package net.ripe.rpki.commons.crypto.cms.manifest;

import java.math.BigInteger;
import java.text.ParseException;
import java.util.Map;
import java.util.TreeMap;
import net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectInfo;
import net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectParser;
import net.ripe.rpki.commons.crypto.util.Asn1Util;
import net.ripe.rpki.commons.validation.ValidationResult;
import net.ripe.rpki.commons.validation.ValidationString;
import org.apache.commons.lang.Validate;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERIA5String;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/cms/manifest/ManifestCmsParser.class */
public class ManifestCmsParser extends RpkiSignedObjectParser {
    private int version = 0;
    private static final int MANIFEST_CONTENT_SEQUENCE_LENGTH = 5;
    private static final int MANIFEST_NUMBER_INDEX = 0;
    private static final int THIS_UPDATE_TIME_INDEX = 1;
    private static final int NEXT_UPDATE_TIME_INDEX = 2;
    private static final int FILE_HASH_ALGORHYTHM_INDEX = 3;
    private static final int FILE_LIST_INDEX = 4;
    private BigInteger number;
    private DateTime thisUpdateTime;
    private DateTime nextUpdateTime;
    private String fileHashAlgorithm;
    private Map<String, byte[]> files;

    @Override // net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectParser
    public void parse(ValidationResult validationResult, byte[] bArr) {
        super.parse(validationResult, bArr);
        if (isSuccess()) {
            validateManifest();
        }
    }

    public boolean isSuccess() {
        return !getValidationResult().hasFailures();
    }

    public ManifestCms getManifestCms() {
        if (isSuccess()) {
            return new ManifestCms(new RpkiSignedObjectInfo(getEncoded(), getResourceCertificate(), getContentType(), getSigningTime()), new ManifestCmsGeneralInfo(this.version, this.number, this.thisUpdateTime, this.nextUpdateTime, this.fileHashAlgorithm), this.files);
        }
        throw new IllegalArgumentException("Manifest validation failed: " + getValidationResult().getFailuresForCurrentLocation());
    }

    private void validateManifest() {
        ValidationResult validationResult = getValidationResult();
        validationResult.rejectIfFalse(new ASN1ObjectIdentifier(ManifestCms.CONTENT_TYPE_OID).equals(getContentType()), ValidationString.MANIFEST_CONTENT_TYPE, new String[0]);
        validationResult.rejectIfFalse(getResourceCertificate().isResourceSetInherited(), ValidationString.MANIFEST_RESOURCE_INHERIT, new String[0]);
    }

    void decodeManifest(ASN1Encodable aSN1Encodable) {
        ValidationResult validationResult = getValidationResult();
        try {
            ASN1Sequence expect = Asn1Util.expect(aSN1Encodable, ASN1Sequence.class);
            validationResult.rejectIfFalse(expect.size() == MANIFEST_CONTENT_SEQUENCE_LENGTH, ValidationString.MANIFEST_CONTENT_SIZE, new String[0]);
            if (validationResult.hasFailureForCurrentLocation()) {
                return;
            }
            this.version = 0;
            this.number = Asn1Util.expect(expect.getObjectAt(0), ASN1Integer.class).getValue();
            this.thisUpdateTime = new DateTime(Asn1Util.expect(expect.getObjectAt(THIS_UPDATE_TIME_INDEX), ASN1GeneralizedTime.class).getDate().getTime(), DateTimeZone.UTC);
            this.nextUpdateTime = new DateTime(Asn1Util.expect(expect.getObjectAt(2), ASN1GeneralizedTime.class).getDate().getTime(), DateTimeZone.UTC);
            this.fileHashAlgorithm = Asn1Util.expect(expect.getObjectAt(FILE_HASH_ALGORHYTHM_INDEX), ASN1ObjectIdentifier.class).getId();
            validationResult.rejectIfFalse(ManifestCms.FILE_HASH_ALGORITHM.equals(this.fileHashAlgorithm), ValidationString.MANIFEST_FILE_HASH_ALGORITHM, this.fileHashAlgorithm);
            this.files = new TreeMap();
            decodeFileList(this.files, expect.getObjectAt(FILE_LIST_INDEX));
        } catch (IllegalArgumentException e) {
            validationResult.error(ValidationString.MANIFEST_CONTENT_STRUCTURE, new String[0]);
        } catch (ParseException e2) {
            validationResult.error(ValidationString.MANIFEST_TIME_FORMAT, new String[0]);
        }
    }

    void decodeFileAndHash(Map<String, byte[]> map, ASN1Encodable aSN1Encodable) {
        ASN1Sequence expect = Asn1Util.expect(aSN1Encodable, ASN1Sequence.class);
        Validate.isTrue(expect.size() == 2, "der sequence does not contain file and hash");
        map.put(Asn1Util.expect(expect.getObjectAt(0), DERIA5String.class).getString(), Asn1Util.expect(expect.getObjectAt(THIS_UPDATE_TIME_INDEX), DERBitString.class).getBytes());
    }

    void decodeFileList(Map<String, byte[]> map, ASN1Encodable aSN1Encodable) {
        ASN1Sequence expect = Asn1Util.expect(aSN1Encodable, ASN1Sequence.class);
        boolean z = false;
        for (int i = 0; i < expect.size(); i += THIS_UPDATE_TIME_INDEX) {
            try {
                decodeFileAndHash(map, expect.getObjectAt(i));
            } catch (IllegalArgumentException e) {
                z = THIS_UPDATE_TIME_INDEX;
            }
        }
        getValidationResult().rejectIfTrue(z, ValidationString.MANIFEST_DECODE_FILELIST, new String[0]);
    }

    @Override // net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectParser
    public void decodeContent(ASN1Encodable aSN1Encodable) {
        decodeManifest(aSN1Encodable);
    }
}
