package uz.yt.cams.pki;

import java.io.IOException;
import java.math.BigInteger;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.jcajce.JcaSignerInfoVerifierBuilder;
import org.spongycastle.cms.jcajce.YTCMSSignatureAlgorithmNameGenerator;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.spongycastle.tsp.TSPException;
import org.spongycastle.tsp.TimeStampToken;
import uz.yt.cams.pki.dto.CertificateIdInfo;
import uz.yt.cams.pki.dto.Pkcs7Info;
import uz.yt.cams.pki.dto.TimeStampInfo;
import uz.yt.cams.pki.provider.CertificateStatusProvder;
import uz.yt.cams.pki.provider.TrustedCertificateProvider;

/* loaded from: classes2.dex */
public class DocumentOnlineVerifier extends DocumentVerifier {
    private static final Logger LOG = Logger.getLogger(DocumentOnlineVerifier.class.getName());
    protected final CertificateStatusProvder certificateStatusProvder;
    protected MessageDigester digester;

    public DocumentOnlineVerifier(Provider provider, TrustedCertificateProvider trustedCertificateProvider, CertificateStatusProvder certificateStatusProvder) {
        super(provider, trustedCertificateProvider);
        this.certificateStatusProvder = certificateStatusProvder;
        this.digester = new MessageDigester(provider);
    }

    private CertificateIdInfo get(X509Certificate x509Certificate, BigInteger bigInteger, List<CertificateIdInfo> list) {
        for (CertificateIdInfo certificateIdInfo : list) {
            if (certificateIdInfo.getSubjectCertificate().getSerialNumber().equals(bigInteger)) {
                return certificateIdInfo;
            }
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:90:0x02f6  */
    /* JADX WARN: Removed duplicated region for block: B:94:0x0326  */
    /* JADX WARN: Type inference failed for: r10v0 */
    /* JADX WARN: Type inference failed for: r10v1, types: [boolean] */
    /* JADX WARN: Type inference failed for: r10v4 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void verify(uz.yt.cams.pki.dto.Pkcs7Info r25) throws org.spongycastle.cms.CMSException, java.io.IOException, org.spongycastle.tsp.TSPException {
        /*
            Method dump skipped, instructions count: 923
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: uz.yt.cams.pki.DocumentOnlineVerifier.verify(uz.yt.cams.pki.dto.Pkcs7Info):void");
    }

    public Pkcs7Info verifyPkcs7WithTimeStampAttached(byte[] bArr) throws OperatorCreationException, CMSException, IOException, TSPException {
        Pkcs7Info verifyPkcs7Attached = verifyPkcs7Attached(bArr);
        verify(verifyPkcs7Attached);
        return verifyPkcs7Attached;
    }

    public Pkcs7Info verifyPkcs7WithTimeStampDetached(byte[] bArr, byte[] bArr2) throws OperatorCreationException, CMSException, IOException, TSPException {
        Pkcs7Info verifyPkcs7Detached = verifyPkcs7Detached(bArr, bArr2);
        verify(verifyPkcs7Detached);
        return verifyPkcs7Detached;
    }

