package d.b.q;

import d.b.b.f4.b0;
import d.b.b.f4.h0;
import d.b.b.f4.w1;
import d.b.b.w3.s;
import d.b.b.z2.n;
import d.b.b.z2.y;
import d.b.d.c0;
import d.b.d.f2;
import d.b.d.i2;
import d.b.d.k2;
import d.b.d.n0;
import d.b.d.v0;
import d.b.n.t;
import d.b.r.o;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;

/* loaded from: classes2.dex */
public class k {

    /* renamed from: a, reason: collision with root package name */
    n0 f8396a;

    /* renamed from: b, reason: collision with root package name */
    i2 f8397b;

    /* renamed from: c, reason: collision with root package name */
    Date f8398c;

    /* renamed from: d, reason: collision with root package name */
    m f8399d;
    a e;

    /* loaded from: classes2.dex */
    private class a {

        /* renamed from: a, reason: collision with root package name */
        private d.b.b.f3.c f8400a;

        /* renamed from: b, reason: collision with root package name */
        private d.b.b.f3.d f8401b;

        a(d.b.b.f3.c cVar) {
            this.f8400a = cVar;
            this.f8401b = null;
        }

        a(d.b.b.f3.d dVar) {
            this.f8401b = dVar;
            this.f8400a = null;
        }

        public byte[] a() {
            d.b.b.f3.c cVar = this.f8400a;
            return cVar != null ? cVar.P() : this.f8401b.P();
        }

        public d.b.b.f4.b b() {
            return this.f8400a != null ? new d.b.b.f4.b(d.b.b.v3.b.i) : this.f8401b.Q();
        }

        public String c() {
            return this.f8400a != null ? "SHA-1" : d.b.b.r3.b.f5502c.equals(this.f8401b.Q().P()) ? "SHA-256" : this.f8401b.Q().P().a0();
        }

        public h0 d() {
            d.b.b.f3.c cVar = this.f8400a;
            return cVar != null ? cVar.R() : this.f8401b.S();
        }
    }

    public k(n nVar) throws c, IOException {
        this(h(nVar));
    }

    public k(n0 n0Var) throws c, IOException {
        a aVar;
        this.f8396a = n0Var;
        if (!n0Var.o().equals(s.z1.a0())) {
            throw new f("ContentInfo object not for a time stamp.");
        }
        Collection b2 = this.f8396a.q().b();
        if (b2.size() != 1) {
            throw new IllegalArgumentException("Time-stamp token signed by " + b2.size() + " signers, but it must contain just the TSA signature.");
        }
        this.f8397b = (i2) b2.iterator().next();
        try {
            v0 n = this.f8396a.n();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            n.b(byteArrayOutputStream);
            this.f8399d = new m(d.b.b.b4.c.S(new d.b.b.m(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).k()));
            d.b.b.z2.a d2 = this.f8397b.p().d(s.T1);
            if (d2 != null) {
                aVar = new a(d.b.b.f3.c.Q(d.b.b.f3.g.Q(d2.Q().a0(0)).P()[0]));
            } else {
                d.b.b.z2.a d3 = this.f8397b.p().d(s.U1);
                if (d3 == null) {
                    throw new f("no signing certificate attribute found, time stamp invalid.");
                }
                aVar = new a(d.b.b.f3.d.R(d.b.b.f3.h.Q(d3.Q().a0(0)).P()[0]));
            }
            this.e = aVar;
        } catch (c0 e) {
            throw new c(e.getMessage(), e.a());
        }
    }

    private static n0 h(n nVar) throws c {
        try {
            return new n0(nVar);
        } catch (c0 e) {
            throw new c("TSP parsing error: " + e.getMessage(), e.getCause());
        }
    }

    public o a() {
        return this.f8396a.a();
    }

    public o b() {
        return this.f8396a.d();
    }

    public o c() {
        return this.f8396a.g();
    }

    public CertStore d(String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, c0 {
        return this.f8396a.j(str, str2);
    }

