package net.netca.pki.encoding.asn1.pki.cms;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import net.netca.pki.NonExistentException;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.Integer;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.ObjectIdentifierType;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.OctetStringType;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceType;
import net.netca.pki.encoding.asn1.SetOf;
import net.netca.pki.encoding.asn1.TaggedValue;
import net.netca.pki.encoding.asn1.Unknown;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.Attributes;
import net.netca.pki.encoding.asn1.pki.Hashable;
import net.netca.pki.encoding.asn1.pki.IHttp;
import net.netca.pki.encoding.asn1.pki.PublicKey;
import net.netca.pki.encoding.asn1.pki.SecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.Time;
import net.netca.pki.encoding.asn1.pki.Verifible;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.cms.cades.ATSHashIndex;
import net.netca.pki.encoding.asn1.pki.cms.cades.ATSHashIndexV3;
import net.netca.pki.encoding.asn1.pki.tsp.MessageImprint;
import net.netca.pki.encoding.asn1.pki.tsp.MessageImprintMisMatchException;
import net.netca.pki.encoding.asn1.pki.tsp.TSTInfo;
import net.netca.pki.encoding.asn1.pki.tsp.TimeStampResp;

/* loaded from: classes3.dex */
public final class SignerInfo {
    private static final SequenceType type = (SequenceType) ASN1TypeManager.getInstance().get("SignerInfo");
    private X509Certificate cert;
    private Hashable hasher;
    private IHttp http;
    private SecureRandomGenerator randGenerator;
    private Sequence seq;
    private Attributes unsignedAttrs;
    private Verifible verifier;
    private boolean modifyUnsignedAttrs = false;
    private Date contentTimeStampTime = null;
    private X509Certificate contentTimeStampCert = null;
    private SignedData contentTimeStampObject = null;
    private Date signatureTimeStampTime = null;
    private X509Certificate signatureTimeStampCert = null;
    private SignedData signatureTimeStampObject = null;
    private Date escTimeStampTime = null;
    private X509Certificate escTimeStampCert = null;
    private SignedData escTimeStampObject = null;
    private Date certCrlTimeStampTime = null;
    private X509Certificate certCrlTimeStampCert = null;
    private SignedData certCrlTimeStampObject = null;
    private Date archiveTimeStampV2Time = null;
    private X509Certificate archiveTimeStampV2Cert = null;
    private SignedData archiveTimeStampV2Object = null;
    private Date archiveTimeStampV3Time = null;
    private X509Certificate archiveTimeStampV3Cert = null;
    private SignedData archiveTimeStampV3Object = null;
    private ATSHashIndex atsHashIndex = null;
    private ATSHashIndexV3 atsHashIndexV3 = null;

    public SignerInfo(Sequence sequence) throws PkiException {
        if (!type.match(sequence)) {
            throw new PkiException("not SignerInfo");
        }
        this.seq = sequence;
        this.unsignedAttrs = getUnsignedAttrs(sequence);
    }

    public SignerInfo(SignerIdentifier signerIdentifier, AlgorithmIdentifier algorithmIdentifier, Attributes attributes, AlgorithmIdentifier algorithmIdentifier2, byte[] bArr, Attributes attributes2) throws PkiException {
        if (signerIdentifier == null) {
            throw new PkiException("sid is null");
        }
        if (algorithmIdentifier == null) {
            throw new PkiException("digestAlgorithm is null");
        }
        if (algorithmIdentifier2 == null) {
            throw new PkiException("signatureAlgorithm is null");
        }
        if (bArr == null) {
            throw new PkiException("signatureAlgorithm is null");
        }
        int i = signerIdentifier.getType() == 1 ? 1 : 3;
        this.seq = new Sequence(type);
        this.seq.add(new Integer(i));
        this.seq.add(signerIdentifier.getASN1Object());
        this.seq.add(algorithmIdentifier.getASN1Object());
        if (attributes != null) {
            this.seq.add(new TaggedValue(128, 0, true, attributes.getASN1Object()));
        }
        this.seq.add(algorithmIdentifier2.getASN1Object());
        this.seq.add(new OctetString(bArr));
        if (attributes2 != null) {
            this.seq.add(new TaggedValue(128, 1, true, attributes2.getASN1Object()));
        }
        this.unsignedAttrs = attributes2;
    }

    private SignerInfo(byte[] bArr) throws PkiException {
        this.seq = (Sequence) ASN1Object.decode(bArr, type);
        this.unsignedAttrs = getUnsignedAttrs(this.seq);
    }

    private Date checkTstInfo(SignedData signedData, byte[] bArr) throws PkiException {
        TSTInfo tSTInfo = new TSTInfo((Sequence) signedData.getEncapContentInfo().getContentObject(TSTInfo.getASN1Type()));
        MessageImprint messageImprint = tSTInfo.getMessageImprint();
        if (Arrays.equals(this.hasher.hash(messageImprint.getHashAlgorithm(), bArr, 0, bArr.length), messageImprint.getHashedMessage())) {
            return tSTInfo.getTime();
        }
        throw new MessageImprintMisMatchException();
    }

    public static SignerInfo decode(byte[] bArr) throws PkiException {
        return new SignerInfo(bArr);
    }

    public static SequenceType getASN1Type() {
        return type;
    }

    public static AlgorithmIdentifier getArchiveTimeStampTokenV3HashAlgorithmIdentifier(Attribute attribute) throws PkiException {
        if (!attribute.getType().equals(Attribute.ARCHIVE_TIMESTAMP_V3)) {
            throw new PkiException("no archive timestamp v3 attribute");
        }
        SetOf value = attribute.getValue();
        int size = value.size();
        if (size < 1) {
            throw new PkiException("no ArchiveTimeStampTokenV3");
        }
        if (size <= 1) {
            return new TSTInfo((Sequence) new SignedData(value.get(0).encode()).getEncapContentInfo().getContentObject(TSTInfo.getASN1Type())).getMessageImprint().getHashAlgorithm();
        }
        throw new PkiException("ArchiveTimeStampTokenV3 to much " + size);
    }

    private byte[] getCertCRLTimeStampHashData() throws PkiException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (this.unsignedAttrs == null) {
                throw new PkiException("no unsignedAttrs");
            }
            Attribute attribute = this.unsignedAttrs.get(Attribute.COMPLETE_CERTIFICATE_REFS);
            if (attribute == null) {
                throw new PkiException("no complete-certificate-references");
            }
            Sequence aSN1Object = attribute.getASN1Object();
            byteArrayOutputStream.write(aSN1Object.getASN1Type().encodeContent(aSN1Object));
            Attribute attribute2 = this.unsignedAttrs.get(Attribute.COMPLETE_REVOCATION_REFS);
            if (attribute2 == null) {
                throw new PkiException("no complete-revocation-references");
            }
            Sequence aSN1Object2 = attribute2.getASN1Object();
            byteArrayOutputStream.write(aSN1Object2.getASN1Type().encodeContent(aSN1Object2));
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    private SignedData getCertCRLTimeStampToken() throws PkiException {
        if (this.unsignedAttrs == null) {
            throw new NonExistentException("no TimestampedCertsCRLs");
        }
        Attribute attribute = this.unsignedAttrs.get(Attribute.CERT_CRL_TIMESTAMP);
        if (attribute == null) {
            throw new NonExistentException("no TimestampedCertsCRLs");
        }
        SetOf value = attribute.getValue();
        int size = value.size();
        if (size < 1) {
            throw new PkiException("no TimestampedCertsCRLs");
        }
        if (size <= 1) {
            return new SignedData(value.get(0).encode());
        }
        throw new PkiException("TimestampedCertsCRLs to much " + size);
    }

    private SignedData getContentTimeStampToken() throws PkiException {
        Attributes signedAttrs = getSignedAttrs();
        if (signedAttrs == null) {
            throw new NonExistentException("no content-time-stamp");
        }
        Attribute attribute = signedAttrs.get(Attribute.CONTENT_TIMESTAMP);
        if (attribute == null) {
            throw new NonExistentException("no content-time-stamp");
        }
        SetOf value = attribute.getValue();
        int size = value.size();
        if (size < 1) {
            throw new PkiException("no content-time-stamp");
        }
        if (size <= 1) {
            return new SignedData(value.get(0).encode());
        }
        throw new PkiException("content-time-stamp to much " + size);
    }

    private byte[] getESCTimeStampHashData() throws PkiException {
        try {
            byte[] signature = getSignature();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(signature);
            if (this.unsignedAttrs == null) {
                throw new PkiException("no unsignedAttrs");
            }
            Attribute attribute = this.unsignedAttrs.get(Attribute.SIGNATURE_TIMESTAMP);
            if (attribute == null) {
                throw new PkiException("no signature-time-stamp");
            }
            Sequence aSN1Object = attribute.getASN1Object();
            byteArrayOutputStream.write(aSN1Object.getASN1Type().encodeContent(aSN1Object));
            Attribute attribute2 = this.unsignedAttrs.get(Attribute.COMPLETE_CERTIFICATE_REFS);
            if (attribute2 == null) {
                throw new PkiException("no complete-certificate-references");
            }
            Sequence aSN1Object2 = attribute2.getASN1Object();
            byteArrayOutputStream.write(aSN1Object2.getASN1Type().encodeContent(aSN1Object2));
            Attribute attribute3 = this.unsignedAttrs.get(Attribute.COMPLETE_REVOCATION_REFS);
            if (attribute3 == null) {
                throw new PkiException("no complete-revocation-references");
            }
            Sequence aSN1Object3 = attribute3.getASN1Object();
            byteArrayOutputStream.write(aSN1Object3.getASN1Type().encodeContent(aSN1Object3));
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    private SignedData getESCTimeStampToken() throws PkiException {
        if (this.unsignedAttrs == null) {
            throw new NonExistentException("no CAdES-C-time-stamp");
        }
        Attribute attribute = this.unsignedAttrs.get(Attribute.ESC_TIMESTAMP);
        if (attribute == null) {
            throw new NonExistentException("no CAdES-C-time-stamp");
        }
        SetOf value = attribute.getValue();
        int size = value.size();
        if (size < 1) {
            throw new PkiException("no CAdES-C-time-stamp");
        }
        if (size <= 1) {
            return new SignedData(value.get(0).encode());
        }
        throw new PkiException("CAdES-C-time-stamp to much " + size);
    }

