package org.apache.poi.poifs.crypt.dsig.services;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
import org.apache.poi.util.HexDump;
import org.apache.poi.util.IOUtils;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.util.Selector;
import ouSkmymPY.C1395Xd;

/* compiled from: ouSkmymPY */
/* loaded from: classes7.dex */
public class TSPTimeStampService implements TimeStampService {
    private static final POILogger LOG = POILogFactory.getLogger((Class<?>) TSPTimeStampService.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ouSkmymPY */
    /* renamed from: org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService$1, reason: invalid class name */
    /* loaded from: classes7.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm = new int[HashAlgorithm.values().length];

        static {
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha384.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha512.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public ASN1ObjectIdentifier mapDigestAlgoToOID(HashAlgorithm hashAlgorithm) {
        int i = AnonymousClass1.$SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[hashAlgorithm.ordinal()];
        if (i == 1) {
            return X509ObjectIdentifiers.id_SHA1;
        }
        if (i == 2) {
            return NISTObjectIdentifiers.id_sha256;
        }
        if (i == 3) {
            return NISTObjectIdentifiers.id_sha384;
        }
        if (i == 4) {
            return NISTObjectIdentifiers.id_sha512;
        }
        throw new IllegalArgumentException(C1395Xd.KDmePhfQ("ER0SExgRHB4QAw5EFwgBDRIHTAUKDQtJQQ==") + hashAlgorithm);
    }

