package xch.bouncycastle.tsp;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import xch.bouncycastle.asn1.ASN1InputStream;
import xch.bouncycastle.asn1.cms.Attribute;
import xch.bouncycastle.asn1.cms.AttributeTable;
import xch.bouncycastle.asn1.cms.ContentInfo;
import xch.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import xch.bouncycastle.asn1.ess.ESSCertID;
import xch.bouncycastle.asn1.ess.ESSCertIDv2;
import xch.bouncycastle.asn1.ess.SigningCertificate;
import xch.bouncycastle.asn1.ess.SigningCertificateV2;
import xch.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import xch.bouncycastle.asn1.tsp.TSTInfo;
import xch.bouncycastle.asn1.x500.X500Name;
import xch.bouncycastle.asn1.x509.GeneralName;
import xch.bouncycastle.asn1.x509.X509Name;
import xch.bouncycastle.cert.X509CertificateHolder;
import xch.bouncycastle.cms.CMSException;
import xch.bouncycastle.cms.CMSProcessable;
import xch.bouncycastle.cms.CMSSignedData;
import xch.bouncycastle.cms.SignerId;
import xch.bouncycastle.cms.SignerInformation;
import xch.bouncycastle.cms.SignerInformationVerifier;
import xch.bouncycastle.jce.PrincipalUtil;
import xch.bouncycastle.jce.X509Principal;
import xch.bouncycastle.operator.DigestCalculator;
import xch.bouncycastle.operator.OperatorCreationException;
import xch.bouncycastle.util.Arrays;
import xch.bouncycastle.util.Store;

/* loaded from: classes.dex */
public class TimeStampToken {

    /* renamed from: a, reason: collision with root package name */
    CMSSignedData f1143a;
    SignerInformation b;
    Date c;
    TimeStampTokenInfo d;
    b e;

    public TimeStampToken(ContentInfo contentInfo) {
        this(a(contentInfo));
    }

    public TimeStampToken(CMSSignedData cMSSignedData) {
        this.f1143a = cMSSignedData;
        if (!this.f1143a.getSignedContentTypeOID().equals(PKCSObjectIdentifiers.au.c())) {
            throw new TSPValidationException("ContentInfo object not for a time stamp.");
        }
        Collection signers = this.f1143a.getSignerInfos().getSigners();
        if (signers.size() != 1) {
            throw new IllegalArgumentException("Time-stamp token signed by " + signers.size() + " signers, but it must contain just the TSA signature.");
        }
        this.b = (SignerInformation) signers.iterator().next();
        try {
            CMSProcessable signedContent = this.f1143a.getSignedContent();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            signedContent.write(byteArrayOutputStream);
            this.d = new TimeStampTokenInfo(TSTInfo.a(new ASN1InputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).b()));
            Attribute a2 = this.b.getSignedAttributes().a(PKCSObjectIdentifiers.aL);
            if (a2 != null) {
                this.e = new b(this, ESSCertID.a(SigningCertificate.a(a2.d().a(0)).c()[0]));
                return;
            }
            Attribute a3 = this.b.getSignedAttributes().a(PKCSObjectIdentifiers.aM);
            if (a3 == null) {
                throw new TSPValidationException("no signing certificate attribute found, time stamp invalid.");
            }
            this.e = new b(this, ESSCertIDv2.a(SigningCertificateV2.a(a3.d().a(0)).c()[0]));
        } catch (CMSException e) {
            throw new TSPException(e.getMessage(), e.getUnderlyingException());
        }
    }

    private CertStore a(String str, String str2) {
        return this.f1143a.getCertificatesAndCRLs(str, str2);
    }

    private static CMSSignedData a(ContentInfo contentInfo) {
        try {
            return new CMSSignedData(contentInfo);
        } catch (CMSException e) {
            throw new TSPException("TSP parsing error: " + e.getMessage(), e.getCause());
        }
    }

