package org.spongycastle.tsp;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Collection;
import java.util.Date;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.cms.Attribute;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.asn1.cms.ContentInfo;
import org.spongycastle.asn1.cms.IssuerAndSerialNumber;
import org.spongycastle.asn1.ess.ESSCertID;
import org.spongycastle.asn1.ess.ESSCertIDv2;
import org.spongycastle.asn1.ess.SigningCertificate;
import org.spongycastle.asn1.ess.SigningCertificateV2;
import org.spongycastle.asn1.nist.NISTObjectIdentifiers;
import org.spongycastle.asn1.oiw.OIWObjectIdentifiers;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.tsp.TSTInfo;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.IssuerSerial;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.CMSTypedData;
import org.spongycastle.cms.SignerId;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.SignerInformationVerifier;
import org.spongycastle.operator.DigestCalculator;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.Store;

/* loaded from: classes3.dex */
public class TimeStampToken {

    /* renamed from: a, reason: collision with root package name */
    CMSSignedData f30922a;

    /* renamed from: b, reason: collision with root package name */
    SignerInformation f30923b;

    /* renamed from: c, reason: collision with root package name */
    Date f30924c;

    /* renamed from: d, reason: collision with root package name */
    TimeStampTokenInfo f30925d;

    /* renamed from: e, reason: collision with root package name */
    CertID f30926e;

    /* loaded from: classes3.dex */
    private class CertID {

        /* renamed from: a, reason: collision with root package name */
        private ESSCertID f30927a;

        /* renamed from: b, reason: collision with root package name */
        private ESSCertIDv2 f30928b;

        CertID(ESSCertID eSSCertID) {
            this.f30927a = eSSCertID;
            this.f30928b = null;
        }

        CertID(ESSCertIDv2 eSSCertIDv2) {
            this.f30928b = eSSCertIDv2;
            this.f30927a = null;
        }

        public byte[] a() {
            ESSCertID eSSCertID = this.f30927a;
            return eSSCertID != null ? eSSCertID.j() : this.f30928b.j();
        }

        public AlgorithmIdentifier b() {
            return this.f30927a != null ? new AlgorithmIdentifier(OIWObjectIdentifiers.f25516i) : this.f30928b.k();
        }

        public String c() {
            return this.f30927a != null ? "SHA-1" : NISTObjectIdentifiers.f25437c.equals(this.f30928b.k().j()) ? "SHA-256" : this.f30928b.k().j().u();
        }

        public IssuerSerial d() {
            ESSCertID eSSCertID = this.f30927a;
            return eSSCertID != null ? eSSCertID.l() : this.f30928b.m();
        }
    }

    public TimeStampToken(ContentInfo contentInfo) throws TSPException, IOException {
        this(g(contentInfo));
    }

    public TimeStampToken(CMSSignedData cMSSignedData) throws TSPException, IOException {
        this.f30922a = cMSSignedData;
        if (!cMSSignedData.g().equals(PKCSObjectIdentifiers.W1.u())) {
            throw new TSPValidationException("ContentInfo object not for a time stamp.");
        }
        Collection b5 = this.f30922a.i().b();
        if (b5.size() != 1) {
            throw new IllegalArgumentException("Time-stamp token signed by " + b5.size() + " signers, but it must contain just the TSA signature.");
        }
        this.f30923b = (SignerInformation) b5.iterator().next();
        try {
            CMSTypedData f4 = this.f30922a.f();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            f4.b(byteArrayOutputStream);
            this.f30925d = new TimeStampTokenInfo(TSTInfo.m(new ASN1InputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).q()));
            Attribute d4 = this.f30923b.o().d(PKCSObjectIdentifiers.f25590p2);
            if (d4 != null) {
                this.f30926e = new CertID(ESSCertID.k(SigningCertificate.k(d4.k().u(0)).j()[0]));
                return;
            }
            Attribute d5 = this.f30923b.o().d(PKCSObjectIdentifiers.f25592q2);
            if (d5 == null) {
                throw new TSPValidationException("no signing certificate attribute found, time stamp invalid.");
            }
            this.f30926e = new CertID(ESSCertIDv2.l(SigningCertificateV2.k(d5.k().u(0)).j()[0]));
        } catch (CMSException e4) {
            throw new TSPException(e4.getMessage(), e4.a());
        }
    }

    private static CMSSignedData g(ContentInfo contentInfo) throws TSPException {
        try {
            return new CMSSignedData(contentInfo);
        } catch (CMSException e4) {
            throw new TSPException("TSP parsing error: " + e4.getMessage(), e4.getCause());
        }
    }

    public Store a() {
        return this.f30922a.a();
    }

    public Store b() {
        return this.f30922a.b();
    }

    public Store c() {
        return this.f30922a.c();
    }

    public byte[] d() throws IOException {
        return this.f30922a.d();
    }

    public SignerId e() {
        return this.f30923b.m();
    }

    public AttributeTable f() {
        return this.f30923b.o();
    }

    public TimeStampTokenInfo h() {
        return this.f30925d;
    }

    public AttributeTable i() {
        return this.f30923b.r();
    }

    public boolean j(SignerInformationVerifier signerInformationVerifier) throws TSPException {
        try {
            return this.f30923b.w(signerInformationVerifier);
        } catch (CMSException e4) {
            if (e4.a() != null) {
                throw new TSPException(e4.getMessage(), e4.a());
            }
            throw new TSPException("CMS exception: " + e4, e4);
        }
    }

    public CMSSignedData k() {
        return this.f30922a;
    }

    public void l(SignerInformationVerifier signerInformationVerifier) throws TSPException, TSPValidationException {
        if (!signerInformationVerifier.d()) {
            throw new IllegalArgumentException("verifier provider needs an associated certificate");
        }
        try {
            X509CertificateHolder a5 = signerInformationVerifier.a();
            DigestCalculator c5 = signerInformationVerifier.c(this.f30926e.b());
            OutputStream b5 = c5.b();
            b5.write(a5.b());
            b5.close();
            if (!Arrays.w(this.f30926e.a(), c5.c())) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            if (this.f30926e.d() != null) {
                IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(a5.u());
                if (!this.f30926e.d().n().equals(issuerAndSerialNumber.l())) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                GeneralName[] m4 = this.f30926e.d().l().m();
                boolean z4 = false;
                int i4 = 0;
                while (true) {
                    if (i4 != m4.length) {
                        if (m4[i4].d() == 4 && X500Name.l(m4[i4].m()).equals(X500Name.l(issuerAndSerialNumber.k()))) {
                            z4 = true;
                            break;
                        }
                        i4++;
                    } else {
                        break;
                    }
                }
                if (!z4) {
                    throw new TSPValidationException("certificate name does not match certID for signature. ");
                }
            }
            TSPUtil.e(a5);
            if (!a5.s(this.f30925d.c())) {
                throw new TSPValidationException("certificate not valid when time stamp created.");
            }
            if (!this.f30923b.w(signerInformationVerifier)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
        } catch (IOException e4) {
            throw new TSPException("problem processing certificate: " + e4, e4);
        } catch (CMSException e5) {
            if (e5.a() != null) {
                throw new TSPException(e5.getMessage(), e5.a());
            }
            throw new TSPException("CMS exception: " + e5, e5);
        } catch (OperatorCreationException e6) {
            throw new TSPException("unable to create digest: " + e6.getMessage(), e6);
        }
    }
}
