package cfca.sadk.timestamp.client;

import cfca.sadk.lib.crypto.Session;
import cfca.sadk.org.bouncycastle.asn1.ASN1Boolean;
import cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.DERNull;
import cfca.sadk.org.bouncycastle.asn1.tsp.TimeStampReq;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.Extensions;
import cfca.sadk.org.bouncycastle.crypto.digests.MD5Digest;
import cfca.sadk.org.bouncycastle.crypto.digests.SHA1Digest;
import cfca.sadk.org.bouncycastle.crypto.digests.SHA256Digest;
import cfca.sadk.org.bouncycastle.crypto.digests.SHA512Digest;
import cfca.sadk.org.bouncycastle.crypto.digests.SM3Digest;
import cfca.sadk.timestamp.client.api.Timestamp;
import cfca.sadk.timestamp.client.api.TimestampClient;
import cfca.sadk.timestamp.client.api.TimestampConfig;
import cfca.sadk.timestamp.client.bean.HashAlgorithm;
import cfca.sadk.timestamp.client.bean.MessageImprint;
import cfca.sadk.timestamp.client.bean.TSARequestPolicy;
import cfca.sadk.timestamp.client.conn.HTTPRequester;
import cfca.sadk.timestamp.client.env.DefaultSessionLib;
import cfca.sadk.timestamp.client.logging.TscLogging;
import cfca.sadk.timestamp.client.socket.TscSSLContextManager;
import cfca.sadk.timestamp.client.utils.TscStrings;
import cfca.sadk.timestamp.exception.TSAErrorCode;
import cfca.sadk.timestamp.exception.TSAException;
import cfca.sadk.timestamp.exception.TSAHttpStatusInfoException;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import javax.net.ssl.SSLContext;
import org.apache.http.util.Args;
import org.apache.http.util.TextUtils;

/* loaded from: input_file:cfca/sadk/timestamp/client/StandardTimestampClient.class */
final class StandardTimestampClient implements TimestampClient {
    private static final String HTTP_SCHEMA = "http://";
    private static final int BUFFER_SIZE = 16384;
    private final BusinessTrustCerts trustCerts;
    private HTTPRequester requester;
    private SSLContext timestampSSL;
    private int httpTimeout;
    private Session session;
    final TimestampConfig config;
    private TSARequestPolicy timestampMode = TSARequestPolicy.HTTP_AUTH;
    private boolean requiredNonceOptional = true;
    private boolean requiredCertOptional = true;
    private String httpAuthUsername = null;
    private String httpAuthpassword = null;
    private X509Cert signCert = null;
    private boolean verifyTimestamp = true;
    long[] mIntervals = new long[2];

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: cfca.sadk.timestamp.client.StandardTimestampClient$1, reason: invalid class name */
    /* loaded from: input_file:cfca/sadk/timestamp/client/StandardTimestampClient$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$cfca$sadk$timestamp$client$bean$TSARequestPolicy;
        static final /* synthetic */ int[] $SwitchMap$cfca$sadk$timestamp$client$bean$HashAlgorithm = new int[HashAlgorithm.values().length];

