package org.bouncycastle.tsp;

import com.finogeeks.lib.applet.client.FinAppConfig;
import com.mifi.apm.trace.core.a;
import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.rosstandart.RosstandartObjectIdentifiers;
import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Integers;

/* loaded from: classes4.dex */
public class TSPUtil {
    private static List EMPTY_LIST;
    private static final Map digestLengths;
    private static final Map digestNames;

    static {
        a.y(16065);
        EMPTY_LIST = Collections.unmodifiableList(new ArrayList());
        HashMap hashMap = new HashMap();
        digestLengths = hashMap;
        HashMap hashMap2 = new HashMap();
        digestNames = hashMap2;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = PKCSObjectIdentifiers.md5;
        hashMap.put(aSN1ObjectIdentifier.getId(), Integers.valueOf(16));
        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = OIWObjectIdentifiers.idSHA1;
        hashMap.put(aSN1ObjectIdentifier2.getId(), Integers.valueOf(20));
        ASN1ObjectIdentifier aSN1ObjectIdentifier3 = NISTObjectIdentifiers.id_sha224;
        hashMap.put(aSN1ObjectIdentifier3.getId(), Integers.valueOf(28));
        ASN1ObjectIdentifier aSN1ObjectIdentifier4 = NISTObjectIdentifiers.id_sha256;
        hashMap.put(aSN1ObjectIdentifier4.getId(), Integers.valueOf(32));
        ASN1ObjectIdentifier aSN1ObjectIdentifier5 = NISTObjectIdentifiers.id_sha384;
        hashMap.put(aSN1ObjectIdentifier5.getId(), Integers.valueOf(48));
        ASN1ObjectIdentifier aSN1ObjectIdentifier6 = NISTObjectIdentifiers.id_sha512;
        hashMap.put(aSN1ObjectIdentifier6.getId(), Integers.valueOf(64));
        ASN1ObjectIdentifier aSN1ObjectIdentifier7 = TeleTrusTObjectIdentifiers.ripemd128;
        hashMap.put(aSN1ObjectIdentifier7.getId(), Integers.valueOf(16));
        ASN1ObjectIdentifier aSN1ObjectIdentifier8 = TeleTrusTObjectIdentifiers.ripemd160;
        hashMap.put(aSN1ObjectIdentifier8.getId(), Integers.valueOf(20));
        ASN1ObjectIdentifier aSN1ObjectIdentifier9 = TeleTrusTObjectIdentifiers.ripemd256;
        hashMap.put(aSN1ObjectIdentifier9.getId(), Integers.valueOf(32));
        ASN1ObjectIdentifier aSN1ObjectIdentifier10 = CryptoProObjectIdentifiers.gostR3411;
        hashMap.put(aSN1ObjectIdentifier10.getId(), Integers.valueOf(32));
        ASN1ObjectIdentifier aSN1ObjectIdentifier11 = RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256;
        hashMap.put(aSN1ObjectIdentifier11.getId(), Integers.valueOf(32));
        ASN1ObjectIdentifier aSN1ObjectIdentifier12 = RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512;
        hashMap.put(aSN1ObjectIdentifier12.getId(), Integers.valueOf(64));
        ASN1ObjectIdentifier aSN1ObjectIdentifier13 = GMObjectIdentifiers.sm3;
        hashMap.put(aSN1ObjectIdentifier13.getId(), Integers.valueOf(32));
        hashMap2.put(aSN1ObjectIdentifier.getId(), FinAppConfig.ENCRYPTION_TYPE_MD5);
        hashMap2.put(aSN1ObjectIdentifier2.getId(), "SHA1");
        hashMap2.put(aSN1ObjectIdentifier3.getId(), "SHA224");
        hashMap2.put(aSN1ObjectIdentifier4.getId(), "SHA256");
        hashMap2.put(aSN1ObjectIdentifier5.getId(), "SHA384");
        hashMap2.put(aSN1ObjectIdentifier6.getId(), "SHA512");
        hashMap2.put(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "SHA1");
        hashMap2.put(PKCSObjectIdentifiers.sha224WithRSAEncryption.getId(), "SHA224");
        hashMap2.put(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId(), "SHA256");
        hashMap2.put(PKCSObjectIdentifiers.sha384WithRSAEncryption.getId(), "SHA384");
        hashMap2.put(PKCSObjectIdentifiers.sha512WithRSAEncryption.getId(), "SHA512");
        hashMap2.put(aSN1ObjectIdentifier7.getId(), "RIPEMD128");
        hashMap2.put(aSN1ObjectIdentifier8.getId(), "RIPEMD160");
        hashMap2.put(aSN1ObjectIdentifier9.getId(), "RIPEMD256");
        hashMap2.put(aSN1ObjectIdentifier10.getId(), "GOST3411");
        hashMap2.put(aSN1ObjectIdentifier11.getId(), "GOST3411-2012-256");
        hashMap2.put(aSN1ObjectIdentifier12.getId(), "GOST3411-2012-512");
        hashMap2.put(aSN1ObjectIdentifier13.getId(), "SM3");
        a.C(16065);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addExtension(ExtensionsGenerator extensionsGenerator, ASN1ObjectIdentifier aSN1ObjectIdentifier, boolean z7, ASN1Encodable aSN1Encodable) throws TSPIOException {
        a.y(16063);
        try {
            extensionsGenerator.addExtension(aSN1ObjectIdentifier, z7, aSN1Encodable);
            a.C(16063);
        } catch (IOException e8) {
            TSPIOException tSPIOException = new TSPIOException("cannot encode extension: " + e8.getMessage(), e8);
            a.C(16063);
            throw tSPIOException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int getDigestLength(String str) throws TSPException {
        a.y(16059);
        Integer num = (Integer) digestLengths.get(str);
        if (num != null) {
            int intValue = num.intValue();
            a.C(16059);
            return intValue;
        }
        TSPException tSPException = new TSPException("digest algorithm cannot be found.");
        a.C(16059);
        throw tSPException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List getExtensionOIDs(Extensions extensions) {
        a.y(16061);
        List unmodifiableList = extensions == null ? EMPTY_LIST : Collections.unmodifiableList(Arrays.asList(extensions.getExtensionOIDs()));
        a.C(16061);
        return unmodifiableList;
    }

