package asia.dbt.thundercrypt.core.verificators;

import asia.dbt.thundercrypt.core.SignedAttributeIdentifiers;
import asia.dbt.thundercrypt.core.exceptions.CRLVerificationException;
import asia.dbt.thundercrypt.core.exceptions.SignatureDamagedException;
import asia.dbt.thundercrypt.core.exceptions.UnknownCaException;
import asia.dbt.thundercrypt.core.exceptions.certificates.DefectCertificateException;
import asia.dbt.thundercrypt.core.exceptions.certificates.IssuerCertificateNotFoundException;
import asia.dbt.thundercrypt.core.exceptions.verification.CertificatePermissionException;
import asia.dbt.thundercrypt.core.exceptions.verification.CertificateStatusException;
import asia.dbt.thundercrypt.core.exceptions.verification.CmsNotContainsOcspException;
import asia.dbt.thundercrypt.core.exceptions.verification.CmsNotContainsTspException;
import asia.dbt.thundercrypt.core.exceptions.verification.MessageDigestVerificationException;
import asia.dbt.thundercrypt.core.exceptions.verification.TimeStampValidationException;
import asia.dbt.thundercrypt.core.utils.AttributeUtil;
import asia.dbt.thundercrypt.core.utils.CertificateChainUtil;
import asia.dbt.thundercrypt.core.utils.CertificateUtil;
import asia.dbt.thundercrypt.core.utils.CmsUtil;
import asia.dbt.thundercrypt.core.utils.OCSPUtil;
import asia.dbt.thundercrypt.core.utils.TimeStampUtil;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Map;
import kz.gov.pki.kalkan.asn1.DERObject;
import kz.gov.pki.kalkan.asn1.DEROctetString;
import kz.gov.pki.kalkan.jce.provider.cms.SignerInformation;
import kz.gov.pki.kalkan.ocsp.OCSPResp;
import kz.gov.pki.kalkan.tsp.TimeStampResponse;

/* loaded from: input_file:asia/dbt/thundercrypt/core/verificators/DefaultSignVerification.class */
public class DefaultSignVerification extends CmsSignVerification {
    public void verify(byte[] bArr, byte[] bArr2) throws SignatureDamagedException, MessageDigestVerificationException, CertificatePermissionException, CmsNotContainsTspException, TimeStampValidationException, DefectCertificateException, CertificateStatusException, CRLVerificationException, CertificateNotYetValidException, UnknownCaException, CertificateExpiredException, CmsNotContainsOcspException {
        Map<SignerInformation, X509Certificate> certificatesFromSignature = CmsUtil.getCertificatesFromSignature(CmsUtil.updateDataInCMS(bArr, bArr2));
        for (SignerInformation signerInformation : certificatesFromSignature.keySet()) {
            verifySingleSigner(signerInformation, certificatesFromSignature.get(signerInformation), bArr2);
        }
    }

    private void verifySingleSigner(SignerInformation signerInformation, X509Certificate x509Certificate, byte[] bArr) throws CmsNotContainsTspException, MessageDigestVerificationException, CertificateNotYetValidException, CertificateExpiredException, CmsNotContainsOcspException, CertificateStatusException, CertificatePermissionException, DefectCertificateException, CRLVerificationException, UnknownCaException, TimeStampValidationException, SignatureDamagedException {
        verifyMessageDigest(signerInformation, x509Certificate);
        TimeStampResponse tspFromSignerInfo = getTspFromSignerInfo(signerInformation);
        Date dateFromTimeStamp = TimeStampUtil.getDateFromTimeStamp(tspFromSignerInfo);
        CertificateUtil.validateCertificateExpire(x509Certificate, dateFromTimeStamp);
        verifyOcsp(x509Certificate, signerInformation, dateFromTimeStamp);
        checkCertificatePermissions(x509Certificate);
        CertificateChainUtil.validateCertificateChain(x509Certificate, dateFromTimeStamp);
        TimeStampUtil.validateTimeStamp(tspFromSignerInfo, bArr);
    }

    private void verifyOcsp(X509Certificate x509Certificate, SignerInformation signerInformation, Date date) throws CmsNotContainsOcspException, CertificateStatusException, SignatureDamagedException, UnknownCaException {
        try {
            OCSPResp ocspFromSignerInfo = getOcspFromSignerInfo(signerInformation);
            OCSPUtil.validateStatus(ocspFromSignerInfo);
            OCSPUtil.validateCertificateAndResponseLink(x509Certificate, CertificateUtil.getIssuerCertificate(x509Certificate), ocspFromSignerInfo);
            OCSPUtil.validateResponseDate(ocspFromSignerInfo, date);
            try {
                CertificateUtil.getIssuerCertificate(OCSPUtil.getCertificateFromResponse(ocspFromSignerInfo));
            } catch (Exception e) {
                throw new UnknownCaException(e);
            }
        } catch (IssuerCertificateNotFoundException e2) {
            throw new UnknownCaException(e2);
        } catch (CertificateStatusException | CmsNotContainsOcspException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new SignatureDamagedException("OCSP_HAS_BROKEN", e4);
        }
    }

    private TimeStampResponse getTspFromSignerInfo(SignerInformation signerInformation) throws CmsNotContainsTspException {
        DERObject attributeObject = AttributeUtil.getAttributeObject(signerInformation.getUnsignedAttributes(), SignedAttributeIdentifiers.TSP_RESPONSE);
        if (attributeObject == null) {
            throw new CmsNotContainsTspException();
        }
        try {
            return new TimeStampResponse(attributeObject.getEncoded());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private OCSPResp getOcspFromSignerInfo(SignerInformation signerInformation) throws CmsNotContainsOcspException {
        try {
            DEROctetString attributeObject = AttributeUtil.getAttributeObject(signerInformation.getSignedAttributes(), SignedAttributeIdentifiers.OCSP_RESPONSE);
            if (attributeObject == null) {
                throw new CmsNotContainsOcspException();
            }
            return new OCSPResp(attributeObject.getOctets());
        } catch (CmsNotContainsOcspException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }
}
