package es.gob.afirma.signature;

import es.gob.afirma.core.signers.AOSigner;
import es.gob.afirma.signature.SignValidity;
import es.gob.afirma.signers.cades.AOCAdESSigner;
import es.gob.afirma.signers.cms.AOCMSSigner;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:es/gob/afirma/signature/ValidateBinarySignature.class */
public final class ValidateBinarySignature {
    private ValidateBinarySignature() {
    }

    public static SignValidity validate(byte[] bArr, byte[] bArr2) {
        if (bArr == null) {
            throw new IllegalArgumentException("La firma a validar no puede ser nula");
        }
        AOSigner aOCMSSigner = new AOCMSSigner();
        if (!aOCMSSigner.isSign(bArr)) {
            aOCMSSigner = new AOCAdESSigner();
            if (!aOCMSSigner.isSign(bArr)) {
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, null);
            }
        }
        Security.addProvider(new BouncyCastleProvider());
        try {
            byte[] bArr3 = (byte[]) null;
            if (bArr2 == null) {
                bArr3 = aOCMSSigner.getData(bArr);
                if (bArr3 == null) {
                    return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.UNKNOWN, SignValidity.VALIDITY_ERROR.NO_DATA);
                }
            }
            verifySignatures(bArr, bArr2 != null ? bArr2 : bArr3);
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.OK, null);
        } catch (NoMatchDataException unused) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.NO_MATCH_DATA);
        } catch (NoSuchAlgorithmException unused2) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.ALGORITHM_NOT_SUPPORTED);
        } catch (CRLException unused3) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CRL_PROBLEM);
        } catch (CertStoreException unused4) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CERTIFICATE_PROBLEM);
        } catch (CertificateExpiredException unused5) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CERTIFICATE_EXPIRED);
        } catch (CertificateNotYetValidException unused6) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CERTIFICATE_NOT_VALID_YET);
        } catch (Exception unused7) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, null);
        }
    }

    private static void verifySignatures(byte[] bArr, byte[] bArr2) throws CMSException, CertStoreException, CertificateExpiredException, CertificateNotYetValidException, NoSuchAlgorithmException, NoMatchDataException, CRLException, NoSuchProviderException, SignatureException {
        String str;
        CMSSignedData cMSSignedData = new CMSSignedData(bArr);
        CertStore certificatesAndCRLs = cMSSignedData.getCertificatesAndCRLs("Collection", BouncyCastleProvider.PROVIDER_NAME);
        for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
            if (!signerInformation.verify((X509Certificate) certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator().next(), BouncyCastleProvider.PROVIDER_NAME)) {
                throw new SignatureException("Firma no valida");
            }
            if (bArr2 != null) {
                if (signerInformation.getDigestAlgorithmID() == null) {
                    throw new CMSException("No se ha podido localizar el algoritmo de huella digital");
                }
                String aSN1ObjectIdentifier = signerInformation.getDigestAlgorithmID().getAlgorithm().toString();
                if (AOAlgorithmID.getOID("MD2").equals(aSN1ObjectIdentifier)) {
                    str = "MD2";
                } else if (AOAlgorithmID.getOID("MD5").equals(aSN1ObjectIdentifier)) {
                    str = "MD5";
                } else if (AOAlgorithmID.getOID("SHA1").equals(aSN1ObjectIdentifier)) {
                    str = "SHA1";
                } else if (AOAlgorithmID.getOID("SHA-256").equals(aSN1ObjectIdentifier)) {
                    str = "SHA-256";
                } else if (AOAlgorithmID.getOID("SHA-384").equals(aSN1ObjectIdentifier)) {
                    str = "SHA-384";
                } else {
                    if (!AOAlgorithmID.getOID("SHA-512").equals(aSN1ObjectIdentifier)) {
                        throw new NoSuchAlgorithmException("Algoritmo de huella digital no reconocido");
                    }
                    str = "SHA-512";
                }
                if (!MessageDigest.isEqual(MessageDigest.getInstance(str).digest(bArr2), signerInformation.getContentDigest())) {
                    throw new NoMatchDataException("Los datos introducidos no coinciden con los firmados");
                }
            }
        }
        if (certificatesAndCRLs.getCertificates(null).size() != cMSSignedData.getCertificates().getMatches(null).size()) {
            throw new CertStoreException("Error en la estructura de certificados de la firma");
        }
        if (certificatesAndCRLs.getCRLs(null).size() != cMSSignedData.getCRLs().getMatches(null).size()) {
            throw new CRLException("Error en la estructura de CRLs de la firma");
        }
    }
}
