package ru.CryptoPro.CAdES;

import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.SignerIdentifier;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.tsp.TimeStampToken;
import ru.CryptoPro.AdES.exception.AdESException;
import ru.CryptoPro.AdES.exception.IAdESException;
import ru.CryptoPro.AdES.external.signature.ATSHashIndex;
import ru.CryptoPro.AdES.external.timestamp.TSPTimeStampValidationProcess;
import ru.CryptoPro.AdES.external.timestamp.data.TSPData;
import ru.CryptoPro.AdES.timestamp.TSPTimeStampValidatorImpl;
import ru.CryptoPro.CAdES.exception.ArchiveTimestampValidationException;
import ru.CryptoPro.CAdES.exception.CAdESException;
import ru.CryptoPro.CAdES.exception.TimeStampValidationException;
import ru.CryptoPro.CAdES.timestamp.external.ArchiveTimeStampValidationProcessImpl;
import ru.CryptoPro.CAdES.timestamp.external.EnhancedArchiveTimeStampValidationProcessImpl;
import ru.CryptoPro.CAdES.timestamp.external.data.TSPArchiveDataImpl;
import ru.CryptoPro.CAdES.timestamp.external.data.TimeStampData;
import ru.CryptoPro.CAdES.tools.CAdESUtility;
import ru.CryptoPro.JCP.tools.JCPLogger;

/* loaded from: classes3.dex */
public class CAdESSignerAImpl extends CAdESSignerXLT1Impl implements CAdESSignerA {

    /* renamed from: h, reason: collision with root package name */
    protected TimeStampData f15906h;

    /* renamed from: i, reason: collision with root package name */
    protected TimeStampData f15907i;

    protected CAdESSignerAImpl(SignerInformation signerInformation, Integer num, boolean z10) {
        super(signerInformation, num, z10);
        this.f15906h = null;
        this.f15907i = null;
        c();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CAdESSignerAImpl(SignerInformation signerInformation, boolean z10) {
        this(signerInformation, CAdESParameters.CAdES_A, z10);
    }