    private SignedData getSignatureTimeStampToken() throws PkiException {
        if (this.unsignedAttrs == null) {
            throw new NonExistentException("no signature-time-stamp");
        }
        Attribute attribute = this.unsignedAttrs.get(Attribute.SIGNATURE_TIMESTAMP);
        if (attribute == null) {
            throw new NonExistentException("no signature-time-stamp");
        }
        SetOf value = attribute.getValue();
        int size = value.size();
        if (size < 1) {
            throw new PkiException("no signature-time-stamp");
        }
        if (size <= 1) {
            return new SignedData(value.get(0).encode());
        }
        throw new PkiException("signature-time-stamp to much " + size);
    }

    private int getUnsignedAttrIndex(Attribute attribute) throws PkiException {
        if (this.unsignedAttrs == null) {
            return -1;
        }
        int size = this.unsignedAttrs.size();
        for (int i = 0; i < size; i++) {
            if (this.unsignedAttrs.get(i) == attribute) {
                return i;
            }
        }
        return -1;
    }

    private ArrayList<Attribute> getUnsignedAttributes(String str) throws PkiException {
        ArrayList<Attribute> arrayList = new ArrayList<>();
        if (this.unsignedAttrs == null) {
            return arrayList;
        }
        int size = this.unsignedAttrs.size();
        for (int i = 0; i < size; i++) {
            Attribute attribute = this.unsignedAttrs.get(i);
            if (attribute.getType().equals(str)) {
                arrayList.add(attribute);
            }
        }
        return arrayList;
    }

    private Attributes getUnsignedAttrs(Sequence sequence) throws PkiException {
        TaggedValue taggedValue = (TaggedValue) sequence.get("unsignedAttrs");
        if (taggedValue == null) {
            return null;
        }
        return new Attributes((SetOf) taggedValue.getInnerValue());
    }

    private boolean hasSignedAttr(String str) {
        try {
            Attributes signedAttrs = getSignedAttrs();
            if (signedAttrs == null) {
                return false;
            }
            return signedAttrs.get(str) != null;
        } catch (PkiException unused) {
            return false;
        }
    }

    private boolean hasSignedAttribute(String str) throws PkiException {
        Attributes signedAttrs = getSignedAttrs();
        return (signedAttrs == null || signedAttrs.get(str) == null) ? false : true;
    }

    private boolean hasUnsignedAttrs(String str) {
        return (this.unsignedAttrs == null || this.unsignedAttrs.get(str) == null) ? false : true;
    }

    private void hashUpdate(Hashable hashable, InputStream inputStream) throws IOException, PkiException {
        byte[] bArr = new byte[8192];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return;
            } else {
                hashable.update(bArr, 0, read);
            }
        }
    }

    private boolean matchContentType(Attributes attributes, String str) throws PkiException {
        if (str == null) {
            return true;
        }
        Attribute attribute = attributes.get(Attribute.CONTENT_TYPE);
        if (attribute == null) {
            throw new PkiException("no ContentType Attribute");
        }
        SetOf value = attribute.getValue();
        if (value.size() != 1) {
            throw new PkiException("bad ContentType Attribute");
        }
        ASN1Object aSN1Object = value.get(0).to(ObjectIdentifierType.getInstance());
        if (aSN1Object != null) {
            return str.equals(((ObjectIdentifier) aSN1Object).getString());
        }
        throw new PkiException("bad ContentType Attribute");
    }

    private boolean matchMessageDigest(Attributes attributes, byte[] bArr) throws PkiException {
        Attribute attribute = attributes.get(Attribute.MESSAGE_DIGEST);
        if (attribute == null) {
            throw new PkiException("no MessageDigest Attribute");
        }
        SetOf value = attribute.getValue();
        if (value.size() != 1) {
            throw new PkiException("bad MessageDigest Attribute");
        }
        ASN1Object aSN1Object = value.get(0).to(OctetStringType.getInstance());
        if (aSN1Object != null) {
            return Arrays.equals(bArr, ((OctetString) aSN1Object).getValue());
        }
        throw new PkiException("bad MessageDigest Attribute");
    }

    private boolean matchSigningCertificate(Attributes attributes, X509Certificate x509Certificate, Hashable hashable) throws PkiException {
        Sequence sequence;
        Attribute attribute = attributes.get(Attribute.SIGNING_CERTIFICATE);
        if (attribute == null) {
            return true;
        }
        SetOf value = attribute.getValue();
        if (value.size() != 1) {
            throw new PkiException("bad SigningCertificate Attribute");
        }
        ASN1Object aSN1Object = value.get(0);
        if (aSN1Object instanceof Unknown) {
            sequence = (Sequence) ((Unknown) aSN1Object).to(SigningCertificate.type);
        } else {
            if (!(aSN1Object instanceof Sequence)) {
                throw new PkiException("bad SigningCertificate Attribute");
            }
            sequence = (Sequence) aSN1Object;
        }
        return new SigningCertificate(sequence).match(x509Certificate, hashable);
    }

    private boolean matchSigningCertificateV2(Attributes attributes, X509Certificate x509Certificate, Hashable hashable) throws PkiException {
        Sequence sequence;
        Attribute attribute = attributes.get(Attribute.SIGNING_CERTIFICATE_V2);
        if (attribute == null) {
            return true;
        }
        SetOf value = attribute.getValue();
        if (value.size() != 1) {
            throw new PkiException("bad SigningCertificateV2 Attribute");
        }
        ASN1Object aSN1Object = value.get(0);
        if (aSN1Object instanceof Unknown) {
            sequence = (Sequence) ((Unknown) aSN1Object).to(SigningCertificateV2.type);
        } else {
            if (!(aSN1Object instanceof Sequence)) {
                throw new PkiException("bad SigningCertificateV2 Attribute");
            }
            sequence = (Sequence) aSN1Object;
        }
        return new SigningCertificateV2(sequence).match(x509Certificate, hashable);
    }

    private TaggedValue newUnsignedAttrs(int i) throws PkiException {
        Attributes attributes = new Attributes(false);
        for (int i2 = 0; i2 < i; i2++) {
            attributes.add(this.unsignedAttrs.get(i2));
        }
        return new TaggedValue(128, 1, true, attributes.getASN1Object());
    }

    private boolean verify(String str, byte[] bArr, byte[] bArr2, int i, int i2, Verifible verifible, Hashable hashable, CertificateSet certificateSet, Iterator<X509Certificate> it) throws PkiException {
        if (verifible != null) {
            this.verifier = verifible;
        }
        if (hashable != null) {
            this.hasher = hashable;
        }
        X509Certificate signCert = getSignCert(this.hasher, certificateSet, it);
        if (signCert == null) {
            this.cert = null;
            throw new PkiException("no Certificate match");
        }
        this.cert = signCert;
        AlgorithmIdentifier trueSignatureAlgorithm = getTrueSignatureAlgorithm();
        PublicKey publicKey = signCert.getSubjectPublicKeyInfo().getPublicKey();
        Attributes signedAttrs = getSignedAttrs();
        if (signedAttrs == null) {
            if (bArr == null) {
                return this.verifier.verify(publicKey, trueSignatureAlgorithm, bArr2, i, i2, getSignature());
            }
            throw new PkiException("no signedAttrs");
        }
        if (!matchContentType(signedAttrs, str)) {
            throw new PkiException("ContentType mismatch");
        }
        if (!matchMessageDigest(signedAttrs, bArr != null ? bArr : this.hasher.hash(getDigestAlgorithm(), bArr2, i, i2))) {
            throw new PkiException("MessageDigest mismatch");
        }
        byte[] encode = signedAttrs.getASN1Object().encode();
        return verifible.verify(publicKey, trueSignatureAlgorithm, encode, 0, encode.length, getSignature());
    }

