package xades.provider;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TSPValidationException;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenInfo;
import org.bouncycastle.util.Selector;
import ru.CryptoPro.JCP.JCP;
import xades.util.GostXAdESUtility;
import xades4j.XAdES4jException;
import xades4j.providers.CertificateValidationProvider;
import xades4j.providers.TimeStampTokenDigestException;
import xades4j.providers.TimeStampTokenSignatureException;
import xades4j.providers.TimeStampTokenStructureException;
import xades4j.providers.TimeStampTokenTSACertException;
import xades4j.providers.TimeStampTokenVerificationException;
import xades4j.providers.TimeStampVerificationProvider;

/* loaded from: classes5.dex */
public class GostTimeStampVerificationProvider implements TimeStampVerificationProvider {
    private final CertificateValidationProvider certificateValidationProvider;
    private final String messageDigestProvider;
    private final JcaSimpleSignerInfoVerifierBuilder signerInfoVerifierBuilder;
    private final JcaX509CertSelectorConverter x509CertSelectorConverter;
    private final JcaX509CertificateConverter x509CertificateConverter;

    /* loaded from: classes5.dex */
    private static class AllCertificatesSelector implements Selector {
        private AllCertificatesSelector() {
        }

        @Override // org.bouncycastle.util.Selector
        public Object clone() {
            return this;
        }

        @Override // org.bouncycastle.util.Selector
        public boolean match(Object obj) {
            return true;
        }
    }

    public GostTimeStampVerificationProvider(CertificateValidationProvider certificateValidationProvider, String str) throws NoSuchProviderException {
        this.certificateValidationProvider = certificateValidationProvider;
        this.messageDigestProvider = str;
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        this.signerInfoVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder().setProvider(bouncyCastleProvider);
        this.x509CertificateConverter = new JcaX509CertificateConverter().setProvider(bouncyCastleProvider);
        this.x509CertSelectorConverter = new JcaX509CertSelectorConverter();
    }

    public Date verifyToken(byte[] bArr, byte[] bArr2) throws TimeStampTokenVerificationException {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
            ContentInfo contentInfo = ContentInfo.getInstance(aSN1InputStream.readObject());
            aSN1InputStream.close();
            TimeStampToken timeStampToken = new TimeStampToken(contentInfo);
            try {
                LinkedList linkedList = new LinkedList();
                Iterator it = timeStampToken.getCertificates().getMatches(new AllCertificatesSelector()).iterator();
                while (it.hasNext()) {
                    linkedList.add((X509Certificate) CertificateFactory.getInstance(JCP.CERTIFICATE_FACTORY_NAME).generateCertificate(new ByteArrayInputStream(this.x509CertificateConverter.getCertificate((X509CertificateHolder) it.next()).getEncoded())));
                }
                try {
                    timeStampToken.validate(this.signerInfoVerifierBuilder.build((X509Certificate) this.certificateValidationProvider.validate(this.x509CertSelectorConverter.getCertSelector(timeStampToken.getSID()), timeStampToken.getTimeStampInfo().getGenTime(), linkedList).getCerts().get(0)));
                    TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
                    try {
                        if (Arrays.equals(MessageDigest.getInstance(GostXAdESUtility.digestUri2Digest(timeStampInfo.getMessageImprintAlgOID()), this.messageDigestProvider).digest(bArr2), timeStampInfo.getMessageImprintDigest())) {
                            return timeStampInfo.getGenTime();
                        }
                        throw new TimeStampTokenDigestException();
                    } catch (NoSuchAlgorithmException e) {
                        throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", e);
                    } catch (NoSuchProviderException e2) {
                        throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", e2);
                    }
                } catch (TSPValidationException e3) {
                    throw new TimeStampTokenSignatureException("Invalid token signature or certificate", e3);
                } catch (Exception e4) {
                    throw new TimeStampTokenVerificationException("Error when verifying the token signature", e4);
                }
            } catch (CertificateException e5) {
                throw new TimeStampTokenVerificationException(e5.getMessage(), e5);
            } catch (XAdES4jException e6) {
                throw new TimeStampTokenTSACertException("cannot validate TSA certificate", e6);
            }
        } catch (IOException e7) {
            throw new TimeStampTokenStructureException("Error parsing encoded token", e7);
        } catch (TSPException e8) {
            throw new TimeStampTokenStructureException("Invalid token", e8);
        }
    }
}
