package org.ezca.shield.sdk.sign.seal.sealv3.sign.pdf;

import com.ccit.mshield.sof.constant.AlgorithmConstants;
import com.ezca.etssapi.EzcaTimeStampResponse;
import com.ezca.etssapi.EzcaTimeStampToken;
import com.ezca.etssapi.TS;
import com.ezca.etssapi.exception.TSPTcpIpException;
import com.itextpdf.text.error_messages.MessageLocalization;
import com.itextpdf.text.pdf.security.TSAClient;
import io.dcloud.common.util.net.NetWork;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.URL;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Date;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TSPValidationException;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampResponseGenerator;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: classes3.dex */
public class MyTSAClient implements TSAClient {
    protected String digestAlgorithm;
    protected byte[] tokenBytes;
    protected int tokenSizeEstimate;
    protected TS ts;

    /* loaded from: classes3.dex */
    private static class SHA1DigestCalculator implements DigestCalculator {
        private ByteArrayOutputStream byteArrayOutputStream;

        private SHA1DigestCalculator() {
            this.byteArrayOutputStream = new ByteArrayOutputStream();
        }

        @Override // org.bouncycastle.operator.DigestCalculator
        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1);
        }

        @Override // org.bouncycastle.operator.DigestCalculator
        public byte[] getDigest() {
            byte[] byteArray = this.byteArrayOutputStream.toByteArray();
            this.byteArrayOutputStream.reset();
            SHA1Digest sHA1Digest = new SHA1Digest();
            sHA1Digest.update(byteArray, 0, byteArray.length);
            byte[] bArr = new byte[sHA1Digest.getDigestSize()];
            sHA1Digest.doFinal(bArr, 0);
            return bArr;
        }

        @Override // org.bouncycastle.operator.DigestCalculator
        public OutputStream getOutputStream() {
            return this.byteArrayOutputStream;
        }
    }

    public MyTSAClient(TS ts, String str) {
        this.ts = ts;
        this.digestAlgorithm = str;
    }

