package ru.CryptoPro.CAdES.timestamp.external;

import java.io.IOException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import org.bouncycastle.tsp.TimeStampToken;
import ru.CryptoPro.AdES.Options;
import ru.CryptoPro.AdES.exception.AdESException;
import ru.CryptoPro.AdES.external.decode.AdESXLongType1AttributeDecoder;
import ru.CryptoPro.AdES.external.decode.EnhancedArchiveTimeStampCAdESSignerParameters;
import ru.CryptoPro.AdES.external.decode.EnhancedInternalTimeStampAdESSignerParameters;
import ru.CryptoPro.AdES.external.decode.InternalTimeStampCAdESSignerParameters;
import ru.CryptoPro.AdES.external.timestamp.TSPTimeStampValidationProcess;
import ru.CryptoPro.AdES.external.timestamp.data.TSPData;
import ru.CryptoPro.AdES.tools.AdESUtility;
import ru.CryptoPro.CAdES.BufferedCAdESSignature;
import ru.CryptoPro.CAdES.CAdESSigner;
import ru.CryptoPro.CAdES.CAdESType;
import ru.CryptoPro.CAdES.cl_1;
import ru.CryptoPro.CAdES.cl_10;
import ru.CryptoPro.CAdES.cl_6;
import ru.CryptoPro.CAdES.cl_7;
import ru.CryptoPro.CAdES.cl_8;
import ru.CryptoPro.CAdES.cl_9;
import ru.CryptoPro.CAdES.exception.CAdESException;
import ru.CryptoPro.JCP.tools.JCPLogger;

/* loaded from: classes4.dex */
public class InternalTimeStampValidationProcessImpl implements TSPTimeStampValidationProcess {
    protected Date c;
    private final TimeStampToken g;
    private final TSPData h;
    protected Date a = null;
    protected boolean b = false;
    protected final Set<X509Certificate> d = new HashSet();
    protected final Set<X509CRL> e = new HashSet();
    protected AdESXLongType1AttributeDecoder f = null;
    private Options i = null;

    public InternalTimeStampValidationProcessImpl(TSPData tSPData, TimeStampToken timeStampToken) {
        this.h = tSPData;
        this.g = timeStampToken;
    }

    private void a(X509Certificate x509Certificate) throws AdESException {
        JCPLogger.subEnter();
        if (x509Certificate == null) {
            throw new AdESException("TSP certificate not found", AdESException.ecSignerCertificateIsNull);
        }
        if (!AdESUtility.hasExtension(x509Certificate, "1.3.6.1.5.5.7.3.8")) {
            throw new AdESException("TSP certificate: sn " + x509Certificate.getSerialNumber().toString(16) + ", subject " + x509Certificate.getSubjectDN() + ", issuer " + x509Certificate.getIssuerDN() + " doesn't have id-kp-timeStamping extension", AdESException.ecRevocationWrongCertificateConstraints);
        }
        JCPLogger.subExit();
    }

    protected Integer a() {
        return CAdESType.TSA_SIGNATURE_TIME_STAMP_SIMPLE;
    }

    protected Date b() {
        return this.a;
    }

    @Override // ru.CryptoPro.AdES.external.timestamp.TSPTimeStampValidationProcess
    public TSPData getData() {
        return this.h;
    }

    @Override // ru.CryptoPro.AdES.external.timestamp.TSPTimeStampValidationProcess
    public TimeStampToken getTimeStampToken() {
        return this.g;
    }

    @Override // ru.CryptoPro.AdES.tools.CRLUtility
    public void setCRLs(Set<X509CRL> set) {
        this.e.addAll(set);
    }

    @Override // ru.CryptoPro.AdES.tools.CertificateUtility
    public void setCertificateValues(Set<X509Certificate> set) {
        this.d.addAll(set);
    }