    private void a(X509Certificate x509Certificate, String str) {
        boolean z = false;
        try {
            if (!Arrays.b(this.e.c(), MessageDigest.getInstance(this.e.a()).digest(x509Certificate.getEncoded()))) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            if (this.e.d() != null) {
                if (!this.e.d().d().c().equals(x509Certificate.getSerialNumber())) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                GeneralName[] c = this.e.d().c().c();
                X509Principal a2 = PrincipalUtil.a(x509Certificate);
                int i = 0;
                while (true) {
                    if (i != c.length) {
                        if (c[i].c() == 4 && new X509Principal(X509Name.a(c[i].d())).equals(a2)) {
                            z = true;
                            break;
                        }
                        i++;
                    } else {
                        break;
                    }
                }
                if (!z) {
                    throw new TSPValidationException("certificate name does not match certID for signature. ");
                }
            }
            TSPUtil.a(x509Certificate);
            x509Certificate.checkValidity(this.d.b);
            if (!this.b.verify(x509Certificate, str)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
        } catch (CMSException e) {
            if (e.getUnderlyingException() == null) {
                throw new TSPException("CMS exception: " + e, e);
            }
            throw new TSPException(e.getMessage(), e.getUnderlyingException());
        } catch (NoSuchAlgorithmException e2) {
            throw new TSPException("cannot find algorithm: " + e2, e2);
        } catch (CertificateEncodingException e3) {
            throw new TSPException("problem processing certificate: " + e3, e3);
        }
    }

    private void a(SignerInformationVerifier signerInformationVerifier) {
        boolean z = false;
        if (!signerInformationVerifier.hasAssociatedCertificate()) {
            throw new IllegalArgumentException("verifier provider needs an associated certificate");
        }
        try {
            X509CertificateHolder associatedCertificate = signerInformationVerifier.getAssociatedCertificate();
            DigestCalculator digestCalculator = signerInformationVerifier.getDigestCalculator(this.e.b());
            OutputStream b = digestCalculator.b();
            b.write(associatedCertificate.g());
            b.close();
            if (!Arrays.b(this.e.c(), digestCalculator.c())) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            if (this.e.d() != null) {
                IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(associatedCertificate.f());
                if (!this.e.d().d().equals(issuerAndSerialNumber.d())) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                GeneralName[] c = this.e.d().c().c();
                int i = 0;
                while (true) {
                    if (i != c.length) {
                        if (c[i].c() == 4 && X500Name.a(c[i].d()).equals(X500Name.a(issuerAndSerialNumber.c()))) {
                            z = true;
                            break;
                        }
                        i++;
                    } else {
                        break;
                    }
                }
                if (!z) {
                    throw new TSPValidationException("certificate name does not match certID for signature. ");
                }
            }
            TSPUtil.a(associatedCertificate);
            if (!associatedCertificate.a(this.d.b)) {
                throw new TSPValidationException("certificate not valid when time stamp created.");
            }
            if (!this.b.verify(signerInformationVerifier)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
        } catch (CMSException e) {
            if (e.getUnderlyingException() == null) {
                throw new TSPException("CMS exception: " + e, e);
            }
            throw new TSPException(e.getMessage(), e.getUnderlyingException());
        } catch (IOException e2) {
            throw new TSPException("problem processing certificate: " + e2, e2);
        } catch (OperatorCreationException e3) {
            throw new TSPException("unable to create digest: " + e3.getMessage(), e3);
        }
    }

    private boolean b(SignerInformationVerifier signerInformationVerifier) {
        try {
            return this.b.verify(signerInformationVerifier);
        } catch (CMSException e) {
            if (e.getUnderlyingException() != null) {
                throw new TSPException(e.getMessage(), e.getUnderlyingException());
            }
            throw new TSPException("CMS exception: " + e, e);
        }
    }

    private SignerId d() {
        return this.b.getSID();
    }

    private AttributeTable e() {
        return this.b.getSignedAttributes();
    }

    private AttributeTable f() {
        return this.b.getUnsignedAttributes();
    }

    private Store g() {
        return this.f1143a.getCertificates();
    }

    private Store h() {
        return this.f1143a.getCRLs();
    }

    private Store i() {
        return this.f1143a.getAttributeCertificates();
    }

    public final TimeStampTokenInfo a() {
        return this.d;
    }

    public final CMSSignedData b() {
        return this.f1143a;
    }

    public final byte[] c() {
        return this.f1143a.getEncoded();
    }
}
