package repack.org.bouncycastle.tsp;

import com.itextpdf.text.pdf.security.DigestAlgorithms;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import repack.org.bouncycastle.asn1.ab.ac;
import repack.org.bouncycastle.asn1.ab.bm;
import repack.org.bouncycastle.asn1.ab.x;
import repack.org.bouncycastle.asn1.bi;
import repack.org.bouncycastle.asn1.c.l;
import repack.org.bouncycastle.asn1.c.t;
import repack.org.bouncycastle.asn1.u.s;
import repack.org.bouncycastle.cms.CMSException;
import repack.org.bouncycastle.cms.ae;
import repack.org.bouncycastle.cms.cb;
import repack.org.bouncycastle.cms.ce;
import repack.org.bouncycastle.cms.cg;
import repack.org.bouncycastle.cms.y;
import repack.org.bouncycastle.operator.r;

/* compiled from: TimeStampToken.java */
/* loaded from: classes4.dex */
public class h {
    ae a;
    ce b;
    Date c;
    j d;
    a e;

    /* compiled from: TimeStampToken.java */
    /* loaded from: classes4.dex */
    private class a {
        private repack.org.bouncycastle.asn1.h.c b;
        private repack.org.bouncycastle.asn1.h.d c;

        a(repack.org.bouncycastle.asn1.h.c cVar) {
            this.b = cVar;
            this.c = null;
        }

        a(repack.org.bouncycastle.asn1.h.d dVar) {
            this.c = dVar;
            this.b = null;
        }

        public String a() {
            return this.b != null ? DigestAlgorithms.SHA1 : repack.org.bouncycastle.asn1.q.b.b.equals(this.c.e().h()) ? "SHA-256" : this.c.e().h().e();
        }

        public repack.org.bouncycastle.asn1.ab.b b() {
            return this.b != null ? new repack.org.bouncycastle.asn1.ab.b(repack.org.bouncycastle.asn1.t.b.i) : this.c.e();
        }

        public byte[] c() {
            repack.org.bouncycastle.asn1.h.c cVar = this.b;
            return cVar != null ? cVar.e() : this.c.f();
        }

        public ac d() {
            repack.org.bouncycastle.asn1.h.c cVar = this.b;
            return cVar != null ? cVar.f() : this.c.g();
        }
    }

    public h(l lVar) throws TSPException, IOException {
        this(new ae(lVar));
    }

    public h(ae aeVar) throws TSPException, IOException {
        this.a = aeVar;
        if (!this.a.f().equals(s.au.e())) {
            throw new TSPValidationException("ContentInfo object not for a time stamp.");
        }
        Collection b = this.a.b().b();
        if (b.size() != 1) {
            throw new IllegalArgumentException("Time-stamp token signed by " + b.size() + " signers, but it must contain just the TSA signature.");
        }
        this.b = (ce) b.iterator().next();
        try {
            y g = this.a.g();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            g.a(byteArrayOutputStream);
            this.d = new j(repack.org.bouncycastle.asn1.y.c.a(new repack.org.bouncycastle.asn1.i(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).c()));
            repack.org.bouncycastle.asn1.c.a a2 = this.b.k().a((bi) s.aL);
            if (a2 != null) {
                this.e = new a(repack.org.bouncycastle.asn1.h.c.a(repack.org.bouncycastle.asn1.h.g.a(a2.f().a(0)).e()[0]));
                return;
            }
            repack.org.bouncycastle.asn1.c.a a3 = this.b.k().a((bi) s.aM);
            if (a3 == null) {
                throw new TSPValidationException("no signing certificate attribute found, time stamp invalid.");
            }
            this.e = new a(repack.org.bouncycastle.asn1.h.d.a(repack.org.bouncycastle.asn1.h.h.a(a3.f().a(0)).e()[0]));
        } catch (CMSException e) {
            throw new TSPException(e.getMessage(), e.getUnderlyingException());
        }
    }

    public CertStore a(String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        return this.a.d(str, str2);
    }

