package xch.bouncycastle.tsp;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Collection;
import java.util.Date;
import xch.bouncycastle.asn1.ASN1Encoding;
import xch.bouncycastle.asn1.ASN1Primitive;
import xch.bouncycastle.asn1.cms.Attribute;
import xch.bouncycastle.asn1.cms.AttributeTable;
import xch.bouncycastle.asn1.cms.ContentInfo;
import xch.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import xch.bouncycastle.asn1.ess.ESSCertID;
import xch.bouncycastle.asn1.ess.ESSCertIDv2;
import xch.bouncycastle.asn1.ess.SigningCertificate;
import xch.bouncycastle.asn1.ess.SigningCertificateV2;
import xch.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import xch.bouncycastle.asn1.tsp.TSTInfo;
import xch.bouncycastle.asn1.x500.X500Name;
import xch.bouncycastle.asn1.x509.GeneralName;
import xch.bouncycastle.cert.X509CertificateHolder;
import xch.bouncycastle.cms.CMSException;
import xch.bouncycastle.cms.CMSSignedData;
import xch.bouncycastle.cms.CMSTypedData;
import xch.bouncycastle.cms.SignerId;
import xch.bouncycastle.cms.SignerInformation;
import xch.bouncycastle.cms.SignerInformationVerifier;
import xch.bouncycastle.operator.DigestCalculator;
import xch.bouncycastle.operator.OperatorCreationException;
import xch.bouncycastle.util.Arrays;
import xch.bouncycastle.util.Store;

/* loaded from: classes.dex */
public class TimeStampToken {

    /* renamed from: a, reason: collision with root package name */
    CMSSignedData f3744a;

    /* renamed from: b, reason: collision with root package name */
    SignerInformation f3745b;

    /* renamed from: c, reason: collision with root package name */
    Date f3746c;

    /* renamed from: d, reason: collision with root package name */
    TimeStampTokenInfo f3747d;
    d e;

    public TimeStampToken(ContentInfo contentInfo) {
        this(a(contentInfo));
    }

    public TimeStampToken(CMSSignedData cMSSignedData) {
        d dVar;
        this.f3744a = cMSSignedData;
        if (!cMSSignedData.f().equals(PKCSObjectIdentifiers.G1.l())) {
            throw new TSPValidationException("ContentInfo object not for a time stamp.");
        }
        Collection a2 = this.f3744a.g().a();
        if (a2.size() != 1) {
            StringBuilder a3 = a.a.a.a.a.a("Time-stamp token signed by ");
            a3.append(a2.size());
            a3.append(" signers, but it must contain just the TSA signature.");
            throw new IllegalArgumentException(a3.toString());
        }
        this.f3745b = (SignerInformation) a2.iterator().next();
        try {
            CMSTypedData e = this.f3744a.e();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            e.a(byteArrayOutputStream);
            this.f3747d = new TimeStampTokenInfo(TSTInfo.a(ASN1Primitive.a(byteArrayOutputStream.toByteArray())));
            Attribute a4 = this.f3745b.l().a(PKCSObjectIdentifiers.c2);
            if (a4 != null) {
                dVar = new d(this, ESSCertID.a(SigningCertificate.a(a4.i().a(0)).h()[0]));
            } else {
                Attribute a5 = this.f3745b.l().a(PKCSObjectIdentifiers.d2);
                if (a5 == null) {
                    throw new TSPValidationException("no signing certificate attribute found, time stamp invalid.");
                }
                dVar = new d(this, ESSCertIDv2.a(SigningCertificateV2.a(a5.i().a(0)).h()[0]));
            }
            this.e = dVar;
        } catch (CMSException e2) {
            throw new TSPException(e2.getMessage(), e2.b());
        }
    }

    private static CMSSignedData a(ContentInfo contentInfo) {
        try {
            return new CMSSignedData(contentInfo);
        } catch (CMSException e) {
            StringBuilder a2 = a.a.a.a.a.a("TSP parsing error: ");
            a2.append(e.getMessage());
            throw new TSPException(a2.toString(), e.getCause());
        }
    }

    public Store a() {
        return this.f3744a.a();
    }

    public boolean a(SignerInformationVerifier signerInformationVerifier) {
        try {
            return this.f3745b.a(signerInformationVerifier);
        } catch (CMSException e) {
            if (e.b() != null) {
                throw new TSPException(e.getMessage(), e.b());
            }
            throw new TSPException("CMS exception: " + e, e);
        }
    }

    public byte[] a(String str) {
        return this.f3744a.a(str);
    }

    public Store b() {
        return this.f3744a.b();
    }

    public void b(SignerInformationVerifier signerInformationVerifier) {
        if (!signerInformationVerifier.b()) {
            throw new IllegalArgumentException("verifier provider needs an associated certificate");
        }
        try {
            X509CertificateHolder a2 = signerInformationVerifier.a();
            DigestCalculator a3 = signerInformationVerifier.a(this.e.b());
            OutputStream outputStream = a3.getOutputStream();
            outputStream.write(a2.getEncoded());
            outputStream.close();
            if (!Arrays.e(this.e.a(), a3.b())) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            if (this.e.c() != null) {
                IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(a2.D());
                if (!this.e.c().j().b(issuerAndSerialNumber.h())) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                GeneralName[] h = this.e.c().h().h();
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i != h.length) {
                        if (h[i].b() == 4 && X500Name.a(h[i].getName()).equals(X500Name.a(issuerAndSerialNumber.getName()))) {
                            z = true;
                            break;
                        }
                        i++;
                    } else {
                        break;
                    }
                }
                if (!z) {
                    throw new TSPValidationException("certificate name does not match certID for signature. ");
                }
            }
            TSPUtil.a(a2);
            if (!a2.a(this.f3747d.d())) {
                throw new TSPValidationException("certificate not valid when time stamp created.");
            }
            if (!this.f3745b.a(signerInformationVerifier)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
        } catch (IOException e) {
            throw new TSPException(a.a.a.a.a.a("problem processing certificate: ", e), e);
        } catch (CMSException e2) {
            if (e2.b() != null) {
                throw new TSPException(e2.getMessage(), e2.b());
            }
            throw new TSPException("CMS exception: " + e2, e2);
        } catch (OperatorCreationException e3) {
            StringBuilder a4 = a.a.a.a.a.a("unable to create digest: ");
            a4.append(e3.getMessage());
            throw new TSPException(a4.toString(), e3);
        }
    }

    public Store c() {
        return this.f3744a.c();
    }

    public byte[] d() {
        return this.f3744a.a(ASN1Encoding.f486b);
    }

    public SignerId e() {
        return this.f3745b.j();
    }

    public AttributeTable f() {
        return this.f3745b.l();
    }

    public TimeStampTokenInfo g() {
        return this.f3747d;
    }

    public AttributeTable h() {
        return this.f3745b.m();
    }

    public CMSSignedData i() {
        return this.f3744a;
    }
}
