package code.ponfee.commons.jce.cert;

import code.ponfee.commons.jce.pkcs.PKCS7Signature;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.SignerInfo;

/* loaded from: input_file:code/ponfee/commons/jce/cert/CertPKCS7Verifier.class */
public class CertPKCS7Verifier extends CertSignedVerifier {
    private final PKCS7 pkcs7;

    public CertPKCS7Verifier(X509Certificate x509Certificate, X509CRL x509crl, byte[] bArr, byte[] bArr2) {
        this(x509Certificate, x509crl, PKCS7Signature.getPkcs7(bArr), bArr2);
    }

    public CertPKCS7Verifier(X509Certificate x509Certificate, X509CRL x509crl, byte[] bArr) {
        this(x509Certificate, x509crl, PKCS7Signature.getPkcs7(bArr));
    }

    public CertPKCS7Verifier(X509Certificate x509Certificate, X509CRL x509crl, PKCS7 pkcs7) {
        this(x509Certificate, x509crl, pkcs7, PKCS7Signature.getContent(pkcs7));
    }

    public CertPKCS7Verifier(X509Certificate x509Certificate, X509CRL x509crl, PKCS7 pkcs7, byte[] bArr) {
        super(x509Certificate, x509crl, bArr);
        this.pkcs7 = pkcs7;
        SignerInfo[] signerInfos = pkcs7.getSignerInfos();
        HashMap hashMap = new HashMap(signerInfos.length << 1);
        for (X509Certificate x509Certificate2 : pkcs7.getCertificates()) {
            hashMap.put(x509Certificate2.getSerialNumber(), x509Certificate2);
        }
        this.subjects = new X509Certificate[signerInfos.length];
        int i = 0;
        while (i < signerInfos.length) {
            X509Certificate x509Certificate3 = (X509Certificate) hashMap.get(signerInfos[i].getCertificateSerialNumber());
            if (x509Certificate3 == null) {
                throw new IllegalArgumentException("cannot found the sign cert: " + signerInfos[i].getCertificateSerialNumber());
            }
            int i2 = i;
            int i3 = i + 1;
            this.subjects[i2] = x509Certificate3;
            this.signedInfos.add(signerInfos[i3].getEncryptedDigest());
            i = i3 + 1;
        }
    }

    @Override // code.ponfee.commons.jce.cert.CertSignedVerifier
    public void verifySigned() {
        String str = null;
        try {
            for (SignerInfo signerInfo : this.pkcs7.getSignerInfos()) {
                str = X509CertUtils.getCertInfo(signerInfo.getCertificate(this.pkcs7), X509CertInfo.SUBJECT_CN);
                if (this.pkcs7.verify(signerInfo, this.info) == null) {
                    throw new SecurityException("[" + str + "]验签不通过");
                }
            }
        } catch (IOException e) {
            throw new SecurityException("获取证书主题异常", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SecurityException("证书验签出错", e2);
        } catch (SignatureException e3) {
            throw new SecurityException("[" + str + "]签名信息错误", e3);
        }
    }
}
