package br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.policies;

import br.gov.frameworkdemoiselle.certificate.criptography.Digest;
import br.gov.frameworkdemoiselle.certificate.criptography.DigestAlgorithmEnum;
import br.gov.frameworkdemoiselle.certificate.criptography.factory.DigestFactory;
import br.gov.frameworkdemoiselle.certificate.signer.SignerAlgorithmEnum;
import br.gov.frameworkdemoiselle.certificate.signer.SignerException;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.SignaturePolicy;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.SignaturePolicyException;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.attribute.SigPolicyQualifierInfoURL;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.attribute.SignaturePolicyId;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.attribute.SigningCertificate;
import br.gov.frameworkdemoiselle.certificate.signer.util.ValidadorUtil;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Collection;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:br/gov/frameworkdemoiselle/certificate/signer/pkcs7/bc/policies/ADRBCMS_1_0.class */
public class ADRBCMS_1_0 implements SignaturePolicy {
    private final int keySize = 1024;

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.SignaturePolicy
    public SignaturePolicyId getSignaturePolicyId() {
        SignaturePolicyId signaturePolicyId = new SignaturePolicyId();
        signaturePolicyId.setHash(new byte[]{32, -42, 120, -109, 37, 81, 59, -68, -116, 41, 98, 78, 31, 64, -74, 24, 19, -20, 92, -25});
        signaturePolicyId.setHashAlgorithm(SignerAlgorithmEnum.SHA1withDSA.getOIDAlgorithmHash());
        signaturePolicyId.setSigPolicyId(OIDICPBrasil.POLICY_ID_AD_RB_CMS_V_1_0);
        signaturePolicyId.addSigPolicyQualifiers(new SigPolicyQualifierInfoURL("http://politicas.icpbrasil.gov.br/PA_AD_RB.der"));
        return signaturePolicyId;
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.SignaturePolicy
    public void validate(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null || bArr2.length == 0) {
            throw new SignaturePolicyException("Content signed is null");
        }
        PublicKey publicKey = null;
        try {
            CMSSignedData cMSSignedData = bArr == null ? new CMSSignedData(bArr2) : new CMSSignedData(new CMSProcessableByteArray(bArr), bArr2);
            SignerInformation signerInformation = (SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next();
            try {
                try {
                    try {
                        try {
                            Security.addProvider(new BouncyCastleProvider());
                            Collection<? extends Certificate> certificates = cMSSignedData.getCertificatesAndCRLs("Collection", "BC").getCertificates(signerInformation.getSID());
                            if (!certificates.isEmpty()) {
                                publicKey = ((X509Certificate) certificates.iterator().next()).getPublicKey();
                            }
                            AttributeTable signedAttributes = signerInformation.getSignedAttributes();
                            Attribute attribute = signedAttributes.get(CMSAttributes.contentType);
                            if (attribute == null) {
                                throw new SignerException("Package PKCS7 without attribute ContentType");
                            }
                            if (!attribute.getAttrValues().getObjectAt(0).equals(ContentInfo.data)) {
                                throw new SignerException("ContentType isn't a DATA type");
                            }
                            try {
                                CMSProcessable signedContent = cMSSignedData.getSignedContent();
                                if (signedContent != null) {
                                    bArr = (byte[]) signedContent.getContent();
                                }
                                Attribute attribute2 = signedAttributes.get(CMSAttributes.messageDigest);
                                if (attribute2 == null) {
                                    throw new SignerException("Package PKCS7 without attribute MessageDigest");
                                }
                                byte[] octets = ASN1OctetString.getInstance(attribute2.getAttrValues().getObjectAt(0).getDERObject()).getOctets();
                                if (!SignerAlgorithmEnum.getSignerOIDAlgorithmHashEnum(signerInformation.getDigestAlgorithmID().getObjectId().toString()).getAlgorithmHash().equals(DigestAlgorithmEnum.SHA_1.getAlgorithm())) {
                                    throw new SignerException("Algoritmo de resumo inválido para esta política");
                                }
                                Digest factoryDefault = DigestFactory.getInstance().factoryDefault();
                                factoryDefault.setAlgorithm(DigestAlgorithmEnum.SHA_1.getAlgorithm());
                                if (!MessageDigest.isEqual(octets, factoryDefault.digest(bArr))) {
                                    throw new SignerException("Hash not equal");
                                }
                                try {
                                    signerInformation.verify(publicKey, "BC");
                                    try {
                                        signedAttributes.get(CMSAttributes.signingTime).getAttrValues().getDERObject().getObjectAt(0).getAdjustedDate();
                                    } catch (ParseException e) {
                                        throw new SignerException("SigningTime error", e);
                                    }
                                } catch (NoSuchAlgorithmException e2) {
                                    throw new SignerException(e2);
                                } catch (NoSuchProviderException e3) {
                                    throw new SignerException(e3);
                                } catch (CMSException e4) {
                                    throw new SignerException("Invalid signature", e4);
                                }
                            } catch (Exception e5) {
                                throw new SignerException(e5);
                            }
                        } catch (CMSException e6) {
                            throw new SignerException((Throwable) e6);
                        }
                    } catch (NoSuchAlgorithmException e7) {
                        throw new SignerException(e7);
                    }
                } catch (NoSuchProviderException e8) {
                    throw new SignerException(e8);
                } catch (CertStoreException e9) {
                    throw new SignerException(e9);
                }
            } catch (SignerException e10) {
                throw new SignerException("Error on get information about certificates and public keys from a package PKCS7", e10);
            }
        } catch (CMSException e11) {
            throw new SignerException("Invalid bytes for a package PKCS7", e11);
        }
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.SignaturePolicy
    public void validate(X509Certificate x509Certificate, PrivateKey privateKey) {
        if (((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().bitLength() < 1024) {
            throw new SignerException("O tamanho mínimo da chave privada deve ser de 1024 bits");
        }
        ValidadorUtil.validate(x509Certificate);
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.SignaturePolicy
    public SignerAlgorithmEnum getSignerAlgorithm() {
        return SignerAlgorithmEnum.SHA1withRSA;
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.SignaturePolicy
    public SigningCertificate getSigningCertificateAttribute(X509Certificate x509Certificate) {
        return new SigningCertificate(x509Certificate);
    }
}
