package es.gob.afirma.cert.signvalidation;

import es.gob.afirma.cert.signvalidation.SignValidity;
import es.gob.afirma.core.AOInvalidFormatException;
import es.gob.afirma.signers.cades.AOCAdESSigner;
import es.gob.afirma.signers.cms.AOCMSSigner;
import es.gob.afirma.ui.utils.Constants;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.logging.Logger;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSProcessableByteArray;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.CMSSignerDigestMismatchException;
import org.spongycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.SignerInformationVerifier;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.bc.BcDigestCalculatorProvider;
import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.spongycastle.util.Store;

/* loaded from: input_file:es/gob/afirma/cert/signvalidation/ValidateBinarySignature.class */
public final class ValidateBinarySignature implements SignValider {
    @Override // es.gob.afirma.cert.signvalidation.SignValider
    public SignValidity validate(byte[] bArr) throws IOException {
        return validate(bArr, null);
    }

    public static SignValidity validate(byte[] bArr, byte[] bArr2) throws IOException {
        byte[] data;
        if (bArr == null) {
            throw new IllegalArgumentException("La firma a validar no puede ser nula");
        }
        if (bArr2 == null) {
            try {
                if (new AOCAdESSigner().getData(bArr) == null) {
                    Logger.getLogger(Constants.OUR_NODE_NAME).info("Se ha pedido validar una firma explicita sin proporcionar los datos firmados");
                    return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.UNKNOWN, SignValidity.VALIDITY_ERROR.NO_DATA);
                }
            } catch (AOInvalidFormatException e) {
                Logger.getLogger(Constants.OUR_NODE_NAME).info("Se ha pedido validar una firma como CAdES, pero no es CAdES: " + e);
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.NO_SIGN);
            }
        }
        if (!new AOCAdESSigner().isSign(bArr) && !new AOCMSSigner().isSign(bArr)) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, null);
        }
        if (bArr2 != null) {
            data = bArr2;
        } else {
            try {
                data = new AOCAdESSigner().getData(bArr);
            } catch (CertificateExpiredException e2) {
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CERTIFICATE_EXPIRED);
            } catch (CertificateNotYetValidException e3) {
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CERTIFICATE_NOT_VALID_YET);
            } catch (CMSSignerDigestMismatchException e4) {
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.NO_MATCH_DATA);
            } catch (Exception e5) {
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, null);
            }
        }
        verifySignatures(bArr, data);
        return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.OK, null);
    }

    private static void verifySignatures(byte[] bArr, byte[] bArr2) throws CMSException, CertificateException, IOException, OperatorCreationException {
        CMSSignedData cMSSignedData = bArr2 == null ? new CMSSignedData(bArr) : new CMSSignedData(new CMSProcessableByteArray(bArr2), bArr);
        Store certificates = cMSSignedData.getCertificates();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(((X509CertificateHolder) certificates.getMatches(new CertHolderBySignerIdSelector(signerInformation.getSID())).iterator().next()).getEncoded()));
            x509Certificate.checkValidity();
            if (!signerInformation.verify(new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new JcaContentVerifierProviderBuilder().setProvider(new BouncyCastleProvider()).build(x509Certificate), new BcDigestCalculatorProvider()))) {
                throw new CMSException("Firma no valida");
            }
        }
    }
}
