package org.jboss.resteasy.security.signing;

import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.jboss.resteasy.security.keys.KeyRepository;

/* loaded from: input_file:WEB-INF/lib/resteasy-jaxrs-2.2-beta-1.jar:org/jboss/resteasy/security/signing/Verifier.class */
public class Verifier {
    protected KeyRepository repository;
    protected List<Verification> verifications = new ArrayList();

    public KeyRepository getRepository() {
        return this.repository;
    }

    public void setRepository(KeyRepository keyRepository) {
        this.repository = keyRepository;
    }

    public Verification addNew() {
        Verification verification = new Verification();
        this.verifications.add(verification);
        return verification;
    }

    public List<Verification> getVerifications() {
        return this.verifications;
    }

    public VerificationResults verify(ContentSignatures contentSignatures, Map map, byte[] bArr) {
        VerificationResults verificationResults = new VerificationResults();
        verificationResults.setVerified(true);
        for (Verification verification : this.verifications) {
            VerificationResultSet verificationResultSet = new VerificationResultSet();
            verificationResults.getResults().add(verificationResultSet);
            verificationResultSet.setVerification(verification);
            String id = verification.getId();
            String signer = verification.getSigner();
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(contentSignatures.getSignatures());
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                ContentSignature contentSignature = (ContentSignature) it.next();
                if (id != null && !id.equals(contentSignature.getId())) {
                    it.remove();
                } else if (signer != null && !signer.equals(contentSignature.getSigner())) {
                    it.remove();
                }
            }
            if (arrayList.isEmpty()) {
                verificationResults.setVerified(false);
            } else {
                verificationResultSet.setVerified(true);
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    VerificationResult verifySignature = verifySignature(contentSignatures, map, bArr, verification, (ContentSignature) it2.next());
                    verificationResultSet.getResults().add(verifySignature);
                    if (!verifySignature.isVerified()) {
                        verificationResultSet.setVerified(false);
                        verificationResults.setVerified(false);
                    }
                }
            }
        }
        return verificationResults;
    }

    public VerificationResult verifySignature(ContentSignatures contentSignatures, Map map, byte[] bArr, Verification verification, ContentSignature contentSignature) {
        VerificationResult verificationResult = new VerificationResult();
        verificationResult.setSignature(contentSignature);
        PublicKey key = verification.getKey();
        if (key == null) {
            String str = null;
            if (verification.getKeyAlias() != null) {
                str = verification.getKeyAlias();
            } else if (verification.getAttributeAlias() != null) {
                str = contentSignature.getAttributes().get(verification.getAttributeAlias());
            }
            if (str == null) {
                verificationResult.setFailureReason("Could not find a key alias");
                return verificationResult;
            }
            if (verification.getRepository() != null) {
                key = verification.getRepository().getPublicKey(str);
            } else if (this.repository != null) {
                key = this.repository.getPublicKey(str);
            }
            if (key == null) {
                verificationResult.setFailureReason("Could not find PublicKey for keyAlias " + str);
                return verificationResult;
            }
        }
        try {
            if (!contentSignature.verify(map, bArr, contentSignatures, key, verification.getAlgorithm(), verification.getAttributes())) {
                verificationResult.setFailureReason("Signature verification failed");
                return verificationResult;
            }
            if (!verification.isIgnoreExpiration() && contentSignature.isExpired()) {
                verificationResult.setFailureReason("Signature expired");
                return verificationResult;
            }
            if (verification.isStaleCheck() && contentSignature.isStale(verification.getStaleSeconds(), verification.getStaleMinutes(), verification.getStaleHours(), verification.getStaleDays(), verification.getStaleMonths(), verification.getStaleYears())) {
                verificationResult.setFailureReason("Signature is stale");
                return verificationResult;
            }
            verificationResult.setVerified(true);
            return verificationResult;
        } catch (Exception e) {
            verificationResult.setFailureException(e);
            return verificationResult;
        }
    }
}
