package com.dreamsecurity.jcaos.tsp;

import com.dreamsecurity.jcaos.Environment;
import com.dreamsecurity.jcaos.asn1.ASN1Encodable;
import com.dreamsecurity.jcaos.asn1.ASN1InputStream;
import com.dreamsecurity.jcaos.asn1.l.i;
import com.dreamsecurity.jcaos.asn1.oid.CMSObjectIdentifiers;
import com.dreamsecurity.jcaos.asn1.oid.X509ObjectIdentifiers;
import com.dreamsecurity.jcaos.b.c;
import com.dreamsecurity.jcaos.cms.Attribute;
import com.dreamsecurity.jcaos.cms.SignedData;
import com.dreamsecurity.jcaos.cms.SignerInfo;
import com.dreamsecurity.jcaos.exception.NotExistSignerCertException;
import com.dreamsecurity.jcaos.exception.ParsingException;
import com.dreamsecurity.jcaos.exception.VerifyException;
import com.dreamsecurity.jcaos.pki.PKIStatusInfo;
import com.dreamsecurity.jcaos.x509.X509Certificate;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;

/* loaded from: classes.dex */
public class TimeStampResp {

    /* renamed from: a, reason: collision with root package name */
    i f12475a;

    TimeStampResp(i iVar) {
        this.f12475a = iVar;
    }

    TimeStampResp(byte[] bArr) throws IOException {
        this(i.a(new ASN1InputStream(bArr).readObject()));
    }

    public static TimeStampResp getInstance(Object obj) throws IOException {
        if (obj instanceof byte[]) {
            return new TimeStampResp((byte[]) obj);
        }
        if (obj instanceof i) {
            return new TimeStampResp((i) obj);
        }
        throw new IllegalArgumentException("unknown object.");
    }

    public static TimeStampResp getInstance(byte[] bArr) throws IOException {
        return new TimeStampResp(bArr);
    }

    public byte[] getEncoded() {
        return this.f12475a.getDEREncoded();
    }

    public PKIStatusInfo getStatus() throws IOException {
        return PKIStatusInfo.getInstance(this.f12475a.a());
    }

    public SignedData getTimeStampToken() throws IOException {
        if (this.f12475a.b().a().equals(CMSObjectIdentifiers.id_signedData.getId())) {
            throw new IOException("content type is not signedData.");
        }
        return SignedData.getInstance(this.f12475a.b());
    }

    public void verify(TimeStampReq timeStampReq) throws IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, SignatureException, ParsingException, NotExistSignerCertException, VerifyException {
        boolean z5 = TimeStampReq.f12466b;
        SignedData timeStampToken = getTimeStampToken();
        timeStampToken.verify();
        if (!timeStampToken.getContentType().equals(X509ObjectIdentifiers.id_ct_TSTInfo.getId())) {
            throw new VerifyException("tstInto eContentType is no id-ct-TSTInfo.");
        }
        TSTInfo tSTInfo = TSTInfo.getInstance(timeStampToken.getContent());
        boolean z6 = true;
        if (tSTInfo.getVersion() != 1) {
            throw new VerifyException("only support TSTInfo version 1.");
        }
        if (!timeStampReq.c().equals(tSTInfo.getNonce())) {
            throw new VerifyException("req nonce and resp none is not same.");
        }
        if (timeStampToken.getSignerInfos().size() != 1) {
            throw new VerifyException("the time-stamp token MUST NOT contain any signatures other than the signature of the TSA.");
        }
        int i6 = 0;
        SignerInfo signerInfo = (SignerInfo) timeStampToken.getSignerInfos().get(0);
        X509Certificate signerCert = timeStampToken.getSignerCert(signerInfo.getSid());
        Attribute b6 = signerInfo.b("1.2.840.113549.1.9.16.2.12");
        if (b6 != null) {
            if (!com.dreamsecurity.jcaos.crypto.i.b.a(((com.dreamsecurity.jcaos.b.a) c.a(b6.getValue(0)).b().get(0)).c(), MessageDigest.getInstance("SHA1", Environment.getJCEProvider("SHA1")).digest(signerCert.getEncoded()))) {
                throw new VerifyException("essCertID value is invalid.");
            }
        }
        if (tSTInfo.getTSA() != null && !tSTInfo.getTSA().getDirectoryName().equals(signerCert.getSubjectDN().getName())) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("compare dn fail. (tsa : ");
            stringBuffer.append(tSTInfo.getTSA().getStringName());
            stringBuffer.append(", signer : ");
            stringBuffer.append(signerCert.getSubjectDN().getName());
            stringBuffer.append(")");
            throw new VerifyException(stringBuffer.toString());
        }
        ArrayList extendedKeyUsage = signerCert.getExtendedKeyUsage();
        boolean z7 = false;
        while (i6 < extendedKeyUsage.size()) {
            if (((String) extendedKeyUsage.get(i6)).indexOf("timeStamping") >= 0) {
                if (!z5) {
                    break;
                }
                ASN1Encodable.f10810c = !ASN1Encodable.f10810c;
                z7 = true;
            }
            i6++;
            if (z5) {
                break;
            }
        }
        z6 = z7;
        if (z6) {
            return;
        }
        StringBuffer stringBuffer2 = new StringBuffer();
        stringBuffer2.append("This certificate(");
        stringBuffer2.append(signerCert.getSubjectDN().getName());
        stringBuffer2.append(") is not for time stamp");
        throw new VerifyException(stringBuffer2.toString());
    }
}
