package f.a.t;

import f.a.c.i3.t;
import f.a.c.p3.g0;
import f.a.c.p3.r1;
import f.a.f.b0;
import f.a.f.d0;
import f.a.f.e2;
import f.a.f.h2;
import f.a.f.j2;
import f.a.f.m0;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;

/* loaded from: classes.dex */
public class k {

    /* renamed from: a, reason: collision with root package name */
    m0 f11525a;

    /* renamed from: b, reason: collision with root package name */
    h2 f11526b;

    /* renamed from: c, reason: collision with root package name */
    Date f11527c;

    /* renamed from: d, reason: collision with root package name */
    m f11528d;

    /* renamed from: e, reason: collision with root package name */
    a f11529e;

    /* loaded from: classes.dex */
    private class a {

        /* renamed from: a, reason: collision with root package name */
        private f.a.c.v2.c f11530a;

        /* renamed from: b, reason: collision with root package name */
        private f.a.c.v2.d f11531b;

        a(f.a.c.v2.c cVar) {
            this.f11530a = cVar;
            this.f11531b = null;
        }

        a(f.a.c.v2.d dVar) {
            this.f11531b = dVar;
            this.f11530a = null;
        }

        public byte[] getCertHash() {
            f.a.c.v2.c cVar = this.f11530a;
            return cVar != null ? cVar.getCertHash() : this.f11531b.getCertHash();
        }

        public f.a.c.p3.b getHashAlgorithm() {
            return this.f11530a != null ? new f.a.c.p3.b(f.a.c.h3.b.idSHA1) : this.f11531b.getHashAlgorithm();
        }

        public String getHashAlgorithmName() {
            return this.f11530a != null ? "SHA-1" : f.a.c.e3.b.id_sha256.equals(this.f11531b.getHashAlgorithm().getAlgorithm()) ? "SHA-256" : this.f11531b.getHashAlgorithm().getAlgorithm().getId();
        }

        public g0 getIssuerSerial() {
            f.a.c.v2.c cVar = this.f11530a;
            return cVar != null ? cVar.getIssuerSerial() : this.f11531b.getIssuerSerial();
        }
    }

    public k(f.a.c.q2.l lVar) {
        this(a(lVar));
    }

    public k(m0 m0Var) {
        this.f11525a = m0Var;
        if (!m0Var.getSignedContentTypeOID().equals(t.id_ct_TSTInfo.getId())) {
            throw new f("ContentInfo object not for a time stamp.");
        }
        Collection signers = this.f11525a.getSignerInfos().getSigners();
        if (signers.size() != 1) {
            throw new IllegalArgumentException("Time-stamp token signed by " + signers.size() + " signers, but it must contain just the TSA signature.");
        }
        this.f11526b = (h2) signers.iterator().next();
        try {
            d0 signedContent = this.f11525a.getSignedContent();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            signedContent.write(byteArrayOutputStream);
            this.f11528d = new m(f.a.c.m3.c.getInstance(new f.a.c.k(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).readObject()));
            f.a.c.q2.a aVar = this.f11526b.getSignedAttributes().get(t.id_aa_signingCertificate);
            if (aVar != null) {
                this.f11529e = new a(f.a.c.v2.c.getInstance(f.a.c.v2.g.getInstance(aVar.getAttrValues().getObjectAt(0)).getCerts()[0]));
                return;
            }
            f.a.c.q2.a aVar2 = this.f11526b.getSignedAttributes().get(t.id_aa_signingCertificateV2);
            if (aVar2 == null) {
                throw new f("no signing certificate attribute found, time stamp invalid.");
            }
            this.f11529e = new a(f.a.c.v2.d.getInstance(f.a.c.v2.h.getInstance(aVar2.getAttrValues().getObjectAt(0)).getCerts()[0]));
        } catch (b0 e2) {
            throw new c(e2.getMessage(), e2.getUnderlyingException());
        }
    }

    private static m0 a(f.a.c.q2.l lVar) {
        try {
            return new m0(lVar);
        } catch (b0 e2) {
            throw new c("TSP parsing error: " + e2.getMessage(), e2.getCause());
        }
    }

    public f.a.u.f getAttributeCertificates() {
        return this.f11525a.getAttributeCertificates();
    }

    public f.a.u.f getCRLs() {
        return this.f11525a.getCRLs();
    }

    public f.a.u.f getCertificates() {
        return this.f11525a.getCertificates();
    }

    public CertStore getCertificatesAndCRLs(String str, String str2) {
        return this.f11525a.getCertificatesAndCRLs(str, str2);
    }

    public byte[] getEncoded() {
        return this.f11525a.getEncoded();
    }

    public e2 getSID() {
        return this.f11526b.getSID();
    }

    public f.a.c.q2.b getSignedAttributes() {
        return this.f11526b.getSignedAttributes();
    }