        static {
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$HashAlgorithm[HashAlgorithm.SM3.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$HashAlgorithm[HashAlgorithm.SHA1.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$HashAlgorithm[HashAlgorithm.SHA256.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$HashAlgorithm[HashAlgorithm.SHA512.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$HashAlgorithm[HashAlgorithm.MD5TEST.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$cfca$sadk$timestamp$client$bean$TSARequestPolicy = new int[TSARequestPolicy.values().length];
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$TSARequestPolicy[TSARequestPolicy.SIGN_AUTH.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$TSARequestPolicy[TSARequestPolicy.HTTP_AUTH.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$TSARequestPolicy[TSARequestPolicy.TEST_OID.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public StandardTimestampClient(TimestampConfig timestampConfig, boolean z) throws TSAException {
        TscLogging.SYSTEM_LOGGER.info("TimestampClient instance running...");
        if (timestampConfig == null) {
            TscLogging.ERROR_LOGGER.error("TimestampClient missing parameter@timestampConfig");
            throw new TSAException(TSAErrorCode.timestampClientMissingConfig, "required parameter timestampConfig");
        }
        TscLogging.SYSTEM_LOGGER.info("TimestampClient config {}", timestampConfig);
        try {
            this.trustCerts = new BusinessTrustCerts(timestampConfig.getHttpAuthInfoConf());
            String httpURL = timestampConfig.getCommonConf().getHttpURL();
            if (timestampConfig.getCommonConf().isHttps()) {
                try {
                    this.timestampSSL = TscSSLContextManager.buildTscSSLContextManager(timestampConfig.getSslLayeredConf()).sslContextWithNotExpiredCert();
                } catch (TSAException e) {
                    TscLogging.ERROR_LOGGER.error("TimestampClient@buildTLSContextManager failure: {}", timestampConfig, e);
                    throw e;
                } catch (Exception e2) {
                    TscLogging.ERROR_LOGGER.error("TimestampClient@buildTLSContextManager failure: {}", timestampConfig, e2);
                    throw new TSAException(TSAErrorCode.timestampClientBuildRequestorFailure, "requestor build failure", e2);
                }
            } else {
                this.timestampSSL = null;
            }
            this.httpTimeout = timestampConfig.getHttpTimeout();
            setTimestampHttpAuthInfo(timestampConfig.getHttpAuthInfoConf().getHttpAuthUsername(), timestampConfig.getHttpAuthInfoConf().getHttpAuthPassword());
            if (timestampConfig.getCommonConf().isHttpProxyEnable()) {
                setProxyIfValid(timestampConfig, httpURL);
            } else {
                setTimestampURL(httpURL, this.timestampSSL);
            }
            TscLogging.SYSTEM_LOGGER.info("TimestampClient instance finished");
            this.session = DefaultSessionLib.SESSION;
            this.config = timestampConfig;
        } catch (TSAException e3) {
            TscLogging.ERROR_LOGGER.error("TimestampClient@BusinessTrustCerts failure: {}", timestampConfig, e3);
            throw e3;
        }
    }

    private void setProxyIfValid(TimestampConfig timestampConfig, String str) throws TSAException {
        String httpProxyURL = timestampConfig.getCommonConf().getHttpProxyURL();
        if (!isProxyURLValid(httpProxyURL)) {
            setTimestampURL(str, this.timestampSSL);
        } else {
            setTimestampURL(str, this.timestampSSL, buildProxy(httpProxyURL));
        }
    }

    private Proxy buildProxy(String str) throws TSAException {
        TscLogging.SYSTEM_LOGGER.info("TimestampClient@buildProxy httpProxyURL:{}", str);
        String str2 = str;
        if (!str.startsWith(HTTP_SCHEMA)) {
            str2 = HTTP_SCHEMA + str2;
        }
        try {
            URL url = new URL(str2);
            String host = url.getHost();
            int port = url.getPort();
            if (port <= 0) {
                port = url.getDefaultPort();
            }
            return new Proxy(Proxy.Type.HTTP, new InetSocketAddress(host, port));
        } catch (Exception e) {
            TscLogging.ERROR_LOGGER.error("TimestampClient@buildProxy invalid httpProxyURL: {}", str, e);
            throw new TSAException(TSAErrorCode.timestampClientBuildRequestorFailure, "httpProxyURL with invalid port", e);
        }
    }

