package org.demoiselle.signer.policy.impl.cades.pkcs7.impl;

import java.io.IOException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.TimeZone;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignerDigestMismatchException;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.util.Store;
import org.demoiselle.signer.core.CertificateManager;
import org.demoiselle.signer.core.ca.manager.CAManager;
import org.demoiselle.signer.core.exception.CertificateCoreException;
import org.demoiselle.signer.core.exception.CertificateRevocationException;
import org.demoiselle.signer.core.exception.CertificateValidatorCRLException;
import org.demoiselle.signer.core.exception.CertificateValidatorException;
import org.demoiselle.signer.core.extension.BasicCertificate;
import org.demoiselle.signer.core.util.MessagesBundle;
import org.demoiselle.signer.core.validator.CRLValidator;
import org.demoiselle.signer.core.validator.PeriodValidator;
import org.demoiselle.signer.policy.engine.asn1.etsi.ObjectIdentifier;
import org.demoiselle.signer.policy.engine.asn1.etsi.SignaturePolicy;
import org.demoiselle.signer.policy.engine.factory.PolicyFactory;
import org.demoiselle.signer.policy.impl.cades.AttachedContentValidation;
import org.demoiselle.signer.policy.impl.cades.SignatureInformations;
import org.demoiselle.signer.policy.impl.cades.SignerException;
import org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Checker;
import org.demoiselle.signer.timestamp.Timestamp;
import org.demoiselle.signer.timestamp.connector.TimeStampOperator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/demoiselle/signer/policy/impl/cades/pkcs7/impl/CAdESChecker.class */
public class CAdESChecker implements PKCS7Checker {
    private SignaturePolicy signaturePolicy = null;
    private byte[] hash = null;
    private Map<String, byte[]> hashes = new HashMap();
    private boolean checkHash = false;
    private List<SignatureInformations> signaturesInfo = new ArrayList();
    private String policyName;
    private CertificateManager certificateManager;
    private static final Logger logger = LoggerFactory.getLogger(CAdESChecker.class);
    private static MessagesBundle cadesMessagesBundle = new MessagesBundle();