    private byte[] getBCTSAResponse(byte[] bArr) throws TSPException {
        try {
            try {
                TimeStampRequest timeStampRequest = new TimeStampRequest(bArr);
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ASN1InputStream(Hex.decode("308205453082032DA0030201020210251F5D988182172E3C419E014FB0404C300D06092A864886F70D01010505003055310B300906035504061302434E311A3018060355040A1311576F5369676E204341204C696D69746564312A30280603550403132143657274696669636174696F6E20417574686F72697479206F6620576F5369676E301E170D3039303830383031303030355A170D3234303830383031303030355A304F310B300906035504061302434E311A3018060355040A1311576F5369676E204341204C696D69746564312430220603550403131B576F5369676E2054696D65205374616D70696E67205369676E657230820122300D06092A864886F70D01010105000382010F003082010A0282010100A5D068BA82CBDBA76D55B931A7DAF49C6B03544FA21CEF1CB596441F56413F61B003594B820EDB15C8D0CCE087C609758A84E3ED97C2C89234C0F164536051344890B14F8969F52EA02A16542FC03758FF35521B5208CFB9EC5A27525A83EB68B1B9F8B2A908F34FAB170F2EBD4FE5128ABF7CB7E765323B834102223A243B6AA33CAFEB7942175674C86163DD8C2F3EEF3AA34752043B0018AE2671E07A048D75822D654EC1B8F28CDE0F6303D4C35260728C88CC6F96D5C77D29DB26049EA2B4BF5AB56EF2460F2981C5C04FA6878C7C2107541F50F0425C557CCF442E413D188D5FD968E647918FCFDC7D9060FFCB48E4615E4F73450DC8348903D5FE0BC30203010001A382011530820111300E0603551D0F0101FF0404030206C030160603551D250101FF040C300A06082B06010505070308300C0603551D130101FF0402300030300603551D1F042930273025A023A021861F687474703A2F2F63726C73312E776F7369676E2E636F6D2F6361312E63726C306706082B06010505070101045B3059302706082B06010505073001861B687474703A2F2F6F637370312E776F7369676E2E636F6D2F636131302E06082B060105050730028622687474703A2F2F616961312E776F7369676E2E636F6D2F6361312D7473612E636572301D0603551D0E04160414DF6E12D50C542E5A14CADE03DEAB4ED4980C46B5301F0603551D23041830168014E166CF0ED1F1B34BB7062014FE8712D5F6FEFB3E300D06092A864886F70D010105050003820201007C982FBBC3D2AEC22A8FA69776568632C4CD36688BECD7801A3179B05E56B969EBB90B32A98326DC775D7A56B246A07D15D66DF9ACF835737836026022201CEF188F7E66B24FE771935A2BE6E58D3D5D2E274B46CB1D04F30B8C3F13A80DD4CDE828E82A9C55C8E3FF9DA922496EE8E7889237578060441827435818046D86C065470557555091E67350EE3F10A98F052FDA6811536E1FAD98F3763E85D057A3CFE4C11A4C6406A644AB4E1EE24BD5A46D71F86BCB6613A6471F212AA1AE4C89A47D2877174F888DB1D15DB1C4935ABF22926CAB678268EDD721CB63BC93C4178E871925AD1754B479D2A59373BC7CBBE4800F8FCCAA0AD0E49375AA6CCF497D75EC82285C73F042BF9EA6132EDE6CEE8003A6EE8836A01BB282E83DBBA61AD511AE0A0B62D651369723175226EDF1C5B62175391507E042F12A89047766AD1404D2C7D47C4F6CDD4EDCED8EA9F68617E7E15966BBD07AD09442EBAFC154CAE21AA4A9B6A5D481CA1526FA6FB4DF7810048C4818BC2859669AB818F1D95E5B82FFFE11D7D40436309F511D3CC86440757CD83583EFB1E528760A053DE9B81E70503A60E2A50188889C04CC6AF21585D10CB74A6D934E82CA29E9750B42E43A4724086D805CE66A672CB61308C94FD86653B9B67FE2EA39956F71779603AFB9E3CCE3A1B9F101C66EBEFC975CB2D1F17BFB33C665EAE618F9AB3A271A2D206BE6")));
                MyTimeStampTokenGenerator myTimeStampTokenGenerator = new MyTimeStampTokenGenerator(new MyJcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode("MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMCd34BLzpCpHtq5TM7+/9iym5/FQldmgkcFEfhz7p42B1azeruyWH41NwCuVkODWKg5XgsD7GeI1ECSY0OPwSrcvZ0KISfNHhPKDAO9wgQljloU0lmnN9+dVQRtSiaeKhB8xAhbyvwSQTy0KkJiAIn3e6pBqyeqOGTAosOiANUDAgMBAAECgYAWC7vCBmstGX5DkIPfCUalOcQgJEa0lDIDCOyGoFZGW265mK9Kfl4si9CwzkNnVMg38OD3p8pOC1Yn0dl0qSZ1m5p6ryniUc5Qx5HhvU6ZRCb4iuRnxhDX5LRvvQrZvdRgL8g1uCACiXGigat0bOfz2Rz99IDLh2jjWCTpPeycCQJBAOCTBWB+TmDN30FRyjkIduCGMXPD6il9XqYpJNsbBmhhXTp5WXP6xGHtddNDPBzO5HO3+NVHUEmrPcFs6cZfFY8CQQDbkgbmiV9sXCFbjW/pzX9jQwqQ+8dJ1Ou8WzHfkWyRLUb2gyY1VD08fQGR086GkmA7JNI9BxzBBOsrBeMLUJdNAkBYrPUUkwsz4lbjnf4x4wu9wH9KbPPLijuTdO+erN8s3DVJ35zY1Q4ydOdvkj7sSS2gG+bfoJctX7a05+Kvd+A1AkBqVuK4rDdmx4fwSyO0XC4h6MopRYdTHqe85X3WBRxLg14m7YWHtnCh5vjno2kWi7XHbyHTJKqsYLF0eLlpNXLRAkAvul0Q+90909MXCPZF+J/o7JLrmRsfngvUAfk6gHN14uZziqrEX2Lk2rUUjHIBF/4MJqQjQncrgBfLeos3Q67Y"))), x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
                ArrayList arrayList = new ArrayList();
                arrayList.add(x509Certificate);
                CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), BouncyCastleProvider.PROVIDER_NAME);
                myTimeStampTokenGenerator.addCertificates(new JcaCertStore(arrayList));
                new TimeStampRequestGenerator().setCertReq(true);
                return new TimeStampResponseGenerator(myTimeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(timeStampRequest, BigInteger.valueOf(System.currentTimeMillis()), new Date()).getEncoded();
            } catch (IOException unused) {
                throw new TSPException("时间戳请求数据格式错误");
            }
        } catch (Exception e) {
            throw new TSPException("获取时间戳响应出错:" + e.getMessage());
        }
    }

