package es.gob.afirma.signers.tsp.pkcs7;

import bj.e;
import bj.x;
import bj.z;
import cj.a;
import es.gob.afirma.core.AOException;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.misc.Base64;
import es.gob.afirma.core.misc.MimeHelper;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import j0.y2;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.Socket;
import java.net.URI;
import java.net.URLConnection;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Vector;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import nk.d;
import qj.b;
import tj.c0;
import tj.l;
import xj.e0;
import xj.f0;
import xj.h;
import xj.m;
import yi.c;
import yi.e1;
import yi.f;
import yi.g0;
import yi.j;
import yi.k;
import yi.n;
import yi.p0;
import yi.s;
import yi.t;
import yi.w0;
import yi.y0;

/* loaded from: classes.dex */
public final class CMSTimestamper {
    static final Logger LOGGER = Logger.getLogger("es.gob.afirma");
    private static final String SIGNATURE_TIMESTAMP_TOKEN_OID = "1.2.840.113549.1.9.16.2.14";
    private static final int SOCKET_TIMEOUT = 500000;
    private static final String STORE_TYPE_PKCS12 = "PKCS12";
    private byte[] sslKeyStoreFile;
    private String sslKeyStorePassword;
    private String sslKeyStoreType;
    private byte[] sslTrustStoreFile;
    private String sslTrustStorePassword;
    private String sslTrustStoreType;
    private final String tsaPassword;
    private final URI tsaURL;
    private final String tsaUsername;
    private final d tsqGenerator;
    private boolean verifyHostname;

    public CMSTimestamper(TsaParams tsaParams) {
        this(tsaParams.doTsaRequireCert(), tsaParams.getTsaPolicy(), tsaParams.getTsaUrl(), tsaParams.getTsaUsr(), tsaParams.getTsaPwd(), tsaParams.getExtensions(), tsaParams.getSslKeyStore(), tsaParams.getSslKeyStorePassword(), tsaParams.getSslKeyStoreType(), tsaParams.getSslTrustStore(), tsaParams.getSslTrustStorePassword(), tsaParams.getSslTrustStoreType(), tsaParams.isVerifyHostname());
    }

    public CMSTimestamper(boolean z10, String str, URI uri, String str2, String str3, TsaRequestExtension[] tsaRequestExtensionArr, byte[] bArr, String str4) {
        this(z10, str, uri, str2, str3, tsaRequestExtensionArr, bArr, str4, STORE_TYPE_PKCS12, null, null, null, false);
    }

    public CMSTimestamper(boolean z10, String str, URI uri, String str2, String str3, TsaRequestExtension[] tsaRequestExtensionArr, byte[] bArr, String str4, String str5, byte[] bArr2, String str6, String str7, boolean z11) {
        this.sslKeyStoreFile = null;
        this.sslKeyStorePassword = null;
        this.sslKeyStoreType = null;
        this.sslTrustStoreFile = null;
        this.sslTrustStorePassword = null;
        this.sslTrustStoreType = null;
        this.verifyHostname = true;
        this.tsqGenerator = new d();
        if (tsaRequestExtensionArr != null) {
            for (TsaRequestExtension tsaRequestExtension : tsaRequestExtensionArr) {
                d dVar = this.tsqGenerator;
                n nVar = new n(tsaRequestExtension.getOid());
                boolean isCritical = tsaRequestExtension.isCritical();
                byte[] value = tsaRequestExtension.getValue();
                y2 y2Var = dVar.f16150c;
                if (((Hashtable) y2Var.f12896a).containsKey(nVar)) {
                    throw new IllegalArgumentException("extension " + nVar + " already added");
                }
                ((Vector) y2Var.f12897b).addElement(nVar);
                ((Hashtable) y2Var.f12896a).put(nVar, new l(nVar, isCritical, new y0(value)));
                LOGGER.info("Anadida extension a la solicitud de sello de tiempo: " + tsaRequestExtension);
            }
        }
        d dVar2 = this.tsqGenerator;
        dVar2.getClass();
        dVar2.f16149b = z10 ? c.f27962e : c.f27961d;
        this.tsqGenerator.f16148a = new n(str);
        this.tsaURL = uri;
        this.tsaPassword = str3;
        this.tsaUsername = str2;
        this.sslKeyStoreFile = bArr != null ? (byte[]) bArr.clone() : null;
        this.sslKeyStorePassword = str4;
        this.sslKeyStoreType = str5;
        this.sslTrustStoreFile = bArr2 != null ? (byte[]) bArr2.clone() : null;
        this.sslTrustStorePassword = str6;
        this.sslTrustStoreType = str7;
        this.verifyHostname = z11;
    }

