package org.apache.poi.poifs.crypt.dsig.services;

import A0.a0;
import Fa.e;
import I9.d;
import Ka.B;
import Ka.i;
import Ka.k;
import Ka.n;
import Ka.o;
import N9.z;
import fa.AbstractC0793c;
import fa.AbstractC0804n;
import fa.AbstractC0810u;
import fa.AbstractC0813x;
import fa.AbstractC0814y;
import fa.C0795e;
import fa.C0807q;
import fa.InterfaceC0797g;
import fa.X;
import fa.r;
import g3.C0846b;
import gc.g;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.security.auth.x500.X500Principal;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.spi.AbstractLogger;
import org.apache.poi.hslf.record.l;
import org.apache.poi.hslf.record.s;
import org.apache.poi.hwmf.record.D;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
import org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient;
import org.bouncycastle.cert.X509CertificateHolder;

/* loaded from: classes3.dex */
public class TSPTimeStampService implements TimeStampService {
    private static final d LOG = I9.c.a(TSPTimeStampService.class);

    /* renamed from: org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService$1 */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm;

        static {
            int[] iArr = new int[HashAlgorithm.values().length];
            $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm = iArr;
            try {
                iArr[HashAlgorithm.sha1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha384.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha512.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public static boolean lambda$retrieveCRL$3(i iVar) {
        return iVar.f2892b == 0;
    }

    public static Stream lambda$retrieveCRL$4(i iVar) {
        AbstractC0804n abstractC0804n = iVar.f2891a;
        n[] nVarArr = (abstractC0804n instanceof o ? (o) abstractC0804n : abstractC0804n != null ? new o(AbstractC0813x.C(abstractC0804n)) : null).f2924a;
        n[] nVarArr2 = new n[nVarArr.length];
        System.arraycopy(nVarArr, 0, nVarArr2, 0, nVarArr.length);
        return Stream.of((Object[]) nVarArr2);
    }

    public static boolean lambda$retrieveCRL$5(n nVar) {
        return nVar.f2923b == 6;
    }

    public static String lambda$retrieveCRL$6(n nVar) {
        return g.a(X.z(nVar.f2922a).f18080a);
    }

    public /* synthetic */ Stream lambda$retrieveCRL$9(List list, final X509Certificate x509Certificate, SignatureConfig signatureConfig, final String str) {
        SignatureConfig.CRLEntry downloadCRL;
        final int i3 = 0;
        List list2 = (List) list.stream().filter(new Predicate(this) { // from class: org.apache.poi.poifs.crypt.dsig.services.a

            /* renamed from: b, reason: collision with root package name */
            public final /* synthetic */ TSPTimeStampService f24880b;

            {
                this.f24880b = this;
            }

            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean lambda$null$7;
                boolean lambda$null$8;
                switch (i3) {
                    case 0:
                        lambda$null$7 = this.f24880b.lambda$null$7(x509Certificate, str, (SignatureConfig.CRLEntry) obj);
                        return lambda$null$7;
                    default:
                        lambda$null$8 = this.f24880b.lambda$null$8(x509Certificate, str, (SignatureConfig.CRLEntry) obj);
                        return lambda$null$8;
                }
            }
        }).collect(Collectors.toList());
        final int i6 = 1;
        Stream filter = list.stream().filter(new Predicate(this) { // from class: org.apache.poi.poifs.crypt.dsig.services.a

            /* renamed from: b, reason: collision with root package name */
            public final /* synthetic */ TSPTimeStampService f24880b;

            {
                this.f24880b = this;
            }

            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean lambda$null$7;
                boolean lambda$null$8;
                switch (i6) {
                    case 0:
                        lambda$null$7 = this.f24880b.lambda$null$7(x509Certificate, str, (SignatureConfig.CRLEntry) obj);
                        return lambda$null$7;
                    default:
                        lambda$null$8 = this.f24880b.lambda$null$8(x509Certificate, str, (SignatureConfig.CRLEntry) obj);
                        return lambda$null$8;
                }
            }
        });
        if (list2.isEmpty() && (downloadCRL = downloadCRL(signatureConfig, str)) != null) {
            list2.add(downloadCRL);
        }
        return Stream.concat(list2.stream(), filter).map(new s(26));
    }

    public static String lambda$timeStamp$0(X509CertificateHolder x509CertificateHolder) {
        Ia.c q7 = Ia.c.q(x509CertificateHolder.f25838a.f2882b.f2944w);
        return q7.f2519c.a0(q7);
    }

    public static boolean lambda$timeStamp$1(Ia.c cVar, BigInteger bigInteger, X509CertificateHolder x509CertificateHolder) {
        return cVar.equals(Ia.c.q(x509CertificateHolder.f25838a.f2882b.f2941n)) && bigInteger.equals(x509CertificateHolder.f25838a.f2882b.f2939c.B());
    }

    public static /* synthetic */ RuntimeException lambda$timeStamp$2() {
        return new RuntimeException("TSP response token has no signer certificate");
    }