    private boolean isProxyURLValid(String str) {
        return !TextUtils.isBlank(str) && str.length() >= 3;
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public void setSignCert(X509Cert x509Cert) {
        this.signCert = x509Cert;
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public BusinessTrustCerts currentBusinessTrustCerts() {
        return this.trustCerts;
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public void setTimestampURL(String str) throws TSAException {
        setTimestampURL(str, this.timestampSSL);
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public void setTimestampURL(String str, SSLContext sSLContext) throws TSAException {
        setTimestampURL(str, sSLContext, null);
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public void setTimestampURL(String str, SSLContext sSLContext, Proxy proxy) throws TSAException {
        HTTPRequester httpInstance;
        try {
            if (!startWithHTTPs(str)) {
                httpInstance = HTTPRequester.getHttpInstance(str);
            } else {
                if (sSLContext == null) {
                    throw new TSAException(TSAErrorCode.serverUrlHTTPSRequireSSLContext, "setTimestampURL required timestampSSL for " + str);
                }
                httpInstance = HTTPRequester.getHttpsInstance(str, sSLContext);
            }
            httpInstance.setUsername(this.httpAuthUsername);
            httpInstance.setPassword(this.httpAuthpassword);
            this.requester = httpInstance;
        } catch (TSAException e) {
            throw e;
        } catch (Exception e2) {
            throw new TSAException(TSAErrorCode.timestampClientBuildRequestorFailure, "requestor build failure", e2);
        }
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public void setTimestampHttpAuthInfo(String str, String str2) {
        this.httpAuthUsername = str;
        this.httpAuthpassword = str2;
        if (this.requester != null) {
            this.requester.setUsername(this.httpAuthUsername);
            this.requester.setPassword(this.httpAuthpassword);
        }
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public void setTimestampMode(TSARequestPolicy tSARequestPolicy) throws TSAException {
        if (tSARequestPolicy == null) {
            TscLogging.ERROR_LOGGER.error("TimestampClient@setTimestameMode missing parameter@timestampConfig");
            throw new TSAException(TSAErrorCode.timestampClientMissingPolicyMode, "required parameter timestampMode");
        }
        this.timestampMode = tSARequestPolicy;
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public void setRequiredNonceOptional(boolean z) {
        this.requiredNonceOptional = z;
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public void setRequiredCertOptional(boolean z) {
        this.requiredCertOptional = z;
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public Timestamp requestTimestamp(HashAlgorithm hashAlgorithm, byte[] bArr) throws TSAException {
        return requestTimestamp(this.httpTimeout, hashAlgorithm, bArr);
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public Timestamp requestTimestamp(HashAlgorithm hashAlgorithm, InputStream inputStream) throws TSAException {
        return requestTimestamp(this.httpTimeout, hashAlgorithm, inputStream);
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public Timestamp requestTimestamp(MessageImprint messageImprint) throws TSAException {
        return requestTimestamp(this.httpTimeout, messageImprint);
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public Timestamp requestTimestamp(int i, HashAlgorithm hashAlgorithm, byte[] bArr) throws TSAException {
        if (hashAlgorithm == null) {
            TscLogging.ERROR_LOGGER.error("TimestampClient@requestTimestamp missing parameter@hashAlgorithm: {}", hashAlgorithm);
            throw new TSAException(TSAErrorCode.timestampClientMissingHashAlgorithm, "required parameter hashAlgorithm");
        }
        if (bArr == null) {
            TscLogging.ERROR_LOGGER.error("TimestampClient@requestTimestamp missing parameter@sourceMessage: {}", hashAlgorithm);
            throw new TSAException(TSAErrorCode.timestampClientMissingSourceMessage, "required parameter sourceMessage");
        }
        try {
            return generateTimestamp(i, buildMessageImprint(hashAlgorithm, bArr, null));
        } catch (TSAException e) {
            TscLogging.ERROR_LOGGER.error("TimestampClient@requestTimestamp buildMessageImprint failure: {}", hashAlgorithm, e);
            throw e;
        }
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public Timestamp requestTimestamp(int i, HashAlgorithm hashAlgorithm, InputStream inputStream) throws TSAException {
        if (hashAlgorithm == null) {
            TscLogging.ERROR_LOGGER.error("TimestampClient@requestTimestamp missing parameter@hashAlgorithm: {}", hashAlgorithm);
            throw new TSAException(TSAErrorCode.timestampClientMissingHashAlgorithm, "required parameter hashAlgorithm");
        }
        if (inputStream == null) {
            TscLogging.ERROR_LOGGER.error("TimestampClient@requestTimestamp missing parameter@sourceInputStream: {}", hashAlgorithm);
            throw new TSAException(TSAErrorCode.timestampClientMissingSourceStream, "required parameter sourceInputStream");
        }
        try {
            return generateTimestamp(i, buildMessageImprint(hashAlgorithm, null, inputStream));
        } catch (TSAException e) {
            TscLogging.ERROR_LOGGER.error("TimestampClient@requestTimestamp buildMessageImprint failure: {}", hashAlgorithm, e);
            throw e;
        }
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public Timestamp requestTimestamp(int i, MessageImprint messageImprint) throws TSAException {
        if (messageImprint == null) {
            TscLogging.ERROR_LOGGER.error("TimestampClient@requestTimestamp missing parameter@messageImprint: {}", messageImprint);
            throw new TSAException(TSAErrorCode.timestampClientMissingMessageImprint, "required parameter messageImprint");
        }
        if (messageImprint.getHashAlgorithm() == null) {
            TscLogging.ERROR_LOGGER.error("TimestampClient@requestTimestamp messageImprint required hashAlgorithm: {}", messageImprint);
            throw new TSAException(TSAErrorCode.timestampClientMessageImprintMissingAlgorithm, "messageImprint required hashAlgorithm");
        }
        if (messageImprint.getHashedMessage() == null) {
            TscLogging.ERROR_LOGGER.error("TimestampClient@requestTimestamp messageImprint required hashedMessage: {}", messageImprint);
            throw new TSAException(TSAErrorCode.timestampClientMessageImprintMissingHashedMessage, "messageImprint required hashedMessage");
        }
        if (messageImprint.getHashedMessage().length == messageImprint.getHashAlgorithm().hashLength) {
            return generateTimestamp(i, messageImprint);
        }
        TscLogging.ERROR_LOGGER.error("TimestampClient@requestTimestamp messageImprint invalid: {}", messageImprint);
        throw new TSAException(TSAErrorCode.timestampClientMessageImprintInvalid, "messageImprint invalid");
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public int ping(byte[] bArr) throws TSAException {
        String randomUUID = TimestampUUID.UUID.randomUUID();
        try {
            return !PingIntervalChecker.INSTANCE.checkPingInterval() ? 408 : this.requester.pingRequest(bArr, this.config.getCommonConf(), this.config.getSslLayeredConf(), randomUUID);
        } catch (TSAHttpStatusInfoException e) {
            TscLogging.ERROR_LOGGER.error("CFCA-TSC-UUID={} TimestampClient@ping sendRequest failure: pingBytes={}", new Object[]{randomUUID, TscStrings.toHexString(bArr), e});
            throw e;
        } catch (TSAException e2) {
            TscLogging.ERROR_LOGGER.error("CFCA-TSC-UUID={} TimestampClient@ping sendRequest failure: pingBytes={}", new Object[]{randomUUID, TscStrings.toHexString(bArr), e2});
            throw e2;
        }
    }

