjectAt(0)).getAlgorithm().getId());
                if (forOID.equals(digest.getAlgorithm())) {
                    signaturePolicyValidationResult.setDigestAlgorithmsEqual(true);
                    Digest computedDigest = getComputedDigest(policyContent, forOID);
                    signaturePolicyValidationResult.setDigest(computedDigest);
                    boolean equals = digest.equals(computedDigest);
                    signaturePolicyValidationResult.setDigestValid(equals);
                    if (!equals) {
                        signaturePolicyValidationResult.addError("general", "The policy digest value (" + Utils.toBase64(digest.getValue()) + ") does not match the re-calculated digest value (" + Utils.toBase64(computedDigest.getValue()) + ").");
                    }
                    byte[] octets = ((ASN1OctetString) aSN1Sequence.getObjectAt(2)).getOctets();
                    boolean equals2 = Arrays.equals(digest.getValue(), octets);
                    signaturePolicyValidationResult.setDigestValid(equals2);
                    if (!equals2) {
                        signaturePolicyValidationResult.addError("general", "The policy digest value (" + Utils.toBase64(digest.getValue()) + ") does not match the digest value from the policy file (" + Utils.toBase64(octets) + ").");
                    }
                } else {
                    signaturePolicyValidationResult.addError("general", "The digest algorithm indicated in the SignPolicyHashAlg from the resulting document (" + forOID + ") is not equal to the digest algorithm (" + digest.getAlgorithm() + ").");
                    signaturePolicyValidationResult.setDigestAlgorithmsEqual(false);
                    signaturePolicyValidationResult.setDigestValid(false);
                }
            }
        } catch (Exception e) {
            signaturePolicyValidationResult.setDigestValid(false);
            signaturePolicyValidationResult.addError("general", e.getMessage());
            LOG.warn(e.getMessage(), (Throwable) e);
        }
        return signaturePolicyValidationResult;
    }

    @Override // eu.europa.esig.dss.validation.policy.AbstractSignaturePolicyValidator, eu.europa.esig.dss.validation.policy.SignaturePolicyValidator
    public Digest getComputedDigest(DSSDocument dSSDocument, DigestAlgorithm digestAlgorithm) {
        return new Digest(digestAlgorithm, DSSASN1Utils.getAsn1SignaturePolicyDigest(digestAlgorithm, DSSUtils.toByteArray(dSSDocument)));
    }
}
