package com.itextpdf.text.pdf.security;

import Da.b;
import Eb.a;
import Eb.c;
import Ha.d;
import Ha.e;
import La.h;
import La.i;
import La.n;
import Ra.y;
import com.itextpdf.text.error_messages.MessageLocalization;
import com.itextpdf.text.log.Logger;
import com.itextpdf.text.log.LoggerFactory;
import com.itextpdf.text.pdf.codec.Base64;
import j1.AbstractC2527g;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.URL;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Hashtable;
import java.util.Vector;
import la.C2646M;
import la.C2654V;
import la.C2658c;
import la.C2666k;
import la.C2667l;
import la.C2670o;
import la.f0;
import oa.C2806a;
import pa.C2825a;
import pa.C2829e;

/* loaded from: classes4.dex */
public class TSAClientBouncyCastle implements TSAClient {
    public static final String DEFAULTHASHALGORITHM = "SHA-256";
    public static final int DEFAULTTOKENSIZE = 4096;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) TSAClientBouncyCastle.class);
    protected String digestAlgorithm;
    protected int tokenSizeEstimate;
    protected TSAInfoBouncyCastle tsaInfo;
    protected String tsaPassword;
    private String tsaReqPolicy;
    protected String tsaURL;
    protected String tsaUsername;

    public TSAClientBouncyCastle(String str) {
        this(str, null, null, 4096, "SHA-256");
    }

    public TSAClientBouncyCastle(String str, String str2, String str3) {
        this(str, str2, str3, 4096, "SHA-256");
    }

    public TSAClientBouncyCastle(String str, String str2, String str3, int i4, String str4) {
        this.tsaReqPolicy = null;
        this.tsaURL = str;
        this.tsaUsername = str2;
        this.tsaPassword = str3;
        this.tokenSizeEstimate = i4;
        this.digestAlgorithm = str4;
    }

    @Override // com.itextpdf.text.pdf.security.TSAClient
    public MessageDigest getMessageDigest() throws GeneralSecurityException {
        return new BouncyCastleDigest().getMessageDigest(this.digestAlgorithm);
    }

    public String getTSAReqPolicy() {
        return this.tsaReqPolicy;
    }

    public byte[] getTSAResponse(byte[] bArr) throws IOException {
        try {
            URLConnection openConnection = new URL(this.tsaURL).openConnection();
            openConnection.setDoInput(true);
            openConnection.setDoOutput(true);
            openConnection.setUseCaches(false);
            openConnection.setRequestProperty("Content-Type", "application/timestamp-query");
            openConnection.setRequestProperty("Content-Transfer-Encoding", "binary");
            String str = this.tsaUsername;
            if (str != null && !str.equals("")) {
                openConnection.setRequestProperty("Authorization", "Basic " + Base64.encodeBytes((this.tsaUsername + ":" + this.tsaPassword).getBytes(), 8));
            }
            OutputStream outputStream = openConnection.getOutputStream();
            outputStream.write(bArr);
            outputStream.close();
            InputStream inputStream = openConnection.getInputStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr2 = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr2, 0, 1024);
                if (read < 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr2, 0, read);
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            String contentEncoding = openConnection.getContentEncoding();
            return (contentEncoding == null || !contentEncoding.equalsIgnoreCase("base64")) ? byteArray : Base64.decode(new String(byteArray));
        } catch (IOException unused) {
            throw new IOException(MessageLocalization.getComposedMessage("failed.to.get.tsa.response.from.1", this.tsaURL));
        }
    }

