package org.apache.poi.poifs.crypt.dsig.services;

import P6.h;
import P6.t;
import U6.AbstractC0644n;
import U6.AbstractC0647q;
import U6.AbstractC0650u;
import U6.C0633c;
import U6.C0643m;
import U6.InterfaceC0635e;
import U6.N;
import U6.r;
import com.google.android.material.color.utilities.j;
import com.google.android.material.color.utilities.l;
import com.google.android.material.color.utilities.o;
import d8.InterfaceC2027g;
import e8.C2075a;
import e8.u;
import e8.v;
import f7.C2083a;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.security.auth.x500.X500Principal;
import m7.InterfaceC2258a;
import org.apache.poi.hemf.record.emfplus.S;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
import org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.D;
import org.bouncycastle.cms.F;
import org.bouncycastle.cms.g;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TSPValidationException;
import org.bouncycastle.tsp.d;
import org.spongycastle.asn1.ASN1Encoding;
import q2.C3235b;
import v2.C3384b;
import w7.C3419c;
import y7.C3485c;
import y7.InterfaceC3482A;
import y7.i;
import y7.k;
import y7.m;
import y7.n;

/* loaded from: classes4.dex */
public class TSPTimeStampService implements TimeStampService {
    private static final L6.c LOG = L6.b.a(TSPTimeStampService.class);

    /* renamed from: org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService$1 */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm;

        static {
            int[] iArr = new int[HashAlgorithm.values().length];
            $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm = iArr;
            try {
                iArr[HashAlgorithm.sha1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha384.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha512.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public static boolean lambda$retrieveCRL$3(i iVar) {
        return iVar.f33827d == 0;
    }

    public static Stream lambda$retrieveCRL$4(i iVar) {
        ASN1Object aSN1Object = iVar.f33826c;
        m[] mVarArr = (aSN1Object instanceof n ? (n) aSN1Object : aSN1Object != null ? new n(r.r(aSN1Object)) : null).f33854c;
        m[] mVarArr2 = new m[mVarArr.length];
        System.arraycopy(mVarArr, 0, mVarArr2, 0, mVarArr.length);
        return Stream.of((Object[]) mVarArr2);
    }

    public static boolean lambda$retrieveCRL$5(m mVar) {
        return mVar.f33853d == 6;
    }

    public static /* synthetic */ String lambda$retrieveCRL$6(m mVar) {
        return ASN1IA5String.getInstance(mVar.g()).getString();
    }

    public /* synthetic */ Stream lambda$retrieveCRL$9(List list, final X509Certificate x509Certificate, SignatureConfig signatureConfig, final String str) {
        SignatureConfig.CRLEntry downloadCRL;
        List list2 = (List) list.stream().filter(new Predicate() { // from class: org.apache.poi.poifs.crypt.dsig.services.a
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean lambda$null$7;
                lambda$null$7 = TSPTimeStampService.this.lambda$null$7(x509Certificate, str, (SignatureConfig.CRLEntry) obj);
                return lambda$null$7;
            }
        }).collect(Collectors.toList());
        Stream filter = list.stream().filter(new b(this, x509Certificate, str));
        if (list2.isEmpty() && (downloadCRL = downloadCRL(signatureConfig, str)) != null) {
            list2.add(downloadCRL);
        }
        return Stream.concat(list2.stream(), filter).map(new l(28));
    }

    public static String lambda$timeStamp$0(X509CertificateHolder x509CertificateHolder) {
        C3419c f = C3419c.f(x509CertificateHolder.f28488c.f33816d.f33870j);
        return f.f33475e.z0(f);
    }

    public static boolean lambda$timeStamp$1(C3419c c3419c, BigInteger bigInteger, X509CertificateHolder x509CertificateHolder) {
        return c3419c.equals(C3419c.f(x509CertificateHolder.f28488c.f33816d.f33867g)) && bigInteger.equals(x509CertificateHolder.f28488c.f33816d.f33866e.t());
    }

    public static /* synthetic */ IllegalStateException lambda$timeStamp$2() {
        return new IllegalStateException("TSP response token has no signer certificate");
    }

