package org.bouncycastle.tsp;

import com.unity3d.ads.core.data.datasource.AndroidStaticDeviceInfoDataSource;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.ess.ESSCertID;
import org.bouncycastle.asn1.ess.SigningCertificate;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.tsp.TSTInfo;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.jce.PrincipalUtil;
import org.bouncycastle.jce.X509Principal;

/* loaded from: classes5.dex */
public class TimeStampToken {

    /* renamed from: a, reason: collision with root package name */
    public final CMSSignedData f36768a;

    /* renamed from: b, reason: collision with root package name */
    public final SignerInformation f36769b;

    /* renamed from: c, reason: collision with root package name */
    public final TimeStampTokenInfo f36770c;
    public final ESSCertID d;

    public TimeStampToken(ContentInfo contentInfo) {
        SignerInfo signerInfo;
        CMSSignedData cMSSignedData = new CMSSignedData(contentInfo);
        this.f36768a = cMSSignedData;
        SignedData signedData = cMSSignedData.f36083a;
        if (!signedData.f35650c.f35607a.f35584a.equals(PKCSObjectIdentifiers.Y8.f35584a)) {
            throw new TSPValidationException("ContentInfo object not for a time stamp.");
        }
        if (cMSSignedData.d == null) {
            ArrayList arrayList = new ArrayList();
            int i10 = 0;
            while (true) {
                ASN1Set aSN1Set = signedData.f35652f;
                if (i10 == aSN1Set.n()) {
                    cMSSignedData.d = new SignerInformationStore(arrayList);
                    break;
                }
                DEREncodable l10 = aSN1Set.l(i10);
                if (l10 == null || (l10 instanceof SignerInfo)) {
                    signerInfo = (SignerInfo) l10;
                } else {
                    if (!(l10 instanceof ASN1Sequence)) {
                        throw new IllegalArgumentException("unknown object in factory: ".concat(l10.getClass().getName()));
                    }
                    signerInfo = new SignerInfo((ASN1Sequence) l10);
                }
                arrayList.add(new SignerInformation(signerInfo, signedData.f35650c.f35607a, cMSSignedData.f36085c));
                i10++;
            }
        }
        SignerInformationStore signerInformationStore = cMSSignedData.d;
        signerInformationStore.getClass();
        HashMap hashMap = signerInformationStore.f36111a;
        ArrayList arrayList2 = new ArrayList(hashMap.size());
        for (Object obj : hashMap.values()) {
            if (obj instanceof List) {
                arrayList2.addAll((List) obj);
            } else {
                arrayList2.add(obj);
            }
        }
        if (arrayList2.size() != 1) {
            StringBuffer stringBuffer = new StringBuffer("Time-stamp token signed by ");
            stringBuffer.append(arrayList2.size());
            stringBuffer.append(" signers, but it must contain just the TSA signature.");
            throw new IllegalArgumentException(stringBuffer.toString());
        }
        SignerInformation signerInformation = (SignerInformation) arrayList2.iterator().next();
        this.f36769b = signerInformation;
        try {
            CMSProcessableByteArray cMSProcessableByteArray = this.f36768a.f36085c;
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(cMSProcessableByteArray.f36082a);
            this.f36770c = new TimeStampTokenInfo(TSTInfo.g(new ASN1InputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).c()));
            ASN1Set aSN1Set2 = signerInformation.d;
            Attribute a10 = (aSN1Set2 == null ? null : new AttributeTable(aSN1Set2)).a(PKCSObjectIdentifiers.Z8);
            if (a10 == null) {
                throw new TSPValidationException("no signing certificate attribute found, time stamp invalid.");
            }
            ASN1Sequence aSN1Sequence = SigningCertificate.g(a10.f35602b.l(0)).f35690a;
            ESSCertID[] eSSCertIDArr = new ESSCertID[aSN1Sequence.n()];
            for (int i11 = 0; i11 != aSN1Sequence.n(); i11++) {
                eSSCertIDArr[i11] = ESSCertID.g(aSN1Sequence.l(i11));
            }
            this.d = ESSCertID.g(eSSCertIDArr[0]);
        } catch (CMSException e10) {
            throw new TSPException(e10.getMessage(), 0);
        }
    }

    public final byte[] a() {
        CMSSignedData cMSSignedData = this.f36768a;
        cMSSignedData.getClass();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new ASN1OutputStream(byteArrayOutputStream).b(cMSSignedData.f36084b);
        return byteArrayOutputStream.toByteArray();
    }

    public final void b(String str, X509Certificate x509Certificate) {
        boolean z10;
        ESSCertID eSSCertID = this.d;
        try {
            if (!MessageDigest.isEqual(eSSCertID.f35688a.k(), MessageDigest.getInstance(AndroidStaticDeviceInfoDataSource.ALGORITHM_SHA1).digest(x509Certificate.getEncoded()))) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            IssuerSerial issuerSerial = eSSCertID.f35689b;
            if (issuerSerial != null) {
                if (!issuerSerial.f35962b.l().equals(x509Certificate.getSerialNumber())) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                GeneralName[] h6 = issuerSerial.f35961a.h();
                X509Principal a10 = PrincipalUtil.a(x509Certificate);
                int i10 = 0;
                while (true) {
                    if (i10 == h6.length) {
                        z10 = false;
                        break;
                    } else {
                        if (h6[i10].f35953b == 4 && new X509Principal(X509Name.h(h6[i10].f35952a)).equals(a10)) {
                            z10 = true;
                            break;
                        }
                        i10++;
                    }
                }
                if (!z10) {
                    throw new TSPValidationException("certificate name does not match certID for signature. ");
                }
            }
            TSPUtil.a(x509Certificate);
            x509Certificate.checkValidity(this.f36770c.f36772b);
            if (!this.f36769b.c(str, x509Certificate)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
        } catch (NoSuchAlgorithmException e10) {
            StringBuffer stringBuffer = new StringBuffer("cannot find algorithm: ");
            stringBuffer.append(e10);
            throw new TSPException(stringBuffer.toString(), 0);
        } catch (CertificateEncodingException e11) {
            StringBuffer stringBuffer2 = new StringBuffer("problem processing certificate: ");
            stringBuffer2.append(e11);
            throw new TSPException(stringBuffer2.toString(), 0);
        } catch (CMSException e12) {
            if (e12.f36081a != null) {
                throw new TSPException(e12.getMessage(), 0);
            }
            StringBuffer stringBuffer3 = new StringBuffer("CMS exception: ");
            stringBuffer3.append(e12);
            throw new TSPException(stringBuffer3.toString(), 0);
        }
    }
}
