package net.netca.pki.encoding.asn1.pki.tsp;

import java.util.ArrayList;
import java.util.Iterator;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.InstanceOfType;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceType;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.ExtKeyUsageExtension;
import net.netca.pki.encoding.asn1.pki.Extension;
import net.netca.pki.encoding.asn1.pki.Extensions;
import net.netca.pki.encoding.asn1.pki.Hashable;
import net.netca.pki.encoding.asn1.pki.NamedBitStringExtension;
import net.netca.pki.encoding.asn1.pki.Verifible;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.cms.EncapsulatedContentInfo;
import net.netca.pki.encoding.asn1.pki.cms.SignedData;
import net.netca.pki.encoding.asn1.pki.cms.SignerInfo;
import net.netca.pki.u;

/* loaded from: classes.dex */
public final class TimeStampResp {
    public static final String TSTINFO_OID = "1.2.840.113549.1.9.16.1.4";
    private Sequence seq;
    private static final SequenceType type = (SequenceType) ASN1TypeManager.getInstance().get("TimeStampResp");
    private static final InstanceOfType contentInfoType = (InstanceOfType) ASN1TypeManager.getInstance().get("ContentInfo");

    public TimeStampResp(int i, byte[] bArr) {
        if (i != 0 && i != 1) {
            throw new u("bad status");
        }
        this.seq = new Sequence(type);
        this.seq.add(new PKIStatusInfo(i, null, null).getASN1Object());
        this.seq.add(ASN1Object.decode(bArr, contentInfoType));
    }

    public TimeStampResp(Sequence sequence) {
        if (!type.match(sequence)) {
            throw new u("not TimeStampResp");
        }
        this.seq = sequence;
    }

    public TimeStampResp(SignedData signedData) {
        this(new PKIStatusInfo(0, null, null), signedData);
    }

    public TimeStampResp(PKIStatusInfo pKIStatusInfo) {
        if (pKIStatusInfo == null) {
            throw new u("status is null");
        }
        this.seq = new Sequence(type);
        this.seq.add(pKIStatusInfo.getASN1Object());
    }

    public TimeStampResp(PKIStatusInfo pKIStatusInfo, SignedData signedData) {
        if (pKIStatusInfo == null) {
            throw new u("status is null");
        }
        this.seq = new Sequence(type);
        this.seq.add(pKIStatusInfo.getASN1Object());
        if (signedData != null) {
            this.seq.add(signedData.getContentInfo());
        }
    }

    public TimeStampResp(byte[] bArr) {
        this(bArr, 0, bArr.length);
    }

    public TimeStampResp(byte[] bArr, int i, int i2) {
        ASN1Object decode = ASN1Object.decode(bArr, i, i2, type);
        if (decode == null) {
            throw new u("not TimeStampResp");
        }
        this.seq = (Sequence) decode;
    }

    private static void checkTimeStampCert(X509Certificate x509Certificate) {
        boolean z;
        Extensions extensions = x509Certificate.getExtensions();
        if (extensions == null) {
            throw new u("timestamp cert no extension");
        }
        Extension extension = extensions.get(Extension.EXTKEYUSAGE_OID);
        if (extension == null) {
            throw new u("timestamp cert no ext keyusage extension");
        }
        ExtKeyUsageExtension extKeyUsageExtension = (ExtKeyUsageExtension) extension.getExtensionObject();
        int size = extKeyUsageExtension.size();
        int i = 0;
        while (true) {
            if (i >= size) {
                z = false;
                break;
            } else {
                if (extKeyUsageExtension.get(i).equals(ExtKeyUsageExtension.TIMESTAMPING_OID)) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        if (!z) {
            throw new u("timestamp cert not timstamping extkeyusage");
        }
        Extension extension2 = extensions.get(Extension.KEYUSAGE_OID);
        if (extension2 != null) {
            NamedBitStringExtension namedBitStringExtension = (NamedBitStringExtension) extension2.getExtensionObject();
            if (!namedBitStringExtension.isSet(0) && !namedBitStringExtension.isSet(1)) {
                throw new u("timestamp cert digitalSignature or nonRepudiation not set");
            }
        }
    }

    public static TimeStampResp decode(byte[] bArr) {
        return new TimeStampResp(bArr);
    }

    public static SequenceType getASN1Type() {
        return type;
    }

    private static boolean verifyAfter(SignedData signedData) {
        EncapsulatedContentInfo encapContentInfo = signedData.getEncapContentInfo();
        if (!encapContentInfo.isEncapsulatedContentInfo() && !signedData.isQ7()) {
            throw new u("old pkcs#7 signeddata");
        }
        if (!encapContentInfo.getContentType().equals(TSTINFO_OID)) {
            return false;
        }
        ASN1Object content = encapContentInfo.getContent();
        new TSTInfo(content instanceof OctetString ? ((OctetString) content).getValue() : content.encode());
        if (!signedData.hasSigningCertificateAttribute(0) && !signedData.hasSigningCertificateV2Attribute(0)) {
            throw new u("timestamp no SigningCertificateAttribute attribute or SigningCertificateAttributeV2 attribute");
        }
        checkTimeStampCert(signedData.getSignCert(0));
        return true;
    }

