package net.netca.pki.crypto.android.interfaces.impl;

import java.util.Arrays;
import java.util.Date;
import net.netca.pki.Certificate;
import net.netca.pki.Hash;
import net.netca.pki.PkiException;
import net.netca.pki.TimeStamp;
import net.netca.pki.crypto.android.constant.NetcaPKIConst;
import net.netca.pki.crypto.android.http.OkHttpManager;
import net.netca.pki.crypto.android.interfaces.TimeStampInterface;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.tsp.HttpGetTimeStamp;

/* loaded from: classes3.dex */
public class TimeStampImpl implements TimeStampInterface {
    TimeStamp ts = null;

    @Override // net.netca.pki.crypto.android.interfaces.TimeStampInterface
    public String getPolicy() throws PkiException {
        if (this.ts != null) {
            return this.ts.getPolicy();
        }
        throw new PkiException("call verifyInit first");
    }

    @Override // net.netca.pki.crypto.android.interfaces.TimeStampInterface
    public String getSerialNumber() throws PkiException {
        if (this.ts != null) {
            return this.ts.getSerialNumber();
        }
        throw new PkiException("call verifyInit first");
    }

    @Override // net.netca.pki.crypto.android.interfaces.TimeStampInterface
    public Date getTime() throws PkiException {
        if (this.ts != null) {
            return this.ts.getTime();
        }
        throw new PkiException("call verifyInit first");
    }

    @Override // net.netca.pki.crypto.android.interfaces.TimeStampInterface
    public Certificate getTsaCert() throws PkiException {
        if (this.ts != null) {
            return this.ts.getTsaCertificate();
        }
        throw new PkiException("call verifyInit first");
    }

    @Override // net.netca.pki.crypto.android.interfaces.TimeStampInterface
    public byte[] requestTimeStampToken(String str, byte[] bArr, String str2) throws PkiException {
        String str3;
        HttpGetTimeStamp httpGetTimeStamp = new HttpGetTimeStamp();
        httpGetTimeStamp.setHttpImplement(new OkHttpManager());
        if (NetcaPKIConst.Hash.SHA1.equalsIgnoreCase(str2)) {
            str3 = AlgorithmIdentifier.SHA1_OID;
        } else {
            if (!NetcaPKIConst.Hash.SHA256.equalsIgnoreCase(str2)) {
                throw new PkiException("unsupport algo");
            }
            str3 = AlgorithmIdentifier.SHA256_OID;
        }
        httpGetTimeStamp.setHashAlgorithm(AlgorithmIdentifier.CreateAlgorithmIdentifier(str3));
        httpGetTimeStamp.setData(bArr);
        httpGetTimeStamp.getTimeStamp(str);
        byte[] timeStampToken = httpGetTimeStamp.getTimeStampToken();
        verifyInit(bArr, timeStampToken);
        return timeStampToken;
    }

    @Override // net.netca.pki.crypto.android.interfaces.TimeStampInterface
    public void verifyInit(byte[] bArr, byte[] bArr2) throws PkiException {
        try {
            if (this.ts != null) {
                this.ts.free();
                this.ts = null;
            }
            this.ts = new TimeStamp(bArr2, 0, bArr2.length, (Certificate) null);
            if (Arrays.equals(Hash.computeHash(this.ts.getHashAlgorithm(), bArr), this.ts.getMessageImprint())) {
            } else {
                throw new PkiException("原文验证不通过");
            }
        } catch (Exception e) {
            this.ts = null;
            e.printStackTrace();
            throw e;
        }
    }
}
