package net.netca.pki.encoding.asn1.pki.tsp;

import java.io.IOException;
import java.util.Arrays;
import java.util.Date;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.Hashable;
import net.netca.pki.encoding.asn1.pki.IHttp;
import net.netca.pki.encoding.asn1.pki.JCEHasher;
import net.netca.pki.encoding.asn1.pki.JCESecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.JCEVerifier;
import net.netca.pki.encoding.asn1.pki.SecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.SimpleHttp;
import net.netca.pki.encoding.asn1.pki.Verifible;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.cms.SignedData;

/* loaded from: classes3.dex */
public final class HttpGetTimeStamp {
    private byte[] nonce;
    private IHttp http = new SimpleHttp();
    private Hashable hasher = new JCEHasher();
    private Verifible verifier = new JCEVerifier();
    private AlgorithmIdentifier hashAlgorithm = null;
    private byte[] hashValue = null;
    private String reqPolicy = null;
    private SecureRandomGenerator randGenerator = JCESecureRandomGenerator.getInstance();
    private int nonceLength = 32;
    private TSTInfo tsInfo = null;
    private X509Certificate cert = null;
    private boolean certReq = true;
    private TimeStampResp resp = null;

    private void checkMessageImprint(MessageImprint messageImprint) throws PkiException {
        if (!messageImprint.match(this.hashAlgorithm, this.hashValue)) {
            throw new MessageImprintMisMatchException("messageImprint mismatch");
        }
    }

    private void checkNonce(byte[] bArr) throws PkiException {
        if (!Arrays.equals(bArr, this.nonce)) {
            throw new PkiException("nonce mismatch");
        }
    }

    private void checkPolicy(String str) throws PkiException {
        if (this.reqPolicy != null && !this.reqPolicy.equals(str)) {
            throw new PkiException("policy mismatch");
        }
    }

    private void checkReqData() throws PkiException {
        if (this.hasher == null) {
            throw new PkiException("no hasher");
        }
        if (this.http == null) {
            throw new PkiException("no http implement");
        }
        if (this.verifier == null) {
            throw new PkiException("no verifier");
        }
        if (this.randGenerator == null) {
            throw new PkiException("no rand generator");
        }
        if (this.hashAlgorithm == null) {
            throw new PkiException("no hash algorithm");
        }
        if (this.hashValue == null) {
            throw new PkiException("no hash value");
        }
    }

    private void checkTSTInfo(TSTInfo tSTInfo) throws PkiException {
        checkMessageImprint(tSTInfo.getMessageImprint());
        checkNonce(tSTInfo.getNonce());
        checkPolicy(tSTInfo.getPolicy());
    }

    private TimeStampReq createTimeStampReq() throws PkiException {
        TimeStampReqBuilder timeStampReqBuilder = new TimeStampReqBuilder();
        timeStampReqBuilder.setCertReq(true);
        timeStampReqBuilder.setMessageImprint(new MessageImprint(this.hashAlgorithm, this.hashValue));
        if (this.reqPolicy != null) {
            timeStampReqBuilder.setReqPolicy(this.reqPolicy);
        }
        timeStampReqBuilder.setCertReq(this.certReq);
        timeStampReqBuilder.setNonce(this.randGenerator, this.nonceLength);
        return timeStampReqBuilder.build();
    }

    public void addUnsignedAttrs(Attribute attribute) throws PkiException {
        if (this.resp == null) {
            throw new PkiException("no timestamp response");
        }
        this.resp.addUnsignedAttrs(attribute);
    }

    public TSTInfo getTSTInfo() throws PkiException {
        return this.tsInfo;
    }

    public Date getTimeStamp(String str) throws PkiException {
        try {
            checkReqData();
            TimeStampReq createTimeStampReq = createTimeStampReq();
            this.nonce = createTimeStampReq.getNonce().toByteArray();
            byte[] derEncode = createTimeStampReq.derEncode();
            byte[] postData = this.http.postData(str, "application/timestamp-query", derEncode, 0, derEncode.length);
            String respContentType = this.http.getRespContentType();
            if (!"application/timestamp-reply".equals(respContentType)) {
                throw new PkiException("bad resp content-type:" + respContentType);
            }
            TimeStampResp timeStampResp = new TimeStampResp(postData);
            int status = timeStampResp.getStatus().getStatus();
            if (status != 0 && status != 1) {
                throw new PkiException("bad timestamp status:" + status);
            }
            SignedData timeStampTokenObject = timeStampResp.getTimeStampTokenObject();
            if (!TimeStampResp.verifyTimeStamp(timeStampTokenObject, this.verifier, this.hasher, this.cert)) {
                throw new PkiException("verify timestamp signature fail");
            }
            X509Certificate signCert = timeStampTokenObject.getSignCert(0);
            TSTInfo tstInfo = timeStampResp.getTstInfo();
            checkTSTInfo(tstInfo);
            this.resp = timeStampResp;
            this.cert = signCert;
            this.tsInfo = tstInfo;
            return tstInfo.getTime();
        } catch (IOException e) {
            throw new PkiException("io error", e);
        }
    }

    public X509Certificate getTimeStampCert() throws PkiException {
        return this.cert;
    }

    public byte[] getTimeStampToken() throws PkiException {
        if (this.resp != null) {
            return this.resp.getTimeStampToken();
        }
        throw new PkiException("no timestamp resp,try getTimeStamp first");
    }

    public ASN1Object getTimeStampTokenASN1Object() throws PkiException {
        if (this.resp != null) {
            return this.resp.getTimeStampTokenASN1Object();
        }
        throw new PkiException("no timestamp resp,try getTimeStamp first");
    }

    public void setCertReq(boolean z) {
        this.certReq = z;
    }

    public void setData(byte[] bArr) throws PkiException {
        setData(bArr, 0, bArr.length);
    }

    public void setData(byte[] bArr, int i, int i2) throws PkiException {
        if (this.hasher == null) {
            throw new PkiException("no hasher");
        }
        if (this.hashAlgorithm == null) {
            throw new PkiException("no hash algorithm");
        }
        this.hashValue = this.hasher.hash(this.hashAlgorithm, bArr, i, i2);
    }

    public void setHashAlgorithm(AlgorithmIdentifier algorithmIdentifier) {
        this.hashAlgorithm = algorithmIdentifier;
        this.hashValue = null;
    }

    public void setHashImplement(Hashable hashable) {
        this.hasher = hashable;
    }

    public void setHashValue(byte[] bArr) {
        this.hashValue = bArr;
    }

    public void setHttpImplement(IHttp iHttp) {
        this.http = iHttp;
    }

    public void setNonceLength(int i) throws PkiException {
        if (i > 0) {
            this.nonceLength = i;
        } else {
            throw new PkiException("bad nonce length:" + i);
        }
    }

    public void setReqPolicy(String str) throws PkiException {
        new ObjectIdentifier(str);
        this.reqPolicy = str;
    }

    public void setSecureRandomGenerator(SecureRandomGenerator secureRandomGenerator) {
        this.randGenerator = secureRandomGenerator;
    }

    public void setTimeStampCert(X509Certificate x509Certificate) throws PkiException {
        this.cert = x509Certificate;
    }

    public void setVerifyImplement(Verifible verifible) {
        this.verifier = verifible;
    }
}
