package com.csii.pe.common.security.command;

import com.csii.pe.common.security.DigitalSignatureUtil;
import com.csii.pe.common.util.CsiiUtils;
import com.csii.pe.common.util.Hex2Byte;
import com.csii.pe.core.Context;
import com.csii.pe.core.PeException;
import com.csii.pe.validation.ValidationException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: classes.dex */
public class CSIIStreamChannelDigitalSignatureValidator implements DigitalSignatureValidator {
    private List f;
    protected Log log = LogFactory.getLog(getClass());
    private String e = DigitalSignatureUtil.MD5_RSA;

    public List getIssuers() {
        return this.f;
    }

    public void setIssuers(List list) {
        this.f = list;
    }

    public void setSignatureAlgorithm(String str) {
        this.e = str;
    }

    @Override // com.csii.pe.common.security.command.DigitalSignatureValidator
    public void verify(Context context) throws PeException {
        byte[] bArr = (byte[]) context.getRequestAttribute("dataPart");
        byte[] bArr2 = (byte[]) context.getRequestAttribute("signaturePart");
        if (bArr == null || bArr2 == null) {
            throw new ValidationException("invalid_signature_data");
        }
        String str = new String(bArr2);
        Object clientCertificate = context.getUser() != null ? context.getUser().getClientCertificate() : CsiiUtils.getClientCertificate(context, this.f);
        if (clientCertificate == null) {
            throw new ValidationException("invalid_client_cert");
        }
        byte[] hex2Byte = Hex2Byte.hex2Byte(str);
        try {
            if (clientCertificate instanceof X509Certificate) {
                if (!verify((X509Certificate) clientCertificate, this.e, bArr, hex2Byte)) {
                    throw new ValidationException("invalid_signature");
                }
            } else if (!verify((javax.security.cert.X509Certificate) clientCertificate, this.e, bArr, hex2Byte)) {
                throw new ValidationException("invalid_signature");
            }
        } catch (Exception e) {
            this.log.error("invalid signature", e);
            throw new ValidationException("invalid_signature", e);
        }
    }

    protected boolean verify(Certificate certificate, String str, byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        return DigitalSignatureUtil.verify(certificate, str, bArr, bArr2);
    }

    protected boolean verify(javax.security.cert.Certificate certificate, String str, byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        return DigitalSignatureUtil.verify(certificate, str, bArr, bArr2);
    }
}