    private boolean verify(String str, byte[] bArr, byte[] bArr2, int i, int i2, Verifible verifible, Hashable hashable, CertificateSet certificateSet, X509Certificate x509Certificate) throws PkiException {
        X509Certificate x509Certificate2;
        X509Certificate x509Certificate3 = x509Certificate;
        if (verifible != null) {
            this.verifier = verifible;
        }
        if (hashable != null) {
            this.hasher = hashable;
        }
        if (x509Certificate3 == null || !match(x509Certificate3, this.hasher)) {
            x509Certificate3 = null;
        }
        if (x509Certificate3 != null || certificateSet == null) {
            x509Certificate2 = x509Certificate3;
        } else {
            int size = certificateSet.size();
            x509Certificate2 = x509Certificate3;
            for (int i3 = 0; i3 < size; i3++) {
                CertificateChoices certificateChoices = certificateSet.get(i3);
                if (certificateChoices.getType() == 1 && (x509Certificate2 = certificateChoices.getX509PublicKeyCert()) != null) {
                    if (match(x509Certificate2, this.hasher)) {
                        break;
                    }
                    x509Certificate2 = null;
                }
            }
        }
        if (x509Certificate2 == null) {
            this.cert = null;
            throw new PkiException("no Certificate match");
        }
        this.cert = x509Certificate2;
        AlgorithmIdentifier trueSignatureAlgorithm = getTrueSignatureAlgorithm();
        PublicKey publicKey = x509Certificate2.getSubjectPublicKeyInfo().getPublicKey();
        Attributes signedAttrs = getSignedAttrs();
        if (signedAttrs == null) {
            if (bArr != null) {
                throw new PkiException("no signedAttrs");
            }
            if (this.verifier.verify(publicKey, trueSignatureAlgorithm, bArr2, i, i2, getSignature())) {
                return true;
            }
        } else {
            if (!matchContentType(signedAttrs, str)) {
                throw new PkiException("ContentType mismatch");
            }
            if (!matchMessageDigest(signedAttrs, bArr != null ? bArr : this.hasher.hash(getDigestAlgorithm(), bArr2, i, i2))) {
                throw new PkiException("MessageDigest mismatch");
            }
            byte[] encode = signedAttrs.getASN1Object().encode();
            if (verifible.verify(publicKey, trueSignatureAlgorithm, encode, 0, encode.length, getSignature())) {
                return true;
            }
        }
        return false;
    }