    public TimeStampInfo verifyTimeStampToken(Pkcs7Info pkcs7Info, TimeStampToken timeStampToken, byte[] bArr) {
        TimeStampInfo timeStampInfo = new TimeStampInfo();
        Iterator it = timeStampToken.getCertificates().getMatches(null).iterator();
        while (it.hasNext()) {
            try {
                timeStampInfo.addCertificates(new JcaX509CertificateConverter().setProvider(this.provider).getCertificate((X509CertificateHolder) it.next()));
            } catch (CertificateException e) {
                LOG.log(Level.SEVERE, "", (Throwable) e);
            }
        }
        timeStampInfo.setSignerId(timeStampToken.getSID());
        timeStampInfo.setTsaPolicy(timeStampToken.getTimeStampInfo().getPolicy());
        timeStampInfo.setTime(timeStampToken.getTimeStampInfo().getGenTime());
        timeStampInfo.setHashAlgorithm(timeStampToken.getTimeStampInfo().getHashAlgorithm());
        timeStampInfo.setSerialNumber(timeStampToken.getTimeStampInfo().getSerialNumber());
        timeStampInfo.setTsa(timeStampToken.getTimeStampInfo().getTsa().toString());
        timeStampInfo.setMessageImprintAlgOID(timeStampToken.getTimeStampInfo().getMessageImprintAlgOID());
        timeStampInfo.setMessageImprintDigest(timeStampToken.getTimeStampInfo().getMessageImprintDigest());
        Iterator it2 = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()).iterator();
        if (it2.hasNext()) {
            try {
                X509Certificate certificate = new JcaX509CertificateConverter().setProvider(this.provider).getCertificate((X509CertificateHolder) it2.next());
                LinkedList linkedList = new LinkedList();
                timeStampInfo.setCertificate(new X509Certificate[]{certificate});
                try {
                    X509Certificate verifyCertificateChainReturnTrust = verifyCertificateChainReturnTrust(certificate, timeStampInfo.getCertificates(), timeStampInfo.getTime(), linkedList);
                    timeStampInfo.setCertificate((X509Certificate[]) linkedList.toArray(new X509Certificate[0]));
                    timeStampInfo.setCertificateVerified(true);
                    timeStampInfo.setTrustedCertificate(verifyCertificateChainReturnTrust);
                } catch (Throwable th) {
                    LOG.log(Level.WARNING, "CERTIFICATE PATH VALIDATION ERROR : {0}", new Object[]{th.getMessage()});
                }
                try {
                    timeStampInfo.setVerified(timeStampToken.isSignatureValid(new JcaSignerInfoVerifierBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(this.provider).build()).setSignatureAlgorithmNameGenerator(new YTCMSSignatureAlgorithmNameGenerator()).build(certificate)));
                    timeStampInfo.setDigestVerified(Arrays.equals(this.digester.getDigest(bArr, timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId()), timeStampToken.getTimeStampInfo().getMessageImprintDigest()));
                } catch (Throwable th2) {
                    LOG.log(Level.SEVERE, "", th2);
                }
                if (timeStampInfo.isVerified()) {
                    LOG.log(Level.INFO, "{2} : {0} - {1}", new Object[]{timeStampInfo.getCertificate()[0].getSerialNumber().toString(16), timeStampInfo.getCertificate()[0].getSubjectDN().toString(), "SIGNATURE VERIFIED"});
                } else {
                    LOG.log(Level.WARNING, "{2} : {0} - {1}", new Object[]{timeStampInfo.getCertificate()[0].getSerialNumber().toString(16), timeStampInfo.getCertificate()[0].getSubjectDN().toString(), "SIGNATURE NOT VERIFIED"});
                }
                if (timeStampInfo.isDigestVerified()) {
                    LOG.log(Level.INFO, "{2} : {0} - {1}", new Object[]{timeStampInfo.getCertificate()[0].getSerialNumber().toString(16), timeStampInfo.getCertificate()[0].getSubjectDN().toString(), "DIGEST VERIFIED"});
                } else {
                    LOG.log(Level.WARNING, "{2} : {0} - {1}", new Object[]{timeStampInfo.getCertificate()[0].getSerialNumber().toString(16), timeStampInfo.getCertificate()[0].getSubjectDN().toString(), "DIGEST NOT VERIFIED"});
                }
                if (timeStampInfo.isCertificateVerified()) {
                    LOG.log(Level.INFO, "{2} : {0} - {1}", new Object[]{timeStampInfo.getCertificate()[0].getSerialNumber().toString(16), timeStampInfo.getCertificate()[0].getSubjectDN().toString(), "CERTIFICATE CHAIN VERIFIED"});
                } else {
                    LOG.log(Level.WARNING, "{2} : {0} - {1}", new Object[]{timeStampInfo.getCertificate()[0].getSerialNumber().toString(16), timeStampInfo.getCertificate()[0].getSubjectDN().toString(), "CERTIFICATE CHAIN NOT VERIFIED"});
                }
            } catch (CertificateException | OperatorCreationException e2) {
                LOG.log(Level.SEVERE, "", (Throwable) e2);
                timeStampInfo.setException(e2);
            }
        }
        return timeStampInfo;
    }
}
