package oracle.security.digsig;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.NoSuchElementException;
import java.util.Properties;
import java.util.Vector;
import oracle.security.crypto.asn1.ASN1Date;
import oracle.security.crypto.asn1.ASN1OctetString;
import oracle.security.crypto.cert.AttributeSet;
import oracle.security.crypto.cert.TrustedCAPolicy;
import oracle.security.crypto.cert.X500Name;
import oracle.security.crypto.cert.X509;
import oracle.security.crypto.cms.CMS;
import oracle.security.crypto.cms.CMSDataContentInfo;
import oracle.security.crypto.cms.CMSSignedDataContentInfo;
import oracle.security.crypto.cms.CMSSignerInfo;
import oracle.security.crypto.core.AlgID;
import oracle.security.crypto.core.AlgorithmIdentifier;
import oracle.security.crypto.core.AuthenticationException;
import oracle.security.crypto.util.Utils;

/* loaded from: input_file:oracle/security/digsig/PKCS7Verifier.class */
public class PKCS7Verifier extends Verifier {
    private CMSSignerInfo signerInfo;
    private CMSSignedDataContentInfo p7Signature;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PKCS7Verifier(KeyStoreWrapper keyStoreWrapper, CertificateMapper certificateMapper, Properties properties) throws DigitalSignatureException {
        super(keyStoreWrapper, certificateMapper, properties);
        this.verifierSignatureFormat = 2;
    }

    @Override // oracle.security.digsig.Verifier
    public SignatureProperties getSignatureProperties() throws DigitalSignatureException {
        Vector attributeValues;
        Vector attributeValues2;
        Hashtable hashtable = new Hashtable();
        super.getSignatureProperties();
        if (!this.verifierStatus || this.signerInfo == null) {
            throw new DigitalSignatureException("Signature verification failed");
        }
        hashtable.put(SignatureProperties.SignerCertificateType, "X.509");
        String str = null;
        AlgorithmIdentifier digestAlgID = this.signerInfo.getDigestAlgID();
        if (digestAlgID.equals(AlgID.sha1) || digestAlgID.equals(AlgID.sha_1)) {
            str = "sha_1";
            hashtable.put(SignatureProperties.DigestAlgorithm, "SHA1");
        } else if (digestAlgID.equals(AlgID.sha)) {
            str = "sha";
            hashtable.put(SignatureProperties.DigestAlgorithm, "SHA");
        } else if (digestAlgID.equals(AlgID.md5)) {
            str = "md5";
            hashtable.put(SignatureProperties.DigestAlgorithm, "MD5");
        } else if (digestAlgID.equals(AlgID.md2)) {
            str = "md2";
            hashtable.put(SignatureProperties.DigestAlgorithm, "MD2");
        }
        AlgorithmIdentifier digestEncryptionAlgID = this.signerInfo.getDigestEncryptionAlgID();
        if (digestEncryptionAlgID.equals(AlgID.rsaEncryption)) {
            hashtable.put(SignatureProperties.SignatureAlgorithm, str + "WithRSAEncryption");
        } else if (digestEncryptionAlgID.equals(AlgID.dsa)) {
            hashtable.put(SignatureProperties.SignatureAlgorithm, str + "WithDSA");
        }
        hashtable.put(SignatureProperties.SignatureValue, Utils.toBase64(this.signerInfo.getEncryptedDigest()));
        AttributeSet signedAttributes = this.signerInfo.getSignedAttributes();
        if (signedAttributes != null && (attributeValues2 = signedAttributes.getAttributeValues(CMS.id_signingTime)) != null) {
            hashtable.put(SignatureProperties.SigningTime, ((ASN1Date) attributeValues2.elementAt(0)).getValue());
        }
        if (signedAttributes != null && (attributeValues = signedAttributes.getAttributeValues(CMS.id_messageDigest)) != null) {
            hashtable.put(SignatureProperties.DigestValue, Utils.toBase64(((ASN1OctetString) attributeValues.elementAt(0)).getValue()));
        }
        if (this.verifierSignerX509Cert != null) {
            hashtable.put(SignatureProperties.SignerCertificate, Utilities.X509toBase64(this.verifierSignerX509Cert));
        }
        if (this.verifierCertificateMapper != null) {
            hashtable.put(SignatureProperties.SignerCertificateID, this.verifierCertificateMapper.getIDByCertificate("X.509", Utilities.X509toBase64(this.verifierSignerX509Cert)));
        }
        if (this.verifierSignerX509Cert != null) {
            Vector certificates = this.p7Signature.getCertificates();
            String[] strArr = new String[certificates.size()];
            Enumeration elements = certificates.elements();
            int i = 0;
            while (elements.hasMoreElements()) {
                strArr[i] = Utilities.X509toBase64(Utilities.convertJCEX509CertificateToPhaosX509((X509Certificate) elements.nextElement()));
                i++;
            }
            hashtable.put(SignatureProperties.CertificateChain, strArr);
        }
        if (this.verifierCertificateMapper != null) {
            Vector certificates2 = this.p7Signature.getCertificates();
            String[] strArr2 = new String[certificates2.size()];
            Enumeration elements2 = certificates2.elements();
            int i2 = 0;
            while (elements2.hasMoreElements()) {
                strArr2[i2] = this.verifierCertificateMapper.getIDByCertificate("X.509", Utilities.X509toBase64(Utilities.convertJCEX509CertificateToPhaosX509((X509Certificate) elements2.nextElement())));
                i2++;
            }
            hashtable.put(SignatureProperties.CertificateIDChain, strArr2);
        }
        if (this.verifierSignerX509Cert != null) {
            try {
                CMSSignedDataContentInfo cMSSignedDataContentInfo = new CMSSignedDataContentInfo(new CMSDataContentInfo());
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                cMSSignedDataContentInfo.addSignerInfo(this.verifierSignerX509Cert, this.signerInfo);
                cMSSignedDataContentInfo.output(byteArrayOutputStream);
                hashtable.put(SignatureProperties.MinimalSignature, Utils.toBase64(byteArrayOutputStream.toByteArray()));
            } catch (Exception e) {
                throw new DigitalSignatureException("Cannot make minimal signature" + e);
            }
        }
        return new SignatureProperties(hashtable);
    }