    private boolean verifyArchiveTimeStampTokenV2(Attribute attribute, SignedData signedData, InputStream inputStream, X509Certificate x509Certificate, Iterator<X509Certificate> it) throws PkiException {
        try {
            int unsignedAttrIndex = getUnsignedAttrIndex(attribute);
            if (unsignedAttrIndex < 0) {
                throw new PkiException("no such ArchiveTimeStampTokenV2");
            }
            if (unsignedAttrIndex == 0) {
                throw new PkiException("no other attribute");
            }
            if (!attribute.getType().equals(Attribute.ARCHIVE_TIMESTAMP_V2)) {
                throw new PkiException("not archive timestamp v2 attribute");
            }
            SetOf value = attribute.getValue();
            int size = value.size();
            if (size < 1) {
                throw new PkiException("no ArchiveTimeStampTokenV2");
            }
            if (size > 1) {
                throw new PkiException("ArchiveTimeStampTokenV2 to much " + size);
            }
            SignedData signedData2 = new SignedData(value.get(0).encode());
            if (it != null) {
                if (!TimeStampResp.verifyTimeStamp(signedData2, this.verifier, this.hasher, it)) {
                    return false;
                }
            } else if (x509Certificate != null) {
                if (!TimeStampResp.verifyTimeStamp(signedData2, this.verifier, this.hasher, x509Certificate)) {
                    return false;
                }
            } else if (!TimeStampResp.verifyTimeStamp(signedData2, this.verifier, this.hasher)) {
                return false;
            }
            TSTInfo tSTInfo = new TSTInfo((Sequence) signedData2.getEncapContentInfo().getContentObject(TSTInfo.getASN1Type()));
            MessageImprint messageImprint = tSTInfo.getMessageImprint();
            this.hasher.init(messageImprint.getHashAlgorithm());
            byte[] encode = signedData.getEncapContentInfo().getASN1Object().encode();
            this.hasher.update(encode, 0, encode.length);
            if (signedData.isDetached()) {
                hashUpdate(this.hasher, inputStream);
            }
            Sequence sequence = (Sequence) signedData.getASN1Object();
            ASN1Object aSN1Object = sequence.get("certificates");
            if (aSN1Object != null) {
                byte[] encode2 = aSN1Object.encode();
                this.hasher.update(encode2, 0, encode2.length);
            }
            ASN1Object aSN1Object2 = sequence.get("crls");
            if (aSN1Object2 != null) {
                byte[] encode3 = aSN1Object2.encode();
                this.hasher.update(encode3, 0, encode3.length);
            }
            Sequence aSN1Object3 = getASN1Object();
            int size2 = aSN1Object3.size();
            for (int i = 0; i < size2 - 1; i++) {
                byte[] encode4 = aSN1Object3.get(i).encode();
                this.hasher.update(encode4, 0, encode4.length);
            }
            byte[] encode5 = newUnsignedAttrs(unsignedAttrIndex).encode();
            this.hasher.update(encode5, 0, encode5.length);
            if (!Arrays.equals(this.hasher.digest(), messageImprint.getHashedMessage())) {
                throw new MessageImprintMisMatchException();
            }
            this.archiveTimeStampV2Cert = signedData2.getSignCert(0);
            this.archiveTimeStampV2Time = tSTInfo.getTime();
            this.archiveTimeStampV2Object = signedData2;
            return true;
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    private boolean verifyArchiveTimeStampTokenV2(Attribute attribute, SignedData signedData, byte[] bArr, X509Certificate x509Certificate, Iterator<X509Certificate> it) throws PkiException {
        try {
            int unsignedAttrIndex = getUnsignedAttrIndex(attribute);
            if (unsignedAttrIndex < 0) {
                throw new PkiException("no such ArchiveTimeStampTokenV2");
            }
            if (unsignedAttrIndex == 0) {
                throw new PkiException("no other attribute");
            }
            if (!attribute.getType().equals(Attribute.ARCHIVE_TIMESTAMP_V2)) {
                throw new PkiException("not archive timestamp v2 attribute");
            }
            SetOf value = attribute.getValue();
            int size = value.size();
            if (size < 1) {
                throw new PkiException("no ArchiveTimeStampTokenV2");
            }
            if (size > 1) {
                throw new PkiException("ArchiveTimeStampTokenV2 to much " + size);
            }
            SignedData signedData2 = new SignedData(value.get(0).encode());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(signedData.getEncapContentInfo().getASN1Object().encode());
            if (signedData.isDetached()) {
                byteArrayOutputStream.write(bArr);
            }
            Sequence sequence = (Sequence) signedData.getASN1Object();
            ASN1Object aSN1Object = sequence.get("certificates");
            if (aSN1Object != null) {
                byteArrayOutputStream.write(aSN1Object.encode());
            }
            ASN1Object aSN1Object2 = sequence.get("crls");
            if (aSN1Object2 != null) {
                byteArrayOutputStream.write(aSN1Object2.encode());
            }
            Sequence aSN1Object3 = getASN1Object();
            int size2 = aSN1Object3.size();
            for (int i = 0; i < size2 - 1; i++) {
                byteArrayOutputStream.write(aSN1Object3.get(i).encode());
            }
            byteArrayOutputStream.write(newUnsignedAttrs(unsignedAttrIndex).encode());
            if (it != null) {
                if (!TimeStampResp.verifyTimeStamp(signedData2, this.verifier, this.hasher, it)) {
                    return false;
                }
            } else if (x509Certificate != null) {
                if (!TimeStampResp.verifyTimeStamp(signedData2, this.verifier, this.hasher, x509Certificate)) {
                    return false;
                }
            } else if (!TimeStampResp.verifyTimeStamp(signedData2, this.verifier, this.hasher)) {
                return false;
            }
            this.archiveTimeStampV2Cert = signedData2.getSignCert(0);
            this.archiveTimeStampV2Time = checkTstInfo(signedData2, byteArrayOutputStream.toByteArray());
            this.archiveTimeStampV2Object = signedData2;
            return true;
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    private boolean verifyArchiveTimeStampTokenV3(Attribute attribute, SignedData signedData, InputStream inputStream, X509Certificate x509Certificate, Iterator<X509Certificate> it) throws PkiException {
        ATSHashIndex aTSHashIndex;
        ATSHashIndexV3 aTSHashIndexV3;
        byte[] hash;
        try {
            if (this.hasher == null) {
                throw new PkiException("no hasher");
            }
            if (!attribute.getType().equals(Attribute.ARCHIVE_TIMESTAMP_V3)) {
                throw new PkiException("no archive timestamp v3 attribute");
            }
            SetOf value = attribute.getValue();
            int size = value.size();
            if (size < 1) {
                throw new PkiException("no ArchiveTimeStampTokenV3");
            }
            if (size > 1) {
                throw new PkiException("ArchiveTimeStampTokenV3 to much " + size);
            }
            SignedData signedData2 = new SignedData(value.get(0).encode());
            if (it != null) {
                if (!TimeStampResp.verifyTimeStamp(signedData2, this.verifier, this.hasher, it)) {
                    return false;
                }
            } else if (x509Certificate != null) {
                if (!TimeStampResp.verifyTimeStamp(signedData2, this.verifier, this.hasher, x509Certificate)) {
                    return false;
                }
            } else if (!TimeStampResp.verifyTimeStamp(signedData2, this.verifier, this.hasher)) {
                return false;
            }
            SignerInfo signerInfo = signedData2.getSignerInfos().get(0);
            int i = 0;
            while (true) {
                aTSHashIndex = null;
                if (i > signerInfo.unsignedAttrs.size()) {
                    aTSHashIndexV3 = null;
                    break;
                }
                Attribute attribute2 = signerInfo.unsignedAttrs.get(i);
                String type2 = attribute2.getType();
                if (type2.equals(Attribute.ATS_HASH_INDEX_V3)) {
                    SetOf value2 = attribute2.getValue();
                    int size2 = value2.size();
                    if (size2 < 1) {
                        throw new PkiException("no ArchiveHashIndexV3");
                    }
                    if (size2 > 1) {
                        throw new PkiException("ArchiveHashIndexV3 to much " + size2);
                    }
                    aTSHashIndexV3 = ATSHashIndexV3.decode(value2.get(0).encode());
                } else if (type2.equals(Attribute.ATS_HASH_INDEX)) {
                    SetOf value3 = attribute2.getValue();
                    int size3 = value3.size();
                    if (size3 < 1) {
                        throw new PkiException("no ArchiveHashIndex");
                    }
                    if (size3 > 1) {
                        throw new PkiException("ArchiveHashIndex to much " + size3);
                    }
                    aTSHashIndex = ATSHashIndex.decode(value3.get(0).encode());
                    aTSHashIndexV3 = null;
                } else {
                    i++;
                }
            }
            if (aTSHashIndex == null && aTSHashIndexV3 == null) {
                throw new PkiException("no ArchiveHashIndexV3 or ArchiveHashIndex");
            }
            this.atsHashIndex = aTSHashIndex;
            this.atsHashIndexV3 = aTSHashIndexV3;
            TSTInfo tSTInfo = new TSTInfo((Sequence) signedData2.getEncapContentInfo().getContentObject(TSTInfo.getASN1Type()));
            MessageImprint messageImprint = tSTInfo.getMessageImprint();
            AlgorithmIdentifier hashAlgorithm = messageImprint.getHashAlgorithm();
            EncapsulatedContentInfo encapContentInfo = signedData.getEncapContentInfo();
            String contentType = encapContentInfo.getContentType();
            if (signedData.isDetached()) {
                this.hasher.init(hashAlgorithm);
                hashUpdate(this.hasher, inputStream);
                hash = this.hasher.digest();
            } else {
                byte[] tbs = encapContentInfo.getTbs();
                hash = this.hasher.hash(hashAlgorithm, tbs, 0, tbs.length);
            }
            this.hasher.init(hashAlgorithm);
            byte[] encode = new ObjectIdentifier(contentType).encode();
            this.hasher.update(encode, 0, encode.length);
            this.hasher.update(hash, 0, hash.length);
            Sequence aSN1Object = getASN1Object();
            int size4 = aSN1Object.size() - 1;
            for (int i2 = 0; i2 < size4; i2++) {
                byte[] encode2 = aSN1Object.get(i2).encode();
                this.hasher.update(encode2, 0, encode2.length);
            }
            byte[] encode3 = aTSHashIndex != null ? aTSHashIndex.getASN1Object().encode() : aTSHashIndexV3.getASN1Object().encode();
            this.hasher.update(encode3, 0, encode3.length);
            if (!Arrays.equals(this.hasher.digest(), messageImprint.getHashedMessage())) {
                throw new MessageImprintMisMatchException();
            }
            this.archiveTimeStampV3Cert = signedData2.getSignCert(0);
            this.archiveTimeStampV3Time = tSTInfo.getTime();
            this.archiveTimeStampV3Object = signedData2;
            return true;
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    private boolean verifyArchiveTimeStampTokenV3(Attribute attribute, SignedData signedData, byte[] bArr, X509Certificate x509Certificate, Iterator<X509Certificate> it) throws PkiException {
        ATSHashIndex aTSHashIndex;
        ATSHashIndexV3 aTSHashIndexV3;
        byte[] hash;
        try {
            if (this.hasher == null) {
                throw new PkiException("no hasher");
            }
            if (!attribute.getType().equals(Attribute.ARCHIVE_TIMESTAMP_V3)) {
                throw new PkiException("no archive timestamp v3 attribute");
            }
            SetOf value = attribute.getValue();
            int size = value.size();
            if (size < 1) {
                throw new PkiException("no ArchiveTimeStampTokenV3");
            }
            if (size > 1) {
                throw new PkiException("ArchiveTimeStampTokenV3 to much " + size);
            }
            SignedData signedData2 = new SignedData(value.get(0).encode());
            if (it != null) {
                if (!TimeStampResp.verifyTimeStamp(signedData2, this.verifier, this.hasher, it)) {
                    return false;
                }
            } else if (x509Certificate != null) {
                if (!TimeStampResp.verifyTimeStamp(signedData2, this.verifier, this.hasher, x509Certificate)) {
                    return false;
                }
            } else if (!TimeStampResp.verifyTimeStamp(signedData2, this.verifier, this.hasher)) {
                return false;
            }
            SignerInfo signerInfo = signedData2.getSignerInfos().get(0);
            int i = 0;
            while (true) {
                aTSHashIndex = null;
                if (i > signerInfo.unsignedAttrs.size()) {
                    aTSHashIndexV3 = null;
                    break;
                }
                Attribute attribute2 = signerInfo.unsignedAttrs.get(i);
                String type2 = attribute2.getType();
                if (type2.equals(Attribute.ATS_HASH_INDEX_V3)) {
                    SetOf value2 = attribute2.getValue();
                    int size2 = value2.size();
                    if (size2 < 1) {
                        throw new PkiException("no ArchiveHashIndexV3");
                    }
                    if (size2 > 1) {
                        throw new PkiException("ArchiveHashIndexV3 to much " + size2);
                    }
                    aTSHashIndexV3 = ATSHashIndexV3.decode(value2.get(0).encode());
                } else if (type2.equals(Attribute.ATS_HASH_INDEX)) {
                    SetOf value3 = attribute2.getValue();
                    int size3 = value3.size();
                    if (size3 < 1) {
                        throw new PkiException("no ArchiveHashIndex");
                    }
                    if (size3 > 1) {
                        throw new PkiException("ArchiveHashIndex to much " + size3);
                    }
                    aTSHashIndex = ATSHashIndex.decode(value3.get(0).encode());
                    aTSHashIndexV3 = null;
                } else {
                    i++;
                }
            }
            if (aTSHashIndex == null && aTSHashIndexV3 == null) {
                throw new PkiException("no ArchiveHashIndexV3 or ArchiveHashIndex");
            }
            this.atsHashIndex = aTSHashIndex;
            this.atsHashIndexV3 = aTSHashIndexV3;
            TSTInfo tSTInfo = new TSTInfo((Sequence) signedData2.getEncapContentInfo().getContentObject(TSTInfo.getASN1Type()));
            MessageImprint messageImprint = tSTInfo.getMessageImprint();
            AlgorithmIdentifier hashAlgorithm = messageImprint.getHashAlgorithm();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            EncapsulatedContentInfo encapContentInfo = signedData.getEncapContentInfo();
            byteArrayOutputStream.write(new ObjectIdentifier(encapContentInfo.getContentType()).encode());
            if (signedData.isDetached()) {
                hash = this.hasher.hash(hashAlgorithm, bArr, 0, bArr.length);
            } else {
                byte[] tbs = encapContentInfo.getTbs();
                hash = this.hasher.hash(hashAlgorithm, tbs, 0, tbs.length);
            }
            byteArrayOutputStream.write(hash);
            Sequence aSN1Object = getASN1Object();
            int size4 = aSN1Object.size() - 1;
            for (int i2 = 0; i2 < size4; i2++) {
                byteArrayOutputStream.write(aSN1Object.get(i2).encode());
            }
            if (aTSHashIndex != null) {
                byteArrayOutputStream.write(aTSHashIndex.getASN1Object().encode());
            } else {
                byteArrayOutputStream.write(aTSHashIndexV3.getASN1Object().encode());
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (!Arrays.equals(this.hasher.hash(hashAlgorithm, byteArray, 0, byteArray.length), messageImprint.getHashedMessage())) {
                throw new MessageImprintMisMatchException();
            }
            this.archiveTimeStampV3Cert = signedData2.getSignCert(0);
            this.archiveTimeStampV3Time = tSTInfo.getTime();
            this.archiveTimeStampV3Object = signedData2;
            return true;
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    public void addUnsignedAttrs(Attribute attribute) throws PkiException {
        addUnsignedAttrs(false, attribute);
    }

    public void addUnsignedAttrs(boolean z, Attribute attribute) throws PkiException {
        if (this.unsignedAttrs == null) {
            this.unsignedAttrs = new Attributes(false);
        }
        this.unsignedAttrs.add(attribute);
        this.modifyUnsignedAttrs = true;
        if (z) {
            updateUnsignedAttrs();
        }
    }

