package net.netca.pki.impl.jce;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.Base64;
import net.netca.pki.encoding.Hex;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.JCESecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.tsp.Accuracy;
import net.netca.pki.encoding.asn1.pki.tsp.MessageImprint;
import net.netca.pki.encoding.asn1.pki.tsp.TSTInfo;
import net.netca.pki.encoding.asn1.pki.tsp.TimeStampReq;
import net.netca.pki.encoding.asn1.pki.tsp.TimeStampReqBuilder;
import net.netca.pki.encoding.asn1.pki.tsp.TimeStampResp;
import net.netca.pki.global.IGetTimeStamp;
import net.netca.pki.global.IHash;
import net.netca.pki.global.X509Certificate;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.protocol.HTTP;

/* loaded from: classes3.dex */
public class JCEGetTimeStamp implements IGetTimeStamp {
    private ArrayList<TimeStampInfo> infos;
    private JCEPki pki;
    private X509Certificate signCert;
    private byte[] token;
    private TSTInfo tstInfo;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JCEGetTimeStamp(JCEPki jCEPki, ArrayList<TimeStampInfo> arrayList) {
        this.pki = jCEPki;
        this.infos = arrayList;
    }

    private byte[] HttpGetData(String str, String str2, String str3, byte[] bArr) throws PkiException {
        if (!isHttp(str)) {
            throw new PkiException("unsupport url:" + str);
        }
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.setRequestMethod(HttpPost.METHOD_NAME);
            httpURLConnection.setRequestProperty("Content-Type", str2);
            httpURLConnection.setDoOutput(true);
            httpURLConnection.connect();
            OutputStream outputStream = httpURLConnection.getOutputStream();
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(outputStream);
            bufferedOutputStream.write(bArr);
            bufferedOutputStream.flush();
            outputStream.close();
            int responseCode = httpURLConnection.getResponseCode();
            if (httpURLConnection.getResponseCode() != 200) {
                httpURLConnection.disconnect();
                throw new PkiException("bad resp status " + responseCode);
            }
            String headerField = httpURLConnection.getHeaderField("Content-Type");
            if (headerField == null) {
                httpURLConnection.disconnect();
                throw new PkiException("no content type");
            }
            if (!headerField.equals(str3)) {
                httpURLConnection.disconnect();
                throw new PkiException("respContentType mismatch");
            }
            String headerField2 = httpURLConnection.getHeaderField(HTTP.CONTENT_LEN);
            if (headerField2 == null) {
                httpURLConnection.disconnect();
                throw new PkiException("no content length");
            }
            int parseInt = Integer.parseInt(headerField2);
            if (parseInt == 0) {
                httpURLConnection.disconnect();
                throw new PkiException("content length is zero?");
            }
            byte[] bArr2 = new byte[parseInt];
            BufferedInputStream bufferedInputStream = new BufferedInputStream(httpURLConnection.getInputStream());
            for (int i = 0; i < parseInt; i++) {
                int read = bufferedInputStream.read();
                if (-1 == read) {
                    break;
                }
                bArr2[i] = (byte) read;
            }
            bufferedInputStream.close();
            httpURLConnection.disconnect();
            return bArr2;
        } catch (PkiException e) {
            throw e;
        } catch (Exception e2) {
            throw new PkiException("get data fail", e2);
        }
    }

    private TimeStampReq createTimeStampReq(AlgorithmIdentifier algorithmIdentifier, byte[] bArr, TimeStampInfo timeStampInfo) throws PkiException {
        TimeStampReqBuilder timeStampReqBuilder = new TimeStampReqBuilder();
        MessageImprint messageImprint = new MessageImprint(algorithmIdentifier, bArr);
        timeStampReqBuilder.setCertReq(timeStampInfo.includeTsaCert);
        timeStampReqBuilder.setMessageImprint(messageImprint);
        if (timeStampInfo.reqPolicy != null) {
            timeStampReqBuilder.setReqPolicy(timeStampInfo.reqPolicy);
        }
        timeStampReqBuilder.setNonce(JCESecureRandomGenerator.getInstance());
        return timeStampReqBuilder.build();
    }