    private void configureHttpsConnection(URLConnection uRLConnection) throws IOException {
        KeyManager[] keyManagerArr;
        TrustManager[] trustManagerArr;
        if (uRLConnection == null) {
            throw new IllegalArgumentException("La conexion no puede ser nula");
        }
        if (!this.verifyHostname) {
            Logger logger = LOGGER;
            logger.warning("No se comprobaran los nombres de host en la conexion SSL del sello de tiempo");
            if (uRLConnection instanceof HttpsURLConnection) {
                ((HttpsURLConnection) uRLConnection).setHostnameVerifier(new HostnameVerifier() { // from class: es.gob.afirma.signers.tsp.pkcs7.CMSTimestamper.1
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        return true;
                    }
                });
            } else {
                logger.warning("No se ha podido deshabilitar la comprobacion de nombre de host, tipo desconocido de conexion: ".concat(uRLConnection.getClass().getName()));
            }
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            String str = "JKS";
            if (this.sslKeyStoreFile == null || this.sslKeyStorePassword == null) {
                keyManagerArr = null;
            } else {
                try {
                    String str2 = this.sslKeyStoreType;
                    if (str2 == null) {
                        str2 = "JKS";
                    }
                    KeyStore keyStore = KeyStore.getInstance(str2);
                    keyStore.load(new ByteArrayInputStream(this.sslKeyStoreFile), this.sslKeyStorePassword.toCharArray());
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, this.sslKeyStorePassword.toCharArray());
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                } catch (Exception e10) {
                    throw new IOException(a.e("Error obteniendo el almacen de certificados cliente para el SSL: ", e10), e10);
                }
            }
            if (this.sslTrustStoreFile == null || this.sslTrustStorePassword == null) {
                trustManagerArr = new TrustManager[]{new X509TrustManager() { // from class: es.gob.afirma.signers.tsp.pkcs7.CMSTimestamper.2
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str3) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str3) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return new X509Certificate[0];
                    }
                }};
            } else {
                try {
                    String str3 = this.sslTrustStoreType;
                    if (str3 != null) {
                        str = str3;
                    }
                    KeyStore keyStore2 = KeyStore.getInstance(str);
                    keyStore2.load(new ByteArrayInputStream(this.sslTrustStoreFile), this.sslTrustStorePassword.toCharArray());
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore2);
                    trustManagerArr = trustManagerFactory.getTrustManagers();
                } catch (Exception e11) {
                    throw new IOException(a.e("Error obteniendo el almacen de confianza con los certificados de CA con los que se configuro la SSL: ", e11), e11);
                }
            }
            try {
                sSLContext.init(keyManagerArr, trustManagerArr, null);
                try {
                    uRLConnection.getClass().getMethod("setSSLSocketFactory", SSLSocketFactory.class).invoke(uRLConnection, sSLContext.getSocketFactory());
                } catch (Exception e12) {
                    LOGGER.severe("Error en la configuracion del acceso a la URL sobre SSL");
                    throw new IOException("Error en la configuracion del acceso a la URL sobre SSL", e12);
                }
            } catch (Exception e13) {
                throw new IOException(a.e("Error creando el gestor de seguridad SSL: ", e13), e13);
            }
        } catch (Exception e14) {
            throw new IOException(a.e("No se ha podido obtener el contexto de seguridad SSL: ", e14), e14);
        }
    }

    private byte[] getTSAResponse(byte[] bArr) throws IOException {
        if (this.tsaURL.getScheme().equals("socket")) {
            return getTSAResponseSocket(bArr);
        }
        if (this.tsaURL.getScheme().equals("http")) {
            return getTSAResponseHttp(bArr);
        }
        if (this.tsaURL.getScheme().equals("https")) {
            return getTSAResponseHttps(bArr);
        }
        throw new UnsupportedOperationException("Protocolo de conexion con TSA no soportado: " + this.tsaURL.getScheme());
    }

    private static byte[] getTSAResponseExternalSocket(byte[] bArr, Socket socket) throws IOException {
        OutputStream outputStream = socket.getOutputStream();
        try {
            DataOutputStream dataOutputStream = new DataOutputStream(outputStream);
            try {
                dataOutputStream.writeInt(bArr.length + 1);
                dataOutputStream.writeByte(0);
                dataOutputStream.write(bArr);
                dataOutputStream.flush();
                outputStream.flush();
                dataOutputStream.close();
                outputStream.close();
                DataInputStream dataInputStream = new DataInputStream(socket.getInputStream());
                int readInt = dataInputStream.readInt();
                byte readByte = dataInputStream.readByte();
                byte[] bArr2 = new byte[readInt - 1];
                dataInputStream.readFully(bArr2);
                if (readByte != 5 && readByte != 6) {
                    throw new IOException("Obtenida resuesta incorrecta del servidor TSA: ".concat(new String(bArr2)));
                }
                socket.close();
                return bArr2;
            } finally {
            }
        } catch (Throwable th2) {
            try {
                throw th2;
            } catch (Throwable th3) {
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (Throwable th4) {
                        th2.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        }
    }

