package xades4j.providers.impl;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import javax.inject.Inject;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TSPValidationException;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenInfo;
import org.bouncycastle.util.Selector;
import xades4j.UnsupportedAlgorithmException;
import xades4j.XAdES4jException;
import xades4j.providers.CertificateValidationProvider;
import xades4j.providers.MessageDigestEngineProvider;
import xades4j.providers.TimeStampTokenDigestException;
import xades4j.providers.TimeStampTokenSignatureException;
import xades4j.providers.TimeStampTokenStructureException;
import xades4j.providers.TimeStampTokenTSACertException;
import xades4j.providers.TimeStampTokenVerificationException;
import xades4j.providers.TimeStampVerificationProvider;

/* loaded from: input_file:xades4j/providers/impl/DefaultTimeStampVerificationProvider.class */
public class DefaultTimeStampVerificationProvider implements TimeStampVerificationProvider {
    private static final Map<ASN1ObjectIdentifier, String> digestOidToUriMappings = new HashMap(5);
    private final CertificateValidationProvider certificateValidationProvider;
    private final MessageDigestEngineProvider messageDigestProvider;
    private final JcaSimpleSignerInfoVerifierBuilder signerInfoVerifierBuilder;
    private final JcaX509CertificateConverter x509CertificateConverter;
    private final JcaX509CertSelectorConverter x509CertSelectorConverter;

    /* loaded from: input_file:xades4j/providers/impl/DefaultTimeStampVerificationProvider$AllCertificatesSelector.class */
    private static class AllCertificatesSelector implements Selector {
        private AllCertificatesSelector() {
        }

        public boolean match(Object obj) {
            return true;
        }

        public Object clone() {
            return this;
        }
    }

    private static String uriForDigest(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return digestOidToUriMappings.get(aSN1ObjectIdentifier);
    }

    @Inject
    public DefaultTimeStampVerificationProvider(CertificateValidationProvider certificateValidationProvider, MessageDigestEngineProvider messageDigestEngineProvider) {
        this.certificateValidationProvider = certificateValidationProvider;
        this.messageDigestProvider = messageDigestEngineProvider;
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        this.signerInfoVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder().setProvider(bouncyCastleProvider);
        this.x509CertificateConverter = new JcaX509CertificateConverter().setProvider(bouncyCastleProvider);
        this.x509CertSelectorConverter = new JcaX509CertSelectorConverter();
    }

    @Override // xades4j.providers.TimeStampVerificationProvider
    public Date verifyToken(byte[] bArr, byte[] bArr2) throws TimeStampTokenVerificationException {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
            ContentInfo contentInfo = ContentInfo.getInstance(aSN1InputStream.readObject());
            aSN1InputStream.close();
            TimeStampToken timeStampToken = new TimeStampToken(contentInfo);
            try {
                LinkedList linkedList = new LinkedList();
                Iterator it = timeStampToken.getCertificates().getMatches(new AllCertificatesSelector()).iterator();
                while (it.hasNext()) {
                    linkedList.add(this.x509CertificateConverter.getCertificate((X509CertificateHolder) it.next()));
                }
                try {
                    timeStampToken.validate(this.signerInfoVerifierBuilder.build(this.certificateValidationProvider.validate(this.x509CertSelectorConverter.getCertSelector(timeStampToken.getSID()), timeStampToken.getTimeStampInfo().getGenTime(), linkedList).getCerts().get(0)));
                    TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
                    try {
                        if (Arrays.equals(this.messageDigestProvider.getEngine(uriForDigest(timeStampInfo.getMessageImprintAlgOID())).digest(bArr2), timeStampInfo.getMessageImprintDigest())) {
                            return timeStampInfo.getGenTime();
                        }
                        throw new TimeStampTokenDigestException();
                    } catch (UnsupportedAlgorithmException e) {
                        throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", e);
                    }
                } catch (Exception e2) {
                    throw new TimeStampTokenVerificationException("Error when verifying the token signature", e2);
                } catch (TSPValidationException e3) {
                    throw new TimeStampTokenSignatureException("Invalid token signature or certificate", e3);
                }
            } catch (CertificateException e4) {
                throw new TimeStampTokenVerificationException(e4.getMessage(), e4);
            } catch (XAdES4jException e5) {
                throw new TimeStampTokenTSACertException("cannot validate TSA certificate", e5);
            }
        } catch (IOException e6) {
            throw new TimeStampTokenStructureException("Error parsing encoded token", e6);
        } catch (TSPException e7) {
            throw new TimeStampTokenStructureException("Invalid token", e7);
        }
    }

    static {
        digestOidToUriMappings.put(TSPAlgorithms.MD5, "http://www.w3.org/2001/04/xmldsig-more#md5");
        digestOidToUriMappings.put(TSPAlgorithms.RIPEMD160, "http://www.w3.org/2001/04/xmlenc#ripemd160");
        digestOidToUriMappings.put(TSPAlgorithms.SHA1, "http://www.w3.org/2000/09/xmldsig#sha1");
        digestOidToUriMappings.put(TSPAlgorithms.SHA256, "http://www.w3.org/2001/04/xmlenc#sha256");
        digestOidToUriMappings.put(TSPAlgorithms.SHA384, "http://www.w3.org/2001/04/xmldsig-more#sha384");
        digestOidToUriMappings.put(TSPAlgorithms.SHA512, "http://www.w3.org/2001/04/xmlenc#sha512");
    }
}
