package com.itextpdf.signatures;

import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
import com.itextpdf.commons.bouncycastle.IBouncyCastleFactory;
import com.itextpdf.commons.bouncycastle.asn1.cmp.IPKIFailureInfo;
import com.itextpdf.commons.bouncycastle.tsp.AbstractTSPException;
import com.itextpdf.commons.bouncycastle.tsp.ITimeStampRequest;
import com.itextpdf.commons.bouncycastle.tsp.ITimeStampRequestGenerator;
import com.itextpdf.commons.bouncycastle.tsp.ITimeStampResponse;
import com.itextpdf.commons.bouncycastle.tsp.ITimeStampToken;
import com.itextpdf.commons.bouncycastle.tsp.ITimeStampTokenInfo;
import com.itextpdf.commons.utils.Base64;
import com.itextpdf.commons.utils.SystemUtil;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.signatures.SignUtils;
import com.itextpdf.signatures.exceptions.SignExceptionMessageConstant;
import com.itextpdf.styledxmlparser.resolver.resource.ResourceResolver;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class TSAClientBouncyCastle implements ITSAClient {
    public static final String DEFAULTHASHALGORITHM = "SHA-256";
    public static final int DEFAULTTOKENSIZE = 4096;
    protected String digestAlgorithm;
    protected int tokenSizeEstimate;
    protected ITSAInfoBouncyCastle tsaInfo;
    protected String tsaPassword;
    private String tsaReqPolicy;
    protected String tsaURL;
    protected String tsaUsername;
    private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.getFactory();
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) TSAClientBouncyCastle.class);

    public TSAClientBouncyCastle(String str) {
        this(str, null, null, 4096, "SHA-256");
    }

    public TSAClientBouncyCastle(String str, String str2, String str3) {
        this(str, str2, str3, 4096, "SHA-256");
    }

    public TSAClientBouncyCastle(String str, String str2, String str3, int i, String str4) {
        this.tsaURL = str;
        this.tsaUsername = str2;
        this.tsaPassword = str3;
        this.tokenSizeEstimate = i;
        this.digestAlgorithm = str4;
    }

    @Override // com.itextpdf.signatures.ITSAClient
    public MessageDigest getMessageDigest() throws GeneralSecurityException {
        return SignUtils.getMessageDigest(this.digestAlgorithm);
    }

    public String getTSAReqPolicy() {
        return this.tsaReqPolicy;
    }

    protected byte[] getTSAResponse(byte[] bArr) throws IOException {
        SignUtils.TsaResponse tsaResponseForUserRequest = SignUtils.getTsaResponseForUserRequest(this.tsaURL, bArr, this.tsaUsername, this.tsaPassword);
        InputStream inputStream = tsaResponseForUserRequest.tsaResponseStream;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr2 = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr2, 0, 1024);
            if (read < 0) {
                break;
            }
            byteArrayOutputStream.write(bArr2, 0, read);
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        return (tsaResponseForUserRequest.encoding == null || !tsaResponseForUserRequest.encoding.toLowerCase().equals(ResourceResolver.BASE64_IDENTIFIER.toLowerCase())) ? byteArray : Base64.decode(new String(byteArray, "US-ASCII"));
    }

    @Override // com.itextpdf.signatures.ITSAClient
    public byte[] getTimeStampToken(byte[] bArr) throws IOException, AbstractTSPException {
        IBouncyCastleFactory iBouncyCastleFactory = BOUNCY_CASTLE_FACTORY;
        ITimeStampRequestGenerator createTimeStampRequestGenerator = iBouncyCastleFactory.createTimeStampRequestGenerator();
        createTimeStampRequestGenerator.setCertReq(true);
        String str = this.tsaReqPolicy;
        if (str != null && str.length() > 0) {
            createTimeStampRequestGenerator.setReqPolicy(this.tsaReqPolicy);
        }
        ITimeStampRequest generate = createTimeStampRequestGenerator.generate(iBouncyCastleFactory.createASN1ObjectIdentifier(DigestAlgorithms.getAllowedDigest(this.digestAlgorithm)), bArr, BigInteger.valueOf(SystemUtil.getTimeBasedSeed()));
        ITimeStampResponse createTimeStampResponse = iBouncyCastleFactory.createTimeStampResponse(getTSAResponse(generate.getEncoded()));
        createTimeStampResponse.validate(generate);
        IPKIFailureInfo failInfo = createTimeStampResponse.getFailInfo();
        int intValue = failInfo.isNull() ? 0 : failInfo.intValue();
        if (intValue != 0) {
            throw new PdfException(SignExceptionMessageConstant.INVALID_TSA_RESPONSE).setMessageParams(this.tsaURL, String.valueOf(intValue));
        }
        ITimeStampToken timeStampToken = createTimeStampResponse.getTimeStampToken();
        if (timeStampToken == null) {
            throw new PdfException(SignExceptionMessageConstant.THIS_TSA_FAILED_TO_RETURN_TIME_STAMP_TOKEN).setMessageParams(this.tsaURL, createTimeStampResponse.getStatusString());
        }
        ITimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
        byte[] encoded = timeStampToken.getEncoded();
        LOGGER.info("Timestamp generated: " + timeStampInfo.getGenTime());
        ITSAInfoBouncyCastle iTSAInfoBouncyCastle = this.tsaInfo;
        if (iTSAInfoBouncyCastle != null) {
            iTSAInfoBouncyCastle.inspectTimeStampTokenInfo(timeStampInfo);
        }
        this.tokenSizeEstimate = encoded.length + 32;
        return encoded;
    }

    @Override // com.itextpdf.signatures.ITSAClient
    public int getTokenSizeEstimate() {
        return this.tokenSizeEstimate;
    }

    public void setTSAInfo(ITSAInfoBouncyCastle iTSAInfoBouncyCastle) {
        this.tsaInfo = iTSAInfoBouncyCastle;
    }

    public void setTSAReqPolicy(String str) {
        this.tsaReqPolicy = str;
    }
}
