package org.apache.poi.poifs.crypt.dsig.services;

import ak.c;
import androidx.browser.trusted.sharing.ShareTarget;
import di.f;
import di.g;
import di.h;
import di.m;
import fh.g1;
import fh.l;
import fh.o;
import fh.p0;
import fh.s;
import fh.t;
import fh.w;
import fh.w0;
import fj.v;
import fj.w;
import fj.y;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.nio.charset.Charset;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.Vector;
import javax.xml.bind.DatatypeConverter;
import ji.k;
import l7.z2;
import org.apache.httpcore.HttpHeaders;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.util.HexDump;
import org.apache.poi.util.IOUtils;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import sh.a;
import u3.ge;
import u3.ol;
import zh.b;
import zh.d;
import zj.e;

/* loaded from: classes3.dex */
public class TSPTimeStampService implements TimeStampService {
    private static final POILogger LOG = POILogFactory.getLogger((Class<?>) TSPTimeStampService.class);
    private SignatureConfig signatureConfig;

    /* renamed from: org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm;

        static {
            int[] iArr = new int[HashAlgorithm.values().length];
            $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm = iArr;
            try {
                iArr[HashAlgorithm.sha1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha384.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha512.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public o mapDigestAlgoToOID(HashAlgorithm hashAlgorithm) {
        int i10 = AnonymousClass1.$SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[hashAlgorithm.ordinal()];
        if (i10 == 1) {
            return di.o.f10498d;
        }
        if (i10 == 2) {
            return a.f15991a;
        }
        if (i10 == 3) {
            return a.f15992b;
        }
        if (i10 == 4) {
            return a.f15993c;
        }
        throw new IllegalArgumentException("unsupported digest algo: " + hashAlgorithm);
    }

    @Override // org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable
    public void setSignatureConfig(SignatureConfig signatureConfig) {
        this.signatureConfig = signatureConfig;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampService
    public byte[] timeStamp(byte[] bArr, RevocationData revocationData) {
        g gVar;
        c cVar;
        Object[] objArr;
        String str;
        byte[] digest = CryptoFunctions.getMessageDigest(this.signatureConfig.getTspDigestAlgo()).digest(bArr);
        BigInteger bigInteger = new BigInteger(128, new SecureRandom());
        Hashtable hashtable = new Hashtable();
        Vector vector = new Vector();
        fh.c p = fh.c.p(true);
        String tspRequestPolicy = this.signatureConfig.getTspRequestPolicy();
        fi.c cVar2 = null;
        o oVar = tspRequestPolicy != null ? new o(tspRequestPolicy) : null;
        String str2 = mapDigestAlgoToOID(this.signatureConfig.getTspDigestAlgo()).f11048b;
        if (str2 == null) {
            throw new IllegalArgumentException("No digest algorithm specified");
        }
        b bVar = new b(new di.a(new o(str2), w0.f11066b), digest);
        if (vector.isEmpty()) {
            gVar = null;
        } else {
            f[] fVarArr = new f[vector.size()];
            for (int i10 = 0; i10 != vector.size(); i10++) {
                fVarArr[i10] = (f) hashtable.get(vector.elementAt(i10));
            }
            gVar = new g(fVarArr);
        }
        d dVar = new d(bVar, oVar, new l(bigInteger), p, gVar);
        zj.d dVar2 = new zj.d(dVar);
        byte[] encoded = dVar.getEncoded();
        Proxy proxy = Proxy.NO_PROXY;
        if (this.signatureConfig.getProxyUrl() != null) {
            URL url = new URL(this.signatureConfig.getProxyUrl());
            String host = url.getHost();
            int port = url.getPort();
            Proxy.Type type = Proxy.Type.HTTP;
            InetAddress byName = InetAddress.getByName(host);
