package org.apache.poi.poifs.crypt.dsig.services;

import android.support.v4.media.b;
import androidx.browser.trusted.sharing.ShareTarget;
import bk.d;
import bk.e;
import ci.f;
import ci.g0;
import ci.h;
import ci.i;
import ck.c;
import com.itextpdf.text.pdf.BarcodeDatamatrix;
import fj.l;
import gj.v;
import gj.x;
import hk.g;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.nio.charset.Charset;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.Objects;
import javax.xml.bind.DatatypeConverter;
import kh.a;
import org.apache.httpcore.HttpHeaders;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.util.HexDump;
import org.apache.poi.util.IOUtils;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import sg.o;
import sg.s;
import sg.t;
import sg.w;
import w3.z8;
import wh.a0;
import wh.m;
import wh.u;

/* loaded from: classes3.dex */
public class TSPTimeStampService implements TimeStampService {
    private static final POILogger LOG = POILogFactory.getLogger((Class<?>) TSPTimeStampService.class);
    private SignatureConfig signatureConfig;

    /* renamed from: org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm;

        static {
            int[] iArr = new int[HashAlgorithm.values().length];
            $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm = iArr;
            try {
                iArr[HashAlgorithm.sha1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha384.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha512.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public o mapDigestAlgoToOID(HashAlgorithm hashAlgorithm) {
        int i7 = AnonymousClass1.$SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[hashAlgorithm.ordinal()];
        if (i7 == 1) {
            return a0.f20156b1;
        }
        if (i7 == 2) {
            return a.f13995a;
        }
        if (i7 == 3) {
            return a.f13996b;
        }
        if (i7 == 4) {
            return a.f13997c;
        }
        throw new IllegalArgumentException("unsupported digest algo: " + hashAlgorithm);
    }

    @Override // org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable
    public void setSignatureConfig(SignatureConfig signatureConfig) {
        this.signatureConfig = signatureConfig;
    }

