package asia.dbt.thundercrypt.core.verificators;

import asia.dbt.thundercrypt.core.exceptions.CRLVerificationException;
import asia.dbt.thundercrypt.core.exceptions.UnknownCaException;
import asia.dbt.thundercrypt.core.exceptions.certificates.DefectCertificateException;
import asia.dbt.thundercrypt.core.exceptions.verification.CertificatePermissionException;
import asia.dbt.thundercrypt.core.exceptions.verification.CertificateStatusException;
import asia.dbt.thundercrypt.core.exceptions.verification.MessageDigestVerificationException;
import asia.dbt.thundercrypt.core.utils.CertificateChainUtil;
import asia.dbt.thundercrypt.core.utils.CertificateConverter;
import asia.dbt.thundercrypt.core.utils.CertificateUtil;
import java.security.Signature;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import java.util.function.Consumer;
import kz.gov.pki.kalkan.asn1.knca.KNCAObjectIdentifiers;
import kz.gov.pki.kalkan.asn1.pkcs.PKCSObjectIdentifiers;
import kz.gov.pki.kalkan.jce.provider.cms.CMSSignedDataGenerator;
import kz.gov.pki.kalkan.util.encoders.Base64;

/* loaded from: input_file:asia/dbt/thundercrypt/core/verificators/RawSignatureVerification.class */
public class RawSignatureVerification extends SignVerification {
    private final String certificateAsBase64;
    private final String sign;
    private final String signedData;
    private final Date signTime;

    public RawSignatureVerification(String str, String str2, String str3, Date date) {
        this.certificateAsBase64 = str;
        this.sign = str2;
        this.signedData = str3;
        this.signTime = date;
    }

    public void verify() throws MessageDigestVerificationException, DefectCertificateException, CertificateStatusException, UnknownCaException, CRLVerificationException, CertificatePermissionException, CertificateNotYetValidException, CertificateExpiredException {
        X509Certificate fromBase64ToCertificate = CertificateConverter.fromBase64ToCertificate(this.certificateAsBase64);
        checkMessageDigest(fromBase64ToCertificate);
        CertificateUtil.validateCertificateExpire(fromBase64ToCertificate, this.signTime);
        checkCertificatePermissions(fromBase64ToCertificate);
        CertificateChainUtil.validateCertificateChain(fromBase64ToCertificate, this.signTime);
    }

    private void checkMessageDigest(X509Certificate x509Certificate) throws MessageDigestVerificationException {
        try {
            Signature signature = Signature.getInstance(extractSignAlgorithm(x509Certificate) + "with" + x509Certificate.getSigAlgOID(), "KALKAN");
            signature.initVerify(x509Certificate.getPublicKey());
            signature.update(Base64.decode(this.signedData));
            if (signature.verify(Base64.decode(this.sign))) {
            } else {
                throw new Exception("NOT_VALID");
            }
        } catch (Exception e) {
            throw new MessageDigestVerificationException(e);
        }
    }

    private static String extractSignAlgorithm(X509Certificate x509Certificate) {
        return x509Certificate.getSigAlgOID().equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()) ? CMSSignedDataGenerator.DIGEST_SHA1 : x509Certificate.getSigAlgOID().equals(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId()) ? CMSSignedDataGenerator.DIGEST_SHA256 : x509Certificate.getSigAlgOID().equals(KNCAObjectIdentifiers.gost34311_95_with_gost34310_2004.getId()) ? CMSSignedDataGenerator.DIGEST_GOST34311_95 : CMSSignedDataGenerator.DIGEST_GOST3411_GT;
    }

    @Override // asia.dbt.thundercrypt.core.verificators.SignVerification
    public /* bridge */ /* synthetic */ void setAllowedCertificatePolicies(List list) {
        super.setAllowedCertificatePolicies(list);
    }

    @Override // asia.dbt.thundercrypt.core.verificators.SignVerification
    public /* bridge */ /* synthetic */ void setPermissionsForCheck(List list) {
        super.setPermissionsForCheck(list);
    }

    @Override // asia.dbt.thundercrypt.core.verificators.SignVerification
    public /* bridge */ /* synthetic */ void setCheckCertificatePermissionHandler(Consumer consumer) {
        super.setCheckCertificatePermissionHandler(consumer);
    }
}