    private int getByteValue(byte b) {
        return b < 0 ? b + 256 : b;
    }

    static AlgorithmIdentifier getHashAlgoFromCrypto(int i) throws PkiException {
        if (i == 8192) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA1_OID);
        }
        if (i == 12288) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA224_OID);
        }
        if (i == 16384) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA256_OID);
        }
        if (i == 20480) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA384_OID);
        }
        if (i == 24576) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA512_OID);
        }
        if (i == 32768) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA512_224_OID);
        }
        if (i == 36864) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA512_256_OID);
        }
        if (i == 40960) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA3_224_OID);
        }
        if (i == 49152) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA3_384_OID);
        }
        if (i == 53248) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA3_512_OID);
        }
        return null;
    }

    private TimeStampInfo[] getRandomArray(ArrayList<TimeStampInfo> arrayList) {
        int size = arrayList.size();
        TimeStampInfo[] timeStampInfoArr = new TimeStampInfo[size];
        if (size == 0) {
            return timeStampInfoArr;
        }
        if (size == 1) {
            timeStampInfoArr[0] = arrayList.get(0);
            return timeStampInfoArr;
        }
        int[] iArr = new int[size];
        for (int i = 0; i < size; i++) {
            iArr[i] = i;
        }
        for (int i2 = 0; i2 < size; i2++) {
            int randomValue = getRandomValue(size - i2) + i2;
            int i3 = iArr[i2];
            iArr[i2] = iArr[randomValue];
            iArr[randomValue] = i3;
        }
        for (int i4 = 0; i4 < size; i4++) {
            timeStampInfoArr[i4] = arrayList.get(iArr[i4]);
        }
        return timeStampInfoArr;
    }

    private int getRandomValue(int i) {
        if (i <= 1) {
            return 0;
        }
        try {
            byte[] generate = JCESecureRandomGenerator.getInstance().generate(4);
            return (int) (((((getByteValue(generate[1]) << 8) | getByteValue(generate[0])) | (getByteValue(generate[2]) << 16)) | (getByteValue(generate[3]) << 24)) % i);
        } catch (PkiException unused) {
            return i - 1;
        }
    }

    private boolean getToken(TimeStampInfo timeStampInfo, byte[] bArr, int i, int i2) {
        byte[] timeStampToken;
        try {
            AlgorithmIdentifier hashAlgoFromCrypto = getHashAlgoFromCrypto(timeStampInfo.hashAlgo);
            if (hashAlgoFromCrypto == null) {
                return false;
            }
            IHash hashObject = this.pki.getHashObject(hashAlgoFromCrypto.getOid());
            hashObject.update(bArr, i, i2);
            TimeStampReq createTimeStampReq = createTimeStampReq(hashAlgoFromCrypto, hashObject.doFinal(), timeStampInfo);
            TimeStampResp timeStampResp = new TimeStampResp(HttpGetData(timeStampInfo.url, "application/timestamp-query", "application/timestamp-reply", createTimeStampReq.derEncode()));
            int status = timeStampResp.getStatus().getStatus();
            if ((status == 0 || status == 1) && (timeStampToken = timeStampResp.getTimeStampToken()) != null) {
                return verifyTimestamp(timeStampInfo, createTimeStampReq, timeStampToken);
            }
            return false;
        } catch (Exception unused) {
            return false;
        }
    }

    private boolean isHttp(String str) {
        return str.substring(0, 7).equalsIgnoreCase("http://") || str.substring(0, 8).equalsIgnoreCase("https://");
    }

    private boolean matchMessageImprint(MessageImprint messageImprint, MessageImprint messageImprint2) {
        try {
            if (messageImprint.getHashAlgorithm().getOid().equals(messageImprint2.getHashAlgorithm().getOid())) {
                return Arrays.equals(messageImprint.getHashedMessage(), messageImprint2.getHashedMessage());
            }
            return false;
        } catch (PkiException unused) {
            return false;
        }
    }

