package org.demoiselle.signer.timestamp.connector;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.util.Store;
import org.demoiselle.signer.core.exception.CertificateCoreException;
import org.demoiselle.signer.core.util.MessagesBundle;
import org.demoiselle.signer.cryptography.Digest;
import org.demoiselle.signer.cryptography.DigestAlgorithmEnum;
import org.demoiselle.signer.cryptography.factory.DigestFactory;
import org.demoiselle.signer.timestamp.Timestamp;
import org.demoiselle.signer.timestamp.enumeration.ConnectionType;
import org.demoiselle.signer.timestamp.signer.RequestSigner;
import org.demoiselle.signer.timestamp.utils.TimeStampConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/demoiselle/signer/timestamp/connector/TimeStampOperator.class */
public class TimeStampOperator {
    private static final Logger logger = LoggerFactory.getLogger(TimeStampOperator.class);
    private static MessagesBundle timeStampMessagesBundle = new MessagesBundle();
    private InputStream inputStream = null;
    private Timestamp timestamp;
    private TimeStampRequest timeStampRequest;
    private TimeStampResponse timeStampResponse;

    public byte[] createRequest(PrivateKey privateKey, Certificate[] certificateArr, byte[] bArr, byte[] bArr2) throws CertificateCoreException {
        try {
            logger.info(timeStampMessagesBundle.getString("info.timestamp.digest"));
            Digest factoryDefault = DigestFactory.getInstance().factoryDefault();
            factoryDefault.setAlgorithm(DigestAlgorithmEnum.SHA_256);
            byte[] digest = bArr != null ? factoryDefault.digest(bArr) : bArr2;
            logger.info(timeStampMessagesBundle.getString("info.timestamp.prepare.request"));
            TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
            timeStampRequestGenerator.setReqPolicy(new ASN1ObjectIdentifier(TimeStampConfig.getInstance().getTSPOid()));
            timeStampRequestGenerator.setCertReq(true);
            this.timeStampRequest = timeStampRequestGenerator.generate(new ASN1ObjectIdentifier(TSPAlgorithms.SHA256.getId()), digest, BigInteger.valueOf(100L));
            byte[] encoded = this.timeStampRequest.getEncoded();
            logger.info(timeStampMessagesBundle.getString("info.timestamp.sign.request"));
            return new RequestSigner().signRequest(privateKey, certificateArr, encoded, "SHA256withRSA");
        } catch (IOException e) {
            throw new CertificateCoreException(e.getMessage());
        }
    }

    public byte[] createRequest(String str, String str2, String str3, byte[] bArr, byte[] bArr2) throws CertificateCoreException {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(new FileInputStream(str), str2.toCharArray());
            return createRequest((PrivateKey) keyStore.getKey(str3, str2.toCharArray()), keyStore.getCertificateChain(str3), bArr, bArr2);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new CertificateCoreException(e.getMessage());
        }
    }

