package org.jscep.pkcs7;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashSet;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.jscep.util.AlgorithmDictionary;
import org.jscep.x509.X509Util;

/* loaded from: input_file:org/jscep/pkcs7/SignedDataUtil.class */
public final class SignedDataUtil {
    private SignedDataUtil() {
    }

    public static CertStore extractCertStore(SignedData signedData) throws GeneralSecurityException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        HashSet hashSet = new HashSet();
        ASN1Set certificates = signedData.getCertificates();
        ASN1Set cRLs = signedData.getCRLs();
        if (certificates != null) {
            Enumeration objects = certificates.getObjects();
            while (objects.hasMoreElements()) {
                hashSet.add(certificateFactory.generateCertificate(new ByteArrayInputStream(((ASN1Sequence) objects.nextElement()).getDEREncoded())));
            }
        }
        if (cRLs != null) {
            Enumeration objects2 = cRLs.getObjects();
            while (objects2.hasMoreElements()) {
                hashSet.add(certificateFactory.generateCRL(new ByteArrayInputStream(((ASN1Sequence) objects2.nextElement()).getDEREncoded())));
            }
        }
        return CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet));
    }

    public static boolean isSignedBy(SignedData signedData, X509Certificate x509Certificate) {
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(X509Util.toX509Name(x509Certificate.getIssuerX500Principal()), x509Certificate.getSerialNumber());
        Enumeration objects = signedData.getSignerInfos().getObjects();
        while (objects.hasMoreElements()) {
            SignerInfo signerInfo = new SignerInfo((ASN1Sequence) objects.nextElement());
            signerInfo.getAuthenticatedAttributes();
            if (areEqual(issuerAndSerialNumber, IssuerAndSerialNumber.getInstance(signerInfo.getSID().getId()))) {
                ASN1OctetString encryptedDigest = signerInfo.getEncryptedDigest();
                try {
                    Signature signature = Signature.getInstance(AlgorithmDictionary.lookup(signerInfo.getDigestAlgorithm()));
                    try {
                        signature.initVerify(x509Certificate);
                        try {
                            signature.update(getHash(signerInfo));
                            return signature.verify(encryptedDigest.getOctets());
                        } catch (IOException e) {
                            return false;
                        } catch (SignatureException e2) {
                            return false;
                        }
                    } catch (InvalidKeyException e3) {
                        return false;
                    }
                } catch (NoSuchAlgorithmException e4) {
                    return false;
                }
            }
        }
        return false;
    }

    private static byte[] getHash(SignerInfo signerInfo) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
        dEROutputStream.writeObject(signerInfo.getAuthenticatedAttributes());
        dEROutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    private static boolean areEqual(IssuerAndSerialNumber issuerAndSerialNumber, IssuerAndSerialNumber issuerAndSerialNumber2) {
        return issuerAndSerialNumber.getSerialNumber().equals(issuerAndSerialNumber2.getSerialNumber()) && issuerAndSerialNumber.getName().equals(issuerAndSerialNumber2.getName());
    }
}
