package net.netca.pki.impl.jce;

import java.util.Arrays;
import java.util.Date;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.Hex;
import net.netca.pki.encoding.asn1.pki.ExtKeyUsageExtension;
import net.netca.pki.encoding.asn1.pki.tsp.Accuracy;
import net.netca.pki.encoding.asn1.pki.tsp.MessageImprint;
import net.netca.pki.encoding.asn1.pki.tsp.TSTInfo;
import net.netca.pki.global.IHash;
import net.netca.pki.global.IVerifyTimeStamp;
import net.netca.pki.global.X509Certificate;

/* loaded from: classes3.dex */
public class JCEVerifyTimeStamp implements IVerifyTimeStamp {
    private JCEPki pki;
    private X509Certificate signCert;
    private TSTInfo tstInfo;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JCEVerifyTimeStamp(JCEPki jCEPki) {
        this.pki = jCEPki;
    }

    void checkTimeStampCert(X509Certificate x509Certificate) throws PkiException {
        String[] extKeyUsage = x509Certificate.getExtKeyUsage();
        if (extKeyUsage == null) {
            throw new PkiException("timestamp cert not extkeyusage extension");
        }
        boolean z = false;
        for (String str : extKeyUsage) {
            if (str.equals(ExtKeyUsageExtension.TIMESTAMPING_OID)) {
                z = true;
            }
        }
        if (!z) {
            throw new PkiException("timestamp cert not timstamping extkeyusage");
        }
    }

    @Override // net.netca.pki.global.IVerifyTimeStamp
    public int getAccuracyMicros() throws PkiException {
        if (this.tstInfo == null) {
            throw new PkiException("not call verifyTimeToken");
        }
        Accuracy accuracy = this.tstInfo.getAccuracy();
        if (accuracy == null) {
            return -1;
        }
        return accuracy.getMicros();
    }

    @Override // net.netca.pki.global.IVerifyTimeStamp
    public int getAccuracyMillis() throws PkiException {
        if (this.tstInfo == null) {
            throw new PkiException("not call verifyTimeToken");
        }
        Accuracy accuracy = this.tstInfo.getAccuracy();
        if (accuracy == null) {
            return -1;
        }
        return accuracy.getMillis();
    }

    @Override // net.netca.pki.global.IVerifyTimeStamp
    public int getAccuracySeconds() throws PkiException {
        if (this.tstInfo == null) {
            throw new PkiException("not call verifyTimeToken");
        }
        Accuracy accuracy = this.tstInfo.getAccuracy();
        if (accuracy == null) {
            return -1;
        }
        return accuracy.getSeconds();
    }

    @Override // net.netca.pki.global.IVerifyTimeStamp
    public String getPolicy() throws PkiException {
        if (this.tstInfo != null) {
            return this.tstInfo.getPolicy();
        }
        throw new PkiException("not call verifyTimeToken");
    }

    @Override // net.netca.pki.global.IVerifyTimeStamp
    public String getSerialNumber() throws PkiException {
        if (this.tstInfo != null) {
            return Hex.encode(true, this.tstInfo.getSerialNumber());
        }
        throw new PkiException("not call verifyTimeToken");
    }

    @Override // net.netca.pki.global.IVerifyTimeStamp
    public Date getTime() throws PkiException {
        if (this.tstInfo != null) {
            return this.tstInfo.getTime();
        }
        throw new PkiException("not call verifyTimeToken");
    }

    @Override // net.netca.pki.global.IVerifyTimeStamp
    public X509Certificate getTsaCert() throws PkiException {
        return this.signCert;
    }

    @Override // net.netca.pki.global.IVerifyTimeStamp
    public void verifyTimeToken(byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4) throws PkiException {
        JCESignedDataVerify jCESignedDataVerify = new JCESignedDataVerify(this.pki, new SignedDataVerifyInfo(null, Boolean.TRUE, Boolean.TRUE, null, 1));
        byte[] verify = jCESignedDataVerify.verify(bArr2, i3, i4);
        if (jCESignedDataVerify.getSignerCount() != 1) {
            throw new PkiException("too much signerinfo");
        }
        X509Certificate signCert = jCESignedDataVerify.getSignCert();
        checkTimeStampCert(signCert);
        TSTInfo tSTInfo = new TSTInfo(verify);
        MessageImprint messageImprint = tSTInfo.getMessageImprint();
        IHash hashObject = this.pki.getHashObject(messageImprint.getHashAlgorithm().getOid());
        if (hashObject == null) {
            throw new PkiException("create hash object fail");
        }
        hashObject.update(bArr, i, i2);
        if (!Arrays.equals(hashObject.doFinal(), messageImprint.getHashedMessage())) {
            throw new PkiException("hash value mismatch");
        }
        this.tstInfo = tSTInfo;
        this.signCert = signCert;
    }
}