    private static boolean verifyBefore(SignedData signedData) {
        if (!signedData.isContentInfo()) {
            throw new u("no contentInfo");
        }
        if (signedData.isDetached()) {
            throw new u("signeddata detached");
        }
        int signerInfoCount = signedData.getSignerInfoCount();
        if (signerInfoCount == 1) {
            return true;
        }
        throw new u("bad timstamp signerInfo count" + signerInfoCount);
    }

    public static boolean verifyTimeStamp(SignedData signedData, Verifible verifible, Hashable hashable) {
        if (verifible == null) {
            throw new u("no verifier");
        }
        if (hashable == null) {
            throw new u("no hasher");
        }
        if (verifyBefore(signedData) && signedData.verify(0, verifible, hashable)) {
            return verifyAfter(signedData);
        }
        return false;
    }

    public static boolean verifyTimeStamp(SignedData signedData, Verifible verifible, Hashable hashable, Iterator<X509Certificate> it) {
        if (verifible == null) {
            throw new u("no verifier");
        }
        if (hashable == null) {
            throw new u("no hasher");
        }
        if (verifyBefore(signedData) && signedData.verify(0, verifible, hashable, it)) {
            return verifyAfter(signedData);
        }
        return false;
    }

    public static boolean verifyTimeStamp(SignedData signedData, Verifible verifible, Hashable hashable, X509Certificate x509Certificate) {
        if (verifible == null) {
            throw new u("no verifier");
        }
        if (hashable == null) {
            throw new u("no hasher");
        }
        if (verifyBefore(signedData) && signedData.verify(0, verifible, hashable, x509Certificate)) {
            return verifyAfter(signedData);
        }
        return false;
    }

    public void addUnsignedAttrs(Attribute attribute) {
        SignedData timeStampTokenObject = getTimeStampTokenObject();
        if (timeStampTokenObject == null) {
            throw new u("no timestamp token");
        }
        ArrayList<SignerInfo> signerInfos = timeStampTokenObject.getSignerInfos();
        if (signerInfos.size() != 1) {
            throw new u("bad timestamp token");
        }
        signerInfos.get(0).addUnsignedAttrs(true, attribute);
    }

    public byte[] derEncode() {
        return this.seq.encode();
    }

    public Sequence getASN1Object() {
        return this.seq;
    }

    public PKIStatusInfo getStatus() {
        return new PKIStatusInfo((Sequence) this.seq.get(0));
    }

    public byte[] getTimeStampToken() {
        ASN1Object aSN1Object = this.seq.get(1);
        if (aSN1Object == null) {
            return null;
        }
        return aSN1Object.encode();
    }

    public ASN1Object getTimeStampTokenASN1Object() {
        ASN1Object aSN1Object = this.seq.get(1);
        if (aSN1Object == null) {
            return null;
        }
        return aSN1Object;
    }

    public SignedData getTimeStampTokenObject() {
        ASN1Object aSN1Object = this.seq.get(1);
        if (aSN1Object == null) {
            return null;
        }
        return new SignedData((Sequence) aSN1Object);
    }

    public TSTInfo getTstInfo() {
        SignedData timeStampTokenObject = getTimeStampTokenObject();
        if (timeStampTokenObject == null) {
            return null;
        }
        EncapsulatedContentInfo encapContentInfo = timeStampTokenObject.getEncapContentInfo();
        if (!encapContentInfo.getContentType().equals(TSTINFO_OID)) {
            throw new u("no tstinfo");
        }
        ASN1Object content = encapContentInfo.getContent();
        if (content != null) {
            return new TSTInfo(content instanceof OctetString ? ((OctetString) content).getValue() : content.encode());
        }
        throw new u("signedData is detached");
    }

    public boolean verify(Verifible verifible, Hashable hashable) {
        SignedData timeStampTokenObject = getTimeStampTokenObject();
        if (timeStampTokenObject != null) {
            return verifyTimeStamp(timeStampTokenObject, verifible, hashable);
        }
        throw new u("no timestamp token");
    }

    public boolean verify(Verifible verifible, Hashable hashable, X509Certificate x509Certificate) {
        SignedData timeStampTokenObject = getTimeStampTokenObject();
        if (timeStampTokenObject != null) {
            return verifyTimeStamp(timeStampTokenObject, verifible, hashable, x509Certificate);
        }
        throw new u("no timestamp token");
    }
}
