package org.spongycastle.tsp;

import c.a.a;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Collection;
import java.util.Date;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.cms.Attribute;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.asn1.cms.ContentInfo;
import org.spongycastle.asn1.cms.IssuerAndSerialNumber;
import org.spongycastle.asn1.ess.ESSCertID;
import org.spongycastle.asn1.ess.ESSCertIDv2;
import org.spongycastle.asn1.ess.SigningCertificate;
import org.spongycastle.asn1.ess.SigningCertificateV2;
import org.spongycastle.asn1.nist.NISTObjectIdentifiers;
import org.spongycastle.asn1.oiw.OIWObjectIdentifiers;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.tsp.TSTInfo;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.IssuerSerial;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.CMSTypedData;
import org.spongycastle.cms.SignerId;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.SignerInformationVerifier;
import org.spongycastle.operator.DigestCalculator;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.Store;

/* loaded from: classes2.dex */
public class TimeStampToken {

    /* renamed from: a, reason: collision with root package name */
    public Date f21295a;

    /* renamed from: b, reason: collision with root package name */
    public CMSSignedData f21296b;

    /* renamed from: c, reason: collision with root package name */
    public SignerInformation f21297c;

    /* renamed from: d, reason: collision with root package name */
    public CertID f21298d;

    /* renamed from: e, reason: collision with root package name */
    public TimeStampTokenInfo f21299e;

    /* loaded from: classes2.dex */
    public class CertID {

        /* renamed from: a, reason: collision with root package name */
        public ESSCertID f21300a;

        /* renamed from: b, reason: collision with root package name */
        public ESSCertIDv2 f21301b;

        public CertID(ESSCertID eSSCertID) {
            this.f21300a = eSSCertID;
            this.f21301b = null;
        }

        public CertID(ESSCertIDv2 eSSCertIDv2) {
            this.f21301b = eSSCertIDv2;
            this.f21300a = null;
        }

        public String d() {
            return this.f21300a != null ? "SHA-1" : NISTObjectIdentifiers.f16370c.equals(this.f21301b.f().e()) ? "SHA-256" : this.f21301b.f().e().n();
        }

        public AlgorithmIdentifier e() {
            return this.f21300a != null ? new AlgorithmIdentifier(OIWObjectIdentifiers.f16458i) : this.f21301b.f();
        }

        public IssuerSerial f() {
            ESSCertID eSSCertID = this.f21300a;
            return eSSCertID != null ? eSSCertID.d() : this.f21301b.g();
        }

        public byte[] g() {
            ESSCertID eSSCertID = this.f21300a;
            return eSSCertID != null ? eSSCertID.e() : this.f21301b.h();
        }
    }

    public TimeStampToken(ContentInfo contentInfo) {
        this(f(contentInfo));
    }

    public TimeStampToken(CMSSignedData cMSSignedData) {
        this.f21296b = cMSSignedData;
        if (!this.f21296b.j().equals(PKCSObjectIdentifiers.ce.n())) {
            throw new TSPValidationException("ContentInfo object not for a time stamp.");
        }
        Collection<SignerInformation> c2 = this.f21296b.n().c();
        if (c2.size() != 1) {
            StringBuilder ae = a.ae("Time-stamp token signed by ");
            ae.append(c2.size());
            ae.append(" signers, but it must contain just the TSA signature.");
            throw new IllegalArgumentException(ae.toString());
        }
        this.f21297c = c2.iterator().next();
        try {
            CMSTypedData m = this.f21296b.m();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            m.e(byteArrayOutputStream);
            this.f21299e = new TimeStampTokenInfo(TSTInfo.k(new ASN1InputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).l()));
            Attribute f2 = this.f21297c.s().f(PKCSObjectIdentifiers.cy);
            if (f2 != null) {
                this.f21298d = new CertID(ESSCertID.c(SigningCertificate.c(f2.e().f(0)).d()[0]));
                return;
            }
            Attribute f3 = this.f21297c.s().f(PKCSObjectIdentifiers.cz);
            if (f3 == null) {
                throw new TSPValidationException("no signing certificate attribute found, time stamp invalid.");
            }
            this.f21298d = new CertID(ESSCertIDv2.e(SigningCertificateV2.c(f3.e().f(0)).d()[0]));
        } catch (CMSException e2) {
            throw new TSPException(e2.getMessage(), e2.b());
        }
    }

    public static CMSSignedData f(ContentInfo contentInfo) {
        try {
            return new CMSSignedData(contentInfo);
        } catch (CMSException e2) {
            StringBuilder ae = a.ae("TSP parsing error: ");
            ae.append(e2.getMessage());
            throw new TSPException(ae.toString(), e2.getCause());
        }
    }

    public AttributeTable g() {
        return this.f21297c.s();
    }

    public CMSSignedData h() {
        return this.f21296b;
    }

    public SignerId i() {
        return this.f21297c.v();
    }

    public TimeStampTokenInfo j() {
        return this.f21299e;
    }

    public Store k() {
        return this.f21296b.o();
    }

    public void l(SignerInformationVerifier signerInformationVerifier) {
        if (!signerInformationVerifier.h()) {
            throw new IllegalArgumentException("verifier provider needs an associated certificate");
        }
        try {
            X509CertificateHolder e2 = signerInformationVerifier.e();
            DigestCalculator g2 = signerInformationVerifier.g(this.f21298d.e());
            OutputStream b2 = g2.b();
            b2.write(e2.getEncoded());
            b2.close();
            if (!Arrays.ay(this.f21298d.g(), g2.d())) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            if (this.f21298d.f() != null) {
                IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(e2.k());
                if (!this.f21298d.f().f().equals(issuerAndSerialNumber.d())) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                GeneralName[] e3 = this.f21298d.f().h().e();
                boolean z = false;
                int i2 = 0;
                while (true) {
                    if (i2 != e3.length) {
                        if (e3[i2].n() == 4 && X500Name.f(e3[i2].o()).equals(X500Name.f(issuerAndSerialNumber.e()))) {
                            z = true;
                            break;
                        }
                        i2++;
                    } else {
                        break;
                    }
                }
                if (!z) {
                    throw new TSPValidationException("certificate name does not match certID for signature. ");
                }
            }
            TSPUtil.h(e2);
            if (!e2.p(this.f21299e.d())) {
                throw new TSPValidationException("certificate not valid when time stamp created.");
            }
            if (!this.f21297c.y(signerInformationVerifier)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
        } catch (IOException e4) {
            throw new TSPException(a.p("problem processing certificate: ", e4), e4);
        } catch (CMSException e5) {
            if (e5.b() != null) {
                throw new TSPException(e5.getMessage(), e5.b());
            }
            throw new TSPException("CMS exception: " + e5, e5);
        } catch (OperatorCreationException e6) {
            StringBuilder ae = a.ae("unable to create digest: ");
            ae.append(e6.getMessage());
            throw new TSPException(ae.toString(), e6);
        }
    }

    public boolean m(SignerInformationVerifier signerInformationVerifier) {
        try {
            return this.f21297c.y(signerInformationVerifier);
        } catch (CMSException e2) {
            if (e2.b() != null) {
                throw new TSPException(e2.getMessage(), e2.b());
            }
            throw new TSPException("CMS exception: " + e2, e2);
        }
    }

    public byte[] n() {
        return this.f21296b.getEncoded();
    }

    public AttributeTable o() {
        return this.f21297c.ab();
    }

    public Store p() {
        return this.f21296b.t();
    }

    public Store q() {
        return this.f21296b.v();
    }
}
