package org.bouncycastle.tsp;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Collection;
import org.bouncycastle.asn1.cms.e;
import org.bouncycastle.asn1.cms.j;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.v;
import org.bouncycastle.asn1.x509.z;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.ae;
import org.bouncycastle.cms.ag;
import org.bouncycastle.cms.ai;
import org.bouncycastle.cms.g;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Store;

/* loaded from: classes3.dex */
public class c {

    /* renamed from: a, reason: collision with root package name */
    g f5903a;
    ag b;
    d c;
    a d;

    /* loaded from: classes3.dex */
    private class a {
        private org.bouncycastle.asn1.a.a b;
        private org.bouncycastle.asn1.a.b c;

        a(org.bouncycastle.asn1.a.a aVar) {
            this.b = aVar;
            this.c = null;
        }

        a(org.bouncycastle.asn1.a.b bVar) {
            this.c = bVar;
            this.b = null;
        }

        public byte[] getCertHash() {
            return this.b != null ? this.b.getCertHash() : this.c.getCertHash();
        }

        public org.bouncycastle.asn1.x509.a getHashAlgorithm() {
            return this.b != null ? new org.bouncycastle.asn1.x509.a(OIWObjectIdentifiers.idSHA1) : this.c.getHashAlgorithm();
        }

        public String getHashAlgorithmName() {
            return this.b != null ? "SHA-1" : NISTObjectIdentifiers.id_sha256.equals(this.c.getHashAlgorithm().getAlgorithm()) ? "SHA-256" : this.c.getHashAlgorithm().getAlgorithm().getId();
        }

        public z getIssuerSerial() {
            return this.b != null ? this.b.getIssuerSerial() : this.c.getIssuerSerial();
        }
    }

    public c(e eVar) {
        this(a(eVar));
    }

    public c(g gVar) {
        this.f5903a = gVar;
        if (!this.f5903a.getSignedContentTypeOID().equals(PKCSObjectIdentifiers.id_ct_TSTInfo.getId())) {
            throw new TSPValidationException("ContentInfo object not for a time stamp.");
        }
        Collection<ag> signers = this.f5903a.getSignerInfos().getSigners();
        if (signers.size() != 1) {
            throw new IllegalArgumentException("Time-stamp token signed by " + signers.size() + " signers, but it must contain just the TSA signature.");
        }
        this.b = signers.iterator().next();
        try {
            CMSTypedData signedContent = this.f5903a.getSignedContent();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            signedContent.write(byteArrayOutputStream);
            this.c = new d(org.bouncycastle.asn1.b.c.getInstance(new org.bouncycastle.asn1.g(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).readObject()));
            org.bouncycastle.asn1.cms.a aVar = this.b.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate);
            if (aVar != null) {
                this.d = new a(org.bouncycastle.asn1.a.a.getInstance(org.bouncycastle.asn1.a.c.getInstance(aVar.getAttrValues().getObjectAt(0)).getCerts()[0]));
                return;
            }
            org.bouncycastle.asn1.cms.a aVar2 = this.b.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificateV2);
            if (aVar2 == null) {
                throw new TSPValidationException("no signing certificate attribute found, time stamp invalid.");
            }
            this.d = new a(org.bouncycastle.asn1.a.b.getInstance(org.bouncycastle.asn1.a.d.getInstance(aVar2.getAttrValues().getObjectAt(0)).getCerts()[0]));
        } catch (CMSException e) {
            throw new TSPException(e.getMessage(), e.getUnderlyingException());
        }
    }

    private static g a(e eVar) {
        try {
            return new g(eVar);
        } catch (CMSException e) {
            throw new TSPException("TSP parsing error: " + e.getMessage(), e.getCause());
        }
    }

    public Store getAttributeCertificates() {
        return this.f5903a.getAttributeCertificates();
    }

    public Store getCRLs() {
        return this.f5903a.getCRLs();
    }

    public Store getCertificates() {
        return this.f5903a.getCertificates();
    }

    public byte[] getEncoded() {
        return this.f5903a.getEncoded();
    }

    public ae getSID() {
        return this.b.getSID();
    }

    public org.bouncycastle.asn1.cms.b getSignedAttributes() {
        return this.b.getSignedAttributes();
    }

    public d getTimeStampInfo() {
        return this.c;
    }

    public org.bouncycastle.asn1.cms.b getUnsignedAttributes() {
        return this.b.getUnsignedAttributes();
    }

    public boolean isSignatureValid(ai aiVar) {
        try {
            return this.b.verify(aiVar);
        } catch (CMSException e) {
            if (e.getUnderlyingException() != null) {
                throw new TSPException(e.getMessage(), e.getUnderlyingException());
            }
            throw new TSPException("CMS exception: " + e, e);
        }
    }

    public g toCMSSignedData() {
        return this.f5903a;
    }

    public void validate(ai aiVar) {
        boolean z = false;
        if (!aiVar.hasAssociatedCertificate()) {
            throw new IllegalArgumentException("verifier provider needs an associated certificate");
        }
        try {
            org.bouncycastle.cert.g associatedCertificate = aiVar.getAssociatedCertificate();
            DigestCalculator digestCalculator = aiVar.getDigestCalculator(this.d.getHashAlgorithm());
            OutputStream outputStream = digestCalculator.getOutputStream();
            outputStream.write(associatedCertificate.getEncoded());
            outputStream.close();
            if (!org.bouncycastle.util.a.constantTimeAreEqual(this.d.getCertHash(), digestCalculator.getDigest())) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            if (this.d.getIssuerSerial() != null) {
                j jVar = new j(associatedCertificate.toASN1Structure());
                if (!this.d.getIssuerSerial().getSerial().equals(jVar.getSerialNumber())) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                v[] names = this.d.getIssuerSerial().getIssuer().getNames();
                int i = 0;
                while (true) {
                    if (i != names.length) {
                        if (names[i].getTagNo() == 4 && org.bouncycastle.asn1.x500.c.getInstance(names[i].getName()).equals(org.bouncycastle.asn1.x500.c.getInstance(jVar.getName()))) {
                            z = true;
                            break;
                        }
                        i++;
                    } else {
                        break;
                    }
                }
                if (!z) {
                    throw new TSPValidationException("certificate name does not match certID for signature. ");
                }
            }
            b.validateCertificate(associatedCertificate);
            if (!associatedCertificate.isValidOn(this.c.getGenTime())) {
                throw new TSPValidationException("certificate not valid when time stamp created.");
            }
            if (!this.b.verify(aiVar)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
        } catch (IOException e) {
            throw new TSPException("problem processing certificate: " + e, e);
        } catch (CMSException e2) {
            if (e2.getUnderlyingException() == null) {
                throw new TSPException("CMS exception: " + e2, e2);
            }
            throw new TSPException(e2.getMessage(), e2.getUnderlyingException());
        } catch (OperatorCreationException e3) {
            throw new TSPException("unable to create digest: " + e3.getMessage(), e3);
        }
    }
}
