package com.datum.tti;

import com.objsys.asn1j.runtime.Asn1BerDecodeBuffer;
import com.objsys.asn1j.runtime.Asn1BerEncodeBuffer;
import com.objsys.asn1j.runtime.Asn1Exception;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.security.DigestInputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.LinkedList;
import java.util.Set;
import ttiasn.AttrMessageDigest;
import ttiasn.AttributeCertificate;
import ttiasn.AttributeTypeAndValue;
import ttiasn.Certificate;
import ttiasn.CertificateChoices;
import ttiasn.IssuerAndSerialNumber;
import ttiasn.SignedData;
import ttiasn.SignerAttribute;
import ttiasn.SignerAttribute_element;
import ttiasn.SignerAttributes;
import ttiasn.SignerInfo;
import ttiasn.SigningCertificate;
import ttiasn.SigningCertificateV2;
import ttiasn.SigningCertificateV2s;
import ttiasn.SigningCertificates;
import ttiasn._TLCValues;

/* loaded from: input_file:com/datum/tti/TimeStampToken.class */
public class TimeStampToken {
    private ttiasn.TimeStampToken m_tst;
    private SignedData m_sd;
    private TSTInfo m_tstInfo;
    private byte[] m_encodedTST;
    public static final String TTI_VERIFY_ESSCERTIDV2 = "TTI_VERIFY_ESSCERTIDV2";
    static final /* synthetic */ boolean $assertionsDisabled;

    public TimeStampToken(byte[] bArr) throws DecodingException, IOException {
        this.m_encodedTST = bArr;
        try {
            Asn1BerDecodeBuffer asn1BerDecodeBuffer = new Asn1BerDecodeBuffer(bArr);
            this.m_tst = new ttiasn.TimeStampToken();
            this.m_tst.decode(asn1BerDecodeBuffer);
            Asn1BerDecodeBuffer asn1BerDecodeBuffer2 = new Asn1BerDecodeBuffer(this.m_tst.content.value);
            this.m_sd = new SignedData();
            this.m_sd.decode(asn1BerDecodeBuffer2);
            ttiasn.TSTInfo tSTInfo = new ttiasn.TSTInfo();
            if (this.m_sd.encapContentInfo.eContent == null) {
                throw new DecodingException("SignedData, EncapsulatedContentInfo, eContent is not present.");
            }
            tSTInfo.decode(new Asn1BerDecodeBuffer(this.m_sd.encapContentInfo.eContent.value));
            this.m_tstInfo = new TSTInfo(tSTInfo);
        } catch (Asn1Exception e) {
            throw new DecodingException(e.getMessage());
        }
    }

    public byte[] getEncodedTST() {
        return this.m_encodedTST;
    }

    public TSTInfo getTSTInfo() {
        return this.m_tstInfo;
    }

    private boolean isCertHashValid(byte[] bArr, byte[] bArr2, ttiasn.AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException {
        String str;
        if (algorithmIdentifier == null || Arrays.equals(algorithmIdentifier.algorithm.value, _TLCValues.id_sha256)) {
            str = "SHA-256";
        } else if (Arrays.equals(algorithmIdentifier.algorithm.value, _TLCValues.id_sha384)) {
            str = "SHA-384";
        } else {
            if (!Arrays.equals(algorithmIdentifier.algorithm.value, _TLCValues.id_sha512)) {
                return false;
            }
            str = "SHA-512";
        }
        byte[] bArr3 = new byte[4096];
        DigestInputStream digestInputStream = new DigestInputStream(new ByteArrayInputStream(bArr2), MessageDigest.getInstance(str));
        do {
            try {
            } catch (IOException e) {
                return false;
            }
        } while (bArr3.length == digestInputStream.read(bArr3, 0, bArr3.length));
        return Arrays.equals(digestInputStream.getMessageDigest().digest(), bArr);
    }

    private static EnumSet<SignerKind> getSignerKindFromEnvironment() {
        EnumSet<SignerKind> of = EnumSet.of(SignerKind.ESSCERTIDV2);
        String str = System.getenv(TTI_VERIFY_ESSCERTIDV2);
        if (str != null && str.equals("0")) {
            of.add(SignerKind.ESSCERTID);
        }
        return of;
    }