    public byte[] e() throws IOException {
        return this.f8396a.m();
    }

    public f2 f() {
        return this.f8397b.n();
    }

    public d.b.b.z2.b g() {
        return this.f8397b.p();
    }

    public m i() {
        return this.f8399d;
    }

    public d.b.b.z2.b j() {
        return this.f8397b.s();
    }

    public boolean k(k2 k2Var) throws c {
        try {
            return this.f8397b.C(k2Var);
        } catch (c0 e) {
            if (e.a() != null) {
                throw new c(e.getMessage(), e.a());
            }
            throw new c("CMS exception: " + e, e);
        }
    }

    public n0 l() {
        return this.f8396a;
    }

    public void m(X509Certificate x509Certificate, String str) throws c, f, CertificateExpiredException, CertificateNotYetValidException, NoSuchProviderException {
        try {
            if (!d.b.r.a.C(this.e.a(), MessageDigest.getInstance(this.e.c()).digest(x509Certificate.getEncoded()))) {
                throw new f("certificate hash does not match certID hash.");
            }
            if (this.e.d() != null) {
                if (!this.e.d().T().Z().equals(x509Certificate.getSerialNumber())) {
                    throw new f("certificate serial number does not match certID for signature.");
                }
                b0[] S = this.e.d().R().S();
                d.b.j.k b2 = d.b.j.h.b(x509Certificate);
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i != S.length) {
                        if (S[i].y() == 4 && new d.b.j.k(w1.X(S[i].S())).equals(b2)) {
                            z = true;
                            break;
                        }
                        i++;
                    } else {
                        break;
                    }
                }
                if (!z) {
                    throw new f("certificate name does not match certID for signature. ");
                }
            }
            e.j(x509Certificate);
            x509Certificate.checkValidity(this.f8399d.c());
            if (!this.f8397b.A(x509Certificate, str)) {
                throw new f("signature not created by certificate.");
            }
        } catch (c0 e) {
            if (e.a() != null) {
                throw new c(e.getMessage(), e.a());
            }
            throw new c("CMS exception: " + e, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new c("cannot find algorithm: " + e2, e2);
        } catch (CertificateEncodingException e3) {
            throw new c("problem processing certificate: " + e3, e3);
        }
    }

    public void n(k2 k2Var) throws c, f {
        if (!k2Var.d()) {
            throw new IllegalArgumentException("verifier provider needs an associated certificate");
        }
        try {
            d.b.c.i a2 = k2Var.a();
            d.b.n.i c2 = k2Var.c(this.e.b());
            OutputStream b2 = c2.b();
            b2.write(a2.b());
            b2.close();
            if (!d.b.r.a.C(this.e.a(), c2.c())) {
                throw new f("certificate hash does not match certID hash.");
            }
            if (this.e.d() != null) {
                y yVar = new y(a2.u());
                if (!this.e.d().T().equals(yVar.R())) {
                    throw new f("certificate serial number does not match certID for signature.");
                }
                b0[] S = this.e.d().R().S();
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i != S.length) {
                        if (S[i].y() == 4 && d.b.b.e4.d.R(S[i].S()).equals(d.b.b.e4.d.R(yVar.Q()))) {
                            z = true;
                            break;
                        }
                        i++;
                    } else {
                        break;
                    }
                }
                if (!z) {
                    throw new f("certificate name does not match certID for signature. ");
                }
            }
            e.k(a2);
            if (!a2.s(this.f8399d.c())) {
                throw new f("certificate not valid when time stamp created.");
            }
            if (!this.f8397b.C(k2Var)) {
                throw new f("signature not created by certificate.");
            }
        } catch (c0 e) {
            if (e.a() != null) {
                throw new c(e.getMessage(), e.a());
            }
            throw new c("CMS exception: " + e, e);
        } catch (t e2) {
            throw new c("unable to create digest: " + e2.getMessage(), e2);
        } catch (IOException e3) {
            throw new c("problem processing certificate: " + e3, e3);
        }
    }
}
