package ru.i_novus.common.sign.util;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.nio.file.Path;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSProcessableFile;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Store;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ru/i_novus/common/sign/util/Verifier.class */
public class Verifier {
    private static final Logger logger = LoggerFactory.getLogger(Verifier.class);

    private Verifier() {
        Security.addProvider(new BouncyCastleProvider());
    }

    public static Verifier getInstance() {
        return new Verifier();
    }

    public boolean verifyCmsSignature(Path path, Path path2) throws CMSException, CertificateException, FileNotFoundException {
        return verifyCmsSignature(path != null ? new CMSSignedData(new CMSProcessableFile(path.toFile()), new FileInputStream(path2.toFile())) : new CMSSignedData(new FileInputStream(path2.toFile())));
    }

    public boolean verifyCmsSignature(byte[] bArr, byte[] bArr2) throws CMSException, CertificateException {
        return verifyCmsSignature(bArr != null ? new CMSSignedData(new CMSProcessableByteArray(bArr), new ByteArrayInputStream(bArr2)) : new CMSSignedData(bArr2));
    }

    public boolean verifyCmsSignature(CMSSignedData cMSSignedData) throws CertificateException {
        Store certificates = cMSSignedData.getCertificates();
        boolean z = true;
        for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next());
            try {
                z &= signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificate));
            } catch (CMSException | OperatorCreationException e) {
                logger.warn("Certificate of '{}', SN='{}' is not valid", certificate.getIssuerDN(), certificate.getSerialNumber());
            }
        }
        return z;
    }
}