    public SignatureConfig.CRLEntry downloadCRL(SignatureConfig signatureConfig, String str) {
        if (!signatureConfig.isAllowCRLDownload()) {
            return null;
        }
        TimeStampHttpClient tspHttpClient = signatureConfig.getTspHttpClient();
        tspHttpClient.init(signatureConfig);
        tspHttpClient.setBasicAuthentication(null, null);
        try {
            TimeStampHttpClient.TimeStampHttpClientResponse timeStampHttpClientResponse = tspHttpClient.get(str);
            if (!timeStampHttpClientResponse.isOK()) {
                return null;
            }
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                byte[] responseBytes = timeStampHttpClientResponse.getResponseBytes();
                return signatureConfig.addCRL(str, ((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(responseBytes))).getIssuerX500Principal().getName(), responseBytes);
            } catch (GeneralSecurityException e9) {
                LOG.v().a(e9).e(str, "CRL download failed from {}");
                return null;
            }
        } catch (IOException unused) {
        }
    }

    public C0643m mapDigestAlgoToOID(HashAlgorithm hashAlgorithm) {
        int i9 = AnonymousClass1.$SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[hashAlgorithm.ordinal()];
        if (i9 == 1) {
            return InterfaceC3482A.f33805r1;
        }
        if (i9 == 2) {
            return InterfaceC2258a.f25827a;
        }
        if (i9 == 3) {
            return InterfaceC2258a.f25828b;
        }
        if (i9 == 4) {
            return InterfaceC2258a.f25829c;
        }
        throw new IllegalArgumentException("unsupported digest algo: " + hashAlgorithm);
    }

    /* renamed from: matchCRLbyCN */
    public boolean lambda$null$8(SignatureConfig.CRLEntry cRLEntry, X509Certificate x509Certificate, String str) {
        return x509Certificate.getSubjectX500Principal().getName().equals(cRLEntry.getCertCN());
    }

    /* renamed from: matchCRLbyUrl */
    public boolean lambda$null$7(SignatureConfig.CRLEntry cRLEntry, X509Certificate x509Certificate, String str) {
        return str.equals(cRLEntry.getCrlURL());
    }

    /* JADX WARN: Type inference failed for: r2v1, types: [y7.c, org.bouncycastle.asn1.ASN1Object] */
    public List<byte[]> retrieveCRL(final SignatureConfig signatureConfig, final X509Certificate x509Certificate) throws IOException {
        C3485c c3485c;
        final List<SignatureConfig.CRLEntry> crlEntries = signatureConfig.getCrlEntries();
        byte[] extensionValue = x509Certificate.getExtensionValue(k.f33838o.f3452c);
        if (extensionValue == null) {
            return Collections.emptyList();
        }
        Object k9 = AbstractC0647q.k(AbstractC0644n.r(extensionValue).f3458c);
        if (k9 instanceof C3485c) {
            c3485c = (C3485c) k9;
        } else if (k9 != null) {
            r r9 = r.r(k9);
            ?? aSN1Object = new ASN1Object();
            aSN1Object.f33811c = r9;
            c3485c = aSN1Object;
        } else {
            c3485c = null;
        }
        return (List) Stream.of((Object[]) c3485c.f()).map(new j(27)).filter(new org.apache.poi.extractor.ole2.b(1)).filter(new org.apache.poi.hslf.record.n(3)).flatMap(new o(27)).filter(new com.applovin.impl.mediation.l(4)).map(new d(0)).flatMap(new Function() { // from class: org.apache.poi.poifs.crypt.dsig.services.e
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                Stream lambda$retrieveCRL$9;
                lambda$retrieveCRL$9 = TSPTimeStampService.this.lambda$retrieveCRL$9(crlEntries, x509Certificate, signatureConfig, (String) obj);
                return lambda$retrieveCRL$9;
            }
        }).filter(new h(2)).collect(Collectors.toList());
    }