    public m getTimeStampInfo() {
        return this.f11528d;
    }

    public f.a.c.q2.b getUnsignedAttributes() {
        return this.f11526b.getUnsignedAttributes();
    }

    public boolean isSignatureValid(j2 j2Var) {
        try {
            return this.f11526b.verify(j2Var);
        } catch (b0 e2) {
            if (e2.getUnderlyingException() != null) {
                throw new c(e2.getMessage(), e2.getUnderlyingException());
            }
            throw new c("CMS exception: " + e2, e2);
        }
    }

    public m0 toCMSSignedData() {
        return this.f11525a;
    }

    public void validate(j2 j2Var) {
        if (!j2Var.hasAssociatedCertificate()) {
            throw new IllegalArgumentException("verifier provider needs an associated certificate");
        }
        try {
            f.a.e.i associatedCertificate = j2Var.getAssociatedCertificate();
            f.a.r.i digestCalculator = j2Var.getDigestCalculator(this.f11529e.getHashAlgorithm());
            OutputStream outputStream = digestCalculator.getOutputStream();
            outputStream.write(associatedCertificate.getEncoded());
            outputStream.close();
            if (!f.a.u.a.constantTimeAreEqual(this.f11529e.getCertHash(), digestCalculator.getDigest())) {
                throw new f("certificate hash does not match certID hash.");
            }
            if (this.f11529e.getIssuerSerial() != null) {
                f.a.c.q2.t tVar = new f.a.c.q2.t(associatedCertificate.toASN1Structure());
                if (!this.f11529e.getIssuerSerial().getSerial().equals(tVar.getSerialNumber())) {
                    throw new f("certificate serial number does not match certID for signature.");
                }
                f.a.c.p3.b0[] names = this.f11529e.getIssuerSerial().getIssuer().getNames();
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i != names.length) {
                        if (names[i].getTagNo() == 4 && f.a.c.o3.d.getInstance(names[i].getName()).equals(f.a.c.o3.d.getInstance(tVar.getName()))) {
                            z = true;
                            break;
                        }
                        i++;
                    } else {
                        break;
                    }
                }
                if (!z) {
                    throw new f("certificate name does not match certID for signature. ");
                }
            }
            e.validateCertificate(associatedCertificate);
            if (!associatedCertificate.isValidOn(this.f11528d.getGenTime())) {
                throw new f("certificate not valid when time stamp created.");
            }
            if (!this.f11526b.verify(j2Var)) {
                throw new f("signature not created by certificate.");
            }
        } catch (b0 e2) {
            if (e2.getUnderlyingException() != null) {
                throw new c(e2.getMessage(), e2.getUnderlyingException());
            }
            throw new c("CMS exception: " + e2, e2);
        } catch (f.a.r.t e3) {
            throw new c("unable to create digest: " + e3.getMessage(), e3);
        } catch (IOException e4) {
            throw new c("problem processing certificate: " + e4, e4);
        }
    }

    public void validate(X509Certificate x509Certificate, String str) {
        try {
            if (!f.a.u.a.constantTimeAreEqual(this.f11529e.getCertHash(), MessageDigest.getInstance(this.f11529e.getHashAlgorithmName()).digest(x509Certificate.getEncoded()))) {
                throw new f("certificate hash does not match certID hash.");
            }
            if (this.f11529e.getIssuerSerial() != null) {
                if (!this.f11529e.getIssuerSerial().getSerial().getValue().equals(x509Certificate.getSerialNumber())) {
                    throw new f("certificate serial number does not match certID for signature.");
                }
                f.a.c.p3.b0[] names = this.f11529e.getIssuerSerial().getIssuer().getNames();
                f.a.k.k issuerX509Principal = f.a.k.h.getIssuerX509Principal(x509Certificate);
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i != names.length) {
                        if (names[i].getTagNo() == 4 && new f.a.k.k(r1.getInstance(names[i].getName())).equals(issuerX509Principal)) {
                            z = true;
                            break;
                        }
                        i++;
                    } else {
                        break;
                    }
                }
                if (!z) {
                    throw new f("certificate name does not match certID for signature. ");
                }
            }
            e.validateCertificate(x509Certificate);
            x509Certificate.checkValidity(this.f11528d.getGenTime());
            if (!this.f11526b.verify(x509Certificate, str)) {
                throw new f("signature not created by certificate.");
            }
        } catch (b0 e2) {
            if (e2.getUnderlyingException() != null) {
                throw new c(e2.getMessage(), e2.getUnderlyingException());
            }
            throw new c("CMS exception: " + e2, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new c("cannot find algorithm: " + e3, e3);
        } catch (CertificateEncodingException e4) {
            throw new c("problem processing certificate: " + e4, e4);
        }
    }
}