    private boolean check(byte[] bArr, byte[] bArr2) throws SignerException {
        CMSSignedData cMSSignedData;
        Security.addProvider(new BouncyCastleProvider());
        try {
            if (bArr != null) {
                cMSSignedData = getAttached(bArr2, false).getExtractedContent() != null ? new CMSSignedData(bArr2) : new CMSSignedData(new CMSProcessableByteArray(bArr), bArr2);
            } else if (this.checkHash) {
                cMSSignedData = new CMSSignedData(this.hashes, bArr2);
                this.checkHash = false;
            } else {
                cMSSignedData = new CMSSignedData(bArr2);
            }
            int i = 0;
            Store certificates = cMSSignedData.getCertificates();
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                SignatureInformations signatureInformations = new SignatureInformations();
                try {
                    logger.info("Foi(ram) encontrada(s) " + signerInformation.getCounterSignatures().size() + " contra-assinatura(s).");
                    X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next();
                    X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509CertificateHolder);
                    try {
                        new CRLValidator().validate(certificate);
                    } catch (CertificateRevocationException e) {
                        signatureInformations.getValidatorWarnins().add(e.getMessage());
                        logger.info("certificado revogado");
                    } catch (CertificateValidatorCRLException e2) {
                        signatureInformations.getValidatorErrors().add(e2.getMessage());
                        logger.info(e2.getMessage());
                    }
                    try {
                        signatureInformations.setNotAfter(new PeriodValidator().valDate(certificate));
                    } catch (CertificateValidatorException e3) {
                        signatureInformations.getValidatorWarnins().add(e3.getMessage());
                    }
                    if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509CertificateHolder))) {
                        i++;
                        logger.info(cadesMessagesBundle.getString("info.signature.valid.seq", new Object[]{Integer.valueOf(i)}));
                    }
                    logger.info(cadesMessagesBundle.getString("info.signed.attribute"));
                    String id = PKCSObjectIdentifiers.id_aa_ets_sigPolicyId.getId();
                    AttributeTable signedAttributes = signerInformation.getSignedAttributes();
                    if (signedAttributes == null || (signedAttributes != null && signedAttributes.size() == 0)) {
                        signatureInformations.getValidatorWarnins().add(cadesMessagesBundle.getString("error.signed.attribute.table.not.found"));
                        logger.info(cadesMessagesBundle.getString("error.signed.attribute.table.not.found"));
                    } else {
                        Attribute attribute = signedAttributes.get(new ASN1ObjectIdentifier(id));
                        if (attribute == null) {
                            signatureInformations.getValidatorWarnins().add(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", new Object[]{id}));
                        } else {
                            Enumeration objects = attribute.getAttrValues().getObjects();
                            while (objects.hasMoreElements()) {
                                String obj = objects.nextElement().toString();
                                PolicyFactory.Policies[] values = PolicyFactory.Policies.values();
                                int length = values.length;
                                int i2 = 0;
                                while (true) {
                                    if (i2 < length) {
                                        PolicyFactory.Policies policies = values[i2];
                                        if (obj.contains(policies.getUrl())) {
                                            setSignaturePolicy(policies);
                                            break;
                                        }
                                        i2++;
                                    }
                                }
                            }
                        }
                    }
                    Date date = null;
                    if (signedAttributes != null) {
                        Attribute attribute2 = signedAttributes.get(CMSAttributes.contentType);
                        if (attribute2 == null) {
                            signatureInformations.getValidatorErrors().add(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", new Object[]{"ContentType"}));
                            logger.info(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", new Object[]{"ContentType"}));
                        }
                        if (!attribute2.getAttrValues().getObjectAt(0).equals(ContentInfo.data)) {
                            signatureInformations.getValidatorErrors().add(cadesMessagesBundle.getString("error.content.not.data"));
                            logger.info(cadesMessagesBundle.getString("error.content.not.data"));
                        }
                        if (signedAttributes.get(CMSAttributes.messageDigest) == null) {
                            throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", new Object[]{"MessageDigest"}));
                            break;
                        }
                        Attribute attribute3 = signedAttributes.get(CMSAttributes.signingTime);
                        if (attribute3 != null) {
                            TimeZone.setDefault(null);
                            date = attribute3.getAttrValues().getObjectAt(0).getDate();
                            logger.info(cadesMessagesBundle.getString("info.date.utc", new Object[]{date}));
                        } else {
                            logger.info(cadesMessagesBundle.getString("info.date.utc", new Object[]{"N/D"}));
                        }
                    }
                    if (this.signaturePolicy == null) {
                        signatureInformations.getValidatorWarnins().add(cadesMessagesBundle.getString("error.policy.on.component.not.found", new Object[]{id}));
                        logger.info(cadesMessagesBundle.getString("error.policy.on.component.not.found"));
                    } else if (this.signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedSignedAttr().getObjectIdentifiers() != null) {
                        Iterator it = this.signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedSignedAttr().getObjectIdentifiers().iterator();
                        while (it.hasNext()) {
                            String value = ((ObjectIdentifier) it.next()).getValue();
                            Attribute attribute4 = signedAttributes.get(new ASN1ObjectIdentifier(value));
                            logger.info(value);
                            if (attribute4 == null) {
                                signatureInformations.getValidatorErrors().add(cadesMessagesBundle.getString("error.signed.attribute.not.found", new Object[]{value, this.signaturePolicy.getSignPolicyInfo().getSignPolicyIdentifier().getValue()}));
                            }
                        }
                    }
                    logger.info(cadesMessagesBundle.getString("info.unsigned.attribute"));
                    AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
                    if (unsignedAttributes == null || (unsignedAttributes != null && unsignedAttributes.size() == 0)) {
                        logger.info(cadesMessagesBundle.getString("error.unsigned.attribute.table.not.found"));
                    }
                    if (this.signaturePolicy != null && this.signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedUnsignedAttr().getObjectIdentifiers() != null) {
                        Iterator it2 = this.signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedUnsignedAttr().getObjectIdentifiers().iterator();
                        while (it2.hasNext()) {
                            String value2 = ((ObjectIdentifier) it2.next()).getValue();
                            Attribute attribute5 = unsignedAttributes.get(new ASN1ObjectIdentifier(value2));
                            logger.info(value2);
                            if (attribute5 == null) {
                                signatureInformations.getValidatorErrors().add(cadesMessagesBundle.getString("error.unsigned.attribute.not.found", new Object[]{value2, this.signaturePolicy.getSignPolicyInfo().getSignPolicyIdentifier().getValue()}));
                            }
                            if (value2.equalsIgnoreCase(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId())) {
                                try {
                                    signatureInformations.setTimeStampSigner(validateTimestamp(attribute5, signerInformation.getSignature()));
                                } catch (Exception e4) {
                                    signatureInformations.getValidatorErrors().add(e4.getMessage());
                                }
                            }
                            if (value2.equalsIgnoreCase("1.2.840.113549.1.9.16.2.25")) {
                                logger.info("++++++++++  EscTimeStamp ++++++++++++");
                            }
                        }
                    }
                    LinkedList<X509Certificate> linkedList = (LinkedList) CAManager.getInstance().getCertificateChain(certificate);
                    if (linkedList.size() < 3) {
                        signatureInformations.getValidatorErrors().add(cadesMessagesBundle.getString("error.no.ca", new Object[]{certificate.getIssuerDN()}));
                        logger.info(cadesMessagesBundle.getString("error.no.ca", new Object[]{certificate.getIssuerDN()}));
                    }
                    Iterator<X509Certificate> it3 = linkedList.iterator();
                    while (it3.hasNext()) {
                        BasicCertificate basicCertificate = new BasicCertificate(it3.next());
                        if (!basicCertificate.isCACertificate()) {
                            signatureInformations.setIcpBrasilcertificate(basicCertificate);
                        }
                    }
                    signatureInformations.setSignDate(date);
                    signatureInformations.setChain(linkedList);
                    signatureInformations.setSignaturePolicy(this.signaturePolicy);
                    getSignaturesInfo().add(signatureInformations);
                } catch (CMSException e5) {
                    if (e5 instanceof CMSSignerDigestMismatchException) {
                        signatureInformations.getValidatorErrors().add(cadesMessagesBundle.getString("error.signature.mismatch"));
                        logger.info(cadesMessagesBundle.getString("error.signature.mismatch"));
                        throw new SignerException(cadesMessagesBundle.getString("error.signature.mismatch"), e5);
                    }
                    signatureInformations.getValidatorErrors().add(cadesMessagesBundle.getString("error.signature.invalid", new Object[]{e5.getMessage()}));
                    logger.info(cadesMessagesBundle.getString("error.signature.invalid", new Object[]{e5.getMessage()}));
                    throw new SignerException(cadesMessagesBundle.getString("error.signature.invalid", new Object[]{e5.getMessage()}), e5);
                } catch (OperatorCreationException | CertificateException e6) {
                    signatureInformations.getValidatorErrors().add(e6.getMessage());
                    logger.info(e6.getMessage());
                } catch (ParseException e7) {
                    signatureInformations.getValidatorErrors().add(e7.getMessage());
                    logger.info(e7.getMessage());
                }
            }
            logger.info(cadesMessagesBundle.getString("info.signature.verified", new Object[]{Integer.valueOf(i)}));
            return true;
        } catch (CMSException e8) {
            throw new SignerException(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7"), e8);
        }
    }

