package se.swedenconnect.ca.cmc.auth.impl;

import java.util.ArrayList;
import java.util.List;
import lombok.Generated;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.cmc.CMCObjectIdentifiers;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSSignedData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.ca.cmc.api.CMCMessageException;
import se.swedenconnect.ca.cmc.auth.CMCAuthorizationException;
import se.swedenconnect.ca.cmc.auth.CMCValidationException;
import se.swedenconnect.ca.cmc.auth.CMCValidationResult;
import se.swedenconnect.ca.cmc.auth.CMCValidator;

/* loaded from: input_file:se/swedenconnect/ca/cmc/auth/impl/AbstractCMCValidator.class */
public abstract class AbstractCMCValidator implements CMCValidator {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(AbstractCMCValidator.class);

    @Override // se.swedenconnect.ca.cmc.auth.CMCValidator
    public CMCValidationResult validateCMC(byte[] bArr) {
        CMSSignedData cMSSignedData;
        ASN1ObjectIdentifier contentType;
        CMCValidationResult cMCValidationResult = new CMCValidationResult();
        if (isSimpleCMCResponse(cMCValidationResult, bArr)) {
            return cMCValidationResult;
        }
        try {
            cMSSignedData = new CMSSignedData(bArr);
            contentType = cMSSignedData.getSignedContent().getContentType();
        } catch (CMCAuthorizationException e) {
            cMCValidationResult.setValid(false);
            cMCValidationResult.setException(e);
            cMCValidationResult.setErrorMessage(e.getMessage());
        } catch (CMCValidationException e2) {
            cMCValidationResult.setValid(false);
            cMCValidationResult.setException(e2);
            cMCValidationResult.setErrorMessage("CMC signature validation failed: " + e2.getMessage());
        } catch (Exception e3) {
            cMCValidationResult.setValid(false);
            cMCValidationResult.setException(e3);
            cMCValidationResult.setErrorMessage("Error parsing CMC message: " + e3.toString());
        }
        if (!contentType.equals(CMCObjectIdentifiers.id_cct_PKIData) && !contentType.equals(CMCObjectIdentifiers.id_cct_PKIResponse)) {
            cMCValidationResult.setValid(false);
            cMCValidationResult.setErrorMessage("Illegal CMC data content type");
            cMCValidationResult.setException(new CMCMessageException("Illegal CMC data content type"));
            return cMCValidationResult;
        }
        cMCValidationResult.setContentType(contentType);
        cMCValidationResult.setSignedData(cMSSignedData);
        List<X509CertificateHolder> verifyCMSSignature = verifyCMSSignature(cMSSignedData);
        verifyAuthorization(verifyCMSSignature.get(0), contentType, cMSSignedData);
        cMCValidationResult.setSignerCertificatePath(verifyCMSSignature);
        cMCValidationResult.setSimpleResponse(false);
        cMCValidationResult.setValid(true);
        return cMCValidationResult;
    }

    protected abstract List<X509CertificateHolder> verifyCMSSignature(CMSSignedData cMSSignedData) throws CMCValidationException;

    protected abstract void verifyAuthorization(X509CertificateHolder x509CertificateHolder, ASN1ObjectIdentifier aSN1ObjectIdentifier, CMSSignedData cMSSignedData) throws CMCAuthorizationException;

    private boolean isSimpleCMCResponse(CMCValidationResult cMCValidationResult, byte[] bArr) {
        new ArrayList();
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
            try {
                ContentInfo contentInfo = ContentInfo.getInstance(aSN1InputStream.readObject());
                if (!contentInfo.getContentType().equals(CMSObjectIdentifiers.signedData)) {
                    aSN1InputStream.close();
                    return false;
                }
                ASN1Set signerInfos = SignedData.getInstance(contentInfo.getContent()).getSignerInfos();
                if (signerInfos != null) {
                    if (signerInfos.size() > 0) {
                        aSN1InputStream.close();
                        return false;
                    }
                }
                aSN1InputStream.close();
                return true;
            } finally {
            }
        } catch (Exception e) {
            log.debug("Failed to parse response as valid CMS data");
            return false;
        }
    }
}