    @Override // com.itextpdf.text.pdf.security.TSAClient
    public MessageDigest getMessageDigest() throws GeneralSecurityException {
        return MyMessageDigest.getMessageDigest(this.digestAlgorithm);
    }

    protected byte[][] getMyTSAResponse(byte[] bArr) throws TSPValidationException, TSPTcpIpException {
        try {
            return this.ts.getTimeStampByDigest(this.digestAlgorithm.replace("-", ""), bArr, "1.3.6.1.4.1.3029.54.11940.54", null, true);
        } catch (Exception unused) {
            throw new TSPValidationException("时间戳签名失败");
        }
    }

    protected byte[] getTSAResponse(byte[] bArr) throws IOException {
        try {
            URLConnection openConnection = new URL("http://timestamp.wosign.com/rfc3161").openConnection();
            openConnection.setDoInput(true);
            openConnection.setDoOutput(true);
            openConnection.setUseCaches(false);
            openConnection.setRequestProperty(NetWork.CONTENT_TYPE, "application/timestamp-query");
            openConnection.setRequestProperty("Content-Transfer-Encoding", "binary");
            OutputStream outputStream = openConnection.getOutputStream();
            outputStream.write(bArr);
            outputStream.close();
            InputStream inputStream = openConnection.getInputStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr2 = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr2, 0, 1024);
                if (read < 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr2, 0, read);
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            String contentEncoding = openConnection.getContentEncoding();
            return (contentEncoding == null || !contentEncoding.equalsIgnoreCase("base64")) ? byteArray : com.itextpdf.text.pdf.codec.Base64.decode(new String(byteArray));
        } catch (IOException unused) {
            throw new IOException(MessageLocalization.getComposedMessage("failed.to.get.tsa.response.from.1", "http://timestamp.wosign.com/rfc3161"));
        }
    }

    @Override // com.itextpdf.text.pdf.security.TSAClient
    public byte[] getTimeStampToken(byte[] bArr) throws IOException, TSPException, com.ezca.etssapi.exception.TSPValidationException, TSPTcpIpException {
        int intValue;
        byte[][] myTSAResponse = getMyTSAResponse(bArr);
        byte[] bArr2 = myTSAResponse[0];
        byte[] bArr3 = myTSAResponse[1];
        try {
            TimeStampRequest timeStampRequest = new TimeStampRequest(bArr2);
            if (AlgorithmConstants.SM3_SymAlg.equals(this.digestAlgorithm)) {
                try {
                    EzcaTimeStampResponse ezcaTimeStampResponse = new EzcaTimeStampResponse(bArr3);
                    try {
                        ezcaTimeStampResponse.validate(timeStampRequest);
                        PKIFailureInfo failInfo = ezcaTimeStampResponse.getFailInfo();
                        intValue = failInfo != null ? failInfo.intValue() : 0;
                        if (intValue != 0) {
                            throw new com.ezca.etssapi.exception.TSPValidationException("错误的时间戳响应状态：" + intValue);
                        }
                        EzcaTimeStampToken timeStampToken = ezcaTimeStampResponse.getTimeStampToken();
                        if (timeStampToken == null) {
                            throw new com.ezca.etssapi.exception.TSPValidationException("没能获取到TimeStampToken");
                        }
                        byte[] encoded = timeStampToken.getEncoded();
                        this.tokenBytes = encoded;
                        this.tokenSizeEstimate = encoded.length + 32;
                    } catch (Exception unused) {
                        throw new com.ezca.etssapi.exception.TSPValidationException("时间戳响应效验失败");
                    }
                } catch (IOException unused2) {
                    throw new com.ezca.etssapi.exception.TSPValidationException("时间戳响应数据格式错误");
                }
            } else {
                try {
                    TimeStampResponse timeStampResponse = new TimeStampResponse(bArr3);
                    try {
                        timeStampResponse.validate(timeStampRequest);
                        PKIFailureInfo failInfo2 = timeStampResponse.getFailInfo();
                        intValue = failInfo2 != null ? failInfo2.intValue() : 0;
                        if (intValue != 0) {
                            throw new com.ezca.etssapi.exception.TSPValidationException("错误的时间戳响应状态：" + intValue);
                        }
                        TimeStampToken timeStampToken2 = timeStampResponse.getTimeStampToken();
                        if (timeStampToken2 == null) {
                            throw new com.ezca.etssapi.exception.TSPValidationException("没能获取到TimeStampToken");
                        }
                        byte[] encoded2 = timeStampToken2.getEncoded();
                        this.tokenBytes = encoded2;
                        this.tokenSizeEstimate = encoded2.length + 32;
                    } catch (Exception unused3) {
                        throw new com.ezca.etssapi.exception.TSPValidationException("时间戳响应效验失败");
                    }
                } catch (IOException unused4) {
                    throw new com.ezca.etssapi.exception.TSPValidationException("时间戳响应数据格式错误");
                }
            }
            return this.tokenBytes;
        } catch (IOException unused5) {
            throw new com.ezca.etssapi.exception.TSPValidationException("时间戳请求数据格式错误");
        }
    }

    @Override // com.itextpdf.text.pdf.security.TSAClient
    public int getTokenSizeEstimate() {
        return this.tokenSizeEstimate;
    }
}
