package com.mulesoft.connector.as2.internal.crypto;

import com.mulesoft.connector.as2.internal.error.AS2ErrorType;
import com.mulesoft.connector.as2.internal.error.DispositionType;
import com.mulesoft.connector.as2.internal.error.exception.AS2ExtensionException;
import com.mulesoft.connector.as2.internal.utils.AS2BouncyCastleProvider;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jcajce.provider.util.DigestFactory;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mulesoft/connector/as2/internal/crypto/SignedMessageVerifier.class */
public class SignedMessageVerifier {
    private static final Logger LOGGER = LoggerFactory.getLogger(SignedMessageVerifier.class);
    private PublicKey publicKey;
    private Map<String, byte[]> hashes = new HashMap();
    private String id;

    public SignedMessageVerifier(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    public boolean validateSignature(byte[] bArr, AS2Digest aS2Digest) {
        LOGGER.trace("Validating PKCS7 signature against digest");
        this.id = DigestFactory.getOID(aS2Digest.getAlgorithm().algorithm()).getId();
        this.hashes.put(this.id, aS2Digest.getHash());
        try {
            LOGGER.debug("CMSUtils reading ContentInfo from pkcs7Signature");
            CMSSignedData cMSSignedData = new CMSSignedData(this.hashes, bArr);
            LOGGER.debug("finding signers information");
            SignerInformationStore signerInfos = cMSSignedData.getSignerInfos();
            if (signerInfos.size() < 1) {
                LOGGER.debug("No signer found for given data");
                throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_AUTHENTICATION_FAILED, "Signature had no signer information!", AS2ErrorType.SIGNATURE_VERIFY);
            }
            Iterator it = signerInfos.getSigners().iterator();
            while (it.hasNext()) {
                try {
                    if (((SignerInformation) it.next()).verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(AS2BouncyCastleProvider.getBouncyCastleProvider()).build(this.publicKey))) {
                        LOGGER.debug("Signer was verified.");
                        return true;
                    }
                } catch (OperatorCreationException | CMSException e) {
                    LOGGER.debug("There was an error while trying to verify signer");
                    throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_AUTHENTICATION_FAILED, "Error verifying signature", AS2ErrorType.SIGNATURE_VERIFY, e);
                }
            }
            LOGGER.debug("The signer could not be verified.");
            return false;
        } catch (CMSException e2) {
            LOGGER.debug("Unable to parse PKCS7 signature block", e2);
            throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_AUTHENTICATION_FAILED, "Unable to parse PKCS7 signature block", AS2ErrorType.SIGNATURE_VERIFY, e2);
        }
    }

    public String getHash() {
        return Base64.toBase64String(this.hashes.get(this.id));
    }
}
