package ru.i_novus.common.sign.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.activation.DataHandler;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.io.Streams;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ru.i_novus.common.sign.api.SignAlgorithmType;

/* loaded from: input_file:ru/i_novus/common/sign/util/FileSignatureVerifier.class */
public class FileSignatureVerifier {
    private static final Logger logger = LoggerFactory.getLogger(FileSignatureVerifier.class);
    private static final int BUFFER_SIZE = 4096;

    private FileSignatureVerifier() {
    }

    public static boolean verifyDigest(DataHandler dataHandler, byte[] bArr) throws CMSException, GeneralSecurityException, IOException {
        byte[] readAll = Streams.readAll(dataHandler.getInputStream());
        CMSSignedData cMSSignedData = new CMSSignedData(bArr);
        X509Certificate x509Certificate = getX509Certificate(cMSSignedData);
        SignerInformation signerInformation = getSignerInformation(cMSSignedData);
        return Arrays.equals(CryptoUtil.getFileDigest(readAll, SignAlgorithmType.findByCertificate(x509Certificate)), signerInformation.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_messageDigest).getAttributeValues()[0].getOctets());
    }

    public static boolean verifyPKCS7Signature(byte[] bArr) throws CMSException, GeneralSecurityException, IOException {
        CMSSignedData cMSSignedData = new CMSSignedData(bArr);
        X509Certificate x509Certificate = getX509Certificate(cMSSignedData);
        SignerInformation signerInformation = getSignerInformation(cMSSignedData);
        byte[] signature = signerInformation.getSignature();
        SignAlgorithmType findByCertificate = SignAlgorithmType.findByCertificate(x509Certificate);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(signerInformation.getEncodedSignedAttributes());
        Throwable th = null;
        try {
            try {
                Signature signatureInstance = CryptoUtil.getSignatureInstance(findByCertificate);
                signatureInstance.initVerify(x509Certificate);
                byte[] bArr2 = new byte[BUFFER_SIZE];
                while (true) {
                    int read = byteArrayInputStream.read(bArr2);
                    if (read <= 0) {
                        break;
                    }
                    signatureInstance.update(bArr2, 0, read);
                }
                boolean verify = signatureInstance.verify(signature);
                if (byteArrayInputStream != null) {
                    if (0 != 0) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                return verify;
            } finally {
            }
        } catch (Throwable th3) {
            if (byteArrayInputStream != null) {
                if (th != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
            throw th3;
        }
    }

    private static SignerInformation getSignerInformation(CMSSignedData cMSSignedData) {
        return (SignerInformation) cMSSignedData.getSignerInfos().getSigners().stream().findFirst().get();
    }

    private static X509Certificate getX509Certificate(CMSSignedData cMSSignedData) throws CMSException {
        return CryptoFormatConverter.getInstance().getCertificateFromHolder((X509CertificateHolder) cMSSignedData.getCertificates().getMatches((Selector) null).stream().findFirst().get());
    }
}
