package net.ripe.rpki.commons.crypto.cms.manifest;

import java.math.BigInteger;
import java.net.URI;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import net.ripe.rpki.commons.crypto.cms.RpkiSignedObject;
import net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectInfo;
import net.ripe.rpki.commons.crypto.crl.X509Crl;
import net.ripe.rpki.commons.util.Specification;
import net.ripe.rpki.commons.util.UTC;
import net.ripe.rpki.commons.validation.ValidationLocation;
import net.ripe.rpki.commons.validation.ValidationOptions;
import net.ripe.rpki.commons.validation.ValidationResult;
import net.ripe.rpki.commons.validation.ValidationString;
import net.ripe.rpki.commons.validation.objectvalidators.CertificateRepositoryObjectValidationContext;
import net.ripe.rpki.commons.validation.objectvalidators.ResourceValidatorFactory;
import org.apache.commons.lang.Validate;
import org.apache.commons.lang.builder.ToStringBuilder;
import org.apache.commons.lang.builder.ToStringStyle;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.joda.time.DateTime;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/cms/manifest/ManifestCms.class */
public class ManifestCms extends RpkiSignedObject {
    private static final long serialVersionUID = 1;
    public static final int DEFAULT_VERSION = 0;
    public static final String CONTENT_TYPE_OID = "1.2.840.113549.1.9.16.1.26";
    public static final String FILE_HASH_ALGORITHM = CMSSignedDataGenerator.DIGEST_SHA256;
    private Map<String, byte[]> hashes;
    private ManifestCmsGeneralInfo manifestCmsGeneralInfo;

    /* loaded from: input_file:net/ripe/rpki/commons/crypto/cms/manifest/ManifestCms$FileContentSpecification.class */
    public static class FileContentSpecification implements Specification<byte[]> {
        private byte[] hash;

        public FileContentSpecification(byte[] bArr) {
            this.hash = Arrays.copyOf(bArr, bArr.length);
        }

        public byte[] getHash() {
            return Arrays.copyOf(this.hash, this.hash.length);
        }

        @Override // net.ripe.rpki.commons.util.Specification
        public boolean isSatisfiedBy(byte[] bArr) {
            return Arrays.equals(this.hash, ManifestCms.hashContents(bArr));
        }

        public int hashCode() {
            return (31 * 1) + Arrays.hashCode(this.hash);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj != null && getClass() == obj.getClass()) {
                return Arrays.equals(this.hash, ((FileContentSpecification) obj).hash);
            }
            return false;
        }

        public String toString() {
            return new ToStringBuilder(this, ToStringStyle.SHORT_PREFIX_STYLE).append("hash", this.hash).toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ManifestCms(RpkiSignedObjectInfo rpkiSignedObjectInfo, ManifestCmsGeneralInfo manifestCmsGeneralInfo, Map<String, byte[]> map) {
        super(rpkiSignedObjectInfo);
        this.manifestCmsGeneralInfo = manifestCmsGeneralInfo;
        this.hashes = map;
    }

    public int getVersion() {
        return this.manifestCmsGeneralInfo.getVersion();
    }

    public BigInteger getNumber() {
        return this.manifestCmsGeneralInfo.getNumber();
    }

    public String getFileHashAlgorithm() {
        return this.manifestCmsGeneralInfo.getFileHashAlgorithm();
    }

    public DateTime getThisUpdateTime() {
        return this.manifestCmsGeneralInfo.getThisUpdateTime();
    }

    public DateTime getNextUpdateTime() {
        return this.manifestCmsGeneralInfo.getNextUpdateTime();
    }

    public int size() {
        return this.hashes.size();
    }

    public boolean containsFile(String str) {
        return this.hashes.containsKey(str);
    }

    public Map<String, byte[]> getHashes() {
        return this.hashes;
    }

    public Map<String, byte[]> getFiles() {
        return getHashes();
    }

    public boolean matchesFiles(Map<String, byte[]> map) {
        if (!this.hashes.keySet().equals(map.keySet())) {
            return false;
        }
        Iterator<Map.Entry<String, byte[]>> it = this.hashes.entrySet().iterator();
        while (it.hasNext()) {
            String key = it.next().getKey();
            if (!verifyFileContents(key, map.get(key))) {
                return false;
            }
        }
        return true;
    }

    public Set<String> getFileNames() {
        return this.hashes.keySet();
    }

    @Override // net.ripe.rpki.commons.crypto.cms.RpkiSignedObject, net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public URI getCrlUri() {
        return getCertificate().findFirstRsyncCrlDistributionPoint();
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public URI getParentCertificateUri() {
        return getCertificate().getParentCertificateUri();
    }

    @Override // net.ripe.rpki.commons.crypto.cms.RpkiSignedObject
    protected void validateWithCrl(String str, CertificateRepositoryObjectValidationContext certificateRepositoryObjectValidationContext, ValidationOptions validationOptions, ValidationResult validationResult, X509Crl x509Crl) {
        validationResult.setLocation(new ValidationLocation(str));
        checkManifestValidityTimes(validationOptions, validationResult);
        ResourceValidatorFactory.getX509ResourceCertificateStrictValidator(certificateRepositoryObjectValidationContext, validationOptions, validationResult, x509Crl).validate(str, getCertificate());
    }

    private void checkManifestValidityTimes(ValidationOptions validationOptions, ValidationResult validationResult) {
        validationResult.warnIfTrue(UTC.dateTime().isAfter(getNextUpdateTime()), ValidationString.MANIFEST_PAST_NEXT_UPDATE_TIME, new String[0]);
    }

    @Deprecated
    public byte[] getHash(String str) {
        return this.hashes.get(str);
    }

    public boolean verifyFileContents(String str, byte[] bArr) {
        return getFileContentSpecification(str).isSatisfiedBy(bArr);
    }

    public FileContentSpecification getFileContentSpecification(String str) {
        Validate.isTrue(containsFile(str));
        return new FileContentSpecification(getHash(str));
    }

    public static byte[] hashContents(byte[] bArr) {
        SHA256Digest sHA256Digest = new SHA256Digest();
        sHA256Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[sHA256Digest.getDigestSize()];
        sHA256Digest.doFinal(bArr2, 0);
        return bArr2;
    }
}