    private void f() {
        int i10;
        List<TimeStampToken> list;
        Date genTime;
        TSPTimeStampValidationProcess tSPTimeStampValidationProcess;
        JCPLogger.subEnter();
        List<TimeStampToken> b10 = ((ru.CryptoPro.CAdES.pc_0.pc_0.cl_2) this.f15909k).b();
        Integer num = IAdESException.ecTimestampInvalid;
        TimeStampValidationException timeStampValidationException = new TimeStampValidationException(num);
        int size = b10.size();
        if (size == 0) {
            timeStampValidationException.add(new ArchiveTimestampValidationException("No previous archive timestamps have been found! It's not a CAdES-A signature!", num));
            throw timeStampValidationException;
        }
        JCPLogger.fine("Preparing archive-timestamp attributes...");
        byte[] signature = this.f15899a.getSignature();
        SignerIdentifier a10 = cl_8.a(this.f15899a);
        int version = this.f15899a.getVersion();
        AlgorithmIdentifier digestAlgorithmID = this.f15899a.getDigestAlgorithmID();
        AlgorithmIdentifier b11 = cl_8.b(this.f15899a);
        ASN1ObjectIdentifier contentType = this.f15899a.getContentType();
        AttributeTable signerSignedAttributes = getSignerSignedAttributes();
        TSPData[] tSPDataArr = new TSPData[size];
        JCPLogger.fine("Validating archive-timestamps: " + size);
        int i11 = 0;
        int i12 = 0;
        while (i12 < size) {
            TimeStampToken timeStampToken = b10.get(i12);
            AttributeTable unsignedAttributes = timeStampToken.getUnsignedAttributes();
            Attribute attribute = unsignedAttributes.get(CAdESParameters.id_aa_ets_ATSHashIndex);
            Attribute attribute2 = attribute == null ? unsignedAttributes.get(CAdESParameters.id_aa_ets_ATSHashIndexV3) : attribute;
            ATSHashIndex a11 = cl_0.a(attribute2);
            a11.setProvider(this.provider);
            JCPLogger.fine("Validating #" + i12 + " : ats-hash-index digest algorithm...");
            String digestAlgorithm = a11.getDigestAlgorithm();
            String aSN1ObjectIdentifier = timeStampToken.getTimeStampInfo().getHashAlgorithm().getAlgorithm().toString();
            if (!digestAlgorithm.equals(aSN1ObjectIdentifier)) {
                TimeStampValidationException timeStampValidationException2 = timeStampValidationException;
                timeStampValidationException2.add(new ArchiveTimestampValidationException("Hash algorithm in ats-hash-index: " + digestAlgorithm + " doesn't match to algorithm in archive-timestamp: " + aSN1ObjectIdentifier, IAdESException.ecCAdESANoIdenticDigAlgFailure));
                throw timeStampValidationException2;
            }
            JCPLogger.fine("Validating #" + i12 + " : archive-timestamp's ats-hash-index...");
            Vector<Attribute> unsignedAttributes2 = CAdESUtility.getUnsignedAttributes(this.f15899a.getUnsignedAttributes());
            JCPLogger.fine("Validating #" + i12 + " : calculating ats-hash-index digest...");
            cl_0 cl_0Var = new cl_0(attribute2.getAttrType().equals(CAdESParameters.id_aa_ets_ATSHashIndexV3));
            cl_0Var.setAttributes(unsignedAttributes2);
            cl_0Var.setDigestAlgorithm(digestAlgorithm);
            cl_0Var.setProvider(this.provider);
            cl_0Var.setArchiveSignatureCertificateToBeHashedStore(this.archiveSignatureCertificateToBeHashedStore);
            cl_0Var.setArchiveSignatureValidationDataToBeHashedStore(this.archiveSignatureValidationDataToBeHashedStore);
            try {
                cl_0Var.validateImprint(a11);
                TSPTimeStampValidatorImpl tSPTimeStampValidatorImpl = new TSPTimeStampValidatorImpl();
                JCPLogger.fine("Validating #" + i12 + " : archive-timestamp imprint...");
                byte[] bArr = (byte[]) this.f15912n.get(aSN1ObjectIdentifier);
                if (bArr == null) {
                    Integer[] numArr = new Integer[1];
                    numArr[i11] = IAdESException.ecATSHashIndexCreatingFailure;
                    throw new CAdESException("No data hash found", numArr);
                }
                TimeStampValidationException timeStampValidationException3 = timeStampValidationException;
                byte[] bArr2 = signature;
                List<TimeStampToken> list2 = b10;
                int i13 = i12;
                Attribute attribute3 = attribute2;
                TSPData[] tSPDataArr2 = tSPDataArr;
                TSPArchiveDataImpl tSPArchiveDataImpl = new TSPArchiveDataImpl(signature, bArr, a10, b11, digestAlgorithmID, version, contentType, signerSignedAttributes, attribute3, new SignerInfo(a10, digestAlgorithmID, signerSignedAttributes != null ? new DERSet(signerSignedAttributes.toASN1EncodableVector()) : null, b11, new DEROctetString(signature), (ASN1Set) null));
                tSPDataArr2[i13] = tSPArchiveDataImpl;
