package com.aspose.pdf.internal.imaging.internal.bouncycastle.tsp;

import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.ASN1InputStream;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.cms.Attribute;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.cms.AttributeTable;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.cms.ContentInfo;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.ess.ESSCertID;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.ess.ESSCertIDv2;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.ess.SigningCertificate;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.ess.SigningCertificateV2;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.tsp.TSTInfo;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.x500.X500Name;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.x509.AlgorithmIdentifier;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.x509.GeneralName;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.x509.IssuerSerial;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.cert.X509CertificateHolder;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.cms.CMSException;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.cms.CMSSignedData;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.cms.CMSTypedData;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.cms.SignerId;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.cms.SignerInformation;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.cms.SignerInformationVerifier;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.operator.DigestCalculator;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.operator.OperatorCreationException;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.util.Arrays;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.util.Store;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Collection;

/* loaded from: classes2.dex */
public class TimeStampToken {
    private CMSSignedData m13109;
    private SignerInformation m13110;
    private TimeStampTokenInfo m13111;
    private z1 m13112;

    /* loaded from: classes2.dex */
    class z1 {
        private ESSCertID m13113;
        private ESSCertIDv2 m13114;

        z1(TimeStampToken timeStampToken, ESSCertID eSSCertID) {
            this.m13113 = eSSCertID;
            this.m13114 = null;
        }

        z1(TimeStampToken timeStampToken, ESSCertIDv2 eSSCertIDv2) {
            this.m13114 = eSSCertIDv2;
            this.m13113 = null;
        }

        public final byte[] m3() {
            ESSCertID eSSCertID = this.m13113;
            return eSSCertID != null ? eSSCertID.getCertHash() : this.m13114.getCertHash();
        }

        public final AlgorithmIdentifier m3213() {
            return this.m13113 != null ? new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1) : this.m13114.getHashAlgorithm();
        }

        public final IssuerSerial m3214() {
            ESSCertID eSSCertID = this.m13113;
            return eSSCertID != null ? eSSCertID.getIssuerSerial() : this.m13114.getIssuerSerial();
        }
    }

    public TimeStampToken(ContentInfo contentInfo) throws TSPException, IOException {
        this(m1(contentInfo));
    }

    public TimeStampToken(CMSSignedData cMSSignedData) throws TSPException, IOException {
        this.m13109 = cMSSignedData;
        if (!cMSSignedData.getSignedContentTypeOID().equals(PKCSObjectIdentifiers.id_ct_TSTInfo.getId())) {
            throw new TSPValidationException("ContentInfo object not for a time stamp.");
        }
        Collection<SignerInformation> signers = this.m13109.getSignerInfos().getSigners();
        if (signers.size() != 1) {
            throw new IllegalArgumentException("Time-stamp token signed by " + signers.size() + " signers, but it must contain just the TSA signature.");
        }
        this.m13110 = signers.iterator().next();
        try {
            CMSTypedData signedContent = this.m13109.getSignedContent();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            signedContent.write(byteArrayOutputStream);
            this.m13111 = new TimeStampTokenInfo(TSTInfo.getInstance(new ASN1InputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).readObject()));
            Attribute attribute = this.m13110.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate);
            if (attribute != null) {
                this.m13112 = new z1(this, ESSCertID.getInstance(SigningCertificate.getInstance(attribute.getAttrValues().getObjectAt(0)).getCerts()[0]));
                return;
            }
            Attribute attribute2 = this.m13110.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificateV2);
            if (attribute2 == null) {
                throw new TSPValidationException("no signing certificate attribute found, time stamp invalid.");
            }
            this.m13112 = new z1(this, ESSCertIDv2.getInstance(SigningCertificateV2.getInstance(attribute2.getAttrValues().getObjectAt(0)).getCerts()[0]));
        } catch (CMSException e) {
            throw new TSPException(e.getMessage(), e.getUnderlyingException());
        }
    }

    private static CMSSignedData m1(ContentInfo contentInfo) throws TSPException {
        try {
            return new CMSSignedData(contentInfo);
        } catch (CMSException e) {
            throw new TSPException("TSP parsing error: " + e.getMessage(), e.getCause());
        }
    }

    public Store getAttributeCertificates() {
        return this.m13109.getAttributeCertificates();
    }

    public Store getCRLs() {
        return this.m13109.getCRLs();
    }

    public Store getCertificates() {
        return this.m13109.getCertificates();
    }

    public byte[] getEncoded() throws IOException {
        return this.m13109.getEncoded();
    }

    public SignerId getSID() {
        return this.m13110.getSID();
    }

    public AttributeTable getSignedAttributes() {
        return this.m13110.getSignedAttributes();
    }

    public TimeStampTokenInfo getTimeStampInfo() {
        return this.m13111;
    }

    public AttributeTable getUnsignedAttributes() {
        return this.m13110.getUnsignedAttributes();
    }

    public boolean isSignatureValid(SignerInformationVerifier signerInformationVerifier) throws TSPException {
        try {
            return this.m13110.verify(signerInformationVerifier);
        } catch (CMSException e) {
            if (e.getUnderlyingException() != null) {
                throw new TSPException(e.getMessage(), e.getUnderlyingException());
            }
            throw new TSPException("CMS exception: " + e, e);
        }
    }

    public CMSSignedData toCMSSignedData() {
        return this.m13109;
    }

    public void validate(SignerInformationVerifier signerInformationVerifier) throws TSPException, TSPValidationException {
        if (!signerInformationVerifier.hasAssociatedCertificate()) {
            throw new IllegalArgumentException("verifier provider needs an associated certificate");
        }
        try {
            X509CertificateHolder associatedCertificate = signerInformationVerifier.getAssociatedCertificate();
            DigestCalculator digestCalculator = signerInformationVerifier.getDigestCalculator(this.m13112.m3213());
            OutputStream outputStream = digestCalculator.getOutputStream();
            outputStream.write(associatedCertificate.getEncoded());
            outputStream.close();
            if (!Arrays.constantTimeAreEqual(this.m13112.m3(), digestCalculator.getDigest())) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            if (this.m13112.m3214() != null) {
                IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(associatedCertificate.toASN1Structure());
                if (!this.m13112.m3214().getSerial().equals(issuerAndSerialNumber.getSerialNumber())) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                GeneralName[] names = this.m13112.m3214().getIssuer().getNames();
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i != names.length) {
                        if (names[i].getTagNo() == 4 && X500Name.getInstance(names[i].getName()).equals(X500Name.getInstance(issuerAndSerialNumber.getName()))) {
                            z = true;
                            break;
                        }
                        i++;
                    } else {
                        break;
                    }
                }
                if (!z) {
                    throw new TSPValidationException("certificate name does not match certID for signature. ");
                }
            }
            TSPUtil.validateCertificate(associatedCertificate);
            if (!associatedCertificate.isValidOn(this.m13111.getGenTime())) {
                throw new TSPValidationException("certificate not valid when time stamp created.");
            }
            if (!this.m13110.verify(signerInformationVerifier)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
        } catch (CMSException e) {
            if (e.getUnderlyingException() != null) {
                throw new TSPException(e.getMessage(), e.getUnderlyingException());
            }
            throw new TSPException("CMS exception: " + e, e);
        } catch (OperatorCreationException e2) {
            throw new TSPException("unable to create digest: " + e2.getMessage(), e2);
        } catch (IOException e3) {
            throw new TSPException("problem processing certificate: " + e3, e3);
        }
    }
}
