package net.ripe.rpki.commons.crypto.cms.manifest;

import java.math.BigInteger;
import java.text.ParseException;
import java.util.Map;
import java.util.TreeMap;
import net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectInfo;
import net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectParser;
import net.ripe.rpki.commons.crypto.util.Asn1Util;
import net.ripe.rpki.commons.util.UTC;
import net.ripe.rpki.commons.validation.ValidationResult;
import net.ripe.rpki.commons.validation.ValidationString;
import org.apache.commons.lang3.Validate;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERIA5String;
import org.joda.time.DateTime;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/cms/manifest/ManifestCmsParser.class */
public class ManifestCmsParser extends RpkiSignedObjectParser {
    private int version = 0;
    private BigInteger number;
    private DateTime thisUpdateTime;
    private DateTime nextUpdateTime;
    private String fileHashAlgorithm;
    private Map<String, byte[]> files;

    @Override // net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectParser
    public void parse(ValidationResult validationResult, byte[] bArr) {
        super.parse(validationResult, bArr);
        if (isSuccess()) {
            validateManifest();
        }
    }

    public boolean isSuccess() {
        return !getValidationResult().hasFailures();
    }

    public ManifestCms getManifestCms() {
        if (isSuccess()) {
            return new ManifestCms(new RpkiSignedObjectInfo(getEncoded(), getResourceCertificate(), getContentType(), getSigningTime()), new ManifestCmsGeneralInfo(this.version, this.number, this.thisUpdateTime, this.nextUpdateTime, this.fileHashAlgorithm), this.files);
        }
        throw new IllegalArgumentException("Manifest validation failed: " + getValidationResult().getFailuresForCurrentLocation());
    }

    private void validateManifest() {
        ValidationResult validationResult = getValidationResult();
        validationResult.rejectIfFalse(new ASN1ObjectIdentifier(ManifestCms.CONTENT_TYPE_OID).equals(getContentType()), ValidationString.MANIFEST_CONTENT_TYPE);
        validationResult.rejectIfFalse(getResourceCertificate().isResourceSetInherited(), ValidationString.MANIFEST_RESOURCE_INHERIT);
    }

    void decodeFileAndHash(Map<String, byte[]> map, ASN1Encodable aSN1Encodable) {
        ASN1Sequence expect = Asn1Util.expect(aSN1Encodable, ASN1Sequence.class);
        Validate.isTrue(expect.size() == 2, "der sequence does not contain file and hash", new Object[0]);
        map.put(Asn1Util.expect(expect.getObjectAt(0), DERIA5String.class).getString(), Asn1Util.expect(expect.getObjectAt(1), DERBitString.class).getBytes());
    }

    void decodeFileList(Map<String, byte[]> map, ASN1Encodable aSN1Encodable) {
        ASN1Sequence expect = Asn1Util.expect(aSN1Encodable, ASN1Sequence.class);
        boolean z = false;
        for (int i = 0; i < expect.size(); i++) {
            try {
                decodeFileAndHash(map, expect.getObjectAt(i));
            } catch (IllegalArgumentException e) {
                z = true;
            }
        }
        getValidationResult().rejectIfTrue(z, ValidationString.MANIFEST_DECODE_FILELIST);
    }

    @Override // net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectParser
    public void decodeAsn1Content(ASN1Encodable aSN1Encodable) {
        ValidationResult validationResult = getValidationResult();
        try {
            ASN1Sequence expect = Asn1Util.expect(aSN1Encodable, ASN1Sequence.class);
            int size = expect.size();
            int i = 0;
            if (size == 6) {
                BigInteger rpkiObjectVersion = getRpkiObjectVersion(expect);
                validationResult.rejectIfFalse(BigInteger.ZERO.equals(rpkiObjectVersion), "mf.version", "manifest version must be 0, but is " + rpkiObjectVersion);
                i = 0 + 1;
            } else if (size == 5) {
                this.version = 0;
            }
            validationResult.rejectIfFalse(size == 5 || size == 6, "mf.content.size");
            if (validationResult.hasFailureForCurrentLocation()) {
                return;
            }
            int i2 = i;
            int i3 = i + 1;
            this.number = Asn1Util.expect(expect.getObjectAt(i2), ASN1Integer.class).getValue();
            int i4 = i3 + 1;
            this.thisUpdateTime = UTC.dateTime(Long.valueOf(Asn1Util.expect(expect.getObjectAt(i3), ASN1GeneralizedTime.class).getDate().getTime()));
            int i5 = i4 + 1;
            this.nextUpdateTime = UTC.dateTime(Long.valueOf(Asn1Util.expect(expect.getObjectAt(i4), ASN1GeneralizedTime.class).getDate().getTime()));
            this.fileHashAlgorithm = Asn1Util.expect(expect.getObjectAt(i5), ASN1ObjectIdentifier.class).getId();
            validationResult.rejectIfFalse(ManifestCms.FILE_HASH_ALGORITHM.equals(this.fileHashAlgorithm), ValidationString.MANIFEST_FILE_HASH_ALGORITHM, this.fileHashAlgorithm);
            this.files = new TreeMap();
            decodeFileList(this.files, expect.getObjectAt(i5 + 1));
        } catch (IllegalArgumentException e) {
            validationResult.error(ValidationString.MANIFEST_CONTENT_STRUCTURE);
        } catch (ParseException e2) {
            validationResult.error(ValidationString.MANIFEST_TIME_FORMAT);
        }
    }
}