            if (port == -1) {
                port = 80;
            }
            proxy = new Proxy(type, new InetSocketAddress(byName, port));
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.signatureConfig.getTspUrl()).openConnection(proxy);
        if (this.signatureConfig.getTspUser() != null) {
            String printBase64Binary = DatatypeConverter.printBase64Binary((this.signatureConfig.getTspUser() + ":" + this.signatureConfig.getTspPass()).getBytes(Charset.forName("iso-8859-1")));
            StringBuilder sb2 = new StringBuilder();
            sb2.append("Basic ");
            sb2.append(printBase64Binary);
            httpURLConnection.setRequestProperty(HttpHeaders.AUTHORIZATION, sb2.toString());
        }
        httpURLConnection.setRequestMethod(ShareTarget.METHOD_POST);
        httpURLConnection.setConnectTimeout(20000);
        httpURLConnection.setReadTimeout(20000);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setRequestProperty("User-Agent", this.signatureConfig.getUserAgent());
        httpURLConnection.setRequestProperty("Content-Type", this.signatureConfig.isTspOldProtocol() ? "application/timestamp-request" : "application/timestamp-query");
        httpURLConnection.getOutputStream().write(encoded);
        httpURLConnection.connect();
        int responseCode = httpURLConnection.getResponseCode();
        if (responseCode != 200) {
            LOG.log(7, "Error contacting TSP server ", this.signatureConfig.getTspUrl() + ", had status code " + responseCode + "/" + httpURLConnection.getResponseMessage());
            StringBuilder c10 = android.support.v4.media.c.c("Error contacting TSP server ");
            c10.append(this.signatureConfig.getTspUrl());
            c10.append(", had status code ");
            c10.append(responseCode);
            c10.append("/");
            c10.append(httpURLConnection.getResponseMessage());
            throw new IOException(c10.toString());
        }
        String headerField = httpURLConnection.getHeaderField("Content-Type");
        if (headerField == null) {
            throw new RuntimeException("missing Content-Type header");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        IOUtils.copy(httpURLConnection.getInputStream(), byteArrayOutputStream);
        POILogger pOILogger = LOG;
        pOILogger.log(1, "response content: ", HexDump.dump(byteArrayOutputStream.toByteArray(), 0L, 0));
        if (!headerField.startsWith(this.signatureConfig.isTspOldProtocol() ? "application/timestamp-response" : "application/timestamp-reply")) {
            StringBuilder b10 = androidx.appcompat.view.b.b("invalid Content-Type: ", headerField, ": ");
            b10.append(HexDump.dump(byteArrayOutputStream.toByteArray(), 0L, 0, 200));
            throw new RuntimeException(b10.toString());
        }
        if (byteArrayOutputStream.size() == 0) {
            throw new RuntimeException("Content-Length is zero");
        }
        ol olVar = new ol(byteArrayOutputStream.toByteArray());
        e eVar = (e) olVar.f18162b;
        if (eVar != null) {
            z2 z2Var = eVar.f20944c;
            l lVar = dVar2.f20941a.M0;
            if ((lVar != null ? lVar.r() : null) != null) {
                l lVar2 = dVar2.f20941a.M0;
                BigInteger r = lVar2 != null ? lVar2.r() : null;
                l lVar3 = ((zh.c) z2Var.f13589a).Q0;
                if (!r.equals(lVar3 != null ? lVar3.r() : null)) {
                    throw new zj.c("response contains wrong nonce value.");
                }
            }
            if (olVar.b() != 0 && olVar.b() != 1) {
                throw new zj.c("time stamp token found in failed request.");
            }
            if (!ak.a.d(ak.a.a(dVar2.f20941a.K0.K0), ak.a.a(((zh.c) z2Var.f13589a).L0.K0))) {
                throw new zj.c("response for different message imprint digest.");
            }
            if (!((zh.c) z2Var.f13589a).L0.f20926b.f10481b.j(dVar2.f20941a.K0.f20926b.f10481b)) {
