package org.xwiki.crypto.signer.internal.cms;

import java.security.GeneralSecurityException;
import java.util.Collection;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.xwiki.component.annotation.Component;
import org.xwiki.component.manager.ComponentManager;
import org.xwiki.component.phase.Initializable;
import org.xwiki.component.phase.InitializationException;
import org.xwiki.crypto.DigestFactory;
import org.xwiki.crypto.pkix.CertificateChainBuilder;
import org.xwiki.crypto.pkix.CertificateFactory;
import org.xwiki.crypto.pkix.CertificateProvider;
import org.xwiki.crypto.pkix.params.CertifiedPublicKey;
import org.xwiki.crypto.signer.CMSSignedDataVerifier;
import org.xwiki.crypto.signer.internal.BcContentVerifierProviderBuilder;
import org.xwiki.crypto.signer.param.CMSSignedDataVerified;

@Singleton
@Component
/* loaded from: input_file:WEB-INF/lib/xwiki-commons-crypto-pkix-7.4.6.jar:org/xwiki/crypto/signer/internal/cms/DefaultCMSSignedDataVerifier.class */
public class DefaultCMSSignedDataVerifier implements CMSSignedDataVerifier, Initializable {

    @Inject
    private DigestFactory digestProvider;

    @Inject
    private BcContentVerifierProviderBuilder contentVerifierProviderBuilder;

    @Inject
    @Named("X509")
    private CertificateFactory certFactory;

    @Inject
    @Named("X509")
    private CertificateChainBuilder chainBuilder;

    @Inject
    private ComponentManager manager;

    @Override // org.xwiki.component.phase.Initializable
    public void initialize() throws InitializationException {
        if (!(this.digestProvider instanceof DigestCalculatorProvider)) {
            throw new InitializationException("Incompatible DigestFactory for this signed data verifier.");
        }
    }

    @Override // org.xwiki.crypto.signer.CMSSignedDataVerifier
    public CMSSignedDataVerified verify(byte[] bArr) throws GeneralSecurityException {
        return verify(bArr, (byte[]) null, (CertificateProvider) null);
    }

    @Override // org.xwiki.crypto.signer.CMSSignedDataVerifier
    public CMSSignedDataVerified verify(byte[] bArr, Collection<CertifiedPublicKey> collection) throws GeneralSecurityException {
        return verify(bArr, (byte[]) null, collection);
    }

    @Override // org.xwiki.crypto.signer.CMSSignedDataVerifier
    public CMSSignedDataVerified verify(byte[] bArr, CertificateProvider certificateProvider) throws GeneralSecurityException {
        return verify(bArr, (byte[]) null, certificateProvider);
    }

    @Override // org.xwiki.crypto.signer.CMSSignedDataVerifier
    public CMSSignedDataVerified verify(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        return verify(bArr, bArr2, (CertificateProvider) null);
    }

    @Override // org.xwiki.crypto.signer.CMSSignedDataVerifier
    public CMSSignedDataVerified verify(byte[] bArr, byte[] bArr2, Collection<CertifiedPublicKey> collection) throws GeneralSecurityException {
        return verify(bArr, bArr2, BcStoreUtils.getCertificateProvider(this.manager, collection));
    }

    @Override // org.xwiki.crypto.signer.CMSSignedDataVerifier
    public CMSSignedDataVerified verify(byte[] bArr, byte[] bArr2, CertificateProvider certificateProvider) throws GeneralSecurityException {
        CMSSignedData signedData = BcCMSUtils.getSignedData(bArr, bArr2);
        return verify(signedData, BcStoreUtils.getCertificateProvider(this.manager, signedData.getCertificates(), certificateProvider));
    }

    private CMSSignedDataVerified verify(CMSSignedData cMSSignedData, CertificateProvider certificateProvider) {
        BcCMSSignedDataVerified cMSSignedDataVerified = BcCMSUtils.getCMSSignedDataVerified(cMSSignedData, this.certFactory);
        for (SignerInformation signerInformation : BcCMSUtils.getSigners(cMSSignedData)) {
            CertifiedPublicKey certificate = BcStoreUtils.getCertificate(certificateProvider, signerInformation, this.certFactory);
            try {
                cMSSignedDataVerified.addSignature(new BcCMSSignerVerifiedInformation(signerInformation, BcCMSUtils.verify(signerInformation, certificate, this.contentVerifierProviderBuilder, this.digestProvider), this.chainBuilder.build(certificate, certificateProvider)));
            } catch (CMSException e) {
                cMSSignedDataVerified.addSignature(new BcCMSSignerVerifiedInformation(signerInformation, false, this.chainBuilder.build(certificate, certificateProvider)));
            }
        }
        return cMSSignedDataVerified;
    }
}
