package eu.europa.esig.dss.validation.policy;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.SignaturePolicy;
import java.util.Arrays;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/policy/BasicASNSignaturePolicyValidator.class */
public class BasicASNSignaturePolicyValidator extends AbstractSignaturePolicyValidator {
    private static final Logger LOG = LoggerFactory.getLogger(BasicASNSignaturePolicyValidator.class);

    @Override // eu.europa.esig.dss.validation.policy.SignaturePolicyValidator
    public void validate() {
        SignaturePolicy signaturePolicy = getSignaturePolicy();
        byte[] byteArray = DSSUtils.toByteArray(signaturePolicy.getPolicyContent());
        Digest digest = signaturePolicy.getDigest();
        setStatus(true);
        setIdentified(true);
        try {
            ASN1Sequence aSN1Primitive = DSSASN1Utils.toASN1Primitive(byteArray);
            if (aSN1Primitive != null) {
                setAsn1Processable(true);
                DigestAlgorithm forOID = DigestAlgorithm.forOID(AlgorithmIdentifier.getInstance(aSN1Primitive.getObjectAt(0)).getAlgorithm().getId());
                if (!forOID.equals(digest.getAlgorithm())) {
                    addError("general", "The digest algorithm indicated in the SignPolicyHashAlg from the resulting document (" + forOID + ") is not equal to the digest algorithm (" + digest.getAlgorithm() + ").");
                    setDigestAlgorithmsEqual(false);
                    setStatus(false);
                    return;
                }
                setDigestAlgorithmsEqual(true);
                byte[] asn1SignaturePolicyDigest = DSSASN1Utils.getAsn1SignaturePolicyDigest(forOID, byteArray);
                boolean equals = Arrays.equals(digest.getValue(), asn1SignaturePolicyDigest);
                setStatus(equals);
                if (!equals) {
                    addError("general", "The policy digest value (" + Utils.toBase64(digest.getValue()) + ") does not match the re-calculated digest value (" + Utils.toBase64(asn1SignaturePolicyDigest) + ").");
                    return;
                }
                byte[] octets = aSN1Primitive.getObjectAt(2).getOctets();
                boolean equals2 = Arrays.equals(digest.getValue(), octets);
                setStatus(equals2);
                if (!equals2) {
                    addError("general", "The policy digest value (" + Utils.toBase64(digest.getValue()) + ") does not match the digest value from the policy file (" + Utils.toBase64(octets) + ").");
                }
            }
        } catch (Exception e) {
            setStatus(false);
            addError("general", e.getMessage());
            LOG.warn(e.getMessage(), e);
        }
    }

    @Override // eu.europa.esig.dss.validation.policy.SignaturePolicyValidator
    public boolean canValidate() {
        SignaturePolicy signaturePolicy = getSignaturePolicy();
        if (signaturePolicy.getPolicyContent() != null) {
            return DSSASN1Utils.isASN1SequenceTag(DSSUtils.readFirstByte(signaturePolicy.getPolicyContent()));
        }
        return false;
    }
}
