package xch.bouncycastle.tsp;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import xch.bouncycastle.asn1.ASN1Encodable;
import xch.bouncycastle.asn1.ASN1EncodableVector;
import xch.bouncycastle.asn1.ASN1InputStream;
import xch.bouncycastle.asn1.ASN1ObjectIdentifier;
import xch.bouncycastle.asn1.ASN1OctetString;
import xch.bouncycastle.asn1.ASN1Set;
import xch.bouncycastle.asn1.cms.Attribute;
import xch.bouncycastle.asn1.cms.AttributeTable;
import xch.bouncycastle.asn1.cms.ContentInfo;
import xch.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import xch.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import xch.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import xch.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import xch.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
import xch.bouncycastle.asn1.x509.ExtendedKeyUsage;
import xch.bouncycastle.asn1.x509.Extension;
import xch.bouncycastle.asn1.x509.Extensions;
import xch.bouncycastle.asn1.x509.ExtensionsGenerator;
import xch.bouncycastle.asn1.x509.KeyPurposeId;
import xch.bouncycastle.asn1.x509.X509Extensions;
import xch.bouncycastle.cert.X509CertificateHolder;
import xch.bouncycastle.cms.SignerInformation;
import xch.bouncycastle.operator.DigestCalculator;
import xch.bouncycastle.operator.DigestCalculatorProvider;
import xch.bouncycastle.operator.OperatorCreationException;
import xch.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
public class TSPUtil {

    /* renamed from: a, reason: collision with root package name */
    private static Set f1138a = Collections.unmodifiableSet(new HashSet());
    private static List b = Collections.unmodifiableList(new ArrayList());
    private static final Map c = new HashMap();
    private static final Map d = new HashMap();

    static {
        c.put(PKCSObjectIdentifiers.G.c(), new Integer(16));
        c.put(OIWObjectIdentifiers.i.c(), new Integer(20));
        c.put(NISTObjectIdentifiers.e.c(), new Integer(28));
        c.put(NISTObjectIdentifiers.b.c(), new Integer(32));
        c.put(NISTObjectIdentifiers.c.c(), new Integer(48));
        c.put(NISTObjectIdentifiers.d.c(), new Integer(64));
        c.put(TeleTrusTObjectIdentifiers.c.c(), new Integer(16));
        c.put(TeleTrusTObjectIdentifiers.b.c(), new Integer(20));
        c.put(TeleTrusTObjectIdentifiers.d.c(), new Integer(32));
        c.put(CryptoProObjectIdentifiers.b.c(), new Integer(32));
        d.put(PKCSObjectIdentifiers.G.c(), "MD5");
        d.put(OIWObjectIdentifiers.i.c(), "SHA1");
        d.put(NISTObjectIdentifiers.e.c(), "SHA224");
        d.put(NISTObjectIdentifiers.b.c(), "SHA256");
        d.put(NISTObjectIdentifiers.c.c(), "SHA384");
        d.put(NISTObjectIdentifiers.d.c(), "SHA512");
        d.put(PKCSObjectIdentifiers.i_.c(), "SHA1");
        d.put(PKCSObjectIdentifiers.p_.c(), "SHA224");
        d.put(PKCSObjectIdentifiers.m_.c(), "SHA256");
        d.put(PKCSObjectIdentifiers.n_.c(), "SHA384");
        d.put(PKCSObjectIdentifiers.o_.c(), "SHA512");
        d.put(TeleTrusTObjectIdentifiers.c.c(), "RIPEMD128");
        d.put(TeleTrusTObjectIdentifiers.b.c(), "RIPEMD160");
        d.put(TeleTrusTObjectIdentifiers.d.c(), "RIPEMD256");
        d.put(CryptoProObjectIdentifiers.b.c(), "GOST3411");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String a(String str) {
        String str2 = (String) d.get(str);
        return str2 != null ? str2 : str;
    }

    private static MessageDigest a(String str, Provider provider) {
        String a2 = a(str);
        if (provider != null) {
            try {
                return MessageDigest.getInstance(a2, provider);
            } catch (NoSuchAlgorithmException e) {
            }
        }
        return MessageDigest.getInstance(a2);
    }