    private final Timestamp generateTimestamp(int i, MessageImprint messageImprint) throws TSAException {
        BigInteger bigInteger;
        String str;
        Args.notNull(messageImprint, "messageImprint");
        long currentTimeMillis = System.currentTimeMillis();
        String randomUUID = TimestampUUID.UUID.randomUUID();
        TscLogging.DEBUG_LOGGER.debug("CFCA-TSC-UUID={} TimestampClient@generateTimestamp running...{}", randomUUID, messageImprint);
        if (this.requester == null) {
            TscLogging.ERROR_LOGGER.error("CFCA-TSC-UUID={} TimestampClient@generateTimestamp requester not setting", randomUUID);
            throw new TSAException(TSAErrorCode.timestampClientRequesterNotSetting, "required requester");
        }
        if (this.requiredNonceOptional) {
            bigInteger = TimestampNonce.randomUUID();
            str = bigInteger.toString(16);
        } else {
            bigInteger = null;
            str = "none";
        }
        try {
            byte[] buildTimestampRequest = buildTimestampRequest(messageImprint, bigInteger);
            if (TscLogging.DEBUG_LOGGER.isDebugEnabled()) {
                TscLogging.DEBUG_LOGGER.debug("CFCA-TSC-UUID={} TimestampClient@generateTimestamp {}, requestBytes: {}", new Object[]{randomUUID, messageImprint, TscStrings.toBase64String(buildTimestampRequest)});
            }
            try {
                byte[] sendRequest = this.requester.sendRequest(buildTimestampRequest, this.config.getCommonConf(), this.config.getSslLayeredConf(), randomUUID);
                if (TscLogging.DEBUG_LOGGER.isDebugEnabled()) {
                    TscLogging.DEBUG_LOGGER.debug("CFCA-TSC-UUID={} TimestampClient@generateTimestamp {}, responseBytes={}", new Object[]{randomUUID, messageImprint, TscStrings.toBase64String(buildTimestampRequest)});
                }
                if (sendRequest == null) {
                    loggingGenerateTimestampFailure(randomUUID, "invalid response", messageImprint, buildTimestampRequest, sendRequest);
                    throw new TSAException(TSAErrorCode.timestampClientResponseFailure, "responseBytes is null");
                }
                try {
                    TSASignedData tSASignedData = new TSASignedData(buildTimestampRequest, sendRequest, this.requiredCertOptional, this.signCert);
                    BigInteger nonce = tSASignedData.getNonce();
                    String bigInteger2 = nonce == null ? null : nonce.toString(16);
                    if (bigInteger != null) {
                        if (nonce == null) {
                            loggingGenerateTimestampFailure(randomUUID, "invalid response without nonce", messageImprint, buildTimestampRequest, sendRequest);
                            throw new TSAException(TSAErrorCode.timestampClientResponseNonceMissing, "TSASignedData@nonce missing");
                        }
                        if (!bigInteger.equals(nonce)) {
                            loggingGenerateTimestampFailure(randomUUID, String.format("response with invalid nonce[%s,%s]", str, bigInteger2), messageImprint, buildTimestampRequest, sendRequest);
                            throw new TSAException(TSAErrorCode.timestampClientResponseNonceInvalid, String.format("TSASignedData@nonce not match with request %s<-->%s", str, bigInteger2));
                        }
                    }
                    String policyID = tSASignedData.getPolicyID();
                    switch (AnonymousClass1.$SwitchMap$cfca$sadk$timestamp$client$bean$TSARequestPolicy[this.timestampMode.ordinal()]) {
                        case TSACertHolder.CERT_TYPE_SM2CERT /* 1 */:
                        case TSACertHolder.CERT_TYPE_RSACERT /* 2 */:
                        case 3:
                            if (policyID == null) {
                                loggingGenerateTimestampFailure(randomUUID, "response without policyId", messageImprint, buildTimestampRequest, sendRequest);
                                throw new TSAException(TSAErrorCode.timestampClientResponseNonceMissing, "TSASignedData@policyId missing");
                            }
                            if (!this.timestampMode.OID.equals(policyID)) {
                                loggingGenerateTimestampFailure(randomUUID, String.format("response without policyId[%s,%s]", this.timestampMode, policyID), messageImprint, buildTimestampRequest, sendRequest);
                                throw new TSAException(TSAErrorCode.timestampClientResponsePolicyIdInvalid, String.format("TSASignedData@policyID not match with request %s<-->%s", this.timestampMode, policyID));