    public SignatureConfig.CRLEntry downloadCRL(SignatureConfig signatureConfig, String str) {
        if (!signatureConfig.isAllowCRLDownload()) {
            return null;
        }
        TimeStampHttpClient tspHttpClient = signatureConfig.getTspHttpClient();
        tspHttpClient.init(signatureConfig);
        tspHttpClient.setBasicAuthentication(null, null);
        try {
            TimeStampHttpClient.TimeStampHttpClientResponse timeStampHttpClientResponse = tspHttpClient.get(str);
            if (!timeStampHttpClientResponse.isOK()) {
                return null;
            }
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                byte[] responseBytes = timeStampHttpClientResponse.getResponseBytes();
                return signatureConfig.addCRL(str, ((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(responseBytes))).getIssuerX500Principal().getName(), responseBytes);
            } catch (GeneralSecurityException e7) {
                AbstractLogger abstractLogger = (AbstractLogger) LOG;
                abstractLogger.getClass();
                abstractLogger.j(Level.f24029p).e(e7).i(str, "CRL download failed from {}");
                return null;
            }
        } catch (IOException unused) {
        }
    }

    public C0807q mapDigestAlgoToOID(HashAlgorithm hashAlgorithm) {
        int i3 = AnonymousClass1.$SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[hashAlgorithm.ordinal()];
        if (i3 == 1) {
            return B.f2871X0;
        }
        if (i3 == 2) {
            return xa.a.f28161a;
        }
        if (i3 == 3) {
            return xa.a.f28162b;
        }
        if (i3 == 4) {
            return xa.a.f28163c;
        }
        throw new IllegalArgumentException("unsupported digest algo: " + hashAlgorithm);
    }

    /* renamed from: matchCRLbyCN */
    public boolean lambda$null$8(SignatureConfig.CRLEntry cRLEntry, X509Certificate x509Certificate, String str) {
        return x509Certificate.getSubjectX500Principal().getName().equals(cRLEntry.getCertCN());
    }

    /* renamed from: matchCRLbyUrl */
    public boolean lambda$null$7(SignatureConfig.CRLEntry cRLEntry, X509Certificate x509Certificate, String str) {
        return str.equals(cRLEntry.getCrlURL());
    }

    /* JADX WARN: Type inference failed for: r2v9, types: [Ka.c, java.lang.Object] */
    public List<byte[]> retrieveCRL(final SignatureConfig signatureConfig, final X509Certificate x509Certificate) {
        Ka.c cVar;
        final List<SignatureConfig.CRLEntry> crlEntries = signatureConfig.getCrlEntries();
        byte[] extensionValue = x509Certificate.getExtensionValue(k.f2899E.f18128a);
        if (extensionValue == null) {
            return Collections.emptyList();
        }
        AbstractC0810u w10 = AbstractC0810u.w(r.A(extensionValue).f18133a);
        if (w10 != null) {
            AbstractC0813x C10 = AbstractC0813x.C(w10);
            ?? obj = new Object();
            obj.f2877a = C10;
            cVar = obj;
        } else {
            cVar = null;
        }
        return (List) Stream.of((Object[]) cVar.q()).map(new s(28)).filter(new N9.k(15)).filter(new N9.k(16)).flatMap(new s(24)).filter(new N9.k(13)).map(new s(25)).flatMap(new Function() { // from class: org.apache.poi.poifs.crypt.dsig.services.b
            @Override // java.util.function.Function
            public final Object apply(Object obj2) {
                Stream lambda$retrieveCRL$9;
                lambda$retrieveCRL$9 = TSPTimeStampService.this.lambda$retrieveCRL$9(crlEntries, x509Certificate, signatureConfig, (String) obj2);
                return lambda$retrieveCRL$9;
            }
        }).filter(new N9.k(14)).collect(Collectors.toList());
    }