                tSPArchiveDataImpl.setProvider(this.provider);
                JCPLogger.fine("Searching for valid archive timestamp(s)...");
                if (CAdESType.isTimeStampEnhanced(timeStampToken)) {
                    i10 = 0;
                    JCPLogger.fine("Validating #" + i13 + " as enhanced archive-timestamp...");
                    EnhancedArchiveTimeStampValidationProcessImpl enhancedArchiveTimeStampValidationProcessImpl = new EnhancedArchiveTimeStampValidationProcessImpl(tSPDataArr2[i13], timeStampToken);
                    boolean z10 = i13 == size + (-1);
                    JCPLogger.fine("Validating #" + i13 + ", is last archive timestamp = " + z10);
                    if (z10) {
                        genTime = new Date();
                        list = list2;
                    } else {
                        list = list2;
                        genTime = list.get(i13 + 1).getTimeStampInfo().getGenTime();
                    }
                    JCPLogger.fine("Validating #" + i13 + ", archive tail build date = " + genTime);
                    enhancedArchiveTimeStampValidationProcessImpl.setTailBuildingDate(genTime);
                    enhancedArchiveTimeStampValidationProcessImpl.setNeedValidateTailChain(z10);
                    Date genTime2 = timeStampToken.getTimeStampInfo().getGenTime();
                    enhancedArchiveTimeStampValidationProcessImpl.setExternalDate(genTime2);
                    JCPLogger.fine("Validating #" + i13 + ", archive validation date = " + genTime2);
                    enhancedArchiveTimeStampValidationProcessImpl.setParentalDecoder((ru.CryptoPro.CAdES.pc_0.pc_0.cl_1) this.f15909k);
                    tSPTimeStampValidationProcess = enhancedArchiveTimeStampValidationProcessImpl;
                } else {
                    if (i13 != size - 1) {
                        throw new CAdESException("Simple archive timestamp can be only the last", IAdESException.ecCAdESAVerifingFailure);
                    }
                    JCPLogger.fine("Validating #" + i13 + " as simple archive-timestamp...");
                    tSPTimeStampValidationProcess = new ArchiveTimeStampValidationProcessImpl(tSPDataArr2[i13], timeStampToken);
                    list = list2;
                    i10 = 0;
                }
                tSPTimeStampValidationProcess.setCertificateValues(this.signatureCertificates);
                tSPTimeStampValidationProcess.setCRLs(this.signatureCRLs);
                try {
                    tSPTimeStampValidatorImpl.validate(tSPTimeStampValidationProcess);
                    i12 = i13 + 1;
                    i11 = i10;
                    b10 = list;
                    tSPDataArr = tSPDataArr2;
                    signature = bArr2;
                    timeStampValidationException = timeStampValidationException3;
                } catch (AdESException e10) {
                    timeStampValidationException3.add(e10);
                    throw timeStampValidationException3;
                }
            } catch (AdESException e11) {
                TimeStampValidationException timeStampValidationException4 = timeStampValidationException;
                timeStampValidationException4.add(e11);
                throw timeStampValidationException4;
            }
        }
        List<TimeStampToken> list3 = b10;
        int i14 = i11;
        TSPData[] tSPDataArr3 = tSPDataArr;
        JCPLogger.fine("Validating of archive-timestamp(s) completed.");
        int i15 = size - 1;
        this.f15907i = new TimeStampData(list3.get(i15), tSPDataArr3[i15]);
        this.f15906h = new TimeStampData(list3.get(i14), tSPDataArr3[i14]);
        JCPLogger.fine("Archive-timestamps have been found!");
        JCPLogger.exit();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // ru.CryptoPro.CAdES.CAdESSignerXLT1Impl, ru.CryptoPro.CAdES.CAdESSignerTImpl, ru.CryptoPro.CAdES.CAdESSignerBESImpl
    public Map<Object, Object> a() {
        JCPLogger.fine("Preparing attribute parameters (A -> A)...");
        JCPLogger.fine("Looking for an earliest and latest archive-timestamps...");
        if (this.f15907i == null || this.f15906h == null) {
            f();
        }
        Map<Object, Object> a10 = super.a();
        Vector<Attribute> attributes = CAdESUtility.getAttributes(this.f15899a.getUnsignedAttributes(), CAdESParameters.id_aa_ets_archiveTimestampV3);
        Collections.sort(attributes, ru.CryptoPro.CAdES.pc_0.pc_0.cl_5.f15961e);
        if (!attributes.isEmpty()) {
            JCPLogger.fine("Adding earliest and latest archive timestamps (A -> A)...");
            a10.put("LatestArchiveTimeStamp", this.f15907i);
            a10.put("EarliestArchiveTimeStamp", this.f15906h);
            JCPLogger.fine("Adding all the archive timestamps (A -> A)...");
            a10.put("ArchiveTimeStampVector", attributes);
        }
        return a10;
    }