    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampService
    public byte[] timeStamp(byte[] bArr, RevocationData revocationData) {
        c cVar;
        boolean z2;
        byte[] digest = CryptoFunctions.getMessageDigest(this.signatureConfig.getTspDigestAlgo()).digest(bArr);
        BigInteger bigInteger = new BigInteger(128, new SecureRandom());
        z8 z8Var = new z8();
        z8Var.S1 = sg.c.q(true);
        String tspRequestPolicy = this.signatureConfig.getTspRequestPolicy();
        if (tspRequestPolicy != null) {
            z8Var.f19970b = new o(tspRequestPolicy);
        }
        d a10 = z8Var.a(mapDigestAlgoToOID(this.signatureConfig.getTspDigestAlgo()), digest, bigInteger);
        byte[] encoded = a10.f1242a.getEncoded();
        Proxy proxy = Proxy.NO_PROXY;
        if (this.signatureConfig.getProxyUrl() != null) {
            URL url = new URL(this.signatureConfig.getProxyUrl());
            String host = url.getHost();
            int port = url.getPort();
            Proxy.Type type = Proxy.Type.HTTP;
            InetAddress byName = InetAddress.getByName(host);
            if (port == -1) {
                port = 80;
            }
            proxy = new Proxy(type, new InetSocketAddress(byName, port));
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.signatureConfig.getTspUrl()).openConnection(proxy);
        if (this.signatureConfig.getTspUser() != null) {
            String printBase64Binary = DatatypeConverter.printBase64Binary((this.signatureConfig.getTspUser() + ":" + this.signatureConfig.getTspPass()).getBytes(Charset.forName(BarcodeDatamatrix.DEFAULT_DATA_MATRIX_ENCODING)));
            StringBuilder sb2 = new StringBuilder();
            sb2.append("Basic ");
            sb2.append(printBase64Binary);
            httpURLConnection.setRequestProperty(HttpHeaders.AUTHORIZATION, sb2.toString());
        }
        httpURLConnection.setRequestMethod(ShareTarget.METHOD_POST);
        httpURLConnection.setConnectTimeout(20000);
        httpURLConnection.setReadTimeout(20000);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setRequestProperty("User-Agent", this.signatureConfig.getUserAgent());
        httpURLConnection.setRequestProperty("Content-Type", this.signatureConfig.isTspOldProtocol() ? "application/timestamp-request" : "application/timestamp-query");
        httpURLConnection.getOutputStream().write(encoded);
        httpURLConnection.connect();
        int responseCode = httpURLConnection.getResponseCode();
        if (responseCode != 200) {
            LOG.log(7, "Error contacting TSP server ", this.signatureConfig.getTspUrl() + ", had status code " + responseCode + "/" + httpURLConnection.getResponseMessage());
            StringBuilder d10 = b.d("Error contacting TSP server ");
            d10.append(this.signatureConfig.getTspUrl());
            d10.append(", had status code ");
            d10.append(responseCode);
            d10.append("/");
            d10.append(httpURLConnection.getResponseMessage());
            throw new IOException(d10.toString());
        }
        String headerField = httpURLConnection.getHeaderField("Content-Type");
        if (headerField == null) {
            throw new RuntimeException("missing Content-Type header");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        IOUtils.copy(httpURLConnection.getInputStream(), byteArrayOutputStream);
        POILogger pOILogger = LOG;
        pOILogger.log(1, "response content: ", HexDump.dump(byteArrayOutputStream.toByteArray(), 0L, 0));
        if (!headerField.startsWith(this.signatureConfig.isTspOldProtocol() ? "application/timestamp-response" : "application/timestamp-reply")) {
            StringBuilder f9 = b.f("invalid Content-Type: ", headerField, ": ");
            f9.append(HexDump.dump(byteArrayOutputStream.toByteArray(), 0L, 0, 200));
            throw new RuntimeException(f9.toString());
        }
        if (byteArrayOutputStream.size() == 0) {
            throw new RuntimeException("Content-Length is zero");
        }
        a4.c cVar2 = new a4.c(byteArrayOutputStream.toByteArray());
        cVar2.d(a10);
        if (cVar2.b() != 0) {
            StringBuilder d11 = b.d("status: ");
            d11.append(cVar2.b());
            pOILogger.log(1, d11.toString());
            StringBuilder d12 = b.d("status string: ");
            d12.append(cVar2.c());
            pOILogger.log(1, d12.toString());
            wg.a a11 = cVar2.a();
            if (a11 != null) {
                StringBuilder d13 = b.d("fail info int value: ");
                d13.append(a11.r());
                pOILogger.log(1, d13.toString());
                if (256 == a11.r()) {
                    pOILogger.log(1, "unaccepted policy");
                }
            }
            StringBuilder d14 = b.d("timestamp response status != 0: ");
            d14.append(cVar2.b());
            throw new RuntimeException(d14.toString());
        }
        e eVar = (e) cVar2.S1;
        bi.c cVar3 = eVar.f1244b.f1542a.f1540b;
