package org.nhindirect.stagent;

import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.nhindirect.common.crypto.CryptoExtensions;
import org.nhindirect.common.options.OptionsManager;
import org.nhindirect.common.options.OptionsParameter;
import org.nhindirect.stagent.cert.Thumbprint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/agent-8.0.0.jar:org/nhindirect/stagent/DefaultMessageSignatureImpl.class */
public class DefaultMessageSignatureImpl implements MessageSignature {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultMessageSignatureImpl.class);
    private boolean signatureValid;
    private SignerInformation signer;
    private boolean useOrgCertificate;
    private boolean thumbprintVerified;
    private X509Certificate signerCert;
    private boolean m_logDigest;

    public DefaultMessageSignatureImpl(SignerInformation signerInformation, boolean z, X509Certificate x509Certificate) {
        this.m_logDigest = false;
        if (signerInformation == null) {
            throw new IllegalArgumentException();
        }
        this.signer = signerInformation;
        this.signatureValid = false;
        this.useOrgCertificate = z;
        this.thumbprintVerified = false;
        this.signerCert = x509Certificate;
        this.m_logDigest = OptionsParameter.getParamValueAsBoolean(OptionsManager.getInstance().getParameter(OptionsParameter.CRYPTOGRAHPER_LOG_DIGESTS), false);
    }

    public X509Certificate getSignerCert() {
        return this.signerCert;
    }

    public boolean isSignatureValid() {
        return this.signatureValid;
    }

    public SignerInformation getSigner() {
        return this.signer;
    }

    public boolean isUseOrgCertificate() {
        return this.useOrgCertificate;
    }

    public boolean isThumbprintVerified() {
        return this.thumbprintVerified;
    }

    @Override // org.nhindirect.stagent.MessageSignature
    public boolean checkSignature() {
        try {
            this.signatureValid = this.signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(CryptoExtensions.getJCEProviderName()).build(this.signerCert));
        } catch (Exception e) {
            this.signatureValid = false;
        } finally {
            logDigests(this.signer);
        }
        return this.signatureValid;
    }

    private void logDigests(SignerInformation signerInformation) {
        if (!this.m_logDigest || signerInformation == null) {
            return;
        }
        try {
            log.info("Signed Message Digest: {}", Hex.encodeHexString(((ASN1OctetString) signerInformation.getSignedAttributes().get(CMSAttributes.messageDigest).getAttrValues().getObjectAt(0)).getOctets()));
            log.info("Computed Message Digest: {}", Hex.encodeHexString(signerInformation.getContentDigest()));
        } catch (Throwable th) {
        }
    }

    @Override // org.nhindirect.stagent.MessageSignature
    public boolean checkThumbprint(NHINDAddress nHINDAddress) {
        this.thumbprintVerified = false;
        Thumbprint thumbprint = Thumbprint.toThumbprint(getSignerCert());
        if (nHINDAddress.hasCertificates()) {
            Iterator<X509Certificate> it = nHINDAddress.getCertificates().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (thumbprint.equals(Thumbprint.toThumbprint(it.next()))) {
                    this.thumbprintVerified = true;
                    break;
                }
            }
        }
        return this.thumbprintVerified;
    }
}