    public static Collection getSignatureTimestamps(SignerInformation signerInformation, DigestCalculatorProvider digestCalculatorProvider) throws TSPValidationException {
        a.y(16055);
        ArrayList arrayList = new ArrayList();
        AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
        if (unsignedAttributes != null) {
            ASN1EncodableVector all = unsignedAttributes.getAll(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
            for (int i8 = 0; i8 < all.size(); i8++) {
                ASN1Set attrValues = ((Attribute) all.get(i8)).getAttrValues();
                for (int i9 = 0; i9 < attrValues.size(); i9++) {
                    try {
                        TimeStampToken timeStampToken = new TimeStampToken(ContentInfo.getInstance(attrValues.getObjectAt(i9)));
                        TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
                        DigestCalculator digestCalculator = digestCalculatorProvider.get(timeStampInfo.getHashAlgorithm());
                        OutputStream outputStream = digestCalculator.getOutputStream();
                        outputStream.write(signerInformation.getSignature());
                        outputStream.close();
                        if (!org.bouncycastle.util.Arrays.constantTimeAreEqual(digestCalculator.getDigest(), timeStampInfo.getMessageImprintDigest())) {
                            TSPValidationException tSPValidationException = new TSPValidationException("Incorrect digest in message imprint");
                            a.C(16055);
                            throw tSPValidationException;
                        }
                        arrayList.add(timeStampToken);
                    } catch (OperatorCreationException unused) {
                        TSPValidationException tSPValidationException2 = new TSPValidationException("Unknown hash algorithm specified in timestamp");
                        a.C(16055);
                        throw tSPValidationException2;
                    } catch (Exception unused2) {
                        TSPValidationException tSPValidationException3 = new TSPValidationException("Timestamp could not be parsed");
                        a.C(16055);
                        throw tSPValidationException3;
                    }
                }
            }
        }
        a.C(16055);
        return arrayList;
    }

    public static void validateCertificate(X509CertificateHolder x509CertificateHolder) throws TSPValidationException {
        a.y(16058);
        if (x509CertificateHolder.toASN1Structure().getVersionNumber() != 3) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("Certificate must have an ExtendedKeyUsage extension.");
            a.C(16058);
            throw illegalArgumentException;
        }
        Extension extension = x509CertificateHolder.getExtension(Extension.extendedKeyUsage);
        if (extension == null) {
            TSPValidationException tSPValidationException = new TSPValidationException("Certificate must have an ExtendedKeyUsage extension.");
            a.C(16058);
            throw tSPValidationException;
        }
        if (!extension.isCritical()) {
            TSPValidationException tSPValidationException2 = new TSPValidationException("Certificate must have an ExtendedKeyUsage extension marked as critical.");
            a.C(16058);
            throw tSPValidationException2;
        }
        ExtendedKeyUsage extendedKeyUsage = ExtendedKeyUsage.getInstance(extension.getParsedValue());
        if (extendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_timeStamping) && extendedKeyUsage.size() == 1) {
            a.C(16058);
        } else {
            TSPValidationException tSPValidationException3 = new TSPValidationException("ExtendedKeyUsage not solely time stamping.");
            a.C(16058);
            throw tSPValidationException3;
        }
    }
}