    private Timestamp validateTimestamp(Attribute attribute, byte[] bArr) {
        try {
            TimeStampOperator timeStampOperator = new TimeStampOperator();
            byte[] encoded = attribute.getAttrValues().getObjectAt(0).toASN1Primitive().getEncoded();
            Timestamp timestamp = new Timestamp(new TimeStampToken(new CMSSignedData(encoded)));
            timeStampOperator.validate(bArr, encoded, (byte[]) null);
            return timestamp;
        } catch (CertificateCoreException | IOException | TSPException | CMSException e) {
            throw new SignerException((Throwable) e);
        }
    }

    public byte[] getAttached(byte[] bArr) {
        return getAttached(bArr, true).getExtractedContent();
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Checker
    public AttachedContentValidation getAttached(byte[] bArr, boolean z) {
        AttachedContentValidation attachedContentValidation = new AttachedContentValidation();
        if (z && check(null, bArr)) {
            attachedContentValidation.setSignaturesInfo(getSignaturesInfo());
        }
        try {
            try {
                CMSTypedData signedContent = new CMSSignedData(bArr).getSignedContent();
                if (signedContent != null) {
                    attachedContentValidation.setExtractedContent((byte[]) signedContent.getContent());
                } else {
                    logger.info(cadesMessagesBundle.getString("error.get.content.empty"));
                }
                return attachedContentValidation;
            } catch (Exception e) {
                throw new SignerException(cadesMessagesBundle.getString("error.get.content.pkcs7"), e);
            }
        } catch (CMSException e2) {
            throw new SignerException(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7"), e2);
        }
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Checker, org.demoiselle.signer.policy.impl.cades.Checker
    public List<SignatureInformations> checkAttachedSignature(byte[] bArr) {
        if (check(null, bArr)) {
            return getSignaturesInfo();
        }
        return null;
    }

    @Override // org.demoiselle.signer.policy.impl.cades.Checker
    public List<SignatureInformations> checkDetachedSignature(byte[] bArr, byte[] bArr2) {
        if (check(bArr, bArr2)) {
            return getSignaturesInfo();
        }
        return null;
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Checker, org.demoiselle.signer.policy.impl.cades.Checker
    public List<SignatureInformations> checkSignatureByHash(String str, byte[] bArr, byte[] bArr2) throws SignerException {
        this.checkHash = true;
        this.hashes.put(str, bArr);
        setHash(bArr);
        if (check(null, bArr2)) {
            return getSignaturesInfo();
        }
        return null;
    }

    private void setSignaturePolicy(PolicyFactory.Policies policies) {
        setPolicyName(policies.name());
        this.signaturePolicy = PolicyFactory.getInstance().loadPolicy(policies);
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Checker
    public List<SignatureInformations> getSignaturesInfo() {
        return this.signaturesInfo;
    }

    public void setSignaturesInfo(List<SignatureInformations> list) {
        this.signaturesInfo = list;
    }

    public String getPolicyName() {
        return this.policyName;
    }

    public void setPolicyName(String str) {
        this.policyName = str;
    }

    public CertificateManager getCertificateManager() {
        return this.certificateManager;
    }

    public void setCertificateManager(CertificateManager certificateManager) {
        this.certificateManager = certificateManager;
    }

    public byte[] getHash() {
        return this.hash;
    }

    public void setHash(byte[] bArr) {
        this.hash = bArr;
    }
}
