package signgate.provider.ec.codec.pkcs7;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import signgate.javax.crypto.MessageDigest;
import signgate.javax.crypto.Signature;
import signgate.provider.ec.codec.asn1.ASN1ObjectIdentifier;
import signgate.provider.ec.codec.asn1.ASN1OctetString;
import signgate.provider.ec.codec.asn1.ASN1Type;
import signgate.provider.ec.codec.asn1.DEREncoder;
import signgate.provider.ec.codec.pkcs9.Attributes;
import signgate.provider.ec.codec.pkcs9.InvalidAttributeException;
import signgate.provider.ec.codec.pkcs9.NoSuchAttributeException;
import signgate.provider.ec.codec.util.JCA;
import signgate.provider.ec.codec.x501.Attribute;

/* loaded from: input_file:signgate/provider/ec/codec/pkcs7/Verifier.class */
public class Verifier {
    private ASN1ObjectIdentifier DATA = new ASN1ObjectIdentifier(new int[]{1, 2, 840, 113549, 1, 7, 1});
    private ASN1ObjectIdentifier MESSAGE_DIGEST = new ASN1ObjectIdentifier(new int[]{1, 2, 840, 113549, 1, 9, 4});
    private ASN1ObjectIdentifier CONTENT_TYPE = new ASN1ObjectIdentifier(new int[]{1, 2, 840, 113549, 1, 9, 3});
    public static final int BUFFER_SIZE = 1024;
    protected Signable target_;
    private Signature sig_;
    protected MessageDigest digest_;
    protected X509Certificate cert_;
    protected SignerInfo info_;
    protected byte[] md_;
    protected boolean twostep_;

    public Verifier(Signable signable, SignerInfo signerInfo, X509Certificate x509Certificate) throws GeneralSecurityException {
        this.twostep_ = false;
        if (signerInfo == null && x509Certificate == null) {
            throw new IllegalArgumentException("Need either a SignerInfo or a certificate!");
        }
        if (signable == null) {
            throw new NullPointerException("Need a SignedData!");
        }
        this.target_ = signable;
        if (signerInfo == null) {
            signerInfo = this.target_.getSignerInfo(x509Certificate);
            if (signerInfo == null) {
                throw new NoSuchSignerException(new StringBuffer().append("No signer info found for: ").append(x509Certificate.getIssuerDN().getName()).append(", ").append(x509Certificate.getSerialNumber()).toString());
            }
        } else if (x509Certificate == null) {
            x509Certificate = this.target_.getCertificate(signerInfo.getIssuerDN(), signerInfo.getSerialNumber());
            if (x509Certificate == null) {
                throw new CertificateException(new StringBuffer().append("No certificate available for: ").append(signerInfo.getIssuerDN().getName()).append(", ").append(signerInfo.getSerialNumber()).toString());
            }
        } else if (!signerInfo.equivIssuerAndSerialNumber(x509Certificate)) {
            throw new IllegalArgumentException("SignerInfo and certificate don't match!");
        }
        this.info_ = signerInfo;
        this.cert_ = x509Certificate;
        String algorithm = this.info_.getAlgorithm();
        Attributes authenticatedAttributes = this.info_.authenticatedAttributes();
        ASN1ObjectIdentifier contentType = this.target_.getContentType();
        if (authenticatedAttributes.size() > 0 || !contentType.equals(this.DATA)) {
            this.twostep_ = true;
            Attribute attribute = this.info_.authenticatedAttributes().getAttribute(this.CONTENT_TYPE);
            if (attribute == null) {
                throw new NoSuchAttributeException("ContentType attribute missing!");
            }
            if (attribute.valueCount() == 0) {
                throw new InvalidAttributeException("ContentType attribute has no OID!");
            }
            if (!contentType.equals(attribute.valueAt(0))) {
                throw new InvalidAttributeException("ContentType attribute mismatch!");
            }
            Attribute attribute2 = this.info_.authenticatedAttributes().getAttribute(this.MESSAGE_DIGEST);
            if (attribute2 == null) {
                throw new NoSuchAttributeException("MessageDigest attribute missing!");
            }
            if (attribute2.valueCount() == 0) {
                throw new InvalidAttributeException("MessageDigest attribute has no data!");
            }
            this.md_ = ((ASN1OctetString) attribute2.valueAt(0)).getByteArray();
            String name = JCA.getName(JCA.getDigestOID(algorithm));
            if (name == null) {
                throw new NoSuchAlgorithmException(new StringBuffer().append("Cannot determine digest algorithm for ").append(algorithm).toString());
            }
            this.digest_ = MessageDigest.getInstance(name, "SignGATE");
        }
        this.sig_ = Signature.getInstance(algorithm, "SignGATE");
        AlgorithmParameterSpec parameterSpec = this.info_.getParameterSpec();
        if (parameterSpec != null) {
            this.sig_.setParameter(parameterSpec);
        }
        this.sig_.initVerify(this.cert_.getPublicKey());
    }

    public void update(InputStream inputStream) throws SignatureException, IOException {
        byte[] bArr = new byte[1024];
        while (true) {
            try {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    return;
                } else {
                    update(bArr, 0, read);
                }
            } catch (IOException e) {
                reset();
                throw e;
            }
        }
    }

    public void update() throws GeneralSecurityException {
        ASN1Type content = this.target_.getContent();
        if (content == null) {
            return;
        }
        if (content instanceof Data) {
            update(((Data) content).getByteArray());
            return;
        }
        boolean isExplicit = content.isExplicit();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DEREncoder dEREncoder = new DEREncoder(byteArrayOutputStream);
        try {
            try {
                content.setExplicit(false);
                dEREncoder.writeType(content);
                update(byteArrayOutputStream.toByteArray());
                content.setExplicit(isExplicit);
                try {
                    dEREncoder.close();
                } catch (Exception e) {
                }
            } catch (Throwable th) {
                content.setExplicit(isExplicit);
                try {
                    dEREncoder.close();
                } catch (Exception e2) {
                }
                throw th;
            }
        } catch (Exception e3) {
            throw new SignatureException("Exception while re-encoding!");
        }
    }

    public void update(byte[] bArr) throws SignatureException {
        update(bArr, 0, bArr.length);
    }

    public void update(byte[] bArr, int i, int i2) throws SignatureException {
        try {
            if (this.twostep_) {
                this.digest_.update(bArr, i, i2);
            } else {
                this.sig_.update(bArr, i, i2);
            }
        } catch (SignatureException e) {
            reset();
            throw e;
        }
    }

    private void reset() {
        this.sig_ = null;
        this.cert_ = null;
        this.info_ = null;
        this.digest_ = null;
        this.target_ = null;
    }

    public X509Certificate verify() throws GeneralSecurityException {
        if (this.twostep_) {
            if (!Arrays.equals(this.digest_.digest(), this.md_)) {
                return null;
            }
            this.info_.update(this.sig_);
        }
        if (this.sig_.verify(this.target_ instanceof SignedAndEnvelopedData ? ((SignedAndEnvelopedData) this.target_).decryptBulkData(this.info_.getEncryptedDigest()) : this.info_.getEncryptedDigest())) {
            return this.cert_;
        }
        return null;
    }
}
