package com.itextpdf.text.pdf.security;

import com.google.common.net.HttpHeaders;
import com.itextpdf.text.error_messages.MessageLocalization;
import com.itextpdf.text.log.Logger;
import com.itextpdf.text.log.LoggerFactory;
import com.itextpdf.text.pdf.codec.Base64;
import h3.g;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.URL;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Hashtable;
import java.util.Vector;
import m8.h;
import org.bouncycastle.cms.x;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TSPValidationException;
import q8.b;
import q8.d;
import r7.ASN1ObjectIdentifier;
import r7.c;
import r7.d1;
import r7.k;
import r7.n0;
import r7.q;
import r7.u0;
import u8.a;
import u8.o;
import u8.p;

/* loaded from: classes3.dex */
public class TSAClientBouncyCastle implements TSAClient {
    public static final String DEFAULTHASHALGORITHM = "SHA-256";
    public static final int DEFAULTTOKENSIZE = 4096;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) TSAClientBouncyCastle.class);
    protected String digestAlgorithm;
    protected int tokenSizeEstimate;
    protected TSAInfoBouncyCastle tsaInfo;
    protected String tsaPassword;
    private String tsaReqPolicy;
    protected String tsaURL;
    protected String tsaUsername;

    public TSAClientBouncyCastle(String str) {
        this(str, null, null, 4096, "SHA-256");
    }

    public TSAClientBouncyCastle(String str, String str2, String str3) {
        this(str, str2, str3, 4096, "SHA-256");
    }

    public TSAClientBouncyCastle(String str, String str2, String str3, int i10, String str4) {
        this.tsaReqPolicy = null;
        this.tsaURL = str;
        this.tsaUsername = str2;
        this.tsaPassword = str3;
        this.tokenSizeEstimate = i10;
        this.digestAlgorithm = str4;
    }

    @Override // com.itextpdf.text.pdf.security.TSAClient
    public MessageDigest getMessageDigest() throws GeneralSecurityException {
        return new BouncyCastleDigest().getMessageDigest(this.digestAlgorithm);
    }

    public String getTSAReqPolicy() {
        return this.tsaReqPolicy;
    }

    public byte[] getTSAResponse(byte[] bArr) throws IOException {
        try {
            URLConnection openConnection = new URL(this.tsaURL).openConnection();
            openConnection.setDoInput(true);
            openConnection.setDoOutput(true);
            openConnection.setUseCaches(false);
            openConnection.setRequestProperty(HttpHeaders.CONTENT_TYPE, "application/timestamp-query");
            openConnection.setRequestProperty("Content-Transfer-Encoding", "binary");
            String str = this.tsaUsername;
            if (str != null && !str.equals("")) {
                openConnection.setRequestProperty(HttpHeaders.AUTHORIZATION, "Basic " + Base64.encodeBytes((this.tsaUsername + ":" + this.tsaPassword).getBytes(), 8));
            }
            OutputStream outputStream = openConnection.getOutputStream();
            outputStream.write(bArr);
            outputStream.close();
            InputStream inputStream = openConnection.getInputStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr2 = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr2, 0, 1024);
                if (read < 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr2, 0, read);
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            String contentEncoding = openConnection.getContentEncoding();
            return (contentEncoding == null || !contentEncoding.equalsIgnoreCase("base64")) ? byteArray : Base64.decode(new String(byteArray));
        } catch (IOException unused) {
            throw new IOException(MessageLocalization.getComposedMessage("failed.to.get.tsa.response.from.1", this.tsaURL));
        }
    }

