package ubank;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import repack.org.bouncycastle.cms.CMSException;
import repack.org.bouncycastle.tsp.TSPException;
import repack.org.bouncycastle.tsp.TSPValidationException;

/* loaded from: classes2.dex */
public class dqe {
    dlo a;
    dml b;
    dqf c;
    a d;

    /* loaded from: classes2.dex */
    class a {
        private dhk b;
        private dhl c;

        a(dhk dhkVar) {
            this.b = dhkVar;
            this.c = null;
        }

        a(dhl dhlVar) {
            this.c = dhlVar;
            this.b = null;
        }

        public String a() {
            return this.b != null ? "SHA-1" : dhv.b.equals(this.c.e().e()) ? "SHA-256" : this.c.e().e().e();
        }

        public byte[] b() {
            return this.b != null ? this.b.e() : this.c.f();
        }

        public djz c() {
            return this.b != null ? this.b.f() : this.c.g();
        }
    }

    public dqe(dgg dggVar) throws TSPException, IOException {
        this(new dlo(dggVar));
    }

    public dqe(dlo dloVar) throws TSPException, IOException {
        this.a = dloVar;
        if (!this.a.b().equals(diq.at.e())) {
            throw new TSPValidationException("ContentInfo object not for a time stamp.");
        }
        Collection a2 = this.a.a().a();
        if (a2.size() != 1) {
            throw new IllegalArgumentException("Time-stamp token signed by " + a2.size() + " signers, but it must contain just the TSA signature.");
        }
        this.b = (dml) a2.iterator().next();
        try {
            dlj c = this.a.c();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            c.a(byteArrayOutputStream);
            this.c = new dqf(djc.a(new ddf(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).c()));
            dgc a3 = this.b.d().a(diq.aK);
            if (a3 != null) {
                this.d = new a(dhk.a(dhm.a(a3.f().a(0)).e()[0]));
                return;
            }
            dgc a4 = this.b.d().a(diq.aL);
            if (a4 == null) {
                throw new TSPValidationException("no signing certificate attribute found, time stamp invalid.");
            }
            this.d = new a(dhl.a(dhn.a(a4.f().a(0)).e()[0]));
        } catch (CMSException e) {
            throw new TSPException(e.getMessage(), e.getUnderlyingException());
        }
    }

    public dqf a() {
        return this.c;
    }

    public void a(X509Certificate x509Certificate, String str) throws TSPException, TSPValidationException, CertificateExpiredException, CertificateNotYetValidException, NoSuchProviderException {
        try {
            if (!dqg.b(this.d.b(), MessageDigest.getInstance(this.d.a()).digest(x509Certificate.getEncoded()))) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            if (this.d.c() != null) {
                if (!this.d.c().f().e().equals(x509Certificate.getSerialNumber())) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                djx[] e = this.d.c().e().e();
                dob a2 = doa.a(x509Certificate);
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i != e.length) {
                        if (e[i].e() == 4 && new dob(dkn.a(e[i].f())).equals(a2)) {
                            z = true;
                            break;
                        }
                        i++;
                    } else {
                        break;
                    }
                }
                if (!z) {
                    throw new TSPValidationException("certificate name does not match certID for signature. ");
                }
            }
            dqa.a(x509Certificate);
            x509Certificate.checkValidity(this.c.a());
            if (!this.b.a(x509Certificate, str)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new TSPException("cannot find algorithm: " + e2, e2);
        } catch (CertificateEncodingException e3) {
            throw new TSPException("problem processing certificate: " + e3, e3);
        } catch (CMSException e4) {
            if (e4.getUnderlyingException() != null) {
                throw new TSPException(e4.getMessage(), e4.getUnderlyingException());
            }
            throw new TSPException("CMS exception: " + e4, e4);
        }
    }

    public dgd b() {
        return this.b.d();
    }

    public byte[] c() throws IOException {
        return this.a.d();
    }
}