    public Date attachArchiveTimeStampTokenV2(SignedData signedData, InputStream inputStream, String str, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        try {
            this.hasher.init(algorithmIdentifier);
            byte[] encode = signedData.getEncapContentInfo().getASN1Object().encode();
            this.hasher.update(encode, 0, encode.length);
            if (signedData.isDetached()) {
                hashUpdate(this.hasher, inputStream);
            }
            Sequence sequence = (Sequence) signedData.getASN1Object();
            ASN1Object aSN1Object = sequence.get("certificates");
            if (aSN1Object != null) {
                byte[] encode2 = aSN1Object.encode();
                this.hasher.update(encode2, 0, encode2.length);
            }
            ASN1Object aSN1Object2 = sequence.get("crls");
            if (aSN1Object2 != null) {
                byte[] encode3 = aSN1Object2.encode();
                this.hasher.update(encode3, 0, encode3.length);
            }
            Sequence aSN1Object3 = getASN1Object();
            int size = aSN1Object3.size();
            for (int i = 0; i < size; i++) {
                byte[] encode4 = aSN1Object3.get(i).encode();
                this.hasher.update(encode4, 0, encode4.length);
            }
            TimeStampRespInfo timeStampTokenByHashValue = Signer.getTimeStampTokenByHashValue(str, algorithmIdentifier, this.hasher.digest(), this.http, this.hasher, this.verifier, this.randGenerator, null);
            addUnsignedAttrs(true, new Attribute(Attribute.ARCHIVE_TIMESTAMP_V2, timeStampTokenByHashValue.getTokenObject()));
            this.archiveTimeStampV2Time = timeStampTokenByHashValue.getTime();
            this.archiveTimeStampV2Cert = timeStampTokenByHashValue.getCert();
            this.archiveTimeStampV2Object = new SignedData((Sequence) timeStampTokenByHashValue.getTokenObject());
            return this.archiveTimeStampV2Time;
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    public Date attachArchiveTimeStampTokenV2(SignedData signedData, byte[] bArr, String str, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(signedData.getEncapContentInfo().getASN1Object().encode());
            if (signedData.isDetached()) {
                byteArrayOutputStream.write(bArr);
            }
            Sequence sequence = (Sequence) signedData.getASN1Object();
            ASN1Object aSN1Object = sequence.get("certificates");
            if (aSN1Object != null) {
                byteArrayOutputStream.write(aSN1Object.encode());
            }
            ASN1Object aSN1Object2 = sequence.get("crls");
            if (aSN1Object2 != null) {
                byteArrayOutputStream.write(aSN1Object2.encode());
            }
            Sequence aSN1Object3 = getASN1Object();
            int size = aSN1Object3.size();
            for (int i = 0; i < size; i++) {
                byteArrayOutputStream.write(aSN1Object3.get(i).encode());
            }
            TimeStampRespInfo timeStampToken = Signer.getTimeStampToken(str, algorithmIdentifier, byteArrayOutputStream.toByteArray(), this.http, this.hasher, this.verifier, this.randGenerator, null);
            addUnsignedAttrs(true, new Attribute(Attribute.ARCHIVE_TIMESTAMP_V2, timeStampToken.getTokenObject()));
            this.archiveTimeStampV2Time = timeStampToken.getTime();
            this.archiveTimeStampV2Cert = timeStampToken.getCert();
            this.archiveTimeStampV2Object = new SignedData((Sequence) timeStampToken.getTokenObject());
            return this.archiveTimeStampV2Time;
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    public Date attachArchiveTimeStampTokenV3(SignedData signedData, byte[] bArr, ATSHashIndex aTSHashIndex, String str, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        byte[] hash;
        try {
            if (this.hasher == null) {
                throw new PkiException("no hasher");
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            EncapsulatedContentInfo encapContentInfo = signedData.getEncapContentInfo();
            byteArrayOutputStream.write(new ObjectIdentifier(encapContentInfo.getContentType()).encode());
            if (signedData.isDetached()) {
                hash = this.hasher.hash(algorithmIdentifier, bArr, 0, bArr.length);
            } else {
                byte[] tbs = encapContentInfo.getTbs();
                hash = this.hasher.hash(algorithmIdentifier, tbs, 0, tbs.length);
            }
            byteArrayOutputStream.write(hash);
            this.seq = getASN1Object();
            int size = this.seq.size();
            if (this.seq.get("unsignedAttrs") != null) {
                size--;
            }
            for (int i = 0; i < size; i++) {
                byteArrayOutputStream.write(this.seq.get(i).encode());
            }
            this.atsHashIndex = aTSHashIndex;
            this.atsHashIndexV3 = null;
            ASN1Object aSN1Object = aTSHashIndex.getASN1Object();
            byteArrayOutputStream.write(aSN1Object.encode());
            TimeStampRespInfo timeStampToken = Signer.getTimeStampToken(str, algorithmIdentifier, byteArrayOutputStream.toByteArray(), this.http, this.hasher, this.verifier, this.randGenerator, new Attribute(Attribute.ATS_HASH_INDEX, aSN1Object));
            addUnsignedAttrs(true, new Attribute(Attribute.ARCHIVE_TIMESTAMP_V3, timeStampToken.getTokenObject()));
            this.archiveTimeStampV3Time = timeStampToken.getTime();
            this.archiveTimeStampV3Cert = timeStampToken.getCert();
            this.archiveTimeStampV3Object = new SignedData((Sequence) timeStampToken.getTokenObject());
            return this.archiveTimeStampV3Time;
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    public Date attachArchiveTimeStampTokenV3(SignedData signedData, byte[] bArr, ATSHashIndexV3 aTSHashIndexV3, String str, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        byte[] hash;
        try {
            if (this.hasher == null) {
                throw new PkiException("no hasher");
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            EncapsulatedContentInfo encapContentInfo = signedData.getEncapContentInfo();
            byteArrayOutputStream.write(new ObjectIdentifier(encapContentInfo.getContentType()).encode());
            if (signedData.isDetached()) {
                hash = this.hasher.hash(algorithmIdentifier, bArr, 0, bArr.length);
            } else {
                byte[] tbs = encapContentInfo.getTbs();
                hash = this.hasher.hash(algorithmIdentifier, tbs, 0, tbs.length);
            }
            byteArrayOutputStream.write(hash);
            this.seq = getASN1Object();
            int size = this.seq.size();
            if (this.seq.get("unsignedAttrs") != null) {
                size--;
            }
            for (int i = 0; i < size; i++) {
                byteArrayOutputStream.write(this.seq.get(i).encode());
            }
            this.atsHashIndex = null;
            this.atsHashIndexV3 = aTSHashIndexV3;
            ASN1Object aSN1Object = aTSHashIndexV3.getASN1Object();
            byteArrayOutputStream.write(aSN1Object.encode());
            TimeStampRespInfo timeStampToken = Signer.getTimeStampToken(str, algorithmIdentifier, byteArrayOutputStream.toByteArray(), this.http, this.hasher, this.verifier, this.randGenerator, new Attribute(Attribute.ATS_HASH_INDEX_V3, aSN1Object));
            addUnsignedAttrs(true, new Attribute(Attribute.ARCHIVE_TIMESTAMP_V3, timeStampToken.getTokenObject()));
            this.archiveTimeStampV3Time = timeStampToken.getTime();
            this.archiveTimeStampV3Cert = timeStampToken.getCert();
            this.archiveTimeStampV3Object = new SignedData((Sequence) timeStampToken.getTokenObject());
            return this.archiveTimeStampV3Time;
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    public Date attachArchiveTimeStampTokenV3ByHashValue(SignedData signedData, byte[] bArr, ATSHashIndex aTSHashIndex, String str, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        try {
            if (this.hasher == null) {
                throw new PkiException("no hasher");
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(new ObjectIdentifier(signedData.getEncapContentInfo().getContentType()).encode());
            byteArrayOutputStream.write(bArr);
            this.seq = getASN1Object();
            int size = this.seq.size();
            if (this.seq.get("unsignedAttrs") != null) {
                size--;
            }
            for (int i = 0; i < size; i++) {
                byteArrayOutputStream.write(this.seq.get(i).encode());
            }
            this.atsHashIndex = aTSHashIndex;
            this.atsHashIndexV3 = null;
            ASN1Object aSN1Object = aTSHashIndex.getASN1Object();
            byteArrayOutputStream.write(aSN1Object.encode());
            TimeStampRespInfo timeStampToken = Signer.getTimeStampToken(str, algorithmIdentifier, byteArrayOutputStream.toByteArray(), this.http, this.hasher, this.verifier, this.randGenerator, new Attribute(Attribute.ATS_HASH_INDEX, aSN1Object));
            addUnsignedAttrs(true, new Attribute(Attribute.ARCHIVE_TIMESTAMP_V3, timeStampToken.getTokenObject()));
            this.archiveTimeStampV3Time = timeStampToken.getTime();
            this.archiveTimeStampV3Cert = timeStampToken.getCert();
            this.archiveTimeStampV3Object = new SignedData((Sequence) timeStampToken.getTokenObject());
            return this.archiveTimeStampV3Time;
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    public Date attachArchiveTimeStampTokenV3ByHashValue(SignedData signedData, byte[] bArr, ATSHashIndexV3 aTSHashIndexV3, String str, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        try {
            if (this.hasher == null) {
                throw new PkiException("no hasher");
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(new ObjectIdentifier(signedData.getEncapContentInfo().getContentType()).encode());
            byteArrayOutputStream.write(bArr);
            this.seq = getASN1Object();
            int size = this.seq.size();
            if (this.seq.get("unsignedAttrs") != null) {
                size--;
            }
            for (int i = 0; i < size; i++) {
                byteArrayOutputStream.write(this.seq.get(i).encode());
            }
            this.atsHashIndex = null;
            this.atsHashIndexV3 = aTSHashIndexV3;
            ASN1Object aSN1Object = aTSHashIndexV3.getASN1Object();
            byteArrayOutputStream.write(aSN1Object.encode());
            TimeStampRespInfo timeStampToken = Signer.getTimeStampToken(str, algorithmIdentifier, byteArrayOutputStream.toByteArray(), this.http, this.hasher, this.verifier, this.randGenerator, new Attribute(Attribute.ATS_HASH_INDEX_V3, aSN1Object));
            addUnsignedAttrs(true, new Attribute(Attribute.ARCHIVE_TIMESTAMP_V3, timeStampToken.getTokenObject()));
            this.archiveTimeStampV3Time = timeStampToken.getTime();
            this.archiveTimeStampV3Cert = timeStampToken.getCert();
            this.archiveTimeStampV3Object = new SignedData((Sequence) timeStampToken.getTokenObject());
            return this.archiveTimeStampV3Time;
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    public Date attachCertCRLTimeStamp(String str, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        TimeStampRespInfo timeStampToken = Signer.getTimeStampToken(str, algorithmIdentifier, getCertCRLTimeStampHashData(), this.http, this.hasher, this.verifier, this.randGenerator, null);
        addUnsignedAttrs(true, new Attribute(Attribute.CERT_CRL_TIMESTAMP, timeStampToken.getTokenObject()));
        this.certCrlTimeStampTime = timeStampToken.getTime();
        this.certCrlTimeStampCert = timeStampToken.getCert();
        this.certCrlTimeStampObject = new SignedData((Sequence) timeStampToken.getTokenObject());
        return this.certCrlTimeStampTime;
    }