    @Override // com.itextpdf.text.pdf.security.TSAClient
    public byte[] getTimeStampToken(byte[] bArr) throws IOException, TSPException {
        p pVar;
        Hashtable hashtable = new Hashtable();
        Vector vector = new Vector();
        c cVar = c.f5757c;
        String str = this.tsaReqPolicy;
        String str2 = null;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = (str == null || str.length() <= 0) ? null : new ASN1ObjectIdentifier(this.tsaReqPolicy);
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        String str3 = new ASN1ObjectIdentifier(DigestAlgorithms.getAllowedDigests(this.digestAlgorithm)).f5748a;
        if (str3 == null) {
            throw new IllegalArgumentException("No digest algorithm specified");
        }
        b bVar = new b(new a(new ASN1ObjectIdentifier(str3), u0.f5810a), bArr);
        if (vector.isEmpty()) {
            pVar = null;
        } else {
            o[] oVarArr = new o[vector.size()];
            for (int i10 = 0; i10 != vector.size(); i10++) {
                oVarArr[i10] = (o) hashtable.get(vector.elementAt(i10));
            }
            pVar = new p(oVarArr);
        }
        h hVar = valueOf != null ? new h(bVar, aSN1ObjectIdentifier, new k(valueOf), cVar, pVar) : new h(bVar, aSN1ObjectIdentifier, (k) null, cVar, pVar);
        ha.a aVar = new ha.a(getTSAResponse(hVar.getEncoded()));
        org.bouncycastle.tsp.b bVar2 = (org.bouncycastle.tsp.b) aVar.b;
        if (bVar2 != null) {
            k kVar = (k) hVar.e;
            BigInteger s10 = kVar != null ? kVar.s() : null;
            org.bouncycastle.tsp.c cVar2 = bVar2.f5360c;
            if (s10 != null) {
                k kVar2 = (k) hVar.e;
                BigInteger s11 = kVar2 != null ? kVar2.s() : null;
                k kVar3 = cVar2.f5361a.f5594i;
                if (!s11.equals(kVar3 != null ? kVar3.s() : null)) {
                    throw new TSPValidationException("response contains wrong nonce value.");
                }
            }
            if (aVar.f() != 0 && aVar.f() != 1) {
                throw new TSPValidationException("time stamp token found in failed request.");
            }
            if (!g.m(g.h(((b) hVar.f4734c).b), g.h(cVar2.f5361a.f5590c.b))) {
                throw new TSPValidationException("response for different message imprint digest.");
            }
            q8.c cVar3 = cVar2.f5361a;
            if (!cVar3.f5590c.f5588a.f6203a.k(((b) hVar.f4734c).f5588a.f6203a)) {
                throw new TSPValidationException("response for different message imprint algorithm.");
            }
            x xVar = bVar2.b;
            w7.a l10 = xVar.a().l(m8.c.J0);
            w7.a l11 = xVar.a().l(m8.c.L0);
            if (l10 == null && l11 == null) {
                throw new TSPValidationException("no signing certificate attribute present.");
            }
            q qVar = hVar.f4735d;
            ASN1ObjectIdentifier aSN1ObjectIdentifier2 = (ASN1ObjectIdentifier) qVar;
            if (aSN1ObjectIdentifier2 == null) {
                aSN1ObjectIdentifier2 = null;
            }
            if (aSN1ObjectIdentifier2 != null) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier3 = (ASN1ObjectIdentifier) qVar;
                if (aSN1ObjectIdentifier3 == null) {
                    aSN1ObjectIdentifier3 = null;
                }
                if (!aSN1ObjectIdentifier3.k(cVar3.b)) {
                    throw new TSPValidationException("TSA policy wrong for request.");
                }
            }
        } else if (aVar.f() == 0 || aVar.f() == 1) {
            throw new TSPValidationException("no time stamp token found and one expected.");
        }
        n0 n0Var = ((d) aVar.f3530a).f5597a.f6472c;
        v7.a aVar2 = n0Var != null ? new v7.a(n0Var, 0) : null;
        int r10 = aVar2 == null ? 0 : aVar2.r();
        if (r10 != 0) {
            throw new IOException(MessageLocalization.getComposedMessage("invalid.tsa.1.response.code.2", this.tsaURL, String.valueOf(r10)));
        }
        org.bouncycastle.tsp.b bVar3 = (org.bouncycastle.tsp.b) aVar.b;
        if (bVar3 == null) {
            Object[] objArr = new Object[2];
            objArr[0] = this.tsaURL;
            if (((d) aVar.f3530a).f5597a.b != null) {
                StringBuffer stringBuffer = new StringBuffer();
                v7.b bVar4 = ((d) aVar.f3530a).f5597a.b;
                for (int i11 = 0; i11 != bVar4.f6470a.size(); i11++) {
                    stringBuffer.append(((d1) bVar4.f6470a.r(i11)).getString());
                }
                str2 = stringBuffer.toString();
            }
            objArr[1] = str2;
            throw new IOException(MessageLocalization.getComposedMessage("tsa.1.failed.to.return.time.stamp.token.2", objArr));
        }
        byte[] f10 = bVar3.f5359a.b.f("DL");
        Logger logger = LOGGER;
        StringBuilder sb = new StringBuilder("Timestamp generated: ");
        org.bouncycastle.tsp.c cVar4 = bVar3.f5360c;
        sb.append(cVar4.b);
        logger.info(sb.toString());
        TSAInfoBouncyCastle tSAInfoBouncyCastle = this.tsaInfo;
        if (tSAInfoBouncyCastle != null) {
            tSAInfoBouncyCastle.inspectTimeStampTokenInfo(cVar4);
        }
        this.tokenSizeEstimate = f10.length + 32;
        return f10;
    }

    @Override // com.itextpdf.text.pdf.security.TSAClient
    public int getTokenSizeEstimate() {
        return this.tokenSizeEstimate;
    }

    public void setTSAInfo(TSAInfoBouncyCastle tSAInfoBouncyCastle) {
        this.tsaInfo = tSAInfoBouncyCastle;
    }

    public void setTSAReqPolicy(String str) {
        this.tsaReqPolicy = str;
    }
}
