package xades4j.providers.impl;

import com.google.inject.Inject;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.ParsingException;
import sun.security.pkcs.SignerInfo;
import xades4j.providers.CertificateValidationException;
import xades4j.providers.CertificateValidationProvider;
import xades4j.providers.TimeStampTokenDigestException;
import xades4j.providers.TimeStampTokenSignatureException;
import xades4j.providers.TimeStampTokenStructureException;
import xades4j.providers.TimeStampTokenTSACertException;
import xades4j.providers.TimeStampTokenVerificationException;
import xades4j.providers.TimeStampVerificationProvider;
import xades4j.providers.ValidationData;
import xades4j.utils.TimeStampTokenInfo;
import xades4j.verification.UnexpectedJCAException;

/* loaded from: input_file:xades4j/providers/impl/DefaultTimeStampVerificationProvider.class */
public class DefaultTimeStampVerificationProvider implements TimeStampVerificationProvider {
    private final CertificateValidationProvider certificateValidationProvider;

    @Inject
    public DefaultTimeStampVerificationProvider(CertificateValidationProvider certificateValidationProvider) {
        this.certificateValidationProvider = certificateValidationProvider;
    }

    @Override // xades4j.providers.TimeStampVerificationProvider
    public Date verifyToken(byte[] bArr, byte[] bArr2) throws TimeStampTokenVerificationException {
        try {
            PKCS7 pkcs7 = new PKCS7(bArr);
            TimeStampTokenInfo timeStampTokenInfo = new TimeStampTokenInfo(pkcs7.getContentInfo().getContentBytes());
            SignerInfo[] signerInfos = pkcs7.getSignerInfos();
            if (null == signerInfos || signerInfos.length != 1) {
                throw new TimeStampTokenStructureException("Only one signature should be present on time-stamp token");
            }
            X509Certificate[] certificates = pkcs7.getCertificates();
            SignerInfo signerInfo = signerInfos[0];
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setIssuer(new X500Principal(signerInfo.getIssuerName().getName()));
            x509CertSelector.setSerialNumber(signerInfo.getCertificateSerialNumber());
            ValidationData validate = this.certificateValidationProvider.validate(x509CertSelector, timeStampTokenInfo.getDate(), null == certificates ? null : Arrays.asList(certificates));
            if (null == certificates) {
                pkcs7 = new PKCS7(pkcs7.getDigestAlgorithmIds(), pkcs7.getContentInfo(), new X509Certificate[]{validate.getCerts().get(0)}, signerInfos);
            }
            if (null == pkcs7.verify(signerInfo, (byte[]) null)) {
                throw new TimeStampTokenSignatureException("Time-stamp token signature verification failed");
            }
            try {
                if (Arrays.equals(MessageDigest.getInstance(timeStampTokenInfo.getHashAlgorithm().getName()).digest(bArr2), timeStampTokenInfo.getHashedMessage())) {
                    return timeStampTokenInfo.getDate();
                }
                throw new TimeStampTokenDigestException();
            } catch (NoSuchAlgorithmException e) {
                throw new TimeStampTokenVerificationException(e.getMessage());
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new TimeStampTokenSignatureException(e2.getMessage());
        } catch (ParsingException e3) {
            throw new TimeStampTokenStructureException("Token cannot be parsed");
        } catch (IOException e4) {
            throw new TimeStampTokenStructureException("Token content info is invalid");
        } catch (SignatureException e5) {
            throw new TimeStampTokenSignatureException(e5.getMessage());
        } catch (CertificateValidationException e6) {
            throw new TimeStampTokenTSACertException("cannot validate TSA certificate: " + e6.getMessage(), e6);
        } catch (UnexpectedJCAException e7) {
            throw new TimeStampTokenTSACertException("cannot validate TSA certificate: " + e7.getMessage(), e7);
        }
    }
}
