package es.gob.afirma.signature;

import es.gob.afirma.signature.SignValidity;
import es.gob.afirma.signers.cades.AOCAdESSigner;
import es.gob.afirma.signers.cms.AOCMSSigner;
import es.gob.afirma.ui.utils.Constants;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CRLException;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.logging.Logger;
import javax.help.UnsupportedOperationException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;

/* loaded from: input_file:es/gob/afirma/signature/ValidateBinarySignature.class */
public final class ValidateBinarySignature {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:es/gob/afirma/signature/ValidateBinarySignature$CertHolderBySignerIdSelector.class */
    public static final class CertHolderBySignerIdSelector implements Selector {
        private final SignerId signerId;

        CertHolderBySignerIdSelector(SignerId signerId) {
            if (signerId == null) {
                throw new IllegalArgumentException("El ID del firmante no puede ser nulo");
            }
            this.signerId = signerId;
        }

        @Override // org.bouncycastle.util.Selector
        public boolean match(Object obj) {
            if (obj instanceof X509CertificateHolder) {
                return this.signerId.getSerialNumber().equals(((X509CertificateHolder) obj).getSerialNumber());
            }
            return false;
        }

        @Override // org.bouncycastle.util.Selector
        public Object clone() {
            throw new UnsupportedOperationException();
        }
    }

    private ValidateBinarySignature() {
    }

    public static SignValidity validate(byte[] bArr, byte[] bArr2) throws IOException {
        if (bArr == null) {
            throw new IllegalArgumentException("La firma a validar no puede ser nula");
        }
        if (!new AOCAdESSigner().isSign(bArr) && !new AOCMSSigner().isSign(bArr)) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, null);
        }
        try {
            verifySignatures(bArr, bArr2);
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.OK, null);
        } catch (NoMatchDataException e) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.NO_MATCH_DATA);
        } catch (IOException e2) {
            throw e2;
        } catch (NoSuchAlgorithmException e3) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.ALGORITHM_NOT_SUPPORTED);
        } catch (CRLException e4) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CRL_PROBLEM);
        } catch (CertStoreException e5) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CERTIFICATE_PROBLEM);
        } catch (CertificateExpiredException e6) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CERTIFICATE_EXPIRED);
        } catch (CertificateNotYetValidException e7) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CERTIFICATE_NOT_VALID_YET);
        } catch (Exception e8) {
            Logger.getLogger(Constants.OUR_NODE_NAME).info("Los datos no son una firma binaria valida: " + e8);
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, null);
        }
    }

    private static void verifySignatures(byte[] bArr, byte[] bArr2) throws CMSException, CertStoreException, NoSuchAlgorithmException, NoMatchDataException, CRLException, NoSuchProviderException, CertificateException, IOException, OperatorCreationException {
        CMSSignedData cMSSignedData = bArr2 == null ? new CMSSignedData(bArr) : new CMSSignedData(new CMSProcessableByteArray(bArr2), bArr);
        Store certificates = cMSSignedData.getCertificates();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
            if (!signerInformation.verify(new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new JcaContentVerifierProviderBuilder().setProvider(new BouncyCastleProvider()).build((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(((X509CertificateHolder) certificates.getMatches(new CertHolderBySignerIdSelector(signerInformation.getSID())).iterator().next()).getEncoded()))), new BcDigestCalculatorProvider()))) {
                throw new CMSException("Firma no valida");
            }
        }
    }
}