    /* JADX WARN: Type inference failed for: r2v2, types: [java.lang.Object, d8.l] */
    /* JADX WARN: Type inference failed for: r5v11, types: [d8.f, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r7v5, types: [e8.x, e8.b, java.lang.Object] */
    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampService
    public byte[] timeStamp(SignatureInfo signatureInfo, byte[] bArr, RevocationData revocationData) throws Exception {
        org.bouncycastle.util.c cVar;
        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
        byte[] digest = CryptoFunctions.getMessageDigest(signatureConfig.getTspDigestAlgo()).digest(bArr);
        BigInteger bigInteger = new BigInteger(128, new SecureRandom());
        C3384b c3384b = new C3384b(3);
        c3384b.f33194d = C0633c.f3425e;
        String tspRequestPolicy = signatureConfig.getTspRequestPolicy();
        if (tspRequestPolicy != null) {
            c3384b.f33193c = new C0643m(tspRequestPolicy);
        }
        org.bouncycastle.tsp.b a9 = c3384b.a(mapDigestAlgoToOID(signatureConfig.getTspDigestAlgo()), digest, bigInteger);
        TimeStampHttpClient tspHttpClient = signatureConfig.getTspHttpClient();
        tspHttpClient.init(signatureConfig);
        tspHttpClient.setContentTypeIn(signatureConfig.isTspOldProtocol() ? "application/timestamp-request" : "application/timestamp-query");
        TimeStampHttpClient.TimeStampHttpClientResponse post = tspHttpClient.post(signatureConfig.getTspUrl(), a9.f28652a.getEncoded());
        if (!post.isOK()) {
            throw new IOException("Requesting timestamp data failed");
        }
        byte[] responseBytes = post.getResponseBytes();
        if (responseBytes.length == 0) {
            throw new IllegalStateException("Content-Length is zero");
        }
        org.bouncycastle.tsp.c cVar2 = new org.bouncycastle.tsp.c(responseBytes);
        cVar2.c(a9);
        if (cVar2.a() != 0) {
            L6.c cVar3 = LOG;
            cVar3.h().e(t.a(cVar2.a()), "status: {}");
            cVar3.h().e(cVar2.b(), "status string: {}");
            N n9 = cVar2.f28653a.f32927c.f3916e;
            Y6.a aVar = n9 != null ? new Y6.a(n9, 0) : null;
            if (aVar != null) {
                cVar3.h().e(t.a(aVar.s()), "fail info int value: {}");
                if (256 == aVar.s()) {
                    cVar3.h().i("unaccepted policy");
                }
            }
            throw new IllegalStateException("timestamp response status != 0: " + cVar2.a());
        }
        org.bouncycastle.tsp.d dVar = cVar2.f28654b;
        D d9 = dVar.f28656b;
        org.bouncycastle.tsp.e eVar = dVar.f28657c;
        C7.c cVar4 = d9.f28502a.f28498c;
        final BigInteger bigInteger2 = cVar4.f786e;
        final C3419c c3419c = cVar4.f785d;
        L6.c cVar5 = LOG;
        cVar5.h().e(bigInteger2, "signer cert serial number: {}");
        cVar5.h().e(c3419c, "signer cert issuer: {}");
        AbstractC0650u abstractC0650u = dVar.f28655a.f28539c.f;
        g.f28538g.getClass();
        if (abstractC0650u != null) {
            InterfaceC0635e[] interfaceC0635eArr = abstractC0650u.f3470c;
            ArrayList arrayList = new ArrayList(interfaceC0635eArr.length);
            int i9 = 0;
            while (i9 < interfaceC0635eArr.length) {
                if (i9 >= interfaceC0635eArr.length) {
                    throw new NoSuchElementException();
                }
                int i10 = i9 + 1;
                AbstractC0647q aSN1Primitive = interfaceC0635eArr[i9].toASN1Primitive();
                if (aSN1Primitive instanceof r) {
                    arrayList.add(new X509CertificateHolder(y7.e.f(aSN1Primitive)));
                }
                i9 = i10;
            }
            cVar = new org.bouncycastle.util.c(arrayList);
        } else {
            cVar = new org.bouncycastle.util.c(new ArrayList());
        }
        Map map = (Map) cVar.d().stream().collect(Collectors.toMap(new o(26), Function.identity()));
        X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) map.values().stream().filter(new Predicate() { // from class: org.apache.poi.poifs.crypt.dsig.services.c