    private static Collection a(SignerInformation signerInformation, Provider provider) {
        ArrayList arrayList = new ArrayList();
        AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
        if (unsignedAttributes != null) {
            ASN1EncodableVector b2 = unsignedAttributes.b(PKCSObjectIdentifiers.aO);
            for (int i = 0; i < b2.a(); i++) {
                ASN1Set d2 = ((Attribute) b2.a(i)).d();
                for (int i2 = 0; i2 < d2.d(); i2++) {
                    try {
                        TimeStampToken timeStampToken = new TimeStampToken(ContentInfo.a(d2.a(i2)));
                        TimeStampTokenInfo timeStampTokenInfo = timeStampToken.d;
                        if (!Arrays.b(a(timeStampTokenInfo.b().c(), provider).digest(signerInformation.getSignature()), timeStampTokenInfo.c())) {
                            throw new TSPValidationException("Incorrect digest in message imprint");
                        }
                        arrayList.add(timeStampToken);
                    } catch (NoSuchAlgorithmException e) {
                        throw new TSPValidationException("Unknown hash algorithm specified in timestamp");
                    } catch (Exception e2) {
                        throw new TSPValidationException("Timestamp could not be parsed");
                    }
                }
            }
        }
        return arrayList;
    }

    private static Collection a(SignerInformation signerInformation, DigestCalculatorProvider digestCalculatorProvider) {
        ArrayList arrayList = new ArrayList();
        AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
        if (unsignedAttributes != null) {
            ASN1EncodableVector b2 = unsignedAttributes.b(PKCSObjectIdentifiers.aO);
            for (int i = 0; i < b2.a(); i++) {
                ASN1Set d2 = ((Attribute) b2.a(i)).d();
                for (int i2 = 0; i2 < d2.d(); i2++) {
                    try {
                        TimeStampToken timeStampToken = new TimeStampToken(ContentInfo.a(d2.a(i2)));
                        TimeStampTokenInfo timeStampTokenInfo = timeStampToken.d;
                        DigestCalculator a2 = digestCalculatorProvider.a(timeStampTokenInfo.a());
                        OutputStream b3 = a2.b();
                        b3.write(signerInformation.getSignature());
                        b3.close();
                        if (!Arrays.b(a2.c(), timeStampTokenInfo.c())) {
                            throw new TSPValidationException("Incorrect digest in message imprint");
                        }
                        arrayList.add(timeStampToken);
                    } catch (OperatorCreationException e) {
                        throw new TSPValidationException("Unknown hash algorithm specified in timestamp");
                    } catch (Exception e2) {
                        throw new TSPValidationException("Timestamp could not be parsed");
                    }
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List a(Extensions extensions) {
        return extensions == null ? b : Collections.unmodifiableList(java.util.Arrays.asList(extensions.d()));
    }

    private static Set a(X509Extensions x509Extensions) {
        return x509Extensions == null ? f1138a : Collections.unmodifiableSet(new HashSet(java.util.Arrays.asList(x509Extensions.e())));
    }

    public static void a(X509Certificate x509Certificate) {
        if (x509Certificate.getVersion() != 3) {
            throw new IllegalArgumentException("Certificate must have an ExtendedKeyUsage extension.");
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.u.c());
        if (extensionValue == null) {
            throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension.");
        }
        if (!x509Certificate.getCriticalExtensionOIDs().contains(X509Extensions.u.c())) {
            throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension marked as critical.");
        }
        try {
            ExtendedKeyUsage a2 = ExtendedKeyUsage.a(new ASN1InputStream(new ByteArrayInputStream(((ASN1OctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).b()).d())).b());
            if (a2.a(KeyPurposeId.j) && a2.c() == 1) {
            } else {
                throw new TSPValidationException("ExtendedKeyUsage not solely time stamping.");
            }
        } catch (IOException e) {
            throw new TSPValidationException("cannot process ExtendedKeyUsage extension");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(ExtensionsGenerator extensionsGenerator, ASN1ObjectIdentifier aSN1ObjectIdentifier, boolean z, ASN1Encodable aSN1Encodable) {
        try {
            extensionsGenerator.a(aSN1ObjectIdentifier, z, aSN1Encodable);
        } catch (IOException e) {
            throw new TSPIOException("cannot encode extension: " + e.getMessage(), e);
        }
    }

    public static void a(X509CertificateHolder x509CertificateHolder) {
        if (x509CertificateHolder.f().d() != 3) {
            throw new IllegalArgumentException("Certificate must have an ExtendedKeyUsage extension.");
        }
        Extension a2 = x509CertificateHolder.a(Extension.u);
        if (a2 == null) {
            throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension.");
        }
        if (!a2.b()) {
            throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension marked as critical.");
        }
        ExtendedKeyUsage a3 = ExtendedKeyUsage.a(a2.d());
        if (!a3.a(KeyPurposeId.j) || a3.c() != 1) {
            throw new TSPValidationException("ExtendedKeyUsage not solely time stamping.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int b(String str) {
        Integer num = (Integer) c.get(str);
        if (num != null) {
            return num.intValue();
        }
        throw new TSPException("digest algorithm cannot be found.");
    }

    private static Set b(X509Extensions x509Extensions) {
        return x509Extensions == null ? f1138a : Collections.unmodifiableSet(new HashSet(java.util.Arrays.asList(x509Extensions.d())));
    }
}
