package org.eclipse.sensinact.gateway.security.signature.internal;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Iterator;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.ess.ESSCertID;
import org.bouncycastle.asn1.ess.ESSCertIDv2;
import org.bouncycastle.asn1.ess.SigningCertificate;
import org.bouncycastle.asn1.ess.SigningCertificateV2;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder;
import org.bouncycastle.cert.selector.X509CertificateHolderSelector;
import org.bouncycastle.cert.selector.jcajce.JcaX509CertSelectorConverter;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.eclipse.sensinact.gateway.common.bundle.Mediator;
import org.eclipse.sensinact.gateway.util.CryptoUtils;
import org.eclipse.sensinact.gateway.util.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/sensinact/gateway/security/signature/internal/CryptographicUtils.class */
public class CryptographicUtils {
    private static final Logger LOG = LoggerFactory.getLogger(CryptographicUtils.class);

    public CryptographicUtils() throws NoSuchAlgorithmException {
        Security.addProvider(new BouncyCastleProvider());
    }

    private boolean checkHashValue(String str, String str2) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("pretended hash:" + str2);
        }
        boolean z = false;
        if (LOG.isDebugEnabled()) {
            LOG.debug("real Hash Value:" + str);
        }
        if (str.equals(str2)) {
            z = true;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("hash valid? " + z);
        }
        return z;
    }

    public boolean checkHashValue(Mediator mediator, URL url, String str, String str2) throws IOException, NoSuchAlgorithmException {
        return checkHashValue(getHashValue(mediator, url.openStream(), str2), str);
    }

    public String getHashValue(Mediator mediator, InputStream inputStream, String str) throws IOException, NoSuchAlgorithmException {
        return getHashValue(IOUtils.read(inputStream), str);
    }

    public boolean checkHashValue(byte[] bArr, String str, String str2) throws NoSuchAlgorithmException {
        boolean z = false;
        if (getHashValue(bArr, str2).equals(str)) {
            z = true;
        }
        return z;
    }

    public byte[] digest(byte[] bArr, String str) throws NoSuchAlgorithmException {
        MessageDigest digest = CryptoUtils.getDigest(str);
        if (digest != null) {
            return digest.digest(bArr);
        }
        throw new NoSuchAlgorithmException();
    }

    public String getHashValue(byte[] bArr, String str) throws NoSuchAlgorithmException {
        return Base64.getEncoder().encodeToString(digest(bArr, str));
    }

    public boolean checkCMSDataValidity(byte[] bArr, byte[] bArr2, String str) throws Exception {
        return checkCMSDataValidity(new CMSSignedData(new CMSProcessableByteArray(bArr), bArr2), str);
    }

    protected boolean checkCMSDataValidity(CMSSignedData cMSSignedData, String str, String str2) throws Exception {
        boolean z = false;
        Collection<SignerInformation> signers = cMSSignedData.getSignerInfos().getSigners();
        JcaCertStoreBuilder jcaCertStoreBuilder = new JcaCertStoreBuilder();
        jcaCertStoreBuilder.addCertificates(cMSSignedData.getCertificates());
        jcaCertStoreBuilder.addCertificates(cMSSignedData.getCRLs());
        jcaCertStoreBuilder.setProvider(str);
        Iterator<SignerInformation> it = signers.iterator();
        while (it.hasNext()) {
            z = z || verify(it.next(), jcaCertStoreBuilder.build(), str2);
        }
        return z;
    }

    public Certificate getCertificate(SignerInformation signerInformation, CertStore certStore) throws Exception {
        return certStore.getCertificates(new JcaX509CertSelectorConverter().getCertSelector(new X509CertificateHolderSelector(signerInformation.getSID().getSubjectKeyIdentifier()))).iterator().next();
    }

    public boolean verify(SignerInformation signerInformation, CertStore certStore, String str) throws Exception {
        Certificate certificate = getCertificate(signerInformation, certStore);
        return signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(certificate.getPublicKey())) && signingCertificateAttributeVerif(signerInformation, certificate, str);
    }

    private boolean signingCertificateAttributeVerif(SignerInformation signerInformation, Certificate certificate, String str) throws CertificateException, NoSuchAlgorithmException {
        boolean z = true;
        ESSCertID signingCertificateAttribute = getSigningCertificateAttribute(signerInformation.getSignedAttributes());
        if (signingCertificateAttribute != null) {
            z = Arrays.equals(digest(certificate.getEncoded(), str), signingCertificateAttribute.getCertHash());
        } else {
            ESSCertIDv2 signingCertificateV2Attribute = getSigningCertificateV2Attribute(signerInformation.getSignedAttributes());
            if (signingCertificateV2Attribute != null) {
                z = Arrays.equals(digest(certificate.getEncoded(), signingCertificateV2Attribute.getHashAlgorithm().getAlgorithm().getId()), signingCertificateV2Attribute.getCertHash());
            }
        }
        return z;
    }

    private static ESSCertID getSigningCertificateAttribute(AttributeTable attributeTable) {
        Attribute attribute;
        ESSCertID[] certs;
        ESSCertID eSSCertID = null;
        if (attributeTable != null && (attribute = attributeTable.get(PKCSObjectIdentifiers.id_aa_signingCertificate)) != null && (certs = SigningCertificate.getInstance(attribute.getAttrValues().getObjectAt(0)).getCerts()) != null && certs.length > 0) {
            eSSCertID = certs[0];
        }
        return eSSCertID;
    }

    private static ESSCertIDv2 getSigningCertificateV2Attribute(AttributeTable attributeTable) {
        Attribute attribute;
        ESSCertIDv2[] certs;
        ESSCertIDv2 eSSCertIDv2 = null;
        if (attributeTable != null && (attribute = attributeTable.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2)) != null && (certs = SigningCertificateV2.getInstance(attribute.getAttrValues().getObjectAt(0)).getCerts()) != null && certs.length > 0) {
            eSSCertIDv2 = certs[0];
        }
        return eSSCertIDv2;
    }

    public boolean checkCMSDataValidity(CMSSignedData cMSSignedData, String str) throws Exception {
        return checkCMSDataValidity(cMSSignedData, BouncyCastleProvider.PROVIDER_NAME, str);
    }
}