    @Override // ru.CryptoPro.AdES.external.timestamp.TSPTimeStampValidationProcess
    public void setExternalDate(Date date) {
        this.a = date;
    }

    public void setNeedValidateTailChain(boolean z) {
        this.b = z;
    }

    @Override // ru.CryptoPro.AdES.SignatureOptions
    public void setOptions(Options options) {
        this.i = options;
    }

    public void setTailBuildingDate(Date date) {
        this.c = date;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // ru.CryptoPro.AdES.external.timestamp.TSPTimeStampValidationProcess
    public void validate() throws AdESException {
        JCPLogger.subEnter();
        JCPLogger.fine("Validating timestamp...");
        try {
            byte[] encoded = this.g.toCMSSignedData().getEncoded();
            JCPLogger.fine("Decoding timestamp signature...");
            BufferedCAdESSignature bufferedCAdESSignature = new BufferedCAdESSignature(encoded, null, a());
            if (bufferedCAdESSignature.getCAdESSignerInfos().length > 1) {
                throw new CAdESException("Invalid singer count", CAdESException.ecTimestampInvalid);
            }
            CAdESSigner cAdESSignerInfo = bufferedCAdESSignature.getCAdESSignerInfo(0);
            cAdESSignerInfo.setProvider(this.h.getProvider());
            if (a().equals(CAdESType.TSA_SIGNATURE_TIME_STAMP_SIMPLE) && !(cAdESSignerInfo instanceof cl_10)) {
                throw new AdESException("Signer must be simple internal timestamp", AdESException.ecTimestampInvalid);
            }
            if (a().equals(CAdESType.TSA_CAdESC_TIME_STAMP_SIMPLE) && !(cAdESSignerInfo instanceof cl_9)) {
                throw new AdESException("Signer must be external timestamp", AdESException.ecTimestampInvalid);
            }
            if (a().equals(CAdESType.TSA_CAdESC_TIME_STAMP) && !(cAdESSignerInfo instanceof cl_7)) {
                throw new AdESException("Signer must be enhanced external timestamp", AdESException.ecTimestampInvalid);
            }
            if (a().equals(CAdESType.TSA_SIGNATURE_TIME_STAMP) && !(cAdESSignerInfo instanceof cl_8)) {
                throw new AdESException("Signer must be enhanced internal timestamp", AdESException.ecTimestampInvalid);
            }
            if (a().equals(CAdESType.TSA_ARCHIVE_TIME_STAMP_SIMPLE) && !(cAdESSignerInfo instanceof cl_1)) {
                throw new AdESException("Signer must be archive timestamp", AdESException.ecTimestampInvalid);
            }
            if (a().equals(CAdESType.TSA_ARCHIVE_TIME_STAMP) && !(cAdESSignerInfo instanceof cl_6)) {
                throw new AdESException("Signer must be enhanced archive timestamp", AdESException.ecTimestampInvalid);
            }
            ((InternalTimeStampCAdESSignerParameters) cAdESSignerInfo).setExternalDate(b());
            if (cAdESSignerInfo instanceof EnhancedInternalTimeStampAdESSignerParameters) {
                JCPLogger.fine("Setting special parameters to enhanced internal timestamp...");
                ((EnhancedInternalTimeStampAdESSignerParameters) cAdESSignerInfo).setParentalDecoder(this.f);
                ((EnhancedInternalTimeStampAdESSignerParameters) cAdESSignerInfo).updateIfNeed();
            }
            if (cAdESSignerInfo instanceof EnhancedArchiveTimeStampCAdESSignerParameters) {
                JCPLogger.fine("Setting special parameters to enhanced archive timestamp...");
                ((EnhancedArchiveTimeStampCAdESSignerParameters) cAdESSignerInfo).setNeedValidateChain(this.b);
                ((EnhancedArchiveTimeStampCAdESSignerParameters) cAdESSignerInfo).setTailBuildingDate(this.c);
            }
            if (a().equals(CAdESType.TSA_SIGNATURE_TIME_STAMP_SIMPLE) && (cAdESSignerInfo instanceof cl_10)) {
                JCPLogger.fine("Setting special signature options to internal timestamp...");
                ((cl_10) cAdESSignerInfo).setOptions(this.i);
            }
            cAdESSignerInfo.verify(this.d, this.e);
            if (cAdESSignerInfo instanceof cl_8) {
                JCPLogger.fine("Reading certificate values from enhanced internal timestamp...");
                this.d.addAll(((cl_8) cAdESSignerInfo).getCertificateValues());
            }
            a(cAdESSignerInfo.getSignerCertificate());
            JCPLogger.subExit();
        } catch (IOException e) {
            throw new AdESException(e, AdESException.ecTimestampInvalid);
        }
    }
}