    /* JADX WARN: Type inference failed for: r2v20, types: [sb.e, java.lang.Object] */
    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampService
    public byte[] timeStamp(SignatureInfo signatureInfo, byte[] bArr, RevocationData revocationData) {
        gc.c cVar;
        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
        byte[] digest = CryptoFunctions.getMessageDigest(signatureConfig.getTspDigestAlgo()).digest(bArr);
        BigInteger bigInteger = new BigInteger(128, new SecureRandom());
        fc.c cVar2 = new fc.c();
        cVar2.f18161b = C0795e.f18093i;
        String tspRequestPolicy = signatureConfig.getTspRequestPolicy();
        if (tspRequestPolicy != null) {
            cVar2.f18160a = new C0807q(tspRequestPolicy);
        }
        fc.b a6 = cVar2.a(mapDigestAlgoToOID(signatureConfig.getTspDigestAlgo()), digest, bigInteger);
        TimeStampHttpClient tspHttpClient = signatureConfig.getTspHttpClient();
        tspHttpClient.init(signatureConfig);
        tspHttpClient.setContentTypeIn(signatureConfig.isTspOldProtocol() ? "application/timestamp-request" : "application/timestamp-query");
        TimeStampHttpClient.TimeStampHttpClientResponse post = tspHttpClient.post(signatureConfig.getTspUrl(), a6.f18158a.getEncoded());
        if (!post.isOK()) {
            throw new IOException("Requesting timestamp data failed");
        }
        byte[] responseBytes = post.getResponseBytes();
        if (responseBytes.length == 0) {
            throw new RuntimeException("Content-Length is zero");
        }
        I2.c cVar3 = new I2.c(responseBytes);
        cVar3.s(a6);
        if (cVar3.j() != 0) {
            AbstractLogger abstractLogger = (AbstractLogger) LOG;
            abstractLogger.getClass();
            Level level = Level.f24031w;
            abstractLogger.j(level).i(z.a(cVar3.j()), "status: {}");
            abstractLogger.getClass();
            abstractLogger.j(level).i(cVar3.k(), "status string: {}");
            AbstractC0793c abstractC0793c = ((e) cVar3.f2321b).f1598a.f19567c;
            Ka.s sVar = abstractC0793c != null ? new Ka.s(abstractC0793c.A(), abstractC0793c.f(), 1) : null;
            if (sVar != null) {
                abstractLogger.getClass();
                abstractLogger.j(level).i(z.a(sVar.D()), "fail info int value: {}");
                if (256 == sVar.D()) {
                    abstractLogger.getClass();
                    abstractLogger.j(level).h("unaccepted policy");
                }
            }
            throw new RuntimeException("timestamp response status != 0: " + cVar3.j());
        }
        fc.d dVar = (fc.d) cVar3.f2322c;
        Pa.b bVar = dVar.f18164b.f4688a.f4687a;
        BigInteger bigInteger2 = bVar.f4536c;
        Ia.c cVar4 = bVar.f4535b;
        AbstractLogger abstractLogger2 = (AbstractLogger) LOG;
        abstractLogger2.getClass();
        Level level2 = Level.f24031w;
        abstractLogger2.j(level2).i(bigInteger2, "signer cert serial number: {}");
        abstractLogger2.getClass();
        abstractLogger2.j(level2).i(cVar4, "signer cert issuer: {}");
        AbstractC0814y abstractC0814y = dVar.f18163a.f4659a.f19869r;
        Qa.c.f4658n.getClass();
        if (abstractC0814y != null) {
            InterfaceC0797g[] interfaceC0797gArr = abstractC0814y.f18152a;
            ArrayList arrayList = new ArrayList(interfaceC0797gArr.length);
            int i3 = 0;
            while (i3 < interfaceC0797gArr.length) {
                if (i3 >= interfaceC0797gArr.length) {
                    throw new NoSuchElementException();
                }
                int i6 = i3 + 1;
                AbstractC0810u k6 = interfaceC0797gArr[i3].k();
                if (k6 instanceof AbstractC0813x) {
                    arrayList.add(new X509CertificateHolder(Ka.e.q(k6)));
                }
                i3 = i6;
            }
            cVar = new gc.c(0, arrayList);
        } else {
            cVar = new gc.c(0, new ArrayList());
        }
        Map map = (Map) cVar.b().stream().collect(Collectors.toMap(new s(27), Function.identity()));
        X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) map.values().stream().filter(new l(1, cVar4, bigInteger2)).findFirst().orElseThrow(new D(21));
        org.bouncycastle.cert.jcajce.a aVar = new org.bouncycastle.cert.jcajce.a();
        aVar.f25842a = new Na.a(1);
        X509Certificate a10 = aVar.a(x509CertificateHolder);
        do {
            revocationData.addCertificate(a10);
            X500Principal issuerX500Principal = a10.getIssuerX500Principal();
            if (a10.getSubjectX500Principal().equals(issuerX500Principal)) {
                break;
            }
            X509CertificateHolder x509CertificateHolder2 = (X509CertificateHolder) map.get(issuerX500Principal.getName());
            a10 = x509CertificateHolder2 != null ? aVar.a(x509CertificateHolder2) : signatureConfig.getCachedCertificateByPrinicipal(issuerX500Principal.getName());
            if (a10 != null) {
                retrieveCRL(signatureConfig, a10).forEach(new O9.a(revocationData, 4));
            }
        } while (a10 != null);
        L5.B b6 = new L5.B(7);
        ?? obj = new Object();
        Object obj2 = new Object();
        C0846b c0846b = new C0846b(24);
        L5.B b7 = new L5.B(15, false);
        b7.f2989b = tb.c.f27512b;
        b7.f2990c = obj2;
        dVar.a(new a0(b6, (sb.e) obj, new I2.l(15, b7, x509CertificateHolder, false), c0846b));
        if (signatureConfig.getTspValidator() != null) {
            signatureConfig.getTspValidator().validate(revocationData.getX509chain(), revocationData);
        }
        AbstractLogger abstractLogger3 = (AbstractLogger) LOG;
        abstractLogger3.getClass();
        abstractLogger3.j(Level.f24031w).i(dVar.f18165c.f18168b, "time-stamp token time: {}");
        return dVar.f18163a.f4660b.p("DL");
    }
}
