package xades4j.verification;

import com.google.inject.Inject;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import javax.security.auth.x500.X500Principal;
import xades4j.properties.QualifyingProperty;
import xades4j.properties.SigningCertificateProperty;
import xades4j.properties.data.CertRef;
import xades4j.properties.data.SigningCertificateData;
import xades4j.providers.MessageDigestEngineProvider;
import xades4j.providers.X500NameStyleProvider;
import xades4j.verification.CertRefUtils;
import xades4j.verification.QualifyingPropertyVerificationContext;

/* loaded from: input_file:xades4j/verification/SigningCertificateVerifier.class */
class SigningCertificateVerifier implements QualifyingPropertyVerifier<SigningCertificateData> {
    private final MessageDigestEngineProvider messageDigestProvider;
    private final X500NameStyleProvider x500NameStyleProvider;

    @Inject
    public SigningCertificateVerifier(MessageDigestEngineProvider messageDigestEngineProvider, X500NameStyleProvider x500NameStyleProvider) {
        this.messageDigestProvider = messageDigestEngineProvider;
        this.x500NameStyleProvider = x500NameStyleProvider;
    }

    @Override // xades4j.verification.QualifyingPropertyVerifier
    public QualifyingProperty verify(SigningCertificateData signingCertificateData, QualifyingPropertyVerificationContext qualifyingPropertyVerificationContext) throws SigningCertificateVerificationException {
        Collection<CertRef> certRefs = signingCertificateData.getCertRefs();
        QualifyingPropertyVerificationContext.CertificationChainData certChainData = qualifyingPropertyVerificationContext.getCertChainData();
        Iterator<X509Certificate> it = certChainData.getCertificateChain().iterator();
        X509Certificate next = it.next();
        CertRef findCertRef = CertRefUtils.findCertRef(next, certRefs, this.x500NameStyleProvider);
        if (null == findCertRef) {
            throw new SigningCertificateReferenceNotFoundException(next);
        }
        X500Principal validationCertIssuer = certChainData.getValidationCertIssuer();
        if (validationCertIssuer != null && (!this.x500NameStyleProvider.fromString(findCertRef.issuerDN).equals(validationCertIssuer) || !findCertRef.serialNumber.equals(certChainData.getValidationCertSerialNumber()))) {
            throw new SigningCertificateIssuerSerialMismatchException(findCertRef.issuerDN, findCertRef.serialNumber, validationCertIssuer.getName(), certChainData.getValidationCertSerialNumber());
        }
        try {
            CertRefUtils.checkCertRef(findCertRef, next, this.messageDigestProvider);
            int i = 1;
            while (it.hasNext()) {
                X509Certificate next2 = it.next();
                CertRef findCertRef2 = CertRefUtils.findCertRef(next2, certRefs, this.x500NameStyleProvider);
                if (null != findCertRef2) {
                    i++;
                    try {
                        CertRefUtils.checkCertRef(findCertRef2, next2, this.messageDigestProvider);
                    } catch (CertRefUtils.InvalidCertRefException e) {
                        throw new SigningCertificateReferenceException(next2, findCertRef2, e);
                    }
                }
            }
            if (i < certRefs.size()) {
                throw new SigningCertificateCertsNotInCertPathException();
            }
            return new SigningCertificateProperty(certChainData.getCertificateChain());
        } catch (CertRefUtils.InvalidCertRefException e2) {
            throw new SigningCertificateReferenceException(next, findCertRef, e2);
        }
    }
}