    private byte[] getTSAResponseHttp(byte[] bArr) throws IOException {
        return getTSAResponseHttp(bArr, prepareConnection(false));
    }

    private static byte[] getTSAResponseHttp(byte[] bArr, URLConnection uRLConnection) throws IOException {
        OutputStream outputStream = uRLConnection.getOutputStream();
        try {
            outputStream.write(bArr);
            outputStream.flush();
            outputStream.close();
            InputStream inputStream = uRLConnection.getInputStream();
            try {
                byte[] dataFromInputStream = AOUtil.getDataFromInputStream(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                String contentEncoding = uRLConnection.getContentEncoding();
                return (contentEncoding == null || !contentEncoding.equalsIgnoreCase("base64")) ? dataFromInputStream : Base64.decode(new String(dataFromInputStream));
            } catch (Throwable th2) {
                try {
                    throw th2;
                } catch (Throwable th3) {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (Throwable th4) {
                            th2.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            }
        } catch (Throwable th5) {
            try {
                throw th5;
            } catch (Throwable th6) {
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (Throwable th7) {
                        th5.addSuppressed(th7);
                    }
                }
                throw th6;
            }
        }
    }

    private byte[] getTSAResponseHttps(byte[] bArr) throws IOException {
        return getTSAResponseHttp(bArr, prepareConnection(true));
    }

    private byte[] getTSAResponseSocket(byte[] bArr) throws IOException {
        Socket socket = new Socket(this.tsaURL.getHost(), this.tsaURL.getPort());
        try {
            socket.setSoTimeout(SOCKET_TIMEOUT);
            byte[] tSAResponseExternalSocket = getTSAResponseExternalSocket(bArr, socket);
            socket.close();
            return tSAResponseExternalSocket;
        } catch (Throwable th2) {
            try {
                throw th2;
            } catch (Throwable th3) {
                try {
                    socket.close();
                } catch (Throwable th4) {
                    th2.addSuppressed(th4);
                }
                throw th3;
            }
        }
    }

    private URLConnection prepareConnection(boolean z10) throws IOException {
        URLConnection openConnection = this.tsaURL.toURL().openConnection();
        openConnection.setDoInput(true);
        openConnection.setDoOutput(true);
        openConnection.setUseCaches(false);
        openConnection.setRequestProperty("Content-Type", "application/timestamp-query");
        openConnection.setRequestProperty("Content-Transfer-Encoding", MimeHelper.DEFAULT_CONTENT_DESCRIPTION);
        if (z10) {
            configureHttpsConnection(openConnection);
        }
        String str = this.tsaUsername;
        if (str != null && !str.isEmpty()) {
            openConnection.setRequestProperty("Authorization", "Basic ".concat(new String(Base64.encode((this.tsaUsername + ":" + this.tsaPassword).getBytes()))));
        }
        return openConnection;
    }