    private boolean checkSignerAttributes(byte[] bArr) throws Asn1Exception, IOException {
        AttributeTypeAndValue[] attributeTypeAndValueArr = this.m_sd.signerInfos.elements[0].signedAttrs.elements;
        for (int i = 0; i < attributeTypeAndValueArr.length; i++) {
            if (Arrays.equals(attributeTypeAndValueArr[i].type.value, _TLCValues.id_aa_ets_signerAttr)) {
                Asn1BerDecodeBuffer asn1BerDecodeBuffer = new Asn1BerDecodeBuffer(attributeTypeAndValueArr[i].value.value);
                SignerAttributes signerAttributes = new SignerAttributes();
                signerAttributes.decode(asn1BerDecodeBuffer);
                for (int i2 = 0; i2 < signerAttributes.elements.length; i2++) {
                    SignerAttribute signerAttribute = signerAttributes.elements[i2];
                    for (int i3 = 0; i3 < signerAttribute.elements.length; i3++) {
                        SignerAttribute_element signerAttribute_element = signerAttribute.elements[i3];
                        if (signerAttribute_element.getChoiceID() == 2) {
                            Asn1BerEncodeBuffer asn1BerEncodeBuffer = new Asn1BerEncodeBuffer();
                            signerAttribute_element.getElement().encode(asn1BerEncodeBuffer, true);
                            if (Arrays.equals(asn1BerEncodeBuffer.getMsgCopy(), bArr)) {
                                return true;
                            }
                        }
                    }
                }
            }
        }
        return false;
    }

    private boolean checkSigningCertificates(byte[] bArr, boolean z) throws Asn1Exception, IOException, NoSuchAlgorithmException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Throwable th = null;
        try {
            DigestInputStream digestInputStream = new DigestInputStream(byteArrayInputStream, MessageDigest.getInstance("SHA"));
            Throwable th2 = null;
            try {
                try {
                    byte[] bArr2 = new byte[4096];
                    do {
                    } while (bArr2.length == digestInputStream.read(bArr2, 0, bArr2.length));
                    byte[] digest = digestInputStream.getMessageDigest().digest();
                    if (digestInputStream != null) {
                        if (0 != 0) {
                            try {
                                digestInputStream.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            digestInputStream.close();
                        }
                    }
                    AttributeTypeAndValue[] attributeTypeAndValueArr = this.m_sd.signerInfos.elements[0].signedAttrs.elements;
                    for (int i = 0; i < attributeTypeAndValueArr.length; i++) {
                        if (Arrays.equals(attributeTypeAndValueArr[i].type.value, _TLCValues.id_aa_signingCertificate)) {
                            Asn1BerDecodeBuffer asn1BerDecodeBuffer = new Asn1BerDecodeBuffer(attributeTypeAndValueArr[i].value.value);
                            SigningCertificates signingCertificates = new SigningCertificates();
                            signingCertificates.decode(asn1BerDecodeBuffer);
                            for (int i2 = 0; i2 < signingCertificates.elements.length; i2++) {
                                SigningCertificate signingCertificate = signingCertificates.elements[i2];
                                if (z) {
                                    return Arrays.equals(digest, signingCertificate.certs.elements[0].certHash.value);
                                }
                                for (int i3 = 1; i3 < signingCertificate.certs.elements.length; i3++) {
                                    if (Arrays.equals(digest, signingCertificate.certs.elements[i3].certHash.value)) {
                                        return true;
                                    }
                                }
                            }
                        }
                    }
                    return false;
                } finally {
                }
            } catch (Throwable th4) {
                if (digestInputStream != null) {
                    if (th2 != null) {
                        try {
                            digestInputStream.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        digestInputStream.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
        }
    }

    private Boolean checkSigningCertificatesV2(byte[] bArr, boolean z) throws Asn1Exception, IOException, NoSuchAlgorithmException {
        boolean z2 = false;
        AttributeTypeAndValue[] attributeTypeAndValueArr = this.m_sd.signerInfos.elements[0].signedAttrs.elements;
        for (int i = 0; i < attributeTypeAndValueArr.length; i++) {
            if (Arrays.equals(attributeTypeAndValueArr[i].type.value, _TLCValues.id_aa_signingCertificateV2)) {
                z2 = true;
                Asn1BerDecodeBuffer asn1BerDecodeBuffer = new Asn1BerDecodeBuffer(attributeTypeAndValueArr[i].value.value);
                SigningCertificateV2s signingCertificateV2s = new SigningCertificateV2s();
                signingCertificateV2s.decode(asn1BerDecodeBuffer);
                for (int i2 = 0; i2 < signingCertificateV2s.elements.length; i2++) {
                    SigningCertificateV2 signingCertificateV2 = signingCertificateV2s.elements[i2];
                    if (z) {
                        return Boolean.valueOf(isCertHashValid(signingCertificateV2.certs.elements[0].certHash.value, bArr, signingCertificateV2.certs.elements[0].hashAlgorithm));
                    }
                    for (int i3 = 1; i3 < signingCertificateV2.certs.elements.length; i3++) {
                        if (isCertHashValid(signingCertificateV2.certs.elements[i3].certHash.value, bArr, signingCertificateV2.certs.elements[i3].hashAlgorithm)) {
                            return true;
                        }
                    }
                }
            }
        }
        return z2 ? false : null;
    }

