package com.itextpdf.signatures;

import com.itextpdf.io.codec.Base64;
import com.itextpdf.io.util.SystemUtil;
import com.itextpdf.kernel.PdfException;
import com.itextpdf.signatures.SignUtils;
import com.mbridge.msdk.playercommon.exoplayer2.C;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1BitString;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.cmp.PKIFreeText;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.tsp.TSTInfo;
import org.bouncycastle.asn1.tsp.TimeStampReq;
import org.bouncycastle.asn1.tsp.TimeStampResp;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenInfo;
import org.bouncycastle.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public class TSAClientBouncyCastle implements ITSAClient {
    public static final String DEFAULTHASHALGORITHM = "SHA-256";
    public static final int DEFAULTTOKENSIZE = 4096;
    private static final Logger LOGGER = LoggerFactory.d(TSAClientBouncyCastle.class);
    protected String digestAlgorithm;
    protected int tokenSizeEstimate;
    protected ITSAInfoBouncyCastle tsaInfo;
    protected String tsaPassword;
    private String tsaReqPolicy;
    protected String tsaURL;
    protected String tsaUsername;

    public TSAClientBouncyCastle(String str) {
        this(str, null, null, 4096, "SHA-256");
    }

    public TSAClientBouncyCastle(String str, String str2, String str3) {
        this(str, str2, str3, 4096, "SHA-256");
    }

    public TSAClientBouncyCastle(String str, String str2, String str3, int i2, String str4) {
        this.tsaURL = str;
        this.tsaUsername = str2;
        this.tsaPassword = str3;
        this.tokenSizeEstimate = i2;
        this.digestAlgorithm = str4;
    }

    @Override // com.itextpdf.signatures.ITSAClient
    public MessageDigest getMessageDigest() throws GeneralSecurityException {
        return SignUtils.getMessageDigest(this.digestAlgorithm);
    }