    public byte[] addTimestamp(byte[] bArr, String str, Calendar calendar) throws NoSuchAlgorithmException, AOException, IOException {
        String digestAlgorithmName = AOSignConstants.getDigestAlgorithmName(str);
        try {
            h hVar = new h(m.a(bArr));
            f0 a10 = hVar.a();
            ArrayList arrayList = new ArrayList();
            a10.getClass();
            Iterator it = new ArrayList(a10.f25750a).iterator();
            while (it.hasNext()) {
                e0 e0Var = (e0) it.next();
                j jVar = new j(new ByteArrayInputStream(getTimeStampToken(MessageDigest.getInstance(digestAlgorithmName).digest(ok.a.b(e0Var.f25743c)), digestAlgorithmName, calendar)));
                try {
                    s h10 = jVar.h();
                    jVar.close();
                    bj.a aVar = new bj.a(new n(SIGNATURE_TIMESTAMP_TOKEN_OID), new e1(h10));
                    Hashtable hashtable = new Hashtable();
                    hashtable.put(new n(SIGNATURE_TIMESTAMP_TOKEN_OID), aVar);
                    new Hashtable();
                    Hashtable hashtable2 = new Hashtable();
                    Enumeration keys = hashtable.keys();
                    while (keys.hasMoreElements()) {
                        Object nextElement = keys.nextElement();
                        hashtable2.put(nextElement, hashtable.get(nextElement));
                    }
                    f fVar = new f();
                    Enumeration elements = hashtable2.elements();
                    while (elements.hasMoreElements()) {
                        Object nextElement2 = elements.nextElement();
                        if (nextElement2 instanceof Vector) {
                            Enumeration elements2 = ((Vector) nextElement2).elements();
                            while (elements2.hasMoreElements()) {
                                fVar.a(bj.a.a(elements2.nextElement()));
                            }
                        } else {
                            fVar.a(bj.a.a(nextElement2));
                        }
                    }
                    e1 e1Var = new e1(fVar);
                    z zVar = e0Var.f25746f;
                    arrayList.add(new e0(new z(zVar.f4146b, zVar.f4147c, zVar.f4148d, zVar.f4149e, zVar.f4150f, e1Var), e0Var.f25744d, e0Var.f25742b));
                } finally {
                }
            }
            f0 f0Var = new f0(arrayList);
            h hVar2 = new h(hVar);
            hVar2.f25755d = f0Var;
            f fVar2 = new f();
            f fVar3 = new f();
            Iterator it2 = new ArrayList(f0Var.f25750a).iterator();
            while (it2.hasNext()) {
                e0 e0Var2 = (e0) it2.next();
                HashMap hashMap = xj.j.f25757a;
                tj.a aVar2 = e0Var2.f25747g;
                if (aVar2.f22568b == null) {
                    aVar2 = new tj.a(aVar2.f22567a, w0.f28034a);
                }
                fVar2.a(aVar2);
                fVar3.a(e0Var2.f25746f);
            }
            e1 e1Var2 = new e1(fVar2);
            e1 e1Var3 = new e1(fVar3);
            t tVar = (t) hVar.f25752a.toASN1Primitive();
            f fVar4 = new f();
            fVar4.a(tVar.t(0));
            fVar4.a(e1Var2);
            for (int i10 = 2; i10 != tVar.size() - 1; i10++) {
                fVar4.a(tVar.t(i10));
            }
            fVar4.a(e1Var3);
            x a11 = x.a(new g0(fVar4));
            hVar2.f25752a = a11;
            e eVar = new e(hVar2.f25753b.f4083a, a11);
            hVar2.f25753b = eVar;
            return eVar.getEncoded();
        } catch (Exception e10) {
            throw new IllegalArgumentException(a.e("Los datos de entrada no son un SignedData de CMS: ", e10));
        }
    }

    public byte[] getTimeStampToken(byte[] bArr, String str, Calendar calendar) throws AOException, IOException {
        tj.m mVar;
        d dVar = this.tsqGenerator;
        n nVar = new n(str != null ? AOAlgorithmID.getOID(str) : c0.f22586d.f27999a);
        BigInteger valueOf = BigInteger.valueOf(calendar != null ? calendar.getTimeInMillis() : System.currentTimeMillis());
        dVar.getClass();
        String str2 = nVar.f27999a;
        if (str2 == null) {
            throw new IllegalArgumentException("No digest algorithm specified");
        }
        b bVar = new b(new tj.a(new n(str2), w0.f28034a), bArr);
        y2 y2Var = dVar.f16150c;
        if (((Vector) y2Var.f12897b).isEmpty()) {
            mVar = null;
        } else {
            Vector vector = (Vector) y2Var.f12897b;
            l[] lVarArr = new l[vector.size()];
            for (int i10 = 0; i10 != vector.size(); i10++) {
                lVarArr[i10] = (l) ((Hashtable) y2Var.f12896a).get(vector.elementAt(i10));
            }
            mVar = new tj.m(lVarArr);
        }
        n nVar2 = dVar.f16148a;
        qj.d dVar2 = valueOf != null ? new qj.d(bVar, nVar2, new k(valueOf), dVar.f16149b, mVar) : new qj.d(bVar, nVar2, null, dVar.f16149b, mVar);
        nk.c cVar = new nk.c(dVar2);
        byte[] tSAResponse = getTSAResponse(dVar2.getEncoded());
        try {
            nk.e eVar = new nk.e(tSAResponse);
            try {
                eVar.b(cVar);
                p0 p0Var = eVar.f16151a.f19159a.f682c;
                aj.a aVar = p0Var != null ? new aj.a(p0Var, 0) : null;
                int t10 = aVar != null ? aVar.t() : 0;
                if (t10 != 0) {
                    throw new AOException("Respuesta invalida de la TSA ('" + this.tsaURL + "') con el codigo " + t10);
                }
                nk.f fVar = eVar.f16152b;
                if (fVar != null) {
                    return fVar.f16153a.f25753b.getEncoded();
                }
                throw new AOException("La respuesta de la TSA ('" + this.tsaURL + "') no es un sello de tiempo valido: " + new String(tSAResponse));
            } catch (Exception e10) {
                throw new AOException(a.e("Error validando la respuesta de la TSA: ", e10), e10);
            }
        } catch (Exception e11) {
            LOGGER.severe("Respuesta de la TSA: ".concat(new String(tSAResponse)));
            throw new AOException(a.e("Error obteniendo la respuesta de la TSA: ", e11), e11);
        }
    }
}
