package df.sign.cms;

import com.itextpdf.text.pdf.PdfObject;
import df.sign.utils.X509Utils;
import java.io.ByteArrayOutputStream;
import java.security.Security;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Store;

/* loaded from: input_file:df/sign/cms/PKCS7Manager.class */
public class PKCS7Manager {
    public static boolean isPKCS7File(byte[] bArr) {
        try {
            new CMSSignedData(bArr);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static byte[] buildPDFPKCS7(String str, X509Certificate x509Certificate, byte[] bArr, byte[] bArr2, Date date) throws Exception {
        return buildPKCS7(str, null, x509Certificate, bArr, bArr2, date);
    }

    public static byte[] buildPKCS7(String str, byte[] bArr, X509Certificate x509Certificate, byte[] bArr2, byte[] bArr3, Date date) throws Exception {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        CMSSignedDataWrapper cMSSignedDataWrapper = new CMSSignedDataWrapper();
        byte[] bArr4 = bArr;
        if (bArr != null && isPKCS7File(bArr)) {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            cMSSignedDataWrapper.addSignerInformation(cMSSignedData.getSignerInfos());
            cMSSignedDataWrapper.addCert((Store<X509CertificateHolder>) cMSSignedData.getCertificates());
            cMSSignedDataWrapper.addCrl((Store<X509CRL>) cMSSignedData.getCRLs());
            bArr4 = extractData(bArr);
        }
        cMSSignedDataWrapper.addSignerInformation(str, CMSSignedDataGenerator.ENCRYPTION_RSA, x509Certificate, bArr2, bArr3, date);
        cMSSignedDataWrapper.addCert(x509Certificate.getEncoded());
        if (bArr4 != null) {
            cMSSignedDataWrapper.setContent(bArr4);
        } else {
            cMSSignedDataWrapper.setEncapsulate(false);
        }
        return cMSSignedDataWrapper.buildCMSSignedData().getEncoded();
    }

    public static boolean verifySignature(CMSSignedData cMSSignedData, X509Certificate x509Certificate) {
        try {
            if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
                Security.addProvider(new BouncyCastleProvider());
            }
            Collection<SignerInformation> signers = cMSSignedData.getSignerInfos().getSigners();
            X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(x509Certificate.getEncoded());
            for (SignerInformation signerInformation : signers) {
                if (signerInformation.getSID().match(x509CertificateHolder) && signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(x509CertificateHolder))) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    public static boolean verifySignatureOfUser(byte[] bArr, String str) {
        if (str != null) {
            try {
                if (!str.equals(PdfObject.NOTHING)) {
                    if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
                        Security.addProvider(new BouncyCastleProvider());
                    }
                    CMSSignedData cMSSignedData = new CMSSignedData(bArr);
                    boolean z = false;
                    int i = 0;
                    for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                        X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) cMSSignedData.getCertificates().getMatches(signerInformation.getSID()).iterator().next();
                        if (x509CertificateHolder.getSubject().toString().toLowerCase().contains(str.toLowerCase())) {
                            z = true;
                            if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(x509CertificateHolder))) {
                                boolean z2 = true;
                                try {
                                    X509Utils.checkAllOnCertificate(X509Utils.getX509Certificate(x509CertificateHolder.getEncoded()));
                                } catch (Exception e) {
                                    e.printStackTrace();
                                    z2 = false;
                                }
                                if (z2) {
                                    return true;
                                }
                                i++;
                            } else {
                                i++;
                            }
                        }
                    }
                    if (!z) {
                        throw new Exception("ATTENTION: No certificate found in the PKCS7 data that contain the CF " + str + " in its subjectDN");
                    }
                    if (i != 0) {
                        throw new Exception("ATTENTION: N. " + i + " certificates associated to the user " + str + " seems to be invalid. Please check them!");
                    }
                    return false;
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                return false;
            }
        }
        throw new Exception("ERROR: userCF can not be null or empty");
    }

    public static boolean verifyAllSignatures(byte[] bArr) {
        try {
            return verifyAllSignatures(new CMSSignedData(bArr));
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    public static boolean verifyAllSignatures(CMSSignedData cMSSignedData) {
        try {
            if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
                Security.addProvider(new BouncyCastleProvider());
            }
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                Collection matches = cMSSignedData.getCertificates().getMatches(signerInformation.getSID());
                if (matches.size() == 0) {
                    throw new Exception("ERROR: Impossible to find a Certificate using the Signer ID: " + signerInformation.getSID());
                }
                X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) matches.iterator().next();
                if (!signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(x509CertificateHolder))) {
                    throw new Exception("ATTENTION: At least a signature is invalid!");
                }
                boolean z = true;
                String str = PdfObject.NOTHING;
                try {
                    X509Utils.checkAllOnCertificate(X509Utils.getX509Certificate(x509CertificateHolder.getEncoded()));
                } catch (Exception e) {
                    str = e.getMessage();
                    z = false;
                }
                if (!z) {
                    throw new Exception("ATTENTION: The certificate is invalid:\n" + str);
                }
            }
            return true;
        } catch (Exception e2) {
            e2.printStackTrace();
            return false;
        }
    }

    public static byte[] extractData(byte[] bArr) {
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            cMSSignedData.getSignedContent().write(byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            return new byte[0];
        }
    }

    public static byte[] extractData(CMSSignedData cMSSignedData) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            cMSSignedData.getSignedContent().write(byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            return new byte[0];
        }
    }
}