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean lambda$timeStamp$1;
                lambda$timeStamp$1 = TSPTimeStampService.lambda$timeStamp$1(C3419c.this, bigInteger2, (X509CertificateHolder) obj);
                return lambda$timeStamp$1;
            }
        }).findFirst().orElseThrow(new S(28));
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        jcaX509CertificateConverter.f28490a = new org.bouncycastle.cert.jcajce.c();
        X509Certificate a10 = jcaX509CertificateConverter.a(x509CertificateHolder);
        do {
            revocationData.addCertificate(a10);
            X500Principal issuerX500Principal = a10.getIssuerX500Principal();
            if (a10.getSubjectX500Principal().equals(issuerX500Principal)) {
                break;
            }
            X509CertificateHolder x509CertificateHolder2 = (X509CertificateHolder) map.get(issuerX500Principal.getName());
            a10 = x509CertificateHolder2 != null ? jcaX509CertificateConverter.a(x509CertificateHolder2) : signatureConfig.getCachedCertificateByPrinicipal(issuerX500Principal.getName());
            if (a10 != null) {
                retrieveCRL(signatureConfig, a10).forEach(new z3.k(revocationData, 6));
            }
        } while (a10 != null);
        C3235b c3235b = new C3235b(3);
        ?? obj = new Object();
        ?? obj2 = new Object();
        v vVar = new v();
        ?? obj3 = new Object();
        obj3.f23597a = u.f23600b;
        obj3.f23605b = obj2;
        F f = new F(c3235b, obj, new C2075a(obj3, x509CertificateHolder), vVar);
        d.a aVar2 = dVar.f28658d;
        try {
            InterfaceC2027g a11 = vVar.a(aVar2.b());
            v.b bVar = ((v.a) a11).f23603b;
            bVar.write(x509CertificateHolder.f28488c.getEncoded());
            bVar.close();
            if (!org.bouncycastle.util.a.d(aVar2.a(), ((v.a) a11).getDigest())) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            C2083a c2083a = aVar2.f28659a;
            if ((c2083a != null ? c2083a.f23926d : aVar2.f28660b.f23929e) != null) {
                Z6.h hVar = new Z6.h(x509CertificateHolder.f28488c);
                C2083a c2083a2 = aVar2.f28659a;
                if (!(c2083a2 != null ? c2083a2.f23926d : aVar2.f28660b.f23929e).f33856d.j(hVar.f4079d)) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                C2083a c2083a3 = aVar2.f28659a;
                m[] mVarArr = (c2083a3 != null ? c2083a3.f23926d : aVar2.f28660b.f23929e).f33855c.f33854c;
                int length = mVarArr.length;
                m[] mVarArr2 = new m[length];
                System.arraycopy(mVarArr, 0, mVarArr2, 0, mVarArr.length);
                for (int i11 = 0; i11 != length; i11++) {
                    m mVar = mVarArr2[i11];
                    if (mVar.f33853d != 4 || !C3419c.f(mVar.f33852c).equals(C3419c.f(hVar.f4078c))) {
                    }
                }
                throw new TSPValidationException("certificate name does not match certID for signature. ");
            }
            org.bouncycastle.tsp.a.a(x509CertificateHolder);
            if (!x509CertificateHolder.a(eVar.f28662b)) {
                throw new TSPValidationException("certificate not valid when time stamp created.");
            }
            if (!dVar.f28656b.d(f)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
            if (signatureConfig.getTspValidator() != null) {
                signatureConfig.getTspValidator().validate(revocationData.getX509chain(), revocationData);
            }
            LOG.h().e(eVar.f28662b, "time-stamp token time: {}");
            return dVar.f28655a.f28540d.e(ASN1Encoding.DL);
        } catch (IOException e9) {
            throw new TSPException(F7.j.k("problem processing certificate: ", e9), e9);
        } catch (CMSException e10) {
            if (e10.a() != null) {
                throw new TSPException(e10.getMessage(), e10.a());
            }
            throw new TSPException("CMS exception: " + e10, e10);
        } catch (OperatorCreationException e11) {
            throw new TSPException("unable to create digest: " + e11.getMessage(), e11);
        }
    }
}
