package ru.i_novus.common.sign.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.security.GeneralSecurityException;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Optional;
import javax.activation.DataHandler;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.io.Streams;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ru.i_novus.common.sign.api.SignAlgorithmType;

/* loaded from: input_file:ru/i_novus/common/sign/util/FileSignatureVerifier.class */
public class FileSignatureVerifier {
    private static final Logger logger = LoggerFactory.getLogger(FileSignatureVerifier.class);
    private static final int BUFFER_SIZE = 4096;

    private FileSignatureVerifier() {
    }

    public static boolean verifyDigest(DataHandler dataHandler, byte[] bArr) throws CMSException {
        try {
            byte[] readAll = Streams.readAll(dataHandler.getInputStream());
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            X509Certificate orElseThrow = getX509Certificate(cMSSignedData).orElseThrow(() -> {
                return new IllegalStateException("Certificate was not received from signed data");
            });
            SignerInformation orElseThrow2 = getSignerInformation(cMSSignedData).orElseThrow(() -> {
                return new IllegalStateException("Signature metadata was not received from signed data");
            });
            return Arrays.equals(CryptoUtil.getFileDigest(readAll, SignAlgorithmType.findByCertificate(orElseThrow)), orElseThrow2.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_messageDigest).getAttributeValues()[0].getOctets());
        } catch (IOException e) {
            throw new UncheckedIOException("Cannot read data from DataHandler", e);
        }
    }

    public static boolean verifyPKCS7Signature(byte[] bArr) throws CMSException, GeneralSecurityException, IOException {
        CMSSignedData cMSSignedData = new CMSSignedData(bArr);
        X509Certificate orElseThrow = getX509Certificate(cMSSignedData).orElseThrow(() -> {
            return new IllegalStateException("Certificate was not received from signed data");
        });
        SignerInformation orElseThrow2 = getSignerInformation(cMSSignedData).orElseThrow(() -> {
            return new IllegalStateException("Signature metadata was not received from signed data");
        });
        byte[] signature = orElseThrow2.getSignature();
        SignAlgorithmType findByCertificate = SignAlgorithmType.findByCertificate(orElseThrow);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(orElseThrow2.getEncodedSignedAttributes());
        try {
            Signature signatureInstance = CryptoUtil.getSignatureInstance(findByCertificate);
            signatureInstance.initVerify(orElseThrow);
            byte[] bArr2 = new byte[BUFFER_SIZE];
            while (true) {
                int read = byteArrayInputStream.read(bArr2);
                if (read <= 0) {
                    boolean verify = signatureInstance.verify(signature);
                    byteArrayInputStream.close();
                    return verify;
                }
                signatureInstance.update(bArr2, 0, read);
            }
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static Optional<SignerInformation> getSignerInformation(CMSSignedData cMSSignedData) {
        return cMSSignedData.getSignerInfos().getSigners().stream().findFirst();
    }

    private static Optional<X509Certificate> getX509Certificate(CMSSignedData cMSSignedData) {
        return cMSSignedData.getCertificates().getMatches((Selector) null).stream().findFirst().map(x509CertificateHolder -> {
            return CryptoFormatConverter.getInstance().getCertificateFromHolder(x509CertificateHolder);
        });
    }
}