    /* JADX WARN: Type inference failed for: r5v3, types: [java.lang.Object, Ha.b] */
    @Override // com.itextpdf.text.pdf.security.TSAClient
    public byte[] getTimeStampToken(byte[] bArr) throws IOException, a {
        i iVar;
        Hashtable hashtable = new Hashtable();
        Vector vector = new Vector();
        C2658c c2658c = C2658c.f25206g;
        String str = this.tsaReqPolicy;
        String str2 = null;
        C2670o c2670o = (str == null || str.length() <= 0) ? null : new C2670o(this.tsaReqPolicy);
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        String str3 = new C2670o(DigestAlgorithms.getAllowedDigests(this.digestAlgorithm)).b;
        if (str3 == null) {
            throw new IllegalArgumentException("No digest algorithm specified");
        }
        La.a aVar = new La.a(new C2670o(str3), C2654V.b);
        ?? obj = new Object();
        obj.b = aVar;
        obj.c = AbstractC2527g.b(bArr);
        if (vector.isEmpty()) {
            iVar = null;
        } else {
            h[] hVarArr = new h[vector.size()];
            for (int i4 = 0; i4 != vector.size(); i4++) {
                hVarArr[i4] = (h) hashtable.get(vector.elementAt(i4));
            }
            iVar = new i(hVarArr);
        }
        c cVar = valueOf != null ? new c(new d(obj, c2670o, new C2667l(valueOf), c2658c, iVar)) : new c(new d(obj, c2670o, null, c2658c, iVar));
        d dVar = cVar.f1072a;
        try {
            e j4 = e.j(new C2666k(new ByteArrayInputStream(getTSAResponse(dVar.h()))).h());
            C2829e c2829e = j4.c;
            Eb.d dVar2 = c2829e != null ? new Eb.d(c2829e) : null;
            if (dVar2 != null) {
                C2667l c2667l = cVar.f1072a.f1840f;
                BigInteger t2 = c2667l != null ? c2667l.t() : null;
                Eb.e eVar = dVar2.c;
                if (t2 != null) {
                    C2667l c2667l2 = cVar.f1072a.f1840f;
                    BigInteger t7 = c2667l2 != null ? c2667l2.t() : null;
                    C2667l c2667l3 = eVar.f1074a.f1836j;
                    if (!t7.equals(c2667l3 != null ? c2667l3.t() : null)) {
                        throw new a("response contains wrong nonce value.", 0);
                    }
                }
                if (j4.b.b.t().intValue() != 0 && j4.b.b.t().intValue() != 1) {
                    throw new a("time stamp token found in failed request.", 0);
                }
                if (!AbstractC2527g.e(AbstractC2527g.b(dVar.c.c), AbstractC2527g.b(eVar.f1074a.f1831d.c))) {
                    throw new a("response for different message imprint digest.", 0);
                }
                if (!eVar.f1074a.f1831d.b.b.equals(dVar.c.b.b)) {
                    throw new a("response for different message imprint algorithm.", 0);
                }
                y yVar = dVar2.b;
                C2825a m = yVar.a().m(b.f833F8);
                C2825a m7 = yVar.a().m(b.f834G8);
                if (m == null && m7 == null) {
                    throw new a("no signing certificate attribute present.", 0);
                }
                C2670o c2670o2 = cVar.f1072a.f1839d;
                if ((c2670o2 != null ? c2670o2 : null) != null) {
                    if (c2670o2 == null) {
                        c2670o2 = null;
                    }
                    if (!c2670o2.equals(eVar.f1074a.c)) {
                        throw new a("TSA policy wrong for request.", 0);
                    }
                }
            } else if (j4.b.b.t().intValue() == 0 || j4.b.b.t().intValue() == 1) {
                throw new a("no time stamp token found and one expected.", 0);
            }
            C2646M c2646m = j4.b.f25560d;
            n nVar = c2646m != null ? new n(c2646m.s(), c2646m.c, 1) : null;
            int u2 = nVar == null ? 0 : nVar.u();
            if (u2 != 0) {
                throw new IOException(MessageLocalization.getComposedMessage("invalid.tsa.1.response.code.2", this.tsaURL, String.valueOf(u2)));
            }
            if (dVar2 == null) {
                String str4 = this.tsaURL;
                if (j4.b.c != null) {
                    StringBuffer stringBuffer = new StringBuffer();
                    C2806a c2806a = j4.b.c;
                    for (int i10 = 0; i10 != c2806a.b.size(); i10++) {
                        stringBuffer.append(((f0) c2806a.b.t(i10)).getString());
                    }
                    str2 = stringBuffer.toString();
                }
                throw new IOException(MessageLocalization.getComposedMessage("tsa.1.failed.to.return.time.stamp.token.2", str4, str2));
            }
            byte[] h6 = dVar2.f1073a.b.h();
            Logger logger = LOGGER;
            StringBuilder sb2 = new StringBuilder("Timestamp generated: ");
            Eb.e eVar2 = dVar2.c;
            sb2.append(eVar2.b);
            logger.info(sb2.toString());
            TSAInfoBouncyCastle tSAInfoBouncyCastle = this.tsaInfo;
            if (tSAInfoBouncyCastle != null) {
                tSAInfoBouncyCastle.inspectTimeStampTokenInfo(eVar2);
            }
            this.tokenSizeEstimate = h6.length + 32;
            return h6;
        } catch (ClassCastException e2) {
            throw new a("malformed timestamp response: " + e2, e2);
        } catch (IllegalArgumentException e3) {
            throw new a("malformed timestamp response: " + e3, e3);
        }
    }

    @Override // com.itextpdf.text.pdf.security.TSAClient
    public int getTokenSizeEstimate() {
        return this.tokenSizeEstimate;
    }

    public void setTSAInfo(TSAInfoBouncyCastle tSAInfoBouncyCastle) {
        this.tsaInfo = tSAInfoBouncyCastle;
    }

    public void setTSAReqPolicy(String str) {
        this.tsaReqPolicy = str;
    }
}
