package org.apache.poi.poifs.crypt.dsig.services;

import androidx.browser.trusted.sharing.ShareTarget;
import androidx.core.view.accessibility.AccessibilityNodeInfoCompat;
import com.google.android.exoplayer2.source.rtsp.RtspHeaders;
import defpackage.a35;
import defpackage.ag;
import defpackage.cw1;
import defpackage.fv8;
import defpackage.gw1;
import defpackage.h50;
import defpackage.k50;
import defpackage.nf6;
import defpackage.pc9;
import defpackage.px1;
import defpackage.q1a;
import defpackage.qc9;
import defpackage.r1a;
import defpackage.sc9;
import defpackage.su6;
import defpackage.t1a;
import defpackage.tc9;
import defpackage.w0;
import defpackage.zr;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.nio.charset.Charset;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import javax.xml.bind.DatatypeConverter;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.util.IOUtils;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;

/* loaded from: classes5.dex */
public class TSPTimeStampService implements TimeStampService {
    private static final POILogger LOG = POILogFactory.getLogger((Class<?>) TSPTimeStampService.class);
    private SignatureConfig signatureConfig;

    /* renamed from: org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService$1, reason: invalid class name */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm;

        static {
            int[] iArr = new int[HashAlgorithm.values().length];
            $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm = iArr;
            try {
                iArr[HashAlgorithm.sha1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha384.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[HashAlgorithm.sha512.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public w0 mapDigestAlgoToOID(HashAlgorithm hashAlgorithm) {
        int i = AnonymousClass1.$SwitchMap$org$apache$poi$poifs$crypt$HashAlgorithm[hashAlgorithm.ordinal()];
        if (i == 1) {
            return t1a.d;
        }
        if (i == 2) {
            return nf6.a;
        }
        if (i == 3) {
            return nf6.b;
        }
        if (i == 4) {
            return nf6.c;
        }
        throw new IllegalArgumentException("unsupported digest algo: " + hashAlgorithm);
    }

    @Override // org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable
    public void setSignatureConfig(SignatureConfig signatureConfig) {
        this.signatureConfig = signatureConfig;
    }