    private CheckCertificateResult checkContainedCertificate(byte[] bArr, Set<SignerKind> set, boolean z) throws DecodingException, NoSuchAlgorithmException {
        boolean z2;
        try {
            z2 = true;
            if (set.contains(SignerKind.ESSCERTIDV2)) {
                Boolean checkSigningCertificatesV2 = checkSigningCertificatesV2(bArr, z);
                if (Boolean.TRUE.equals(checkSigningCertificatesV2)) {
                    return new CheckCertificateResult(true, SignerKind.ESSCERTIDV2);
                }
                z2 = checkSigningCertificatesV2 == null;
            }
        } catch (IOException e) {
        } catch (Asn1Exception e2) {
            throw new DecodingException(e2.getMessage());
        }
        if (z2 && set.contains(SignerKind.ESSCERTID) && checkSigningCertificates(bArr, z)) {
            return new CheckCertificateResult(true, SignerKind.ESSCERTID);
        }
        if (!z && checkSignerAttributes(bArr)) {
            return new CheckCertificateResult(true, null);
        }
        return new CheckCertificateResult(false, null);
    }

    public boolean isSignerCertificate(byte[] bArr) throws DecodingException, NoSuchAlgorithmException {
        return checkContainedCertificate(bArr, getSignerKindFromEnvironment(), true).isValid();
    }

    public boolean isSignerCertificate(byte[] bArr, Set<SignerKind> set) throws IllegalArgumentException, DecodingException, NoSuchAlgorithmException {
        requireNotNullOrEmpty(set);
        return checkContainedCertificate(bArr, set, true).isValid();
    }

    public boolean isTimeAttributeCertificate(byte[] bArr) throws DecodingException, NoSuchAlgorithmException {
        return checkContainedCertificate(bArr, getSignerKindFromEnvironment(), false).isValid();
    }

    public boolean isTimeAttributeCertificate(byte[] bArr, Set<SignerKind> set) throws IllegalArgumentException, DecodingException, NoSuchAlgorithmException {
        requireNotNullOrEmpty(set);
        return checkContainedCertificate(bArr, set, false).isValid();
    }

    public byte[] getEncodedSignerCertificate() throws InvalidCertificateException, EncodingException, NoSuchAlgorithmException {
        return getEncodedSignerCertificateInternal(getSignerKindFromEnvironment()).getEncodedCert();
    }

    public byte[] getEncodedSignerCertificate(Set<SignerKind> set) throws IllegalArgumentException, InvalidCertificateException, EncodingException, NoSuchAlgorithmException {
        requireNotNullOrEmpty(set);
        return getEncodedSignerCertificateInternal(set).getEncodedCert();
    }

    private EncodedCertificateResult getEncodedSignerCertificateInternal(Set<SignerKind> set) throws InvalidCertificateException, EncodingException, NoSuchAlgorithmException {
        try {
            Asn1BerEncodeBuffer asn1BerEncodeBuffer = new Asn1BerEncodeBuffer();
            if (this.m_sd.signerInfos.elements[0].sid.getChoiceID() == 1) {
                IssuerAndSerialNumber element = this.m_sd.signerInfos.elements[0].sid.getElement();
                for (int i = 0; i < this.m_sd.certificates.elements.length; i++) {
                    if (this.m_sd.certificates.elements[i].getChoiceID() == 1) {
                        Certificate element2 = this.m_sd.certificates.elements[i].getElement();
                        if (Arrays.equals(element.serialNumber.value, element2.tbsCertificate.serialNumber.value)) {
                            element2.encode(asn1BerEncodeBuffer, true);
                            return checkEncodedCertificate(asn1BerEncodeBuffer.getMsgCopy(), set, true);
                        }
                    }
                }
            } else if (this.m_sd.signerInfos.elements[0].sid.getChoiceID() == 2) {
            }
        } catch (Asn1Exception e) {
            throw new EncodingException(e.getMessage());
        } catch (DecodingException e2) {
        }
        return EncodedCertificateResult.empty;
    }