    private boolean verifyTimestamp(TimeStampInfo timeStampInfo, TimeStampReq timeStampReq, byte[] bArr) throws PkiException {
        JCESignedDataVerify jCESignedDataVerify = new JCESignedDataVerify(this.pki, new SignedDataVerifyInfo(timeStampInfo.acceptableTimeStampSignAlgo, Boolean.TRUE, Boolean.TRUE, timeStampInfo.acceptableSigningCertHashAlgo, 1));
        byte[] verify = jCESignedDataVerify.verify(bArr, 0, bArr.length);
        if (jCESignedDataVerify.getSignerCount() != 1) {
            return false;
        }
        this.tstInfo = new TSTInfo(verify);
        if (!matchMessageImprint(timeStampReq.getMessageImprint(), this.tstInfo.getMessageImprint())) {
            return false;
        }
        String policy = this.tstInfo.getPolicy();
        if (timeStampReq.getReqPolicy() != null && !policy.equals(timeStampReq.getReqPolicy())) {
            return false;
        }
        if (timeStampInfo.acceptablePolicy != null) {
            for (int i = 0; i < timeStampInfo.acceptablePolicy.length; i++) {
                if (!policy.equals(timeStampInfo.acceptablePolicy[i])) {
                    return false;
                }
            }
        }
        this.signCert = jCESignedDataVerify.getSignCert();
        if (timeStampInfo.tsaCert != null) {
            try {
                if (!Arrays.equals(Base64.decode(true, timeStampInfo.tsaCert), this.signCert.derEncode())) {
                    return false;
                }
            } catch (Exception unused) {
            }
        }
        this.token = bArr;
        return true;
    }

    @Override // net.netca.pki.global.IGetTimeStamp
    public int getAccuracyMicros() throws PkiException {
        if (this.tstInfo == null) {
            throw new PkiException("not call getToken");
        }
        Accuracy accuracy = this.tstInfo.getAccuracy();
        if (accuracy == null) {
            return -1;
        }
        return accuracy.getMicros();
    }

    @Override // net.netca.pki.global.IGetTimeStamp
    public int getAccuracyMillis() throws PkiException {
        if (this.tstInfo == null) {
            throw new PkiException("not call getToken");
        }
        Accuracy accuracy = this.tstInfo.getAccuracy();
        if (accuracy == null) {
            return -1;
        }
        return accuracy.getMillis();
    }

    @Override // net.netca.pki.global.IGetTimeStamp
    public int getAccuracySeconds() throws PkiException {
        if (this.tstInfo == null) {
            throw new PkiException("not call getToken");
        }
        Accuracy accuracy = this.tstInfo.getAccuracy();
        if (accuracy == null) {
            return -1;
        }
        return accuracy.getSeconds();
    }

    @Override // net.netca.pki.global.IGetTimeStamp
    public String getPolicy() throws PkiException {
        if (this.tstInfo != null) {
            return this.tstInfo.getPolicy();
        }
        throw new PkiException("not call getToken");
    }

    @Override // net.netca.pki.global.IGetTimeStamp
    public String getSerialNumber() throws PkiException {
        if (this.tstInfo != null) {
            return Hex.encode(true, this.tstInfo.getSerialNumber());
        }
        throw new PkiException("not call getToken");
    }

    @Override // net.netca.pki.global.IGetTimeStamp
    public Date getTime() throws PkiException {
        if (this.tstInfo != null) {
            return this.tstInfo.getTime();
        }
        throw new PkiException("not call getToken");
    }

    @Override // net.netca.pki.global.IGetTimeStamp
    public byte[] getToken(byte[] bArr, int i, int i2) throws PkiException {
        for (TimeStampInfo timeStampInfo : getRandomArray(this.infos)) {
            if (getToken(timeStampInfo, bArr, i, i2)) {
                return this.token;
            }
        }
        throw new PkiException("get tiemstamp fail");
    }

    @Override // net.netca.pki.global.IGetTimeStamp
    public X509Certificate getTsaCert() throws PkiException {
        return this.signCert;
    }
}