    /* JADX WARN: Unreachable blocks removed: 4, instructions: 4 */
    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampService
    public byte[] timeStamp(byte[] bArr, RevocationData revocationData) throws Exception {
        POILogger pOILogger;
        byte[] digest = CryptoFunctions.getMessageDigest(this.signatureConfig.getTspDigestAlgo()).digest(bArr);
        BigInteger bigInteger = new BigInteger(128, new SecureRandom());
        qc9 qc9Var = new qc9();
        qc9Var.b();
        String tspRequestPolicy = this.signatureConfig.getTspRequestPolicy();
        if (tspRequestPolicy != null) {
            qc9Var.c(new w0(tspRequestPolicy));
        }
        pc9 a = qc9Var.a(mapDigestAlgoToOID(this.signatureConfig.getTspDigestAlgo()), digest, bigInteger);
        byte[] a2 = a.a();
        Proxy proxy = Proxy.NO_PROXY;
        if (this.signatureConfig.getProxyUrl() != null) {
            URL url = new URL(this.signatureConfig.getProxyUrl());
            String host = url.getHost();
            int port = url.getPort();
            Proxy.Type type = Proxy.Type.HTTP;
            if (port == -1) {
                port = 80;
            }
            proxy = new Proxy(type, new InetSocketAddress(host, port));
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.signatureConfig.getTspUrl()).openConnection(proxy);
        if (this.signatureConfig.getTspUser() != null) {
            String printBase64Binary = DatatypeConverter.printBase64Binary((this.signatureConfig.getTspUser() + ":" + this.signatureConfig.getTspPass()).getBytes(Charset.forName("iso-8859-1")));
            StringBuilder sb = new StringBuilder();
            sb.append("Basic ");
            sb.append(printBase64Binary);
            httpURLConnection.setRequestProperty("Authorization", sb.toString());
        }
        httpURLConnection.setRequestMethod(ShareTarget.METHOD_POST);
        httpURLConnection.setConnectTimeout(AccessibilityNodeInfoCompat.EXTRA_DATA_TEXT_CHARACTER_LOCATION_ARG_MAX_LENGTH);
        httpURLConnection.setReadTimeout(AccessibilityNodeInfoCompat.EXTRA_DATA_TEXT_CHARACTER_LOCATION_ARG_MAX_LENGTH);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setRequestProperty(RtspHeaders.USER_AGENT, this.signatureConfig.getUserAgent());
        httpURLConnection.setRequestProperty("Content-Type", this.signatureConfig.isTspOldProtocol() ? "application/timestamp-request" : "application/timestamp-query");
        httpURLConnection.getOutputStream().write(a2);
        httpURLConnection.connect();
        if (httpURLConnection.getResponseCode() != 200) {
            LOG.log(7, "Error contacting TSP server ", this.signatureConfig.getTspUrl());
            StringBuilder a3 = ag.a("Error contacting TSP server ");
            a3.append(this.signatureConfig.getTspUrl());
            throw new IOException(a3.toString());
        }
        String headerField = httpURLConnection.getHeaderField("Content-Type");
        if (headerField == null) {
            throw new RuntimeException("missing Content-Type header");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        IOUtils.copy(httpURLConnection.getInputStream(), byteArrayOutputStream);
        POILogger pOILogger2 = LOG;
        pOILogger2.log(1, "response content: ", byteArrayOutputStream.toString());
        if (!headerField.startsWith(this.signatureConfig.isTspOldProtocol() ? "application/timestamp-response" : "application/timestamp-reply")) {
            throw new RuntimeException(zr.a("invalid Content-Type: ", headerField));
        }
        if (byteArrayOutputStream.size() == 0) {
            throw new RuntimeException("Content-Length is zero");
        }
        sc9 sc9Var = new sc9(byteArrayOutputStream.toByteArray());
        sc9Var.e(a);
        if (sc9Var.b() != 0) {
            StringBuilder a4 = ag.a("status: ");
            a4.append(sc9Var.b());
            pOILogger2.log(1, a4.toString());
            pOILogger2.log(1, "status string: " + sc9Var.c());
            su6 a5 = sc9Var.a();
            if (a5 != null) {
                StringBuilder a6 = ag.a("fail info int value: ");
                a6.append(a5.D());
                pOILogger2.log(1, a6.toString());
                if (256 == a5.D()) {
                    pOILogger2.log(1, "unaccepted policy");
                }
            }
            StringBuilder a7 = ag.a("timestamp response status != 0: ");
            a7.append(sc9Var.b());
            throw new RuntimeException(a7.toString());
        }
        tc9 d = sc9Var.d();
        fv8 c = d.c();
        BigInteger b = c.b();
        q1a a8 = c.a();
        pOILogger2.log(1, "signer cert serial number: " + b);
        pOILogger2.log(1, "signer cert issuer: " + a8);
        r1a r1aVar = null;
        ArrayList b2 = d.a().b();
        HashMap hashMap = new HashMap();
        Iterator it = b2.iterator();
        while (it.hasNext()) {
            r1a r1aVar2 = (r1a) it.next();
            if (a8.equals(r1aVar2.a()) && b.equals(r1aVar2.b())) {
                r1aVar = r1aVar2;
            }
            hashMap.put(r1aVar2.c(), r1aVar2);
        }
        if (r1aVar == null) {
            throw new RuntimeException("TSP response token has no signer certificate");
        }
        ArrayList arrayList = new ArrayList();
        a35 a35Var = new a35();
        a35Var.b();
        do {
            pOILogger = LOG;
            StringBuilder a9 = ag.a("adding to certificate chain: ");
            a9.append(r1aVar.c());
            pOILogger.log(1, a9.toString());
            arrayList.add(a35Var.a(r1aVar));
            if (r1aVar.c().equals(r1aVar.a())) {
                break;
            }
            r1aVar = (r1a) hashMap.get(r1aVar.a());
        } while (r1aVar != null);
        d.e(new k50(new cw1(), new px1(), new gw1(), new h50()).a(new r1a(((X509Certificate) arrayList.get(0)).getEncoded())));
        if (this.signatureConfig.getTspValidator() != null) {
            this.signatureConfig.getTspValidator().validate(arrayList, revocationData);
        }
        StringBuilder a10 = ag.a("time-stamp token time: ");
        a10.append(d.d().a());
        pOILogger.log(1, a10.toString());
        return d.b();
    }
}