    public j a() {
        return this.d;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void a(X509Certificate x509Certificate, String str) throws TSPException, TSPValidationException, CertificateExpiredException, CertificateNotYetValidException, NoSuchProviderException {
        try {
            if (!repack.org.bouncycastle.util.a.b(this.e.c(), MessageDigest.getInstance(this.e.a()).digest(x509Certificate.getEncoded()))) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            if (this.e.d() != null) {
                if (!this.e.d().f().e().equals(x509Certificate.getSerialNumber())) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                x[] e = this.e.d().e().e();
                repack.org.bouncycastle.jce.i a2 = repack.org.bouncycastle.jce.f.a(x509Certificate);
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i == e.length) {
                        break;
                    }
                    if (e[i].e() == 4 && new repack.org.bouncycastle.jce.i(bm.a(e[i].f())).equals(a2)) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    throw new TSPValidationException("certificate name does not match certID for signature. ");
                }
            }
            c.a(x509Certificate);
            x509Certificate.checkValidity(this.d.c());
            if (!this.b.a(x509Certificate, str)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new TSPException("cannot find algorithm: " + e2, e2);
        } catch (CertificateEncodingException e3) {
            throw new TSPException("problem processing certificate: " + e3, e3);
        } catch (CMSException e4) {
            if (e4.getUnderlyingException() != null) {
                throw new TSPException(e4.getMessage(), e4.getUnderlyingException());
            }
            throw new TSPException("CMS exception: " + e4, e4);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void a(cg cgVar) throws TSPException, TSPValidationException {
        if (!cgVar.a()) {
            throw new IllegalArgumentException("verifier provider needs an associated certificate");
        }
        try {
            repack.org.bouncycastle.cert.g b = cgVar.b();
            repack.org.bouncycastle.operator.i b2 = cgVar.b(this.e.b());
            OutputStream b3 = b2.b();
            b3.write(b.p());
            b3.close();
            if (!repack.org.bouncycastle.util.a.b(this.e.c(), b2.c())) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            if (this.e.d() != null) {
                t f = b.f();
                if (!this.e.d().f().equals(f.f())) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                x[] e = this.e.d().e().e();
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i == e.length) {
                        break;
                    }
                    if (e[i].e() == 4 && repack.org.bouncycastle.asn1.aa.d.a(e[i].f()).equals(repack.org.bouncycastle.asn1.aa.d.a(f.e().c()))) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    throw new TSPValidationException("certificate name does not match certID for signature. ");
                }
            }
            c.a(b);
            if (!b.a(this.d.c())) {
                throw new TSPValidationException("certificate not valid when time stamp created.");
            }
            if (!this.b.a(cgVar)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
        } catch (IOException e2) {
            throw new TSPException("problem processing certificate: " + e2, e2);
        } catch (CMSException e3) {
            if (e3.getUnderlyingException() != null) {
                throw new TSPException(e3.getMessage(), e3.getUnderlyingException());
            }
            throw new TSPException("CMS exception: " + e3, e3);
        } catch (r e4) {
            throw new TSPException("unable to create digest: " + e4.getMessage(), e4);
        }
    }

    public cb b() {
        return this.b.c();
    }

    public boolean b(cg cgVar) throws TSPException {
        try {
            return this.b.a(cgVar);
        } catch (CMSException e) {
            if (e.getUnderlyingException() != null) {
                throw new TSPException(e.getMessage(), e.getUnderlyingException());
            }
            throw new TSPException("CMS exception: " + e, e);
        }
    }

    public repack.org.bouncycastle.asn1.c.b c() {
        return this.b.k();
    }

    public repack.org.bouncycastle.asn1.c.b d() {
        return this.b.l();
    }

    public repack.org.bouncycastle.util.g e() {
        return this.a.c();
    }

    public repack.org.bouncycastle.util.g f() {
        return this.a.d();
    }

    public repack.org.bouncycastle.util.g g() {
        return this.a.e();
    }

    public ae h() {
        return this.a;
    }

    public byte[] i() throws IOException {
        return this.a.i();
    }
}