    private EncodedCertificateResult checkEncodedCertificate(byte[] bArr, Set<SignerKind> set, boolean z) throws InvalidCertificateException, DecodingException, NoSuchAlgorithmException {
        CheckCertificateResult checkContainedCertificate = checkContainedCertificate(bArr, set, z);
        if (checkContainedCertificate.isValid()) {
            return new EncodedCertificateResult(bArr, checkContainedCertificate.getKind());
        }
        throw new InvalidCertificateException(String.format("The requested certificate is invalid. A matching hash could not be found for the specified kind: %s", set));
    }

    public X509Certificate getSignerCertificate() throws EncodingException, CertificateException, InvalidCertificateException, NoSuchAlgorithmException {
        return x509FromEncodedCertificate(getEncodedSignerCertificate());
    }

    public X509Certificate getSignerCertificate(Set<SignerKind> set) throws IllegalArgumentException, EncodingException, CertificateException, InvalidCertificateException, NoSuchAlgorithmException {
        return x509FromEncodedCertificate(getEncodedSignerCertificate(set));
    }

    public SignerKind getSignerCertificateKind() throws InvalidCertificateException, EncodingException, NoSuchAlgorithmException {
        return getEncodedSignerCertificateInternal(EnumSet.allOf(SignerKind.class)).getKind();
    }

    public SignerKind getSignerCertificateKind(byte[] bArr) throws InvalidCertificateException, DecodingException, NoSuchAlgorithmException {
        return checkEncodedCertificate(bArr, EnumSet.allOf(SignerKind.class), true).getKind();
    }

    private int findTACValidityPeriodBytes(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (!$assertionsDisabled && (bArr2.length != 15 || bArr3.length != 15)) {
            throw new AssertionError("notBeforeTime and notAfterTime must be 15 bytes long");
        }
        for (int i = 0; i < bArr.length - 36; i++) {
            if (bArr[i] == 48 && bArr[i + 1] == 34 && bArr[i + 2] == 24 && bArr[i + 3] == 15 && bArr[i + 4] == bArr2[0] && bArr[i + 5] == bArr2[1] && bArr[i + 6] == bArr2[2] && bArr[i + 7] == bArr2[3] && bArr[i + 8] == bArr2[4] && bArr[i + 9] == bArr2[5] && bArr[i + 10] == bArr2[6] && bArr[i + 11] == bArr2[7] && bArr[i + 12] == bArr2[8] && bArr[i + 13] == bArr2[9] && bArr[i + 14] == bArr2[10] && bArr[i + 15] == bArr2[11] && bArr[i + 16] == bArr2[12] && bArr[i + 17] == bArr2[13] && bArr[i + 18] == bArr2[14] && bArr[i + 19] == 24 && bArr[i + 20] == 15 && bArr[i + 21] == bArr3[0] && bArr[i + 22] == bArr3[1] && bArr[i + 23] == bArr3[2] && bArr[i + 24] == bArr3[3] && bArr[i + 25] == bArr3[4] && bArr[i + 26] == bArr3[5] && bArr[i + 27] == bArr3[6] && bArr[i + 28] == bArr3[7] && bArr[i + 29] == bArr3[8] && bArr[i + 30] == bArr3[9] && bArr[i + 31] == bArr3[10] && bArr[i + 32] == bArr3[11] && bArr[i + 33] == bArr3[12] && bArr[i + 34] == bArr3[13] && bArr[i + 35] == bArr3[14]) {
                return i;
            }
        }
        return -1;
    }

    public byte[] getEncodedTimeAttributeCertificate() throws InvalidCertificateException, EncodingException, NoSuchAlgorithmException {
        return getEncodedTimeAttributeCertificateInternal(getSignerKindFromEnvironment()).getEncodedCert();
    }

    public byte[] getEncodedTimeAttributeCertificate(Set<SignerKind> set) throws IllegalArgumentException, InvalidCertificateException, EncodingException, NoSuchAlgorithmException {
        requireNotNullOrEmpty(set);
        return getEncodedTimeAttributeCertificateInternal(set).getEncodedCert();
    }