    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampService
    public byte[] timeStamp(SignatureInfo signatureInfo, byte[] bArr, RevocationData revocationData) throws Exception {
        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
        byte[] digest = CryptoFunctions.getMessageDigest(signatureConfig.getTspDigestAlgo()).digest(bArr);
        BigInteger bigInteger = new BigInteger(128, new SecureRandom());
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(true);
        String tspRequestPolicy = signatureConfig.getTspRequestPolicy();
        if (tspRequestPolicy != null) {
            timeStampRequestGenerator.setReqPolicy(new ASN1ObjectIdentifier(tspRequestPolicy));
        }
        TimeStampRequest generate = timeStampRequestGenerator.generate(mapDigestAlgoToOID(signatureConfig.getTspDigestAlgo()), digest, bigInteger);
        byte[] encoded = generate.getEncoded();
        Proxy proxy = Proxy.NO_PROXY;
        if (signatureConfig.getProxyUrl() != null) {
            URL url = new URL(signatureConfig.getProxyUrl());
            String host = url.getHost();
            int port = url.getPort();
            Proxy.Type type = Proxy.Type.HTTP;
            InetAddress byName = InetAddress.getByName(host);
            if (port == -1) {
                port = 80;
            }
            proxy = new Proxy(type, new InetSocketAddress(byName, port));
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(signatureConfig.getTspUrl()).openConnection(proxy);
        try {
            if (signatureConfig.getTspUser() != null) {
                String encodeToString = Base64.getEncoder().encodeToString((signatureConfig.getTspUser() + C1395Xd.KDmePhfQ("Xg==") + signatureConfig.getTspPass()).getBytes(StandardCharsets.ISO_8859_1));
                httpURLConnection.setRequestProperty(C1395Xd.KDmePhfQ("JQYVDgcTGhYFEgMLHQ=="), C1395Xd.KDmePhfQ("JhISDwtB") + encodeToString);
            }
            httpURLConnection.setRequestMethod(C1395Xd.KDmePhfQ("NDwyMg=="));
            httpURLConnection.setConnectTimeout(20000);
            httpURLConnection.setReadTimeout(20000);
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setRequestProperty(C1395Xd.KDmePhfQ("MQAEFEUgFAkKEg=="), signatureConfig.getUserAgent());
            httpURLConnection.setRequestProperty(C1395Xd.KDmePhfQ("JxwPEg0PB0EwHxoB"), C1395Xd.KDmePhfQ(signatureConfig.isTspOldProtocol() ? "BQMRCgECEhgNCQRLBwgLDRIHDQkWRxYWEBMNEgc=" : "BQMRCgECEhgNCQRLBwgLDRIHDQkWRxUGBBQR"));
            httpURLConnection.getOutputStream().write(encoded);
            httpURLConnection.connect();
            int responseCode = httpURLConnection.getResponseCode();
            if (responseCode != 200) {
                LOG.log(7, C1395Xd.KDmePhfQ("IQETCRpBEAMKEgsHBwgID0EnPzRGGQEBFwMaQQ=="), signatureConfig.getTspUrl(), C1395Xd.KDmePhfQ("SFMJBwxBABgFEh8XUwIJDART"), Integer.valueOf(responseCode), C1395Xd.KDmePhfQ("Sw=="), httpURLConnection.getResponseMessage());
                throw new IOException(C1395Xd.KDmePhfQ("IQETCRpBEAMKEgsHBwgID0EnPzRGGQEBFwMaQQ==") + signatureConfig.getTspUrl() + C1395Xd.KDmePhfQ("SFMJBwxBABgFEh8XUwIJDART") + responseCode + C1395Xd.KDmePhfQ("Sw==") + httpURLConnection.getResponseMessage());
            }
            String headerField = httpURLConnection.getHeaderField(C1395Xd.KDmePhfQ("JxwPEg0PB0EwHxoB"));
            if (headerField == null) {
                throw new RuntimeException(C1395Xd.KDmePhfQ("CRoSFQEPFEwnCQQQFg8SRTUKHAFGAgESBQMa"));
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            IOUtils.copy(httpURLConnection.getInputStream(), byteArrayOutputStream);
            LOG.log(1, C1395Xd.KDmePhfQ("FhYSFgcPAAlEBQUKBwQIHFtT"), HexDump.dump(byteArrayOutputStream.toByteArray(), 0L, 0));
            httpURLConnection.disconnect();
            if (!headerField.startsWith(C1395Xd.KDmePhfQ(signatureConfig.isTspOldProtocol() ? "BQMRCgECEhgNCQRLBwgLDRIHDQkWRxYWEhYHDwAJ" : "BQMRCgECEhgNCQRLBwgLDRIHDQkWRxYWEQoR"))) {
                throw new RuntimeException(C1395Xd.KDmePhfQ("DR0XBwQIF0wnCQQQFg8SRTUKHAFcSg==") + headerField + C1395Xd.KDmePhfQ("XlM=") + HexDump.dump(byteArrayOutputStream.toByteArray(), 0L, 0, 200));
            }
            if (byteArrayOutputStream.size() == 0) {
                throw new RuntimeException(C1395Xd.KDmePhfQ("JxwPEg0PB0EoAwQDBwlGARJTFgEUBQ=="));
            }
            TimeStampResponse timeStampResponse = new TimeStampResponse(byteArrayOutputStream.toByteArray());
            timeStampResponse.validate(generate);
            if (timeStampResponse.getStatus() != 0) {
                LOG.log(1, C1395Xd.KDmePhfQ("FwcAEh0SSUw="), Integer.valueOf(timeStampResponse.getStatus()));
                LOG.log(1, C1395Xd.KDmePhfQ("FwcAEh0SUx8QFAMKFFtG"), timeStampResponse.getStatusString());
                PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
                if (failInfo != null) {
                    LOG.log(1, C1395Xd.KDmePhfQ("AhIICkgIHQoLRgMKB0EQCQ0GCV5G"), Integer.valueOf(failInfo.intValue()));
                    if (256 == failInfo.intValue()) {
                        LOG.log(1, C1395Xd.KDmePhfQ("ER0ABQsEAxgBAkoUHA0PCxg="));
                    }
                }
                throw new RuntimeException(C1395Xd.KDmePhfQ("EBoMAxsVEgEURhgBABEJBhIWTBcSCxAGEkZJXFNcXkY=") + timeStampResponse.getStatus());
            }
            TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
            SignerId sid = timeStampToken.getSID();
            BigInteger serialNumber = sid.getSerialNumber();
            X500Name issuer = sid.getIssuer();
            LOG.log(1, C1395Xd.KDmePhfQ("FxoGCA0TUw8BFB5EAAQUAQAfTAoTBwYWE1xI"), serialNumber);
            LOG.log(1, C1395Xd.KDmePhfQ("FxoGCA0TUw8BFB5EGhIVHQQBVkQ="), issuer);
            X509CertificateHolder x509CertificateHolder = null;
            Collection<X509CertificateHolder> matches = timeStampToken.getCertificates().getMatches((Selector) null);
            HashMap hashMap = new HashMap();
            for (X509CertificateHolder x509CertificateHolder2 : matches) {
                if (issuer.equals(x509CertificateHolder2.getIssuer()) && serialNumber.equals(x509CertificateHolder2.getSerialNumber())) {
                    x509CertificateHolder = x509CertificateHolder2;
                }
                hashMap.put(x509CertificateHolder2.getSubject(), x509CertificateHolder2);
            }
            if (x509CertificateHolder == null) {
                throw new RuntimeException(C1395Xd.KDmePhfQ("MCAxRhoEABwLCBkBUxUJAwQdTAwHGUQdDkYbCBQCARRKBxYTEgEHGg8FEg8="));
            }
            ArrayList arrayList = new ArrayList();
            JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
            jcaX509CertificateConverter.setProvider(C1395Xd.KDmePhfQ("JjA="));
            do {
                LOG.log(1, C1395Xd.KDmePhfQ("BRcFDwYGUxgLRgkBARUPDggQDRADSgcbAA8GW1M="), x509CertificateHolder.getSubject());
                arrayList.add(jcaX509CertificateConverter.getCertificate(x509CertificateHolder));
                if (x509CertificateHolder.getSubject().equals(x509CertificateHolder.getIssuer())) {
                    break;
                }
                x509CertificateHolder = (X509CertificateHolder) hashMap.get(x509CertificateHolder.getIssuer());
            } while (x509CertificateHolder != null);
            timeStampToken.validate(new BcRSASignerInfoVerifierBuilder(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(new X509CertificateHolder(arrayList.get(0).getEncoded())));
            if (signatureConfig.getTspValidator() != null) {
                signatureConfig.getTspValidator().validate(arrayList, revocationData);
            }
            LOG.log(1, C1395Xd.KDmePhfQ("EBoMA0USBw0JFkoQHAoDBkEHBQkDUEQ="), timeStampToken.getTimeStampInfo().getGenTime());
            return timeStampToken.getEncoded();
        } catch (Throwable th) {
            httpURLConnection.disconnect();
            throw th;
        }
    }
}