                            }
                            break;
                    }
                    MessageImprint messageImprint2 = tSASignedData.getMessageImprint();
                    if (messageImprint2 == null) {
                        loggingGenerateTimestampFailure(randomUUID, "response without messageImprint", messageImprint, buildTimestampRequest, sendRequest);
                        throw new TSAException(TSAErrorCode.timestampClientResponseMessageImprintMissing, "TSASignedData@messageImprint missing");
                    }
                    if (!messageImprint2.equals(messageImprint)) {
                        loggingGenerateTimestampFailure(randomUUID, String.format("response with invalid messageImprint{%s,%s}", messageImprint, messageImprint2), messageImprint, buildTimestampRequest, sendRequest);
                        throw new TSAException(TSAErrorCode.timestampClientResponseMessageImprintInvalid, "TSASignedData@messageImprint invalid");
                    }
                    boolean z = this.verifyTimestamp && (this.requiredCertOptional || this.signCert != null);
                    long warningThresholdTime = this.config.getWarningThresholdTime();
                    if (z) {
                        long currentTimeMillis2 = System.currentTimeMillis();
                        try {
                            boolean verifySignedData = tSASignedData.verifySignedData(this.trustCerts, this.session);
                            long currentTimeMillis3 = System.currentTimeMillis() - currentTimeMillis2;
                            TscLogging.SYSTEM_LOGGER.info("CFCA-TSC-UUID={} TimestampClient@generateTimestamp verifyTimestamp: result={},verifyTime={} ms", new Object[]{randomUUID, Boolean.valueOf(verifySignedData), Long.valueOf(currentTimeMillis3)});
                            if (currentTimeMillis3 > warningThresholdTime) {
                                TscLogging.ERROR_LOGGER.warn("CFCA-TSC-UUID={} TimestampClient@generateTimestamp verifyTimestamp: result={},verifyTime={} ms", new Object[]{randomUUID, Boolean.valueOf(verifySignedData), Long.valueOf(currentTimeMillis3)});
                            }
                            if (!verifySignedData) {
                                loggingGenerateTimestampFailure(randomUUID, "response with invalid signedDataOrSignedCert", messageImprint, buildTimestampRequest, sendRequest);
                                throw new TSAException(TSAErrorCode.timestampClientResponseSignedDataOrSignedCertInvalid, "TSASignedData@signedData/signedCert invalid");
                            }
                        } catch (TSAException e) {
                            loggingGenerateTimestampFailure(randomUUID, "check signedData/signedCert failure", messageImprint, buildTimestampRequest, sendRequest);
                            throw e;
                        }
                    }
                    Timestamp timeStamp = tSASignedData.getTimeStamp();
                    long currentTimeMillis4 = System.currentTimeMillis() - currentTimeMillis;
                    TscLogging.SYSTEM_LOGGER.info("CFCA-TSC-UUID={} TimestampClient@requestTimestamp totalTime={} ms", randomUUID, Long.valueOf(currentTimeMillis4));
                    if (currentTimeMillis4 > warningThresholdTime) {
                        TscLogging.ERROR_LOGGER.warn("CFCA-TSC-UUID={} TimestampClient@requestTimestamp totalTime={} ms", randomUUID, Long.valueOf(currentTimeMillis4));
                    }
                    return timeStamp;
                } catch (TSAException e2) {
                    loggingGenerateTimestampFailure(randomUUID, "invalid response-signedData", messageImprint, buildTimestampRequest, sendRequest);
                    throw e2;
                }
            } catch (TSAHttpStatusInfoException e3) {
                loggingGenerateTimestampFailure(randomUUID, "endRequest failure", messageImprint, buildTimestampRequest, null);
                throw e3;
            } catch (TSAException e4) {
                loggingGenerateTimestampFailure(randomUUID, "endRequest failure", messageImprint, buildTimestampRequest, null);
                throw e4;
            }
        } catch (TSAException e5) {
            TscLogging.ERROR_LOGGER.error("CFCA-TSC-UUID={} TimestampClient@generateTimestamp buildTimestampRequest failure: {}", new Object[]{randomUUID, messageImprint, e5});
            throw e5;
        }
    }