                throw new zj.c("response for different message imprint algorithm.");
            }
            kh.a a10 = eVar.f20943b.c().a(vh.b.U);
            kh.a a11 = eVar.f20943b.c().a(vh.b.V);
            if (a10 == null && a11 == null) {
                throw new zj.c("no signing certificate attribute present.");
            }
            o oVar2 = dVar2.f20941a.L0;
            if ((oVar2 != null ? oVar2 : null) != null) {
                if (oVar2 == null) {
                    oVar2 = null;
                }
                if (!oVar2.j(((zh.c) z2Var.f13589a).K0)) {
                    throw new zj.c("TSA policy wrong for request.");
                }
            }
        } else if (olVar.b() == 0 || olVar.b() == 1) {
            throw new zj.c("no time stamp token found and one expected.");
        }
        if (olVar.b() != 0) {
            StringBuilder c11 = android.support.v4.media.c.c("status: ");
            c11.append(olVar.b());
            pOILogger.log(1, c11.toString());
            Object[] objArr2 = new Object[1];
            StringBuilder c12 = android.support.v4.media.c.c("status string: ");
            if (((zh.e) olVar.f18161a).f20929b.K0 != null) {
                StringBuffer stringBuffer = new StringBuffer();
                jh.b bVar2 = ((zh.e) olVar.f18161a).f20929b.K0;
                for (int i11 = 0; i11 != bVar2.f12149b.size(); i11++) {
                    stringBuffer.append(((g1) bVar2.f12149b.q(i11)).getString());
                }
                str = stringBuffer.toString();
            } else {
                str = null;
            }
            c12.append(str);
            objArr2[0] = c12.toString();
            pOILogger.log(1, objArr2);
            p0 p0Var = ((zh.e) olVar.f18161a).f20929b.L0;
            jh.a aVar = p0Var != null ? new jh.a(p0Var) : null;
            if (aVar != null) {
                POILogger pOILogger2 = LOG;
                StringBuilder c13 = android.support.v4.media.c.c("fail info int value: ");
                c13.append(aVar.q());
                pOILogger2.log(1, c13.toString());
                if (256 == aVar.q()) {
                    pOILogger2.log(1, "unaccepted policy");
                }
            }
            StringBuilder c14 = android.support.v4.media.c.c("timestamp response status != 0: ");
            c14.append(olVar.b());
            throw new RuntimeException(c14.toString());
        }
        e eVar2 = (e) olVar.f18162b;
        ii.a aVar2 = eVar2.f20943b.f12160a.f12159b;
        BigInteger bigInteger2 = aVar2.L0;
        bi.c cVar3 = aVar2.K0;
        pOILogger.log(1, "signer cert serial number: " + bigInteger2);
        pOILogger.log(1, "signer cert issuer: " + cVar3);
        ji.b bVar3 = eVar2.f20942a;
        ji.c cVar4 = ji.b.N0;
        w wVar = bVar3.f12152b.M0;
        Objects.requireNonNull(cVar4);
        if (wVar != null) {
            ArrayList arrayList = new ArrayList(wVar.f11065b.length);
            int i12 = 0;
            while (true) {
                fh.e[] eVarArr = wVar.f11065b;
                if ((i12 < eVarArr.length) != true) {
                    cVar = new c(arrayList);
                    break;
                }
                if (i12 >= eVarArr.length) {
                    throw new NoSuchElementException();
                }
                int i13 = i12 + 1;
                s c15 = eVarArr[i12].c();
                if (c15 instanceof t) {
                    arrayList.add(new fi.c(di.b.g(c15)));
                }
                i12 = i13;
            }
        } else {
            cVar = new c(new ArrayList());
        }
        Collection a12 = cVar.a();
        HashMap hashMap = new HashMap();
        Iterator it = ((ArrayList) a12).iterator();
        while (it.hasNext()) {
            fi.c cVar5 = (fi.c) it.next();
            if (cVar3.equals(cVar5.a()) && bigInteger2.equals(cVar5.f11075b.K0.L0.r())) {
                cVar2 = cVar5;
            }
            hashMap.put(cVar5.b(), cVar5);
        }
