package uz.yt.cams.pki.client;

import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.net.URL;
import java.net.URLConnection;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.logging.Logger;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.yt.YTObjectIdentifiers;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cms.jcajce.JcaSignerInfoVerifierBuilder;
import org.spongycastle.cms.jcajce.YTCMSSignatureAlgorithmNameGenerator;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.spongycastle.tsp.TSPException;
import org.spongycastle.tsp.TimeStampRequest;
import org.spongycastle.tsp.TimeStampRequestGenerator;
import org.spongycastle.tsp.TimeStampResponse;
import org.spongycastle.tsp.TimeStampToken;
import uz.yt.cams.pki.dto.CertificateMatch;
import uz.yt.cams.pki.exception.PKIFailureException;
import uz.yt.cams.pki.exception.ProviderException;
import uz.yt.cams.pki.provider.TrustedCertificateProvider;

/* loaded from: classes2.dex */
public class TsaClient {
    private static final String DIGEST_ALG = "OZDST-1106-2009-2-A";
    private static final Logger LOG = Logger.getLogger(TsaClient.class.getName());
    private final Provider provider;
    private TrustedCertificateProvider rootCertificateProvider;
    private final URL tsaUrl;

    public TsaClient(Provider provider, URL url) {
        this.provider = provider;
        this.tsaUrl = url;
    }

    public TsaClient(Provider provider, URL url, TrustedCertificateProvider trustedCertificateProvider) {
        this.provider = provider;
        this.tsaUrl = url;
        this.rootCertificateProvider = trustedCertificateProvider;
    }

    public static TimeStampRequest generateTimeStampRequest(byte[] bArr, MessageDigest messageDigest, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        new TimeStampRequestGenerator().setCertReq(true);
        messageDigest.reset();
        messageDigest.update(bArr);
        return generateTimeStampRequest(messageDigest.digest(), aSN1ObjectIdentifier);
    }

    public static TimeStampRequest generateTimeStampRequest(byte[] bArr, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(true);
        return timeStampRequestGenerator.generate(aSN1ObjectIdentifier, bArr);
    }

    public static TimeStampRequest generateTimeStampRequestWithOzDST1106(Provider provider, byte[] bArr) throws NoSuchAlgorithmException {
        return generateTimeStampRequest(bArr, MessageDigest.getInstance("OZDST-1106-2009-2-A", provider), YTObjectIdentifiers.uzdst_digest_1106_2009_alg_2_param_A);
    }

    public TimeStampToken getTimeStampToken(TimeStampRequest timeStampRequest) throws IOException, TSPException, PKIFailureException, SignatureException, CertificateException, OperatorCreationException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, ProviderException {
        byte[] encoded = timeStampRequest.getEncoded();
        URLConnection openConnection = this.tsaUrl.openConnection();
        boolean z = true;
        openConnection.setDoInput(true);
        openConnection.setDoOutput(true);
        openConnection.setUseCaches(false);
        openConnection.setRequestProperty("Content-Type", "application/timestamp-query");
        openConnection.setRequestProperty("Content-Length", String.valueOf(encoded.length));
        DataOutputStream dataOutputStream = new DataOutputStream(openConnection.getOutputStream());
        try {
            dataOutputStream.write(encoded);
            dataOutputStream.flush();
            dataOutputStream.close();
            DataInputStream dataInputStream = new DataInputStream(openConnection.getInputStream());
            try {
                TimeStampResponse timeStampResponse = new TimeStampResponse(dataInputStream);
                dataInputStream.close();
                timeStampResponse.validate(timeStampRequest);
                if (timeStampResponse.getFailInfo() != null) {
                    throw new PKIFailureException(timeStampResponse.getFailInfo().intValue(), timeStampResponse.getStatusString());
                }
                TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
                if (this.rootCertificateProvider != null) {
                    Iterator it = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()).iterator();
                    if (it.hasNext()) {
                        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(this.provider).getCertificate((X509CertificateHolder) it.next());
                        if (timeStampToken.isSignatureValid(new JcaSignerInfoVerifierBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(this.provider).build()).setSignatureAlgorithmNameGenerator(new YTCMSSignatureAlgorithmNameGenerator()).build(certificate))) {
                            X509Certificate[] x509CertificateArr = this.rootCertificateProvider.get(new CertificateMatch(certificate.getIssuerDN().getName(), certificate.getNotBefore()));
                            if (x509CertificateArr != null) {
                                for (X509Certificate x509Certificate : x509CertificateArr) {
                                    try {
                                        certificate.verify(x509Certificate.getPublicKey());
                                        break;
                                    } catch (SignatureException unused) {
                                    }
                                }
                            }
                            z = false;
                            if (!z) {
                                throw new SignatureException();
                            }
                        }
                    }
                }
                return timeStampToken;
            } catch (Throwable th) {
                try {
                    throw th;
                } catch (Throwable th2) {
                    if (th != null) {
                        try {
                            dataInputStream.close();
                        } catch (Throwable unused2) {
                        }
                    } else {
                        dataInputStream.close();
                    }
                    throw th2;
                }
            }
        } catch (Throwable th3) {
            try {
                throw th3;
            } catch (Throwable th4) {
                if (th3 != null) {
                    try {
                        dataOutputStream.close();
                    } catch (Throwable unused3) {
                    }
                } else {
                    dataOutputStream.close();
                }
                throw th4;
            }
        }
    }

    public TimeStampToken getTimeStampTokenWithOzDST1106(byte[] bArr) throws NoSuchAlgorithmException, IOException, TSPException, PKIFailureException, SignatureException, CertificateException, OperatorCreationException, InvalidKeyException, NoSuchProviderException, ProviderException {
        return getTimeStampToken(generateTimeStampRequestWithOzDST1106(this.provider, bArr));
    }
}