    public Date attachESCTimeStamp(String str, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        TimeStampRespInfo timeStampToken = Signer.getTimeStampToken(str, algorithmIdentifier, getESCTimeStampHashData(), this.http, this.hasher, this.verifier, this.randGenerator, null);
        addUnsignedAttrs(true, new Attribute(Attribute.ESC_TIMESTAMP, timeStampToken.getTokenObject()));
        this.escTimeStampTime = timeStampToken.getTime();
        this.escTimeStampCert = timeStampToken.getCert();
        this.escTimeStampObject = new SignedData((Sequence) timeStampToken.getTokenObject());
        return this.escTimeStampTime;
    }

    public Date attachSignatureTimeStamp(String str, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        TimeStampRespInfo timeStampToken = Signer.getTimeStampToken(str, algorithmIdentifier, getSignature(), this.http, this.hasher, this.verifier, this.randGenerator, null);
        addUnsignedAttrs(true, new Attribute(Attribute.SIGNATURE_TIMESTAMP, timeStampToken.getTokenObject()));
        this.signatureTimeStampTime = timeStampToken.getTime();
        this.signatureTimeStampCert = timeStampToken.getCert();
        this.signatureTimeStampObject = new SignedData((Sequence) timeStampToken.getTokenObject());
        return this.signatureTimeStampTime;
    }

    public Attribute deleteUnsignedAttrs(int i) throws PkiException {
        return deleteUnsignedAttrs(false, i);
    }

    public Attribute deleteUnsignedAttrs(String str) throws PkiException {
        return deleteUnsignedAttrs(false, str);
    }

    public Attribute deleteUnsignedAttrs(boolean z, int i) throws PkiException {
        Attribute delete = this.unsignedAttrs.delete(i);
        if (delete != null) {
            this.modifyUnsignedAttrs = true;
            if (z) {
                updateUnsignedAttrs();
            }
        }
        return delete;
    }

    public Attribute deleteUnsignedAttrs(boolean z, String str) throws PkiException {
        if (this.unsignedAttrs == null) {
            return null;
        }
        boolean z2 = false;
        int size = this.unsignedAttrs.size() - 1;
        Attribute attribute = null;
        while (true) {
            if (size < 0) {
                break;
            }
            attribute = this.unsignedAttrs.get(size);
            if (attribute.getType().equals(str)) {
                z2 = true;
                break;
            }
            size--;
        }
        if (!z2) {
            return null;
        }
        this.modifyUnsignedAttrs = true;
        if (z) {
            updateUnsignedAttrs();
        }
        return attribute;
    }

    public Sequence getASN1Object() throws PkiException {
        updateUnsignedAttrs();
        return this.seq;
    }

    public ATSHashIndex getATSHashIndex() throws PkiException {
        return this.atsHashIndex;
    }

    public ATSHashIndexV3 getATSHashIndexV3() throws PkiException {
        return this.atsHashIndexV3;
    }

    public AdbeRevocationInfoArchival getAdbeRevocationInfoArchival() throws PkiException {
        Attribute attribute;
        Attributes signedAttrs = getSignedAttrs();
        if (signedAttrs == null || (attribute = signedAttrs.get(Attribute.ADBE_REVOCATIONINFO_ARCHIVAL)) == null) {
            return null;
        }
        SetOf value = attribute.getValue();
        if (value.size() == 1) {
            return new AdbeRevocationInfoArchival((Sequence) value.get(0));
        }
        throw new PkiException("too much adbe-revocationInfoArchival");
    }

    public ArrayList<Attribute> getArchiveTimeStampV2Attributes() throws PkiException {
        return getUnsignedAttributes(Attribute.ARCHIVE_TIMESTAMP_V2);
    }

    public X509Certificate getArchiveTimeStampV2Cert() throws PkiException {
        return this.archiveTimeStampV2Cert;
    }

    public SignedData getArchiveTimeStampV2Object() throws PkiException {
        return this.archiveTimeStampV2Object;
    }

    public Date getArchiveTimeStampV2Time() throws PkiException {
        return this.archiveTimeStampV2Time;
    }

    public ArrayList<Attribute> getArchiveTimeStampV3Attributes() throws PkiException {
        return getUnsignedAttributes(Attribute.ARCHIVE_TIMESTAMP_V3);
    }

    public X509Certificate getArchiveTimeStampV3Cert() throws PkiException {
        return this.archiveTimeStampV3Cert;
    }

    public SignedData getArchiveTimeStampV3Object() throws PkiException {
        return this.archiveTimeStampV3Object;
    }

    public Date getArchiveTimeStampV3Time() throws PkiException {
        return this.archiveTimeStampV3Time;
    }

    public X509Certificate getCertCRLTimeStampCert() throws PkiException {
        return this.certCrlTimeStampCert;
    }

    public SignedData getCertCRLTimeStampObject() throws PkiException {
        return this.certCrlTimeStampObject;
    }

    public Date getCertCRLTimeStampTime() throws PkiException {
        return this.certCrlTimeStampTime;
    }

    public X509Certificate getContentTimeStampCert() throws PkiException {
        return this.contentTimeStampCert;
    }

    public SignedData getContentTimeStampObject() throws PkiException {
        return this.contentTimeStampObject;
    }

    public Date getContentTimeStampTime() throws PkiException {
        return this.contentTimeStampTime;
    }

    public AlgorithmIdentifier getDigestAlgorithm() throws PkiException {
        return new AlgorithmIdentifier((Sequence) this.seq.get(2));
    }

    public X509Certificate getESCTimeStampCert() throws PkiException {
        return this.escTimeStampCert;
    }

    public SignedData getESCTimeStampObject() throws PkiException {
        return this.escTimeStampObject;
    }

    public Date getESCTimeStampTime() throws PkiException {
        return this.escTimeStampTime;
    }

    public SignerIdentifier getSid() throws PkiException {
        return new SignerIdentifier((Sequence) this.seq.get(1));
    }

    public X509Certificate getSignCert() {
        return this.cert;
    }

    public X509Certificate getSignCert(Hashable hashable, CertificateSet certificateSet, Iterator<X509Certificate> it) throws PkiException {
        X509Certificate x509Certificate;
        if (certificateSet != null) {
            int size = certificateSet.size();
            x509Certificate = null;
            for (int i = 0; i < size; i++) {
                CertificateChoices certificateChoices = certificateSet.get(i);
                if (certificateChoices.getType() == 1 && (x509Certificate = certificateChoices.getX509PublicKeyCert()) != null) {
                    if (match(x509Certificate, hashable)) {
                        break;
                    }
                    x509Certificate = null;
                }
            }
        } else {
            x509Certificate = null;
        }
        if (x509Certificate == null && it != null) {
            while (it.hasNext()) {
                x509Certificate = it.next();
                if (x509Certificate != null) {
                    if (match(x509Certificate, hashable)) {
                        break;
                    }
                    x509Certificate = null;
                }
            }
        }
        return x509Certificate;
    }

    public byte[] getSignature() throws PkiException {
        return ((OctetString) this.seq.get("signature")).getValue();
    }

    public AlgorithmIdentifier getSignatureAlgorithm() throws PkiException {
        return new AlgorithmIdentifier((Sequence) this.seq.get("signatureAlgorithm"));
    }

    public X509Certificate getSignatureTimeStampCert() throws PkiException {
        return this.signatureTimeStampCert;
    }

    public SignedData getSignatureTimeStampObject() throws PkiException {
        return this.signatureTimeStampObject;
    }

    public Date getSignatureTimeStampTime() throws PkiException {
        return this.signatureTimeStampTime;
    }

    public Attributes getSignedAttrs() throws PkiException {
        TaggedValue taggedValue = (TaggedValue) this.seq.get("signedAttrs");
        if (taggedValue == null) {
            return null;
        }
        return new Attributes((SetOf) taggedValue.getInnerValue());
    }

    public Date getSigningTime() throws PkiException {
        Attribute attribute;
        Attributes signedAttrs = getSignedAttrs();
        if (signedAttrs == null || (attribute = signedAttrs.get(Attribute.SIGNING_TIME)) == null) {
            return null;
        }
        SetOf value = attribute.getValue();
        if (value.size() == 1) {
            return new Time(value.get(0)).getTime();
        }
        throw new PkiException("too much signing time");
    }