    private final void loggingGenerateTimestampFailure(String str, String str2, MessageImprint messageImprint, byte[] bArr, byte[] bArr2) {
        String base64String = TscStrings.toBase64String(bArr);
        if (bArr2 == null) {
            TscLogging.ERROR_LOGGER.error("CFCA-TSC-UUID={} TimestampClient@generateTimestamp {}: {},requestBytes={}", new Object[]{str, str2, messageImprint, base64String});
        } else {
            TscLogging.ERROR_LOGGER.error("CFCA-TSC-UUID={} TimestampClient@generateTimestamp {}: {}, requestBytes={}, responseBytes={}", new Object[]{str, str2, messageImprint, base64String, TscStrings.toBase64String(bArr2)});
        }
    }

    private final byte[] buildTimestampRequest(MessageImprint messageImprint, BigInteger bigInteger) throws TSAException {
        ASN1Integer aSN1Integer;
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        if (bigInteger == null) {
            aSN1Integer = null;
        } else {
            try {
                aSN1Integer = new ASN1Integer(bigInteger);
            } catch (IOException e) {
                throw new TSAException(TSAErrorCode.timestampClientRequestMessageBuildFailure, String.format("nonce=%s %s", bigInteger, messageImprint), e);
            } catch (Exception e2) {
                throw new TSAException(TSAErrorCode.timestampClientRequestMessageBuildFailure, String.format("nonce=%s %s", bigInteger, messageImprint), e2);
            }
        }
        ASN1Integer aSN1Integer2 = aSN1Integer;
        ASN1Boolean aSN1Boolean = ASN1Boolean.getInstance(this.requiredCertOptional);
        cfca.sadk.org.bouncycastle.asn1.tsp.MessageImprint messageImprint2 = new cfca.sadk.org.bouncycastle.asn1.tsp.MessageImprint(new AlgorithmIdentifier(new ASN1ObjectIdentifier(messageImprint.getHashAlgorithm().oid), DERNull.INSTANCE), messageImprint.getHashedMessage());
        switch (AnonymousClass1.$SwitchMap$cfca$sadk$timestamp$client$bean$TSARequestPolicy[this.timestampMode.ordinal()]) {
            case TSACertHolder.CERT_TYPE_SM2CERT /* 1 */:
            case TSACertHolder.CERT_TYPE_RSACERT /* 2 */:
            case 3:
                aSN1ObjectIdentifier = new ASN1ObjectIdentifier(this.timestampMode.OID);
                break;
            default:
                aSN1ObjectIdentifier = null;
                break;
        }
        return new TimeStampReq(messageImprint2, aSN1ObjectIdentifier, aSN1Integer2, aSN1Boolean, (Extensions) null).getEncoded();
    }