    public byte[] invoke(byte[] bArr) throws CertificateCoreException {
        try {
            logger.info(timeStampMessagesBundle.getString("info.timestamp.init.request"));
            Connector buildConnector = ConnectorFactory.buildConnector(ConnectionType.SOCKET);
            buildConnector.setHostname(TimeStampConfig.getInstance().getTspHostname());
            buildConnector.setPort(TimeStampConfig.getInstance().getTSPPort());
            logger.info(timeStampMessagesBundle.getString("info.timestamp.response"));
            this.inputStream = buildConnector.connect(bArr);
            long currentTimeMillis = System.currentTimeMillis() + 3500;
            while (this.inputStream.available() < 4 && System.currentTimeMillis() < currentTimeMillis) {
                try {
                    Thread.sleep(1L);
                } catch (InterruptedException e) {
                    e.printStackTrace();
                }
            }
            byte[] bArr2 = new byte[4];
            this.inputStream.read(bArr2, 0, 4);
            int intValue = new BigInteger(bArr2).intValue();
            if (System.currentTimeMillis() < currentTimeMillis) {
                while (this.inputStream.available() < intValue && System.currentTimeMillis() < currentTimeMillis) {
                    try {
                        Thread.sleep(1L);
                    } catch (InterruptedException e2) {
                        e2.printStackTrace();
                    }
                }
                if (System.currentTimeMillis() >= currentTimeMillis) {
                    logger.error(timeStampMessagesBundle.getString("info.timestamp.timeout"));
                }
            } else {
                logger.error(timeStampMessagesBundle.getString("info.timestamp.timeout"));
            }
            this.inputStream.read(new byte[1], 0, 1);
            int i = intValue - 1;
            byte[] bArr3 = new byte[i];
            this.inputStream.read(bArr3, 0, i);
            this.timeStampResponse = new TimeStampResponse(bArr3);
            logger.info(timeStampMessagesBundle.getString("info.timestamp.status", new Object[]{Integer.valueOf(this.timeStampResponse.getStatus())}));
            switch (this.timeStampResponse.getStatus()) {
                case 0:
                    logger.info(timeStampMessagesBundle.getString("info.pkistatus.granted"));
                    break;
                case 1:
                    logger.info(timeStampMessagesBundle.getString("info.pkistatus.grantedWithMods"));
                    break;
                case 2:
                    logger.info(timeStampMessagesBundle.getString("error.pkistatus.rejection"));
                    throw new CertificateCoreException(timeStampMessagesBundle.getString("error.pkistatus.rejection"));
                case 3:
                    logger.info(timeStampMessagesBundle.getString("error.pkistatus.waiting"));
                    throw new CertificateCoreException(timeStampMessagesBundle.getString("error.pkistatus.waiting"));
                case 4:
                    logger.info(timeStampMessagesBundle.getString("error.pkistatus.revocation.warn"));
                    throw new CertificateCoreException(timeStampMessagesBundle.getString("error.pkistatus.revocation.warn"));
                case 5:
                    logger.info(timeStampMessagesBundle.getString("error.pkistatus.revocation.notification"));
                    throw new CertificateCoreException(timeStampMessagesBundle.getString("error.pkistatus.revocation.notification"));
                default:
                    logger.info(timeStampMessagesBundle.getString("error.pkistatus.unknown"));
                    throw new CertificateCoreException(timeStampMessagesBundle.getString("error.pkistatus.unknown"));
            }
            int i2 = -1;
            if (this.timeStampResponse.getFailInfo() != null) {
                i2 = Integer.parseInt(new String(this.timeStampResponse.getFailInfo().getBytes()));
            }
            logger.info(timeStampMessagesBundle.getString("info.timestamp.failinfo", new Object[]{Integer.valueOf(i2)}));
            switch (i2) {
                case 0:
                    logger.info(timeStampMessagesBundle.getString("error.pkifailureinfo.badAlg"));
                    break;
                case 2:
                    logger.info(timeStampMessagesBundle.getString("error.pkifailureinfo.badRequest"));
                    break;
                case 5:
                    logger.info(timeStampMessagesBundle.getString("error.pkifailureinfo.badDataFormat"));
                    break;
                case 14:
                    logger.info(timeStampMessagesBundle.getString("error.pkifailureinfo.timeNotAvailable"));
                    break;
                case 15:
                    logger.info(timeStampMessagesBundle.getString("error.pkifailureinfo.unacceptedPolicy"));
                    break;
                case 16:
                    logger.info(timeStampMessagesBundle.getString("error.pkifailureinfo.unacceptedExtension"));
                    break;
                case 17:
                    logger.info(timeStampMessagesBundle.getString("error.pkifailureinfo.addInfoNotAvailable"));
                    break;
                case 25:
                    logger.info(timeStampMessagesBundle.getString("error.pkifailureinfo.systemFailure"));
                    break;
            }
            this.timeStampResponse.validate(this.timeStampRequest);
            TimeStampToken timeStampToken = this.timeStampResponse.getTimeStampToken();
            setTimestamp(new Timestamp(timeStampToken));
            if (timeStampToken == null) {
                throw new CertificateCoreException(timeStampMessagesBundle.getString("error.timestamp.token.null"));
            }
            buildConnector.close();
            logger.info(this.timestamp.toString());
            return this.timestamp.getEncoded();
        } catch (CertificateCoreException | TSPException | IOException e3) {
            throw new CertificateCoreException(e3.getMessage());
        }
    }

    public void validate(byte[] bArr, byte[] bArr2, byte[] bArr3) throws CertificateCoreException {
        byte[] bArr4;
        try {
            TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(bArr2));
            CMSSignedData cMSSignedData = timeStampToken.toCMSSignedData();
            int i = 0;
            Store certificates = cMSSignedData.getCertificates();
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next();
                if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509CertificateHolder))) {
                    i++;
                }
                x509CertificateHolder.getExtension(new ASN1ObjectIdentifier("2.5.29.31")).getExtnValue();
            }
            logger.info(timeStampMessagesBundle.getString("info.signature.verified", new Object[]{Integer.valueOf(i)}));
            if (bArr != null) {
                Digest factoryDefault = DigestFactory.getInstance().factoryDefault();
                factoryDefault.setAlgorithm(DigestAlgorithmEnum.SHA_256);
                bArr4 = factoryDefault.digest(bArr);
            } else {
                bArr4 = bArr3;
            }
            if (!Arrays.equals(bArr4, timeStampToken.getTimeStampInfo().getMessageImprintDigest())) {
                throw new CertificateCoreException(timeStampMessagesBundle.getString("info.timestamp.hash.nok"));
            }
            logger.info(timeStampMessagesBundle.getString("info.timestamp.hash.ok"));
        } catch (TSPException | IOException | CMSException | OperatorCreationException | CertificateException e) {
            throw new CertificateCoreException(e.getMessage());
        }
    }

    public void setTimestamp(Timestamp timestamp) {
        this.timestamp = timestamp;
    }

    public Timestamp getTimestamp() {
        return this.timestamp;
    }
}