    @Override // oracle.security.digsig.Verifier
    public boolean finish() throws DigitalSignatureException {
        TrustedCAPolicy trustedCAPolicy;
        CMSDataContentInfo cMSDataContentInfo;
        super.finish();
        try {
            trustedCAPolicy = new TrustedCAPolicy(this.verifierTrustPoints, false, true);
            this.p7Signature = new CMSSignedDataContentInfo(new ByteArrayInputStream(Utils.fromBase64(this.verifierSignature.toString())));
            if (!this.p7Signature.isDetached()) {
                this.verifierAttached = true;
            }
            this.verifierMode = 1;
            cMSDataContentInfo = this.verifierAttached ? null : new CMSDataContentInfo(this.verifierDocBuffer.toByteArray());
            this.signerInfo = (CMSSignerInfo) this.p7Signature.signers().nextElement();
            X500Name issuer = this.signerInfo.getIssuer();
            BigInteger serialNo = this.signerInfo.getSerialNo();
            Enumeration elements = this.p7Signature.getCertificates().elements();
            while (elements.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) elements.nextElement();
                X509 convertJCEX509CertificateToPhaosX509 = Utilities.convertJCEX509CertificateToPhaosX509(x509Certificate);
                if (convertJCEX509CertificateToPhaosX509.getIssuer().equals(issuer) && convertJCEX509CertificateToPhaosX509.getSerialNo().equals(serialNo)) {
                    this.verifierSignerX509Cert = x509Certificate;
                }
            }
        } catch (IOException e) {
            throw new DigitalSignatureException("Internal Error - " + e);
        } catch (NoSuchElementException e2) {
            throw new DigitalSignatureException("Internal Error - " + e2);
        } catch (AuthenticationException e3) {
            this.verifierStatus = false;
            this.verifierErrorMessage = e3.toString();
        }
        if (this.verifierSignerX509Cert == null) {
            throw new DigitalSignatureException("No signer certificate found");
        }
        if (this.verifierAttached) {
            this.p7Signature.verify(trustedCAPolicy);
            byte[] data = this.p7Signature.getEnclosed().getData();
            this.verifierDocBuffer.write(data, 0, data.length);
            this.verifierDocBuffer.flush();
        } else {
            this.p7Signature.verify(trustedCAPolicy, cMSDataContentInfo);
        }
        this.verifierStatus = true;
        return this.verifierStatus;
    }
}