    private EncodedCertificateResult getEncodedTimeAttributeCertificateInternal(Set<SignerKind> set) throws InvalidCertificateException, EncodingException, NoSuchAlgorithmException {
        int findTACValidityPeriodBytes;
        try {
            Asn1BerEncodeBuffer asn1BerEncodeBuffer = new Asn1BerEncodeBuffer();
            for (int i = 0; i < this.m_sd.certificates.elements.length; i++) {
                if (this.m_sd.certificates.elements[i].getChoiceID() == 3 || this.m_sd.certificates.elements[i].getChoiceID() == 4) {
                    AttributeCertificate element = this.m_sd.certificates.elements[i].getElement();
                    boolean z = false;
                    if (element.acinfo.attrCertValidityPeriod.notBeforeTime.getSecond() == 0) {
                        z = true;
                        element.acinfo.attrCertValidityPeriod.notBeforeTime.setSecond(1);
                    }
                    boolean z2 = false;
                    if (element.acinfo.attrCertValidityPeriod.notAfterTime.getSecond() == 0) {
                        z2 = true;
                        element.acinfo.attrCertValidityPeriod.notAfterTime.setSecond(1);
                    }
                    if (z || z2) {
                        int length = element.acinfo.attrCertValidityPeriod.notBeforeTime.toString().getBytes("US-ASCII").length;
                        int length2 = element.acinfo.attrCertValidityPeriod.notAfterTime.toString().getBytes("US-ASCII").length;
                        if (length != 15 || length2 != 15) {
                            if (z) {
                                z = false;
                                element.acinfo.attrCertValidityPeriod.notBeforeTime.setSecond(0);
                            }
                            if (z2) {
                                z2 = false;
                                element.acinfo.attrCertValidityPeriod.notAfterTime.setSecond(0);
                            }
                        }
                    }
                    element.encode(asn1BerEncodeBuffer, true);
                    byte[] msgCopy = asn1BerEncodeBuffer.getMsgCopy();
                    msgCopy[0] = 48;
                    if ((z || z2) && (findTACValidityPeriodBytes = findTACValidityPeriodBytes(msgCopy, element.acinfo.attrCertValidityPeriod.notBeforeTime.toString().getBytes("US-ASCII"), element.acinfo.attrCertValidityPeriod.notAfterTime.toString().getBytes("US-ASCII"))) != -1) {
                        if (z) {
                            if (!$assertionsDisabled && msgCopy[findTACValidityPeriodBytes + 17] != 49) {
                                throw new AssertionError("Repairing notBeforeTime but seconds is not '1'");
                            }
                            msgCopy[findTACValidityPeriodBytes + 17] = 48;
                        }
                        if (z2) {
                            if (!$assertionsDisabled && msgCopy[findTACValidityPeriodBytes + 34] != 49) {
                                throw new AssertionError("Repairing notAfterTime but seconds is not '1'");
                            }
                            msgCopy[findTACValidityPeriodBytes + 34] = 48;
                        }
                    }
                    return checkEncodedCertificate(msgCopy, set, false);
                }
            }
            AttributeTypeAndValue[] attributeTypeAndValueArr = this.m_sd.signerInfos.elements[0].signedAttrs.elements;
            for (int i2 = 0; i2 < attributeTypeAndValueArr.length; i2++) {
                if (Arrays.equals(attributeTypeAndValueArr[i2].type.value, _TLCValues.id_aa_ets_signerAttr)) {
                    Asn1BerDecodeBuffer asn1BerDecodeBuffer = new Asn1BerDecodeBuffer(attributeTypeAndValueArr[i2].value.value);
                    SignerAttributes signerAttributes = new SignerAttributes();
                    signerAttributes.decode(asn1BerDecodeBuffer);
                    for (int i3 = 0; i3 < signerAttributes.elements.length; i3++) {
                        SignerAttribute signerAttribute = signerAttributes.elements[i3];
                        for (int i4 = 0; i4 < signerAttribute.elements.length; i4++) {
                            SignerAttribute_element signerAttribute_element = signerAttribute.elements[i4];
                            if (signerAttribute_element.getChoiceID() == 2) {
                                signerAttribute_element.getElement().encode(asn1BerEncodeBuffer, true);
                                return new EncodedCertificateResult(asn1BerEncodeBuffer.getMsgCopy(), null);
                            }
                        }
                    }
                }
            }
        } catch (DecodingException e) {
        } catch (IOException e2) {
        } catch (Asn1Exception e3) {
            throw new EncodingException(e3.getMessage());
        }
        return EncodedCertificateResult.empty;
    }

    public SignerKind getTimeAttributeCertificateKind() throws InvalidCertificateException, EncodingException, NoSuchAlgorithmException {
        return getEncodedTimeAttributeCertificateInternal(EnumSet.allOf(SignerKind.class)).getKind();
    }

    public SignerKind getTimeAttributeCertificateKind(byte[] bArr) throws InvalidCertificateException, DecodingException, NoSuchAlgorithmException {
        return checkEncodedCertificate(bArr, EnumSet.allOf(SignerKind.class), false).getKind();
    }