    public String getTSAReqPolicy() {
        return this.tsaReqPolicy;
    }

    public byte[] getTSAResponse(byte[] bArr) throws IOException {
        SignUtils.TsaResponse tsaResponseForUserRequest = SignUtils.getTsaResponseForUserRequest(this.tsaURL, bArr, this.tsaUsername, this.tsaPassword);
        InputStream inputStream = tsaResponseForUserRequest.tsaResponseStream;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr2 = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr2, 0, 1024);
            if (read < 0) {
                break;
            }
            byteArrayOutputStream.write(bArr2, 0, read);
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        String str = tsaResponseForUserRequest.encoding;
        return (str == null || !str.toLowerCase().equals("base64".toLowerCase())) ? byteArray : Base64.decode(new String(byteArray, C.ASCII_NAME));
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [org.bouncycastle.tsp.TimeStampRequestGenerator, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r1v0, types: [java.lang.Object, org.bouncycastle.asn1.x509.ExtensionsGenerator] */
    /* JADX WARN: Type inference failed for: r2v4, types: [org.bouncycastle.tsp.TimeStampResponse, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r8v0, types: [org.bouncycastle.asn1.tsp.MessageImprint, java.lang.Object] */
    @Override // com.itextpdf.signatures.ITSAClient
    public byte[] getTimeStampToken(byte[] bArr) throws IOException, TSPException {
        Extensions extensions;
        ?? obj = new Object();
        ?? obj2 = new Object();
        obj2.f21413a = new Hashtable();
        Vector vector = new Vector();
        obj.b = ASN1Boolean.f20903c;
        String str = this.tsaReqPolicy;
        if (str != null && str.length() > 0) {
            obj.f23061a = new ASN1ObjectIdentifier(this.tsaReqPolicy);
        }
        BigInteger valueOf = BigInteger.valueOf(SystemUtil.getTimeBasedSeed());
        String str2 = new ASN1ObjectIdentifier(DigestAlgorithms.getAllowedDigest(this.digestAlgorithm)).f20917a;
        if (str2 == null) {
            throw new IllegalArgumentException("No digest algorithm specified");
        }
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(str2), DERNull.f20949a);
        ?? obj3 = new Object();
        obj3.f21317a = algorithmIdentifier;
        obj3.b = Arrays.b(bArr);
        String str3 = null;
        if (vector.isEmpty()) {
            extensions = null;
        } else {
            Extension[] extensionArr = new Extension[vector.size()];
            for (int i2 = 0; i2 != vector.size(); i2++) {
                extensionArr[i2] = (Extension) obj2.f21413a.get(vector.elementAt(i2));
            }
            extensions = new Extensions(extensionArr);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier = obj.f23061a;
        TimeStampRequest timeStampRequest = valueOf != null ? new TimeStampRequest(new TimeStampReq(obj3, aSN1ObjectIdentifier, new ASN1Integer(valueOf), obj.b, extensions)) : new TimeStampRequest(new TimeStampReq(obj3, aSN1ObjectIdentifier, null, obj.b, extensions));
        TimeStampReq timeStampReq = timeStampRequest.f23060a;
        try {
            TimeStampResp g = TimeStampResp.g(new ASN1InputStream(new ByteArrayInputStream(getTSAResponse(timeStampReq.getEncoded()))).k());
            ?? obj4 = new Object();
            obj4.f23062a = g;
            ContentInfo contentInfo = g.b;
            if (contentInfo != null) {
                obj4.b = new TimeStampToken(contentInfo);
            }
            TimeStampToken timeStampToken = obj4.b;
            if (timeStampToken != null) {
                ASN1Integer aSN1Integer = timeStampRequest.f23060a.d;
                BigInteger u2 = aSN1Integer != null ? aSN1Integer.u() : null;
                TimeStampTokenInfo timeStampTokenInfo = timeStampToken.f23064c;
                if (u2 != null) {
                    ASN1Integer aSN1Integer2 = timeStampRequest.f23060a.d;
                    BigInteger u3 = aSN1Integer2 != null ? aSN1Integer2.u() : null;
                    ASN1Integer aSN1Integer3 = timeStampTokenInfo.f23066a.f21320h;
                    if (!u3.equals(aSN1Integer3 != null ? aSN1Integer3.u() : null)) {
                        throw new Exception("response contains wrong nonce value.");
                    }
                }
                if (obj4.a() != 0 && obj4.a() != 1) {
                    throw new Exception("time stamp token found in failed request.");
                }
                if (!Arrays.j(Arrays.b(timeStampReq.b.b), Arrays.b(timeStampTokenInfo.f23066a.f21319c.b))) {
                    throw new Exception("response for different message imprint digest.");
                }
                TSTInfo tSTInfo = timeStampTokenInfo.f23066a;
                if (!tSTInfo.f21319c.f21317a.f21364a.l(timeStampReq.b.f21317a.f21364a)) {
                    throw new Exception("response for different message imprint algorithm.");
                }
                SignerInformation signerInformation = timeStampToken.b;
                Attribute b = signerInformation.b().b(PKCSObjectIdentifiers.X8);
                Attribute b2 = signerInformation.b().b(PKCSObjectIdentifiers.Y8);
                if (b == null && b2 == null) {
                    throw new Exception("no signing certificate attribute present.");
                }
                ASN1ObjectIdentifier aSN1ObjectIdentifier2 = timeStampRequest.f23060a.f21324c;
                if ((aSN1ObjectIdentifier2 != null ? aSN1ObjectIdentifier2 : null) != null) {
                    if (aSN1ObjectIdentifier2 == null) {
                        aSN1ObjectIdentifier2 = null;
                    }
                    if (!aSN1ObjectIdentifier2.l(tSTInfo.b)) {
                        throw new Exception("TSA policy wrong for request.");
                    }
                }
            } else if (obj4.a() == 0 || obj4.a() == 1) {
                throw new Exception("no time stamp token found and one expected.");
            }
            DERBitString dERBitString = g.f21325a.f21005c;
            ASN1BitString aSN1BitString = dERBitString != null ? new ASN1BitString(dERBitString.q(), dERBitString.b) : null;
            int t2 = aSN1BitString == null ? 0 : aSN1BitString.t();
            if (t2 != 0) {
                throw new PdfException(PdfException.InvalidTsa1ResponseCode2).setMessageParams(this.tsaURL, String.valueOf(t2));
            }
            TimeStampToken timeStampToken2 = obj4.b;
            if (timeStampToken2 != null) {
                byte[] f = timeStampToken2.f23063a.b.f("DL");
                Logger logger = LOGGER;
                StringBuilder sb = new StringBuilder("Timestamp generated: ");
                TimeStampTokenInfo timeStampTokenInfo2 = timeStampToken2.f23064c;
                sb.append(timeStampTokenInfo2.b);
                logger.g(sb.toString());
                ITSAInfoBouncyCastle iTSAInfoBouncyCastle = this.tsaInfo;
                if (iTSAInfoBouncyCastle != null) {
                    iTSAInfoBouncyCastle.inspectTimeStampTokenInfo(timeStampTokenInfo2);
                }
                this.tokenSizeEstimate = f.length + 32;
                return f;
            }
            PdfException pdfException = new PdfException(PdfException.Tsa1FailedToReturnTimeStampToken2);
            Object[] objArr = new Object[2];
            objArr[0] = this.tsaURL;
            if (g.f21325a.b != null) {
                StringBuffer stringBuffer = new StringBuffer();
                PKIFreeText pKIFreeText = g.f21325a.b;
                for (int i3 = 0; i3 != pKIFreeText.f21002a.size(); i3++) {
                    stringBuffer.append(((DERUTF8String) pKIFreeText.f21002a.t(i3)).getString());
                }
                str3 = stringBuffer.toString();
            }
            objArr[1] = str3;
            throw pdfException.setMessageParams(objArr);
        } catch (ClassCastException e) {
            throw new TSPException("malformed timestamp response: " + e, e);
        } catch (IllegalArgumentException e2) {
            throw new TSPException("malformed timestamp response: " + e2, e2);
        }
    }

    @Override // com.itextpdf.signatures.ITSAClient
    public int getTokenSizeEstimate() {
        return this.tokenSizeEstimate;
    }

    public void setTSAInfo(ITSAInfoBouncyCastle iTSAInfoBouncyCastle) {
        this.tsaInfo = iTSAInfoBouncyCastle;
    }

    public void setTSAReqPolicy(String str) {
        this.tsaReqPolicy = str;
    }
}