    private final MessageImprint buildMessageImprint(HashAlgorithm hashAlgorithm, byte[] bArr, InputStream inputStream) throws TSAException {
        SM3Digest mD5Digest;
        long currentTimeMillis = System.currentTimeMillis();
        switch (AnonymousClass1.$SwitchMap$cfca$sadk$timestamp$client$bean$HashAlgorithm[hashAlgorithm.ordinal()]) {
            case TSACertHolder.CERT_TYPE_SM2CERT /* 1 */:
                mD5Digest = new SM3Digest();
                break;
            case TSACertHolder.CERT_TYPE_RSACERT /* 2 */:
                mD5Digest = new SHA1Digest();
                break;
            case 3:
                mD5Digest = new SHA256Digest();
                break;
            case 4:
                mD5Digest = new SHA512Digest();
                break;
            case 5:
                mD5Digest = new MD5Digest();
                break;
            default:
                throw new TSAException(TSAErrorCode.timestampClientMessageImprintInvalidHashAlgorithm, "hashAlgorithm invalid: " + hashAlgorithm);
        }
        String algorithmName = mD5Digest.getAlgorithmName();
        int i = 0;
        if (bArr != null) {
            mD5Digest.update(bArr, 0, bArr.length);
            i = bArr.length;
        } else {
            if (inputStream == null) {
                throw new TSAException(TSAErrorCode.timestampClientMessageImprintMissingSourceData, "sourceMessage/sourceStream missing");
            }
            try {
                byte[] bArr2 = new byte[BUFFER_SIZE];
                while (true) {
                    int read = inputStream.read(bArr2);
                    if (read > 0) {
                        mD5Digest.update(bArr2, 0, read);
                        i += read;
                    }
                }
            } catch (Exception e) {
                throw new TSAException(TSAErrorCode.timestampClientMessageImprintBuildFailure, "hash update failure: " + hashAlgorithm, e);
            }
        }
        byte[] bArr3 = new byte[mD5Digest.getDigestSize()];
        try {
            mD5Digest.doFinal(bArr3, 0);
            MessageImprint messageImprint = new MessageImprint(hashAlgorithm, bArr3);
            TscLogging.SYSTEM_LOGGER.info("buildMessageImprint: hashTime={} ms, algorithmName={},hashDataLength={}", new Object[]{Long.valueOf(System.currentTimeMillis() - currentTimeMillis), algorithmName, Integer.valueOf(i)});
            return messageImprint;
        } catch (Exception e2) {
            throw new TSAException(TSAErrorCode.timestampClientMessageImprintBuildFailure, "doFinal failure: " + hashAlgorithm, e2);
        }
    }

    private final boolean startWithHTTPs(String str) {
        return str != null && str.trim().toLowerCase().startsWith("https://");
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public void setSession(Session session) {
        this.session = session == null ? DefaultSessionLib.SESSION : session;
    }

    @Override // cfca.sadk.timestamp.client.api.TimestampClient
    public void setTimestampVerify(boolean z) {
        this.verifyTimestamp = z;
    }
}