    public boolean verifySignature() throws EncodingException, NoSuchAlgorithmException, CertificateException, SignatureException, InvalidCertificateException {
        EnumSet<SignerKind> signerKindFromEnvironment = getSignerKindFromEnvironment();
        X509Certificate signerCertificate = getSignerCertificate(signerKindFromEnvironment);
        if (signerCertificate == null) {
            throw new InvalidCertificateException("Time-stamp does not contain a signer certificate.");
        }
        return verifySignature(signerCertificate, signerKindFromEnvironment, false);
    }

    public boolean verifySignature(X509Certificate x509Certificate) throws EncodingException, NoSuchAlgorithmException, CertificateException, SignatureException, InvalidCertificateException {
        return verifySignature(x509Certificate, getSignerKindFromEnvironment(), true);
    }

    public boolean verifySignature(Set<SignerKind> set) throws IllegalArgumentException, EncodingException, NoSuchAlgorithmException, CertificateException, SignatureException, InvalidCertificateException {
        X509Certificate signerCertificate = getSignerCertificate(set);
        if (signerCertificate == null) {
            throw new InvalidCertificateException("Time-stamp does not contain a signer certificate.");
        }
        return verifySignature(signerCertificate, set, false);
    }

    public boolean verifySignature(X509Certificate x509Certificate, Set<SignerKind> set) throws IllegalArgumentException, EncodingException, NoSuchAlgorithmException, CertificateException, SignatureException, InvalidCertificateException {
        requireNotNullOrEmpty(set);
        return verifySignature(x509Certificate, set, true);
    }