    @Override // ru.CryptoPro.CAdES.CAdESSignerXLT1Impl, ru.CryptoPro.CAdES.CAdESSignerTImpl, ru.CryptoPro.CAdES.CAdESSignerBESImpl, ru.CryptoPro.CAdES.CAdESSignerPKCS7Impl
    protected void c() {
        this.f15909k = new ru.CryptoPro.CAdES.pc_0.pc_0.cl_2(this.f15899a);
    }

    @Override // ru.CryptoPro.CAdES.CAdESSignerXLT1Impl
    protected Date d() {
        return this.f15906h.getTimeStampToken().getTimeStampInfo().getGenTime();
    }

    @Override // ru.CryptoPro.CAdES.CAdESSignerXLT1Impl
    protected void e() {
        JCPLogger.subEnter();
        long time = this.f15911m.getTimeStampToken().getTimeStampInfo().getGenTime().getTime() - this.f15906h.getTimeStampToken().getTimeStampInfo().getGenTime().getTime();
        if (time <= 0) {
            JCPLogger.subExit();
            return;
        }
        throw new AdESException("Generation time of earliest archive-timestamp is less than CAdES-C-timestamp on " + time + " ms", IAdESException.ecCAdESADateMismatch);
    }

    @Override // ru.CryptoPro.CAdES.CAdESSignerXLT1Impl, ru.CryptoPro.CAdES.CAdESSignerPKCS7Impl, ru.CryptoPro.AdES.external.signature.AdESSigner
    protected Date getBuildingDate() {
        return null;
    }

    @Override // ru.CryptoPro.CAdES.CAdESSignerA, ru.CryptoPro.AdES.external.signature.AdESArchSignatureModel
    public List<TimeStampToken> getCAdESArchiveTimestampTokens() {
        return ((ru.CryptoPro.CAdES.pc_0.pc_0.cl_2) this.f15909k).b();
    }

    @Override // ru.CryptoPro.CAdES.CAdESSignerA
    public TimeStampToken getEarliestArchiveTimeStampToken() {
        return this.f15906h.getTimeStampToken();
    }

    @Override // ru.CryptoPro.CAdES.CAdESSignerA
    public TimeStampToken getLatestArchiveTimeStampToken() {
        return this.f15907i.getTimeStampToken();
    }

    @Override // ru.CryptoPro.CAdES.CAdESSignerXLT1Impl, ru.CryptoPro.CAdES.CAdESSignerTImpl, ru.CryptoPro.CAdES.CAdESSignerBESImpl, ru.CryptoPro.CAdES.CAdESSigner, ru.CryptoPro.AdES.external.signature.AdESSigner, ru.CryptoPro.AdES.external.interfaces.IAdESSigner
    public Integer getSignatureType() {
        return CAdESParameters.CAdES_A;
    }

    @Override // ru.CryptoPro.CAdES.CAdESSignerXLT1Impl, ru.CryptoPro.CAdES.CAdESSignerPKCS7Impl, ru.CryptoPro.AdES.external.signature.AdESSigner
    protected Date getValidationDate() {
        return null;
    }

    @Override // ru.CryptoPro.CAdES.CAdESSignerXLT1Impl, ru.CryptoPro.CAdES.CAdESSignerXLT1
    public void verify() {
        JCPLogger.subEnter();
        verify(null, null);
        JCPLogger.subExit();
    }

