package es.gob.afirma.signers.tsp.pkcs7;

import es.gob.afirma.core.AOException;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.misc.Base64;
import es.gob.afirma.core.misc.MimeHelper;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.Socket;
import java.net.URI;
import java.net.URLConnection;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.logging.Logger;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.C0130g;
import org.bouncycastle.asn1.C0134k;
import org.bouncycastle.asn1.ah;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.a;
import org.bouncycastle.cms.C0198l;
import org.bouncycastle.cms.N;
import org.bouncycastle.cms.O;
import org.bouncycastle.tsp.b;
import org.bouncycastle.tsp.c;
import org.bouncycastle.tsp.d;

/* loaded from: input_file:es/gob/afirma/signers/tsp/pkcs7/CMSTimestamper.class */
public final class CMSTimestamper {
    public static final String CATCERT_TSP = "http://psis.catcert.net/psis/catcert/tsp";
    public static final String CATCERT_POLICY = "0.4.0.2023.1.1";
    public static final Boolean CATCERT_REQUIRECERT = Boolean.TRUE;
    private final b a = new b();
    private final URI b;
    private final String c;
    private final String d;

    public CMSTimestamper(boolean z, String str, URI uri, String str2, String str3, TsaRequestExtension[] tsaRequestExtensionArr) {
        if (tsaRequestExtensionArr != null) {
            for (TsaRequestExtension tsaRequestExtension : tsaRequestExtensionArr) {
                this.a.a(new C0134k(tsaRequestExtension.b()), tsaRequestExtension.a(), tsaRequestExtension.c());
                Logger.getLogger("es.gob.afirma").info("Anadida extension a la solicitud de sello de tiempo: " + tsaRequestExtension);
            }
        }
        this.a.a(z);
        this.a.a(new C0134k(str));
        this.b = uri;
        this.d = str3;
        this.c = str2;
    }

    public byte[] addTimestamp(byte[] bArr, String str) {
        try {
            C0198l c0198l = new C0198l(bArr);
            O a = c0198l.a();
            ArrayList arrayList = new ArrayList();
            for (N n : a.a()) {
                C0130g c0130g = new C0130g(new ByteArrayInputStream(a(n.d(), str)));
                ASN1Primitive d = c0130g.d();
                c0130g.close();
                a aVar = new a(new C0134k("1.2.840.113549.1.9.16.2.14"), new ah(d));
                Hashtable hashtable = new Hashtable();
                hashtable.put(new C0134k("1.2.840.113549.1.9.16.2.14"), aVar);
                arrayList.add(N.a(n, new AttributeTable(hashtable)));
            }
            return C0198l.a(c0198l, new O(arrayList)).d();
        } catch (Exception e) {
            throw new IllegalArgumentException("Los datos de entrada no son un SignedData de CMS: " + e);
        }
    }

    private byte[] a(byte[] bArr) {
        if (this.b.getScheme().equals("socket")) {
            return b(bArr);
        }
        if (this.b.getScheme().equals("http")) {
            return c(bArr);
        }
        throw new UnsupportedOperationException("Protocolo de conexion con TSA no soportado: " + this.b.getScheme());
    }

    private byte[] b(byte[] bArr) {
        Socket socket = new Socket(this.b.getHost(), this.b.getPort());
        socket.setSoTimeout(500000);
        byte[] a = a(bArr, socket);
        socket.close();
        return a;
    }

    private static byte[] a(byte[] bArr, Socket socket) {
        DataOutputStream dataOutputStream = new DataOutputStream(socket.getOutputStream());
        dataOutputStream.writeInt(bArr.length + 1);
        dataOutputStream.writeByte(0);
        dataOutputStream.write(bArr);
        dataOutputStream.flush();
        socket.getOutputStream().flush();
        DataInputStream dataInputStream = new DataInputStream(socket.getInputStream());
        int readInt = dataInputStream.readInt();
        byte readByte = dataInputStream.readByte();
        byte[] bArr2 = new byte[readInt - 1];
        dataInputStream.readFully(bArr2);
        if (readByte != 5 && readByte != 6) {
            throw new IOException("Obtenida resuesta incorrecta del servidor TSA: " + new String(bArr2));
        }
        socket.close();
        return bArr2;
    }

    private byte[] c(byte[] bArr) {
        URLConnection openConnection = this.b.toURL().openConnection();
        openConnection.setDoInput(true);
        openConnection.setDoOutput(true);
        openConnection.setUseCaches(false);
        openConnection.setRequestProperty("Content-Type", "application/timestamp-query");
        openConnection.setRequestProperty("Content-Transfer-Encoding", MimeHelper.DEFAULT_CONTENT_DESCRIPTION);
        if (this.c != null && !"".equals(this.c)) {
            openConnection.setRequestProperty("Authorization", "Basic " + new String(Base64.encode((this.c + ":" + this.d).getBytes())));
        }
        OutputStream outputStream = openConnection.getOutputStream();
        outputStream.write(bArr);
        outputStream.flush();
        outputStream.close();
        byte[] dataFromInputStream = AOUtil.getDataFromInputStream(openConnection.getInputStream());
        String contentEncoding = openConnection.getContentEncoding();
        return (contentEncoding == null || !contentEncoding.equalsIgnoreCase("base64")) ? dataFromInputStream : Base64.decode(new String(dataFromInputStream));
    }

    private byte[] a(byte[] bArr, String str) {
        org.bouncycastle.tsp.a a = this.a.a(new C0134k(str != null ? AOAlgorithmID.getOID(str) : org.bouncycastle.asn1.r.N.i.getId()), bArr, BigInteger.valueOf(System.currentTimeMillis()));
        byte[] a2 = a(a.e());
        try {
            c cVar = new c(a2);
            try {
                cVar.a(a);
                org.bouncycastle.asn1.a.a b = cVar.b();
                int h = b == null ? 0 : b.h();
                if (h != 0) {
                    throw new AOException("Respuesta invalida de la TSA ('" + this.b + "') con el codigo " + h);
                }
                d c = cVar.c();
                if (c == null) {
                    throw new AOException("La respuesta de la TSA ('" + this.b + "') no es un sello de tiempo valido: " + new String(a2));
                }
                return c.c();
            } catch (Exception e) {
                throw new AOException("Error validando la respuesta de la TSA", e);
            }
        } catch (Exception e2) {
            throw new AOException("Error obteniendo la respuesta de la TSA", e2);
        }
    }
}
