package br.net.woodstock.rockframework.security.sign.impl;

import br.net.woodstock.rockframework.security.cert.CertificateType;
import br.net.woodstock.rockframework.security.config.SecurityLog;
import br.net.woodstock.rockframework.security.digest.DigestType;
import br.net.woodstock.rockframework.security.digest.impl.BasicDigester;
import br.net.woodstock.rockframework.security.util.BouncyCastleProviderHelper;
import br.net.woodstock.rockframework.security.util.SecurityUtils;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignerDigestMismatchException;
import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Selector;

/* loaded from: input_file:br/net/woodstock/rockframework/security/sign/impl/BouncyCastleSignerHelper.class */
abstract class BouncyCastleSignerHelper extends AbstractSigner {
    BouncyCastleSignerHelper() {
    }

    public static DigestType getDigestTypeFromOid(String str) {
        if (PKCSObjectIdentifiers.md2.getId().equals(str)) {
            return DigestType.MD2;
        }
        if (PKCSObjectIdentifiers.md5.getId().equals(str)) {
            return DigestType.MD5;
        }
        if (OIWObjectIdentifiers.idSHA1.getId().equals(str)) {
            return DigestType.SHA1;
        }
        if (NISTObjectIdentifiers.id_sha256.getId().equals(str)) {
            return DigestType.SHA_256;
        }
        if (NISTObjectIdentifiers.id_sha384.getId().equals(str)) {
            return DigestType.SHA_384;
        }
        if (NISTObjectIdentifiers.id_sha512.getId().equals(str)) {
            return DigestType.SHA_512;
        }
        return null;
    }

    public static boolean verifySignature(SignerInformation signerInformation, CollectionStore collectionStore, byte[] bArr, boolean z) throws IOException, GeneralSecurityException, CMSException, OperatorCreationException {
        SignerInformationVerifier signerInformationVerifier;
        Collection matches = collectionStore.getMatches((Selector) null);
        boolean z2 = true;
        if (!matches.isEmpty()) {
            for (Object obj : matches) {
                Certificate certificate = null;
                if (obj instanceof Certificate) {
                    certificate = (Certificate) obj;
                } else if (obj instanceof X509CertificateHolder) {
                    certificate = SecurityUtils.getCertificateFromFile(((X509CertificateHolder) obj).getEncoded(), CertificateType.X509);
                } else {
                    SecurityLog.getInstance().getLogger().warn("Unhandled certificate from store '" + obj.getClass().getCanonicalName() + "'");
                }
                if (certificate != null) {
                    if (z) {
                        JcaSimpleSignerInfoVerifierBuilder jcaSimpleSignerInfoVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder();
                        jcaSimpleSignerInfoVerifierBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
                        signerInformationVerifier = jcaSimpleSignerInfoVerifierBuilder.build((X509Certificate) certificate);
                    } else {
                        JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder();
                        jcaContentVerifierProviderBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
                        ContentVerifierProvider build = jcaContentVerifierProviderBuilder.build((X509Certificate) certificate);
                        JcaDigestCalculatorProviderBuilder jcaDigestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
                        jcaDigestCalculatorProviderBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
                        signerInformationVerifier = new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), build, jcaDigestCalculatorProviderBuilder.build());
                    }
                    try {
                        z2 = signerInformation.verify(signerInformationVerifier);
                    } catch (CMSSignerDigestMismatchException e) {
                        SecurityLog.getInstance().getLogger().debug(e.getMessage(), e);
                        z2 = false;
                    }
                    if (!z && z2 && !MessageDigest.isEqual(signerInformation.getContentDigest(), new BasicDigester(getDigestTypeFromOid(signerInformation.getDigestAlgorithmID().getAlgorithm().getId())).digest(bArr))) {
                        z2 = false;
                    }
                }
                if (!z2) {
                    break;
                }
            }
        }
        return z2;
    }
}
