package at.gv.egiz.pdfas.lib.impl.verify;

import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
import at.gv.egiz.pdfas.lib.api.Configuration;
import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter;
import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.sl20.utils.SL20Constants;
import iaik.asn1.ObjectID;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Attribute;
import iaik.cms.ContentInfo;
import iaik.cms.SignedData;
import iaik.cms.SignerInfo;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.class */
public class IntegrityVerifier implements IVerifier {
    private static final Logger logger = LoggerFactory.getLogger(IntegrityVerifier.class);

    @Override // at.gv.egiz.pdfas.lib.impl.verify.IVerifier
    public List<VerifyResult> verify(byte[] bArr, byte[] bArr2, Date date) throws PdfAsException {
        try {
            ArrayList arrayList = new ArrayList();
            SignedData signedData = new SignedData(bArr2, new AlgorithmID[]{AlgorithmID.sha256, AlgorithmID.sha1, AlgorithmID.ripeMd160, AlgorithmID.ripeMd160_ISO});
            ContentInfo contentInfo = new ContentInfo(new ByteArrayInputStream(bArr));
            if (!contentInfo.getContentType().equals(ObjectID.cms_signedData)) {
                throw new PdfAsException("error.pdf.verify.01");
            }
            signedData.decode(contentInfo.getContentInputStream());
            SignerInfo[] signerInfos = signedData.getSignerInfos();
            for (int i = 0; i < signerInfos.length; i++) {
                VerifyResultImpl verifyResultImpl = new VerifyResultImpl();
                try {
                    X509Certificate verify = signedData.verify(i);
                    Attribute signedAttribute = signerInfos[0].getSignedAttribute(ObjectID.signingCertificate);
                    if (signedAttribute == null) {
                        Attribute signedAttribute2 = signerInfos[0].getSignedAttribute(ObjectID.signingCertificateV2);
                        if (signedAttribute2 == null) {
                            logger.warn("Signature ERROR missing signed Signing Certificate: ");
                            throw new SignatureException("Signature ERROR missing signed Signing Certificate");
                        }
                        try {
                            if (!signedAttribute2.getAttributeValue().isSignerCertificate(verify)) {
                                logger.warn("Signature ERROR certificate missmatch, misbehaving Sign Backend?");
                                throw new SignatureException("Signature ERROR certificate missmatch");
                            }
                            logger.debug("Found and verified SigningCertificateV2");
                        } catch (Throwable th) {
                            logger.error("Signature ERROR wrong encoding for ESSCertIDv2, misbehaving Signature Backend?");
                            throw new SignatureException("Signature ERROR wrong encoding for ESSCertIDv2");
                        }
                    } else {
                        try {
                            if (!signedAttribute.getAttributeValue().isSignerCertificate(verify)) {
                                logger.warn("Signature ERROR certificate missmatch");
                                throw new SignatureException("Signature ERROR certificate missmatch");
                            }
                            logger.debug("Found and verified SigningCertificate");
                        } catch (Throwable th2) {
                            logger.error("Signature ERROR wrong encoding for ESSCertIDv2, misbehaving Signature Backend?");
                            throw new SignatureException("Signature ERROR wrong encoding for ESSCertIDv2", th2);
                        }
                    }
                    logger.debug("Signature Algo: {}, Digest {}", signedData.getSignerInfos()[i].getSignatureAlgorithm(), signedData.getSignerInfos()[i].getDigestAlgorithm());
                    logger.debug("Signature OK from signer: " + verify.getSubjectDN());
                    verifyResultImpl.setSignerCertificate(verify);
                    verifyResultImpl.setValueCheckCode(new SignatureCheckImpl(0, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE));
                    verifyResultImpl.setManifestCheckCode(new SignatureCheckImpl(99, "not checked"));
                    verifyResultImpl.setCertificateCheck(new SignatureCheckImpl(99, "not checked"));
                    verifyResultImpl.setVerificationDone(true);
                } catch (SignatureException e) {
                    logger.warn("Signature ERROR from signer: " + signedData.getCertificate(signerInfos[i].getSignerIdentifier()).getSubjectDN(), e);
                    verifyResultImpl.setSignerCertificate(signedData.getCertificate(signerInfos[i].getSignerIdentifier()));
                    verifyResultImpl.setValueCheckCode(new SignatureCheckImpl(1, "failed to check signature"));
                    verifyResultImpl.setManifestCheckCode(new SignatureCheckImpl(99, "not checked"));
                    verifyResultImpl.setCertificateCheck(new SignatureCheckImpl(99, "not checked"));
                    verifyResultImpl.setVerificationDone(false);
                    verifyResultImpl.setVerificationException(new PdfAsSignatureException("failed to check signature", e));
                }
                arrayList.add(verifyResultImpl);
            }
            return arrayList;
        } catch (Throwable th3) {
            throw new PdfAsException("error.pdf.verify.02", th3);
        }
    }

    @Override // at.gv.egiz.pdfas.lib.impl.verify.IVerifier
    public void setConfiguration(Configuration configuration) {
    }

    @Override // at.gv.egiz.pdfas.lib.impl.verify.IVerifier
    public VerifyParameter.SignatureVerificationLevel getLevel() {
        return VerifyParameter.SignatureVerificationLevel.INTEGRITY_ONLY_VERIFICATION;
    }
}