    public AlgorithmIdentifier getTrueSignatureAlgorithm() throws PkiException {
        String str;
        AlgorithmIdentifier signatureAlgorithm = getSignatureAlgorithm();
        if (!signatureAlgorithm.getOid().equals(AlgorithmIdentifier.RSAEncrypt_OID)) {
            return signatureAlgorithm;
        }
        String oid = getDigestAlgorithm().getOid();
        if (oid.equals(AlgorithmIdentifier.MD2_OID)) {
            str = AlgorithmIdentifier.MD2WithRSA_OID;
        } else if (oid.equals(AlgorithmIdentifier.MD5_OID)) {
            str = AlgorithmIdentifier.MD5WithRSA_OID;
        } else if (oid.equals(AlgorithmIdentifier.SHA1_OID)) {
            str = AlgorithmIdentifier.SHA1WithRSA_OID;
        } else if (oid.equals(AlgorithmIdentifier.SHA224_OID)) {
            str = AlgorithmIdentifier.SHA224WithRSA_OID;
        } else if (oid.equals(AlgorithmIdentifier.SHA256_OID)) {
            str = AlgorithmIdentifier.SHA256WithRSA_OID;
        } else if (oid.equals(AlgorithmIdentifier.SHA384_OID)) {
            str = AlgorithmIdentifier.SHA384WithRSA_OID;
        } else if (oid.equals(AlgorithmIdentifier.SHA512_OID)) {
            str = AlgorithmIdentifier.SHA512WithRSA_OID;
        } else if (oid.equals(AlgorithmIdentifier.SM3_OID)) {
            str = AlgorithmIdentifier.SM3WithRSA_OID;
        } else if (oid.equals(AlgorithmIdentifier.SHA512_224_OID)) {
            str = AlgorithmIdentifier.SHA512_224WithRSA_OID;
        } else if (oid.equals(AlgorithmIdentifier.SHA512_256_OID)) {
            str = AlgorithmIdentifier.SHA512_256WithRSA_OID;
        } else if (oid.equals(AlgorithmIdentifier.SHA3_224_OID)) {
            str = AlgorithmIdentifier.SHA3_224WithRSA_OID;
        } else if (oid.equals(AlgorithmIdentifier.SHA3_256_OID)) {
            str = AlgorithmIdentifier.SHA3_256WithRSA_OID;
        } else if (oid.equals(AlgorithmIdentifier.SHA3_384_OID)) {
            str = AlgorithmIdentifier.SHA3_384WithRSA_OID;
        } else {
            if (!oid.equals(AlgorithmIdentifier.SHA3_512_OID)) {
                throw new PkiException("unknown signature algorithm");
            }
            str = AlgorithmIdentifier.SHA3_512WithRSA_OID;
        }
        return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(str);
    }

    public Attributes getUnsignedAttrs() throws PkiException {
        return this.unsignedAttrs;
    }

    public int getVersion() throws PkiException {
        return ((Integer) this.seq.get(0)).getIntegerValue();
    }

    public boolean hasAdbeRevocationInfoArchival() {
        return hasSignedAttr(Attribute.ADBE_REVOCATIONINFO_ARCHIVAL);
    }

    public boolean hasCertCRLTimeStamp() {
        return hasUnsignedAttrs(Attribute.CERT_CRL_TIMESTAMP);
    }

    public boolean hasContentTimeStamp() {
        return hasSignedAttr(Attribute.CONTENT_TIMESTAMP);
    }

    public boolean hasESCTimeStamp() {
        return hasUnsignedAttrs(Attribute.ESC_TIMESTAMP);
    }

    public boolean hasSignatureTimeStamp() {
        return hasUnsignedAttrs(Attribute.SIGNATURE_TIMESTAMP);
    }

    public boolean hasSigningCertificateAttribute() throws PkiException {
        return hasSignedAttribute(Attribute.SIGNING_CERTIFICATE);
    }

    public boolean hasSigningCertificateV2Attribute() throws PkiException {
        return hasSignedAttribute(Attribute.SIGNING_CERTIFICATE_V2);
    }

    public boolean hasSigningTime() {
        return hasSignedAttr(Attribute.SIGNING_TIME);
    }

    public boolean match(X509Certificate x509Certificate, Hashable hashable) {
        try {
            if (!getSid().match(x509Certificate)) {
                return false;
            }
            Attributes signedAttrs = getSignedAttrs();
            if (signedAttrs == null) {
                return true;
            }
            if (matchSigningCertificate(signedAttrs, x509Certificate, hashable)) {
                return matchSigningCertificateV2(signedAttrs, x509Certificate, hashable);
            }
            return false;
        } catch (PkiException unused) {
            return false;
        }
    }

    public void setHashImplement(Hashable hashable) {
        this.hasher = hashable;
    }

    public void setHttpImplement(IHttp iHttp) {
        this.http = iHttp;
    }

    public void setSecureRandomGenerator(SecureRandomGenerator secureRandomGenerator) {
        this.randGenerator = secureRandomGenerator;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSignCert(X509Certificate x509Certificate) {
        this.cert = x509Certificate;
    }

    public void setVerifyImplement(Verifible verifible) {
        this.verifier = verifible;
    }

    public void updateUnsignedAttrs() throws PkiException {
        if (this.modifyUnsignedAttrs) {
            if (((TaggedValue) this.seq.get("unsignedAttrs")) == null) {
                if (this.unsignedAttrs != null) {
                    this.seq.add(new TaggedValue(128, 1, true, this.unsignedAttrs.getASN1Object()));
                }
                this.modifyUnsignedAttrs = false;
                return;
            }
            Sequence sequence = new Sequence(type);
            for (int i = 0; i < this.seq.size() - 1; i++) {
                sequence.add(this.seq.get(i));
            }
            if (this.unsignedAttrs != null) {
                sequence.add(new TaggedValue(128, 1, true, this.unsignedAttrs.getASN1Object()));
            }
            this.seq.setValue(sequence);
            this.modifyUnsignedAttrs = false;
        }
    }

    public void updateUnsignedAttrs(Attributes attributes) throws PkiException {
        this.unsignedAttrs = attributes;
        updateUnsignedAttrs();
    }

    public boolean verify(String str, byte[] bArr, int i, int i2, Verifible verifible, Hashable hashable, CertificateSet certificateSet, Iterator<X509Certificate> it) throws PkiException {
        return verify(str, (byte[]) null, bArr, i, i2, verifible, hashable, certificateSet, it);
    }

    public boolean verify(String str, byte[] bArr, int i, int i2, Verifible verifible, Hashable hashable, CertificateSet certificateSet, X509Certificate x509Certificate) throws PkiException {
        return verify(str, (byte[]) null, bArr, i, i2, verifible, hashable, certificateSet, x509Certificate);
    }

    public boolean verify(String str, byte[] bArr, Verifible verifible, Hashable hashable, Iterator<X509Certificate> it) throws PkiException {
        return verify(str, bArr, verifible, hashable, (CertificateSet) null, it);
    }

    public boolean verify(String str, byte[] bArr, Verifible verifible, Hashable hashable, X509Certificate x509Certificate) throws PkiException {
        return verify(str, bArr, verifible, hashable, (CertificateSet) null, x509Certificate);
    }

    public boolean verify(String str, byte[] bArr, Verifible verifible, Hashable hashable, CertificateSet certificateSet, Iterator<X509Certificate> it) throws PkiException {
        return verify(str, bArr, 0, bArr.length, verifible, hashable, certificateSet, it);
    }

    public boolean verify(String str, byte[] bArr, Verifible verifible, Hashable hashable, CertificateSet certificateSet, X509Certificate x509Certificate) throws PkiException {
        return verify(str, bArr, 0, bArr.length, verifible, hashable, certificateSet, x509Certificate);
    }

    public boolean verifyArchiveTimeStampTokenV2(Attribute attribute, SignedData signedData, InputStream inputStream) throws PkiException {
        return verifyArchiveTimeStampTokenV2(attribute, signedData, inputStream, (X509Certificate) null, (Iterator<X509Certificate>) null);
    }

    public boolean verifyArchiveTimeStampTokenV2(Attribute attribute, SignedData signedData, InputStream inputStream, Iterator<X509Certificate> it) throws PkiException {
        return verifyArchiveTimeStampTokenV2(attribute, signedData, inputStream, (X509Certificate) null, it);
    }

    public boolean verifyArchiveTimeStampTokenV2(Attribute attribute, SignedData signedData, InputStream inputStream, X509Certificate x509Certificate) throws PkiException {
        return verifyArchiveTimeStampTokenV2(attribute, signedData, inputStream, x509Certificate, (Iterator<X509Certificate>) null);
    }

    public boolean verifyArchiveTimeStampTokenV2(Attribute attribute, SignedData signedData, byte[] bArr) throws PkiException {
        return verifyArchiveTimeStampTokenV2(attribute, signedData, bArr, (X509Certificate) null, (Iterator<X509Certificate>) null);
    }

    public boolean verifyArchiveTimeStampTokenV2(Attribute attribute, SignedData signedData, byte[] bArr, Iterator<X509Certificate> it) throws PkiException {
        return verifyArchiveTimeStampTokenV2(attribute, signedData, bArr, (X509Certificate) null, it);
    }

    public boolean verifyArchiveTimeStampTokenV2(Attribute attribute, SignedData signedData, byte[] bArr, X509Certificate x509Certificate) throws PkiException {
        return verifyArchiveTimeStampTokenV2(attribute, signedData, bArr, x509Certificate, (Iterator<X509Certificate>) null);
    }

    public boolean verifyArchiveTimeStampTokenV3(Attribute attribute, SignedData signedData, InputStream inputStream) throws PkiException {
        return verifyArchiveTimeStampTokenV3(attribute, signedData, inputStream, (X509Certificate) null, (Iterator<X509Certificate>) null);
    }