        if (cVar2 == null) {
            throw new RuntimeException("TSP response token has no signer certificate");
        }
        ArrayList arrayList2 = new ArrayList();
        do {
            POILogger pOILogger3 = LOG;
            StringBuilder c16 = android.support.v4.media.c.c("adding to certificate chain: ");
            c16.append(cVar2.b());
            pOILogger3.log(1, c16.toString());
            try {
                arrayList2.add((X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(cVar2.getEncoded())));
                if (cVar2.b().equals(cVar2.a())) {
                    break;
                }
                cVar2 = (fi.c) hashMap.get(cVar2.a());
            } catch (IOException e10) {
                StringBuilder c17 = android.support.v4.media.c.c("exception parsing certificate: ");
                c17.append(e10.getMessage());
                throw new gi.b(c17.toString(), e10);
            } catch (NoSuchProviderException e11) {
                StringBuilder c18 = android.support.v4.media.c.c("cannot find required provider:");
                c18.append(e11.getMessage());
                throw new gi.a(c18.toString(), e11);
            }
        } while (cVar2 != null);
        k kVar = new k(new ge(), new ej.d(), new fj.a(new y(new ej.c()), new fi.c(((X509Certificate) arrayList2.get(0)).getEncoded())), new fj.w());
        try {
            fi.c cVar6 = ((fj.a) kVar.f12174a).f11076a;
            ej.f b11 = kVar.b(eVar2.f20945d.b());
            w.a aVar3 = ((v) b11).f11082a;
            aVar3.write(cVar6.getEncoded());
            aVar3.close();
            if (!ak.a.d(eVar2.f20945d.a(), ((v) b11).a())) {
                throw new zj.c("certificate hash does not match certID hash.");
            }
            if (eVar2.f20945d.c() != null) {
                m mVar = cVar6.f11075b.K0;
                bi.c cVar7 = mVar.N0;
                if (!eVar2.f20945d.c().K0.j(mVar.L0)) {
                    throw new zj.c("certificate serial number does not match certID for signature.");
                }
                h[] g10 = eVar2.f20945d.c().f10490b.g();
                int i14 = 0;
                while (true) {
                    if (i14 == g10.length) {
                        objArr = false;
                        break;
                    }
                    if (g10[i14].K0 == 4 && bi.c.g(g10[i14].f10488b).equals(bi.c.g(cVar7))) {
                        objArr = true;
                        break;
                    }
                    i14++;
                }
                if (objArr == false) {
                    throw new zj.c("certificate name does not match certID for signature. ");
                }
            }
            zj.b.a(cVar6);
            if (!cVar6.c((Date) eVar2.f20944c.f13590b)) {
                throw new zj.c("certificate not valid when time stamp created.");
            }
            if (!eVar2.f20943b.f(kVar)) {
                throw new zj.c("signature not created by certificate.");
            }
            if (this.signatureConfig.getTspValidator() != null) {
                this.signatureConfig.getTspValidator().validate(arrayList2, revocationData);
            }
            POILogger pOILogger4 = LOG;
            StringBuilder c19 = android.support.v4.media.c.c("time-stamp token time: ");
            c19.append((Date) eVar2.f20944c.f13590b);
            pOILogger4.log(1, c19.toString());
            return eVar2.f20942a.K0.f("DL");
        } catch (ej.h e12) {
            StringBuilder c20 = android.support.v4.media.c.c("unable to create digest: ");
            c20.append(e12.getMessage());
            throw new zj.a(c20.toString(), e12);
        } catch (IOException e13) {
            throw new zj.a("problem processing certificate: " + e13, e13);
        } catch (ji.a e14) {
            if (e14.f12151b != null) {
                throw new zj.a(e14.getMessage(), e14.f12151b);
            }
            throw new zj.a("CMS exception: " + e14, e14);
        }
    }
}