    private boolean verifySignature(X509Certificate x509Certificate, Set<SignerKind> set, boolean z) throws EncodingException, NoSuchAlgorithmException, CertificateException, SignatureException, InvalidCertificateException {
        byte[] bArr;
        String str;
        MessageDigest messageDigest;
        try {
            SignerInfo signerInfo = this.m_sd.signerInfos.elements[0];
            if (z && !checkContainedCertificate(x509Certificate.getEncoded(), set, true).isValid()) {
                return false;
            }
            if (signerInfo.signedAttrs != null) {
                if (Arrays.equals(this.m_sd.signerInfos.elements[0].digestAlgorithm.algorithm.value, _TLCValues.sha_1)) {
                    messageDigest = MessageDigest.getInstance("SHA");
                } else if (Arrays.equals(this.m_sd.signerInfos.elements[0].digestAlgorithm.algorithm.value, _TLCValues.md5)) {
                    messageDigest = MessageDigest.getInstance("MD5");
                } else if (Arrays.equals(this.m_sd.signerInfos.elements[0].digestAlgorithm.algorithm.value, _TLCValues.id_sha256)) {
                    messageDigest = MessageDigest.getInstance("SHA-256");
                } else if (Arrays.equals(this.m_sd.signerInfos.elements[0].digestAlgorithm.algorithm.value, _TLCValues.id_sha384)) {
                    messageDigest = MessageDigest.getInstance("SHA-384");
                } else {
                    if (!Arrays.equals(this.m_sd.signerInfos.elements[0].digestAlgorithm.algorithm.value, _TLCValues.id_sha512)) {
                        throw new NoSuchAlgorithmException("Time-stamp digest algorithm not supported.");
                    }
                    messageDigest = MessageDigest.getInstance("SHA-512");
                }
                byte[] bArr2 = new byte[1024];
                DigestInputStream digestInputStream = new DigestInputStream(new ByteArrayInputStream(this.m_sd.encapContentInfo.eContent.value), messageDigest);
                do {
                } while (bArr2.length == digestInputStream.read(bArr2, 0, bArr2.length));
                byte[] digest = digestInputStream.getMessageDigest().digest();
                AttributeTypeAndValue[] attributeTypeAndValueArr = this.m_sd.signerInfos.elements[0].signedAttrs.elements;
                for (int i = 0; i < attributeTypeAndValueArr.length; i++) {
                    if (Arrays.equals(attributeTypeAndValueArr[i].type.value, _TLCValues.id_messageDigest)) {
                        Asn1BerDecodeBuffer asn1BerDecodeBuffer = new Asn1BerDecodeBuffer(attributeTypeAndValueArr[i].value.value);
                        AttrMessageDigest attrMessageDigest = new AttrMessageDigest();
                        attrMessageDigest.decode(asn1BerDecodeBuffer);
                        if (!Arrays.equals(attrMessageDigest.elements[0].value, digest)) {
                            return false;
                        }
                    }
                }
                Asn1BerEncodeBuffer asn1BerEncodeBuffer = new Asn1BerEncodeBuffer();
                signerInfo.signedAttrs.encode(asn1BerEncodeBuffer, true);
                bArr = asn1BerEncodeBuffer.getMsgCopy();
            } else {
                bArr = this.m_sd.encapContentInfo.eContent.value;
            }
            if (Arrays.equals(signerInfo.signatureAlgorithm.algorithm.value, _TLCValues.rsaEncryption)) {
                if (Arrays.equals(this.m_sd.signerInfos.elements[0].digestAlgorithm.algorithm.value, _TLCValues.sha_1)) {
                    str = "SHA1withRSA";
                } else if (Arrays.equals(this.m_sd.signerInfos.elements[0].digestAlgorithm.algorithm.value, _TLCValues.md5)) {
                    str = "MD5withRSA";
                } else if (Arrays.equals(this.m_sd.signerInfos.elements[0].digestAlgorithm.algorithm.value, _TLCValues.id_sha256)) {
                    str = "SHA256withRSA";
                } else if (Arrays.equals(this.m_sd.signerInfos.elements[0].digestAlgorithm.algorithm.value, _TLCValues.id_sha384)) {
                    str = "SHA384withRSA";
                } else {
                    if (!Arrays.equals(this.m_sd.signerInfos.elements[0].digestAlgorithm.algorithm.value, _TLCValues.id_sha512)) {
                        throw new NoSuchAlgorithmException("Time-stamp digest algorithm not supported.");
                    }
                    str = "SHA512withRSA";
                }
            } else if (Arrays.equals(signerInfo.signatureAlgorithm.algorithm.value, _TLCValues.sha1WithRSAEncryption)) {
                str = "SHA1withRSA";
            } else if (Arrays.equals(signerInfo.signatureAlgorithm.algorithm.value, _TLCValues.md5WithRSAEncryption)) {
                str = "MD5withRSA";
            } else if (Arrays.equals(signerInfo.signatureAlgorithm.algorithm.value, _TLCValues.id_dsa_with_sha1)) {
                str = "SHA1withDSA";
            } else if (Arrays.equals(signerInfo.signatureAlgorithm.algorithm.value, _TLCValues.id_dsa_with_sha256)) {
                str = "SHA256withDSA";
            } else if (Arrays.equals(signerInfo.signatureAlgorithm.algorithm.value, _TLCValues.sha256WithRSAEncryption)) {
                str = "SHA256withRSA";
            } else if (Arrays.equals(signerInfo.signatureAlgorithm.algorithm.value, _TLCValues.sha384WithRSAEncryption)) {
                str = "SHA384withRSA";
            } else if (Arrays.equals(signerInfo.signatureAlgorithm.algorithm.value, _TLCValues.sha512WithRSAEncryption)) {
                str = "SHA512withRSA";
            } else if (Arrays.equals(signerInfo.signatureAlgorithm.algorithm.value, _TLCValues.id_ecdsa_with_sha256)) {
                str = "SHA256withECDSA";
            } else if (Arrays.equals(signerInfo.signatureAlgorithm.algorithm.value, _TLCValues.id_ecdsa_with_sha384)) {
                str = "SHA384withECDSA";
            } else {
                if (!Arrays.equals(signerInfo.signatureAlgorithm.algorithm.value, _TLCValues.id_ecdsa_with_sha512)) {
                    throw new NoSuchAlgorithmException("Time-stamp signature algorithm not supported.");
                }
                str = "SHA512withECDSA";
            }
            Signature signature = Signature.getInstance(str);
            signature.initVerify(x509Certificate.getPublicKey());
            signature.update(bArr);
            return signature.verify(signerInfo.signature.value);
        } catch (DecodingException e) {
            return false;
        } catch (IOException e2) {
            return false;
        } catch (InvalidKeyException e3) {
            throw new InvalidCertificateException(e3.getMessage());
        } catch (Asn1Exception e4) {
            throw new EncodingException(e4.getMessage());
        }
    }

    public static String toHexString(byte[] bArr) {
        String str = "";
        try {
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
            while (dataInputStream.available() > 0) {
                int readUnsignedByte = dataInputStream.readUnsignedByte();
                if (readUnsignedByte < 16) {
                    str = str + "0";
                }
                str = str + Integer.toHexString(readUnsignedByte);
            }
        } catch (IOException e) {
        }
        return str;
    }