    public boolean verifyArchiveTimeStampTokenV3(Attribute attribute, SignedData signedData, InputStream inputStream, Iterator<X509Certificate> it) throws PkiException {
        return verifyArchiveTimeStampTokenV3(attribute, signedData, inputStream, (X509Certificate) null, it);
    }

    public boolean verifyArchiveTimeStampTokenV3(Attribute attribute, SignedData signedData, InputStream inputStream, X509Certificate x509Certificate) throws PkiException {
        return verifyArchiveTimeStampTokenV3(attribute, signedData, inputStream, x509Certificate, (Iterator<X509Certificate>) null);
    }

    public boolean verifyArchiveTimeStampTokenV3(Attribute attribute, SignedData signedData, byte[] bArr) throws PkiException {
        return verifyArchiveTimeStampTokenV3(attribute, signedData, bArr, (X509Certificate) null, (Iterator<X509Certificate>) null);
    }

    public boolean verifyArchiveTimeStampTokenV3(Attribute attribute, SignedData signedData, byte[] bArr, Iterator<X509Certificate> it) throws PkiException {
        return verifyArchiveTimeStampTokenV3(attribute, signedData, bArr, (X509Certificate) null, it);
    }

    public boolean verifyArchiveTimeStampTokenV3(Attribute attribute, SignedData signedData, byte[] bArr, X509Certificate x509Certificate) throws PkiException {
        return verifyArchiveTimeStampTokenV3(attribute, signedData, bArr, x509Certificate, (Iterator<X509Certificate>) null);
    }

    public boolean verifyCertCRLTimeStamp() throws PkiException {
        SignedData certCRLTimeStampToken = getCertCRLTimeStampToken();
        if (!TimeStampResp.verifyTimeStamp(certCRLTimeStampToken, this.verifier, this.hasher)) {
            return false;
        }
        this.certCrlTimeStampCert = certCRLTimeStampToken.getSignCert(0);
        this.certCrlTimeStampTime = checkTstInfo(certCRLTimeStampToken, getCertCRLTimeStampHashData());
        this.certCrlTimeStampObject = certCRLTimeStampToken;
        return true;
    }

    public boolean verifyCertCRLTimeStamp(Iterator<X509Certificate> it) throws PkiException {
        SignedData certCRLTimeStampToken = getCertCRLTimeStampToken();
        if (!TimeStampResp.verifyTimeStamp(certCRLTimeStampToken, this.verifier, this.hasher, it)) {
            return false;
        }
        this.certCrlTimeStampCert = certCRLTimeStampToken.getSignCert(0);
        this.certCrlTimeStampTime = checkTstInfo(certCRLTimeStampToken, getCertCRLTimeStampHashData());
        this.certCrlTimeStampObject = certCRLTimeStampToken;
        return true;
    }

    public boolean verifyCertCRLTimeStamp(X509Certificate x509Certificate) throws PkiException {
        SignedData certCRLTimeStampToken = getCertCRLTimeStampToken();
        if (!TimeStampResp.verifyTimeStamp(certCRLTimeStampToken, this.verifier, this.hasher, x509Certificate)) {
            return false;
        }
        this.certCrlTimeStampCert = certCRLTimeStampToken.getSignCert(0);
        this.certCrlTimeStampTime = checkTstInfo(certCRLTimeStampToken, getCertCRLTimeStampHashData());
        this.certCrlTimeStampObject = certCRLTimeStampToken;
        return true;
    }

    public boolean verifyContentTimeStamp(byte[] bArr) throws PkiException {
        SignedData contentTimeStampToken = getContentTimeStampToken();
        if (!TimeStampResp.verifyTimeStamp(contentTimeStampToken, this.verifier, this.hasher)) {
            return false;
        }
        this.contentTimeStampCert = contentTimeStampToken.getSignCert(0);
        this.contentTimeStampTime = checkTstInfo(contentTimeStampToken, bArr);
        return true;
    }

    public boolean verifyContentTimeStamp(byte[] bArr, Iterator<X509Certificate> it) throws PkiException {
        SignedData contentTimeStampToken = getContentTimeStampToken();
        if (!TimeStampResp.verifyTimeStamp(contentTimeStampToken, this.verifier, this.hasher, it)) {
            return false;
        }
        this.contentTimeStampCert = contentTimeStampToken.getSignCert(0);
        this.contentTimeStampTime = checkTstInfo(contentTimeStampToken, bArr);
        this.contentTimeStampObject = contentTimeStampToken;
        return true;
    }

    public boolean verifyContentTimeStamp(byte[] bArr, X509Certificate x509Certificate) throws PkiException {
        SignedData contentTimeStampToken = getContentTimeStampToken();
        if (!TimeStampResp.verifyTimeStamp(contentTimeStampToken, this.verifier, this.hasher, x509Certificate)) {
            return false;
        }
        this.contentTimeStampCert = contentTimeStampToken.getSignCert(0);
        this.contentTimeStampTime = checkTstInfo(contentTimeStampToken, bArr);
        return true;
    }

    public boolean verifyESCTimeStamp() throws PkiException {
        SignedData eSCTimeStampToken = getESCTimeStampToken();
        if (!TimeStampResp.verifyTimeStamp(eSCTimeStampToken, this.verifier, this.hasher)) {
            return false;
        }
        this.escTimeStampCert = eSCTimeStampToken.getSignCert(0);
        this.escTimeStampTime = checkTstInfo(eSCTimeStampToken, getESCTimeStampHashData());
        this.escTimeStampObject = eSCTimeStampToken;
        return true;
    }

    public boolean verifyESCTimeStamp(Iterator<X509Certificate> it) throws PkiException {
        SignedData eSCTimeStampToken = getESCTimeStampToken();
        if (!TimeStampResp.verifyTimeStamp(eSCTimeStampToken, this.verifier, this.hasher, it)) {
            return false;
        }
        this.escTimeStampCert = eSCTimeStampToken.getSignCert(0);
        this.escTimeStampTime = checkTstInfo(eSCTimeStampToken, getESCTimeStampHashData());
        this.escTimeStampObject = eSCTimeStampToken;
        return true;
    }

    public boolean verifyESCTimeStamp(X509Certificate x509Certificate) throws PkiException {
        SignedData eSCTimeStampToken = getESCTimeStampToken();
        if (!TimeStampResp.verifyTimeStamp(eSCTimeStampToken, this.verifier, this.hasher, x509Certificate)) {
            return false;
        }
        this.escTimeStampCert = eSCTimeStampToken.getSignCert(0);
        this.escTimeStampTime = checkTstInfo(eSCTimeStampToken, getESCTimeStampHashData());
        this.escTimeStampObject = eSCTimeStampToken;
        return true;
    }

    public boolean verifyHash(String str, byte[] bArr, Verifible verifible, Hashable hashable, Iterator<X509Certificate> it) throws PkiException {
        return verifyHash(str, bArr, verifible, hashable, (CertificateSet) null, it);
    }

    public boolean verifyHash(String str, byte[] bArr, Verifible verifible, Hashable hashable, X509Certificate x509Certificate) throws PkiException {
        return verifyHash(str, bArr, verifible, hashable, (CertificateSet) null, x509Certificate);
    }

    public boolean verifyHash(String str, byte[] bArr, Verifible verifible, Hashable hashable, CertificateSet certificateSet, Iterator<X509Certificate> it) throws PkiException {
        return verify(str, bArr, (byte[]) null, 0, 0, verifible, hashable, certificateSet, it);
    }

    public boolean verifyHash(String str, byte[] bArr, Verifible verifible, Hashable hashable, CertificateSet certificateSet, X509Certificate x509Certificate) throws PkiException {
        return verify(str, bArr, (byte[]) null, 0, 0, verifible, hashable, certificateSet, x509Certificate);
    }

    public boolean verifySignatureTimeStamp() throws PkiException {
        SignedData signatureTimeStampToken = getSignatureTimeStampToken();
        if (!TimeStampResp.verifyTimeStamp(signatureTimeStampToken, this.verifier, this.hasher)) {
            return false;
        }
        this.signatureTimeStampCert = signatureTimeStampToken.getSignCert(0);
        this.signatureTimeStampTime = checkTstInfo(signatureTimeStampToken, getSignature());
        this.signatureTimeStampObject = signatureTimeStampToken;
        return true;
    }

    public boolean verifySignatureTimeStamp(Iterator<X509Certificate> it) throws PkiException {
        SignedData signatureTimeStampToken = getSignatureTimeStampToken();
        if (!TimeStampResp.verifyTimeStamp(signatureTimeStampToken, this.verifier, this.hasher, it)) {
            return false;
        }
        this.signatureTimeStampCert = signatureTimeStampToken.getSignCert(0);
        this.signatureTimeStampTime = checkTstInfo(signatureTimeStampToken, getSignature());
        this.signatureTimeStampObject = signatureTimeStampToken;
        return true;
    }

    public boolean verifySignatureTimeStamp(X509Certificate x509Certificate) throws PkiException {
        SignedData signatureTimeStampToken = getSignatureTimeStampToken();
        if (!TimeStampResp.verifyTimeStamp(signatureTimeStampToken, this.verifier, this.hasher, x509Certificate)) {
            return false;
        }
        this.signatureTimeStampCert = signatureTimeStampToken.getSignCert(0);
        this.signatureTimeStampTime = checkTstInfo(signatureTimeStampToken, getSignature());
        this.signatureTimeStampObject = signatureTimeStampToken;
        return true;
    }
}
