package de.governikus.bea.beaToolkit.validator.vhn2;

import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;

/* loaded from: input_file:de/governikus/bea/beaToolkit/validator/vhn2/Vhn2SignatureValidationServiceImpl.class */
public class Vhn2SignatureValidationServiceImpl implements Vhn2SignatureValidationService {
    private static final Logger LOG = LogManager.getLogger(Vhn2SignatureValidationServiceImpl.class);
    private static final KeyStore VHN_ISSUER_KEY_STORE = getIssuerKeyStore();
    private static final String VHN2_ISSUER_TRUST_STORE = "vhn2_issuer_trust_store.p12";

    @Override // de.governikus.bea.beaToolkit.validator.vhn2.Vhn2SignatureValidationService
    public Vhn2CertificateIssuer getCertificateIssuer(X509Certificate x509Certificate) {
        String name = x509Certificate.getIssuerX500Principal().getName("RFC2253");
        if (null == VHN_ISSUER_KEY_STORE) {
            return Vhn2CertificateIssuer.UNKNOWN;
        }
        try {
            Enumeration<String> aliases = VHN_ISSUER_KEY_STORE.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = VHN_ISSUER_KEY_STORE.getCertificate(nextElement);
                if (name.equals(((X509Certificate) certificate).getSubjectX500Principal().getName("RFC2253"))) {
                    try {
                        x509Certificate.verify(certificate.getPublicKey());
                        return Vhn2CertificateIssuer.getByAlias(nextElement);
                    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
                        LOG.error("Error during verification of the certificate", e);
                        return Vhn2CertificateIssuer.UNKNOWN;
                    }
                }
            }
            return Vhn2CertificateIssuer.UNKNOWN;
        } catch (KeyStoreException e2) {
            LOG.error("Error during retrieving data the vhn issuer trust store", e2);
            return Vhn2CertificateIssuer.UNKNOWN;
        }
    }

    @Override // de.governikus.bea.beaToolkit.validator.vhn2.Vhn2SignatureValidationService
    public boolean checkIfSignatureIsDetached(byte[] bArr) {
        try {
            return new CMSSignedData(bArr).isDetachedSignature();
        } catch (CMSException e) {
            LOG.warn("Exception by checking if signature is detached. CMS Signed data could not be created.");
            return false;
        }
    }

    static KeyStore getIssuerKeyStore() {
        InputStream resourceAsStream = Vhn2SignatureValidationServiceImpl.class.getResourceAsStream(VHN2_ISSUER_TRUST_STORE);
        try {
            if (resourceAsStream == null) {
                return null;
            }
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
                keyStore.load(resourceAsStream, "123456".toCharArray());
                try {
                    resourceAsStream.close();
                } catch (IOException e) {
                    LOG.debug("", e);
                }
                return keyStore;
            } catch (Exception e2) {
                LOG.error("Trust store with root certificates for vhn could not be opened", e2);
                try {
                    resourceAsStream.close();
                } catch (IOException e3) {
                    LOG.debug("", e3);
                }
                return null;
            }
        } catch (Throwable th) {
            try {
                resourceAsStream.close();
            } catch (IOException e4) {
                LOG.debug("", e4);
            }
            throw th;
        }
    }
}