    public static byte[] changeEncapContentTypeToData(byte[] bArr) throws DecodingException, IOException {
        try {
            Asn1BerDecodeBuffer asn1BerDecodeBuffer = new Asn1BerDecodeBuffer(bArr);
            ttiasn.TimeStampToken timeStampToken = new ttiasn.TimeStampToken();
            timeStampToken.decode(asn1BerDecodeBuffer);
            Asn1BerDecodeBuffer asn1BerDecodeBuffer2 = new Asn1BerDecodeBuffer(timeStampToken.content.value);
            SignedData signedData = new SignedData();
            signedData.decode(asn1BerDecodeBuffer2);
            Asn1BerEncodeBuffer asn1BerEncodeBuffer = new Asn1BerEncodeBuffer();
            signedData.encapContentInfo.eContentType.value = _TLCValues.id_data;
            setVersion(signedData);
            signedData.encode(asn1BerEncodeBuffer, true);
            timeStampToken.content.value = asn1BerEncodeBuffer.getMsgCopy();
            asn1BerEncodeBuffer.reset();
            timeStampToken.encode(asn1BerEncodeBuffer, true);
            return asn1BerEncodeBuffer.getMsgCopy();
        } catch (Asn1Exception e) {
            throw new DecodingException(e.getMessage());
        }
    }

    public static byte[] removeTimeAttributeCertificate(byte[] bArr) throws DecodingException, IOException {
        try {
            Asn1BerDecodeBuffer asn1BerDecodeBuffer = new Asn1BerDecodeBuffer(bArr);
            ttiasn.TimeStampToken timeStampToken = new ttiasn.TimeStampToken();
            timeStampToken.decode(asn1BerDecodeBuffer);
            Asn1BerDecodeBuffer asn1BerDecodeBuffer2 = new Asn1BerDecodeBuffer(timeStampToken.content.value);
            SignedData signedData = new SignedData();
            signedData.decode(asn1BerDecodeBuffer2);
            LinkedList linkedList = new LinkedList();
            for (int i = 0; i < signedData.certificates.elements.length; i++) {
                if (signedData.certificates.elements[i].getChoiceID() != 3 && signedData.certificates.elements[i].getChoiceID() != 4) {
                    linkedList.add(signedData.certificates.elements[i]);
                }
            }
            CertificateChoices[] certificateChoicesArr = new CertificateChoices[linkedList.size()];
            linkedList.toArray(certificateChoicesArr);
            signedData.certificates.elements = certificateChoicesArr;
            setVersion(signedData);
            Asn1BerEncodeBuffer asn1BerEncodeBuffer = new Asn1BerEncodeBuffer();
            signedData.encode(asn1BerEncodeBuffer, true);
            timeStampToken.content.value = asn1BerEncodeBuffer.getMsgCopy();
            asn1BerEncodeBuffer.reset();
            timeStampToken.encode(asn1BerEncodeBuffer, true);
            return asn1BerEncodeBuffer.getMsgCopy();
        } catch (Asn1Exception e) {
            throw new DecodingException(e.getMessage());
        }
    }

    private static <T> void requireNotNullOrEmpty(Set<T> set) {
        if (set == null || set.isEmpty()) {
            throw new IllegalArgumentException("Set cannot be null or empty");
        }
    }

    private static void setVersion(SignedData signedData) {
        signedData.version.value = 1L;
        if (signedData.certificates != null) {
            for (int i = 0; i < signedData.certificates.elements.length; i++) {
                if (signedData.certificates.elements[i].getChoiceID() == 3) {
                    signedData.version.value = 3L;
                    return;
                } else if (signedData.certificates.elements[i].getChoiceID() == 4) {
                    signedData.version.value = 4L;
                    return;
                } else {
                    if (signedData.certificates.elements[i].getChoiceID() == 5) {
                        signedData.version.value = 4L;
                        return;
                    }
                }
            }
        }
        if (!Arrays.equals(signedData.encapContentInfo.eContentType.value, _TLCValues.id_data)) {
            signedData.version.value = 3L;
            return;
        }
        for (int i2 = 0; i2 < signedData.signerInfos.elements.length; i2++) {
            if (signedData.signerInfos.elements[i2].version.value != 1) {
                signedData.version.value = 3L;
                return;
            }
        }
    }

    private static X509Certificate x509FromEncodedCertificate(byte[] bArr) throws CertificateException {
        if (bArr == null) {
            return null;
        }
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    static {
        $assertionsDisabled = !TimeStampToken.class.desiredAssertionStatus();
    }
}
