package at.gv.egiz.pdfas.lib.util;

import at.gv.egiz.pdfas.common.exceptions.ErrorConstants;
import at.gv.egiz.pdfas.common.exceptions.PDFASError;
import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
import iaik.cms.CMSException;
import iaik.cms.SignedData;
import iaik.cms.SignerInfo;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.SignatureException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/egiz/pdfas/lib/util/SignatureUtils.class */
public class SignatureUtils implements ErrorConstants {
    private static final Logger logger = LoggerFactory.getLogger(SignatureUtils.class);

    public static VerifyResult verifySignature(byte[] bArr, byte[] bArr2) throws PDFASError {
        try {
            SignedData signedData = new SignedData(new ByteArrayInputStream(bArr));
            signedData.setContent(bArr2);
            SignerInfo[] signerInfos = signedData.getSignerInfos();
            if (signerInfos.length == 0) {
                logger.error("Invalid signature (no signer information)");
                throw new PDFASError(11008L);
            }
            if (signerInfos.length != 1) {
                logger.error("Invalid signature (multiple signer information)");
                throw new PDFASError(11008L);
            }
            VerifyResultImpl verifyResultImpl = new VerifyResultImpl();
            try {
                logger.info("Signature Algo: {}, Digest {}", signedData.getSignerInfos()[0].getSignatureAlgorithm(), signedData.getSignerInfos()[0].getDigestAlgorithm());
                X509Certificate verify = signedData.verify(0);
                logger.info("Signature OK from signer: " + verify.getSubjectDN());
                verifyResultImpl.setSignerCertificate(verify);
                return verifyResultImpl;
            } catch (SignatureException e) {
                logger.error("Signature ERROR from signer: " + signedData.getCertificate(signerInfos[0].getSignerIdentifier()).getSubjectDN(), e);
                verifyResultImpl.setSignerCertificate(signedData.getCertificate(signerInfos[0].getSignerIdentifier()));
                throw new PDFASError(11008L, e);
            }
        } catch (IOException e2) {
            throw new PDFASError(11008L, e2);
        } catch (CMSException e3) {
            throw new PDFASError(11008L, e3);
        }
    }
}
