package com.itrus.svm;

import com.itrus.cryptorole.CryptoException;
import com.itrus.cryptorole.SignatureVerifyException;
import com.itrus.util.DERUtils;
import com.itrus.util.sign.RSAWithSoftware;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.asn1.pkcs.SignerInfo;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/itrus/svm/SVM.class */
public class SVM implements PKCSObjectIdentifiers {
    private static final String ID_PKCS7_DATA = "1.2.840.113549.1.7.1";
    private static final String ID_PKCS7_SIGNED_DATA = "1.2.840.113549.1.7.2";
    private static final String ID_MD5 = "1.2.840.113549.2.5";
    private static final String ID_MD2 = "1.2.840.113549.2.2";
    private static final String ID_SHA1 = "1.3.14.3.2.26";
    private static final String ID_RSA = "1.2.840.113549.1.1.1";
    private static final String ID_DSA = "1.2.840.10040.4.1";

    public static X509Certificate verifySignature(byte[] bArr, String str) throws SignatureVerifyException, CryptoException {
        return verifyAndParsePkcs7(bArr, !str.startsWith("M") ? DERUtils.HexStringToBytes(str) : Base64.decode(str)).getSigner();
    }

    public static X509Certificate verifySignature(String str, String str2) throws SignatureVerifyException, CryptoException {
        try {
            return verifySignature(str.getBytes("iso8859-1"), str2);
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static byte[] fetchEncryptedDigest(String str, String str2) throws SignatureVerifyException, CryptoException {
        return verifyAndParsePkcs7(str.getBytes(), !str2.startsWith("M") ? DERUtils.HexStringToBytes(str2) : Base64.decode(str2)).getEncryptedDigest();
    }

    private static String getDigestAlgorithm(String str, String str2) {
        String str3 = str;
        String str4 = str2;
        if (str.equals(ID_MD5)) {
            str3 = "MD5";
        } else if (str.equals(ID_MD2)) {
            str3 = "MD2";
        } else if (str.equals(ID_SHA1)) {
            str3 = "SHA1";
        }
        if (str2.equals(ID_RSA)) {
            str4 = RSAWithSoftware.KEY_ALGORITHM;
        } else if (str2.equals(ID_DSA)) {
            str4 = "DSA";
        }
        return String.valueOf(str3) + "with" + str4;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static SignerAndEncryptedDigest verifyAndParsePkcs7(byte[] bArr, byte[] bArr2) throws SignatureVerifyException, CryptoException {
        com.itrus.cert.X509Certificate x509Certificate = null;
        try {
            DERObject readObject = new ASN1InputStream(bArr2).readObject();
            if (!(readObject instanceof ASN1Sequence)) {
                throw new SecurityException("Not a valid PKCS#7 object - not a sequence");
            }
            ContentInfo contentInfo = ContentInfo.getInstance(readObject);
            if (!contentInfo.getContentType().equals(signedData)) {
                throw new SecurityException("Not a valid PKCS#7 signed-data object - wrong header " + contentInfo.getContentType().getId());
            }
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            ArrayList arrayList = new ArrayList();
            if (signedData.getCertificates() != null) {
                Enumeration objects = ASN1Set.getInstance(signedData.getCertificates()).getObjects();
                while (objects.hasMoreElements()) {
                    try {
                        arrayList.add(new com.itrus.cert.X509Certificate(X509CertificateStructure.getInstance(objects.nextElement())));
                    } catch (CertificateParsingException e) {
                        throw new CryptoException(e);
                    }
                }
            }
            DEROctetString content = signedData.getContentInfo().getContent();
            if (content != null) {
                bArr = content.getOctets();
            }
            ASN1Set signerInfos = signedData.getSignerInfos();
            if (signerInfos.size() != 1) {
                throw new SecurityException("This PKCS#7 object has multiple SignerInfos - only one is supported at this time");
            }
            SignerInfo signerInfo = SignerInfo.getInstance(signerInfos.getObjectAt(0));
            IssuerAndSerialNumber issuerAndSerialNumber = signerInfo.getIssuerAndSerialNumber();
            BigInteger value = issuerAndSerialNumber.getCertificateSerialNumber().getValue();
            X509Principal x509Principal = new X509Principal(issuerAndSerialNumber.getName());
            Iterator it = arrayList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                com.itrus.cert.X509Certificate x509Certificate2 = (com.itrus.cert.X509Certificate) it.next();
                if (value.equals(x509Certificate2.getSerialNumber()) && x509Principal.equals(x509Certificate2.getIssuerDN())) {
                    x509Certificate = x509Certificate2;
                    break;
                }
            }
            if (x509Certificate == null) {
                throw new SecurityException("Can't find signing certificate with serial " + value.toString(16));
            }
            String id = signerInfo.getDigestAlgorithm().getObjectId().getId();
            byte[] octets = signerInfo.getEncryptedDigest().getOctets();
            try {
                Signature signature = Signature.getInstance(getDigestAlgorithm(id, signerInfo.getDigestEncryptionAlgorithm().getObjectId().getId()));
                signature.initVerify(x509Certificate.getPublicKey());
                if (bArr == null) {
                    throw new CryptoException("Unable to get the original data to be signed.");
                }
                signature.update(bArr);
                if (!signature.verify(octets)) {
                    SignatureVerifyException signatureVerifyException = new SignatureVerifyException("Signature verify failed, plaintext may be falsified. Signer is [" + x509Certificate.getSubjectDNString() + "]");
                    signatureVerifyException.setSigner(x509Certificate);
                    throw signatureVerifyException;
                }
                SignerAndEncryptedDigest signerAndEncryptedDigest = new SignerAndEncryptedDigest();
                signerAndEncryptedDigest.setSigner(x509Certificate);
                signerAndEncryptedDigest.setEncryptedDigest(octets);
                signerAndEncryptedDigest.setOriData(bArr);
                return signerAndEncryptedDigest;
            } catch (InvalidKeyException e2) {
                throw new CryptoException(e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new CryptoException(e3);
            } catch (SignatureException e4) {
                throw new CryptoException(e4);
            }
        } catch (IOException e5) {
            throw new SecurityException("can't decode PKCS7SignedData object");
        }
    }
}
