package org.bitrepository.protocol.security;

import java.security.cert.X509Certificate;
import org.bitrepository.protocol.security.exception.MessageAuthenticationException;
import org.bitrepository.protocol.security.exception.PermissionStoreException;
import org.bitrepository.protocol.security.exception.SecurityException;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.OperatorCreationException;

/* loaded from: input_file:WEB-INF/lib/bitrepository-core-1.2.0.3.jar:org/bitrepository/protocol/security/BasicMessageAuthenticator.class */
public class BasicMessageAuthenticator implements MessageAuthenticator {
    private final PermissionStore permissionStore;

    public BasicMessageAuthenticator(PermissionStore permissionStore) {
        this.permissionStore = permissionStore;
    }

    @Override // org.bitrepository.protocol.security.MessageAuthenticator
    public SignerId authenticateMessage(byte[] bArr, byte[] bArr2) throws MessageAuthenticationException {
        try {
            SignerInformation signerInformation = (SignerInformation) new CMSSignedData(new CMSProcessableByteArray(bArr), bArr2).getSignerInfos().getSigners().iterator().next();
            X509Certificate certificate = this.permissionStore.getCertificate(signerInformation.getSID());
            if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(SecurityModuleConstants.BC).build(certificate))) {
                return signerInformation.getSID();
            }
            throw new MessageAuthenticationException("Signature does not match the message. Indicated certificate did not sign message. Certificate issuer: " + certificate.getIssuerX500Principal().getName() + ", serial: " + certificate.getSerialNumber());
        } catch (PermissionStoreException e) {
            throw new MessageAuthenticationException(e.getMessage(), e);
        } catch (CMSException e2) {
            throw new SecurityException(e2.getMessage(), e2);
        } catch (OperatorCreationException e3) {
            throw new SecurityException(e3.getMessage(), e3);
        }
    }
}