    @Override // ru.CryptoPro.CAdES.CAdESSignerXLT1Impl, ru.CryptoPro.CAdES.CAdESSignerPKCS7Impl, ru.CryptoPro.CAdES.CAdESSignerRawImpl, ru.CryptoPro.CAdES.CAdESSigner, ru.CryptoPro.AdES.external.signature.AdESSigner, ru.CryptoPro.AdES.external.interfaces.IAdESSigner
    public void verify(Set<X509Certificate> set, Set<X509CRL> set2) {
        JCPLogger.subEnter();
        verify(set, set2, (Integer) null, true);
        JCPLogger.subExit();
    }

    @Override // ru.CryptoPro.CAdES.CAdESSignerXLT1Impl, ru.CryptoPro.CAdES.CAdESSignerTImpl, ru.CryptoPro.CAdES.CAdESSignerBESImpl, ru.CryptoPro.CAdES.CAdESSignerPKCS7Impl, ru.CryptoPro.CAdES.CAdESSignerRawImpl, ru.CryptoPro.CAdES.CAdESSigner, ru.CryptoPro.AdES.external.signature.AdESSigner, ru.CryptoPro.AdES.external.interfaces.IAdESSigner
    public void verify(Set<X509Certificate> set, Set<X509CRL> set2, Integer num, boolean z10) {
        Integer num2;
        boolean z11;
        JCPLogger.subEnter();
        JCPLogger.fine("%%% Verifying signer... %%%");
        if (num != null && !num.equals(CAdESParameters.CAdES_A) && !num.equals(CAdESParameters.CAdES_X_Long_Type_1) && !num.equals(CAdESParameters.CAdES_T) && !num.equals(CAdESParameters.CAdES_BES)) {
            JCPLogger.infoFormat("Signature type '{0}' ignored, default signature type used.", CAdESType.getSignatureTypeName(num));
            num = null;
        }
        if (num == null) {
            num = getSignatureType();
        }
        if (set == null) {
            set = Collections.emptySet();
        }
        Set<X509Certificate> set3 = set;
        Set unmodifiableSet = Collections.unmodifiableSet(this.signatureCertificates);
        this.signatureCertificates.addAll(set3);
        if (set2 == null) {
            set2 = Collections.emptySet();
        }
        Set<X509CRL> set4 = set2;
        this.signatureCRLs.addAll(set4);
        Integer num3 = CAdESParameters.CAdES_A;
        if (num.equals(num3) && getSignatureType().equals(num3)) {
            JCPLogger.fine("Validating if archive-timestamps use the same digest algorithms. It allows to ignore calculating of the message-digest...");
            String digestAlgOID = this.f15899a.getDigestAlgOID();
            List<TimeStampToken> b10 = ((ru.CryptoPro.CAdES.pc_0.pc_0.cl_2) this.f15909k).b();
            boolean z12 = true;
            for (int i10 = 0; i10 < b10.size(); i10++) {
                z12 &= digestAlgOID.equals(b10.get(i10).getTimeStampInfo().getHashAlgorithm().getAlgorithm().toString());
            }
            if (!z12 && this.f15903e == null) {
                throw new CAdESException("Signature can not be verified. Signer digest algorithm and digest algorithms in archive timestamps are not identical. Only detached signature with different digest algorithms are supported", IAdESException.ecCAdESANoIdenticDigAlgFailure);
            }
            X509Certificate a10 = a(unmodifiableSet, set3);
            JCPLogger.fine("Verifying binary signature...");
            verifyCryptographicSignature(a10, this.provider);
            JCPLogger.fine("Updating digest table...");
            a(!z12, (String) null, this.provider);
            f();
            num2 = CAdESParameters.CAdES_X_Long_Type_1;
            z11 = true;
        } else {
            num2 = num;
            z11 = false;
        }
        super.a(set3, set4, num2, z10, z11);
        JCPLogger.subExit();
    }
}