        BigInteger bigInteger2 = cVar3.T1;
        uh.c cVar4 = cVar3.S1;
        pOILogger.log(1, "signer cert serial number: " + bigInteger2);
        pOILogger.log(1, "signer cert issuer: " + cVar4);
        h hVar = eVar.f1243a;
        i iVar = h.V1;
        w wVar = hVar.f1559b.U1;
        Objects.requireNonNull(iVar);
        if (wVar != null) {
            ArrayList arrayList = new ArrayList(wVar.f16389b.length);
            int i7 = 0;
            while (true) {
                sg.e[] eVarArr = wVar.f16389b;
                if (!(i7 < eVarArr.length)) {
                    cVar = new c(arrayList);
                    break;
                }
                if (i7 >= eVarArr.length) {
                    throw new NoSuchElementException();
                }
                int i10 = i7 + 1;
                s c8 = eVarArr[i7].c();
                if (c8 instanceof t) {
                    arrayList.add(new yh.c(wh.e.g(c8)));
                }
                i7 = i10;
            }
        } else {
            cVar = new c(new ArrayList());
        }
        yh.c cVar5 = null;
        Collection a12 = cVar.a();
        HashMap hashMap = new HashMap();
        Iterator it = ((ArrayList) a12).iterator();
        while (it.hasNext()) {
            yh.c cVar6 = (yh.c) it.next();
            if (cVar4.equals(cVar6.a()) && bigInteger2.equals(cVar6.f21005b.S1.T1.s())) {
                cVar5 = cVar6;
            }
            hashMap.put(cVar6.b(), cVar6);
        }
        if (cVar5 == null) {
            throw new RuntimeException("TSP response token has no signer certificate");
        }
        ArrayList arrayList2 = new ArrayList();
        zh.b bVar = new zh.b();
        bVar.f21308a = new zh.d();
        do {
            POILogger pOILogger2 = LOG;
            StringBuilder d15 = b.d("adding to certificate chain: ");
            d15.append(cVar5.b());
            pOILogger2.log(1, d15.toString());
            arrayList2.add(bVar.a(cVar5));
            if (cVar5.b().equals(cVar5.a())) {
                break;
            }
            cVar5 = (yh.c) hashMap.get(cVar5.a());
        } while (cVar5 != null);
        yh.c cVar7 = new yh.c(((X509Certificate) arrayList2.get(0)).getEncoded());
        g gVar = new g(2);
        fj.e eVar2 = new fj.e();
        fj.c cVar8 = new fj.c();
        v vVar = new v();
        gj.a aVar = new gj.a(new x(cVar8), cVar7);
        g0 g0Var = new g0(gVar, eVar2, aVar, vVar);
        try {
            yh.c b10 = aVar.b();
            fj.g a13 = g0Var.f1556b.a(eVar.f1246d.b());
            OutputStream outputStream = a13.getOutputStream();
            outputStream.write(b10.getEncoded());
            outputStream.close();
            if (!ck.a.d(eVar.f1246d.a(), a13.a())) {
                throw new bk.c("certificate hash does not match certID hash.");
            }
            if (eVar.f1246d.c() != null) {
                u uVar = b10.f21005b.S1;
                uh.c cVar9 = uVar.V1;
                if (!eVar.f1246d.c().S1.k(uVar.T1)) {
                    throw new bk.c("certificate serial number does not match certID for signature.");
                }
                m[] g10 = eVar.f1246d.c().f20183b.g();
                int i11 = 0;
                while (true) {
                    if (i11 == g10.length) {
                        z2 = false;
                        break;
                    }
                    if (g10[i11].S1 == 4 && uh.c.g(g10[i11].f20181b).equals(uh.c.g(cVar9))) {
                        z2 = true;
                        break;
                    }
                    i11++;
                }
                if (!z2) {
                    throw new bk.c("certificate name does not match certID for signature. ");
                }
            }
            bk.b.a(b10);
            if (!b10.d(eVar.f1245c.f1250b)) {
                throw new bk.c("certificate not valid when time stamp created.");
            }
            if (!eVar.f1244b.f(g0Var)) {
                throw new bk.c("signature not created by certificate.");
            }
            if (this.signatureConfig.getTspValidator() != null) {
                this.signatureConfig.getTspValidator().validate(arrayList2, revocationData);
            }
            POILogger pOILogger3 = LOG;
            StringBuilder d16 = b.d("time-stamp token time: ");
            d16.append(eVar.f1245c.f1250b);
            pOILogger3.log(1, d16.toString());
            return eVar.f1243a.S1.f("DL");
        } catch (f e10) {
            if (e10.f1541b != null) {
                throw new bk.a(e10.getMessage(), e10.f1541b);
            }
            throw new bk.a("CMS exception: " + e10, e10);
        } catch (l e11) {
            StringBuilder d17 = b.d("unable to create digest: ");
            d17.append(e11.getMessage());
            throw new bk.a(d17.toString(), e11);
        } catch (IOException e12) {
            throw new bk.a("problem processing certificate: " + e12, e12);
        }
    }
}
