package cfca.sadk.timestamp.client;

import cfca.sadk.lib.crypto.Session;
import cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.DERBitString;
import cfca.sadk.org.bouncycastle.asn1.cmp.PKIFreeText;
import cfca.sadk.org.bouncycastle.asn1.cmp.PKIStatusInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.Attribute;
import cfca.sadk.org.bouncycastle.asn1.cms.AttributeTable;
import cfca.sadk.org.bouncycastle.asn1.cms.ContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.Time;
import cfca.sadk.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import cfca.sadk.org.bouncycastle.asn1.tsp.TimeStampResp;
import cfca.sadk.org.bouncycastle.cert.X509CertificateHolder;
import cfca.sadk.org.bouncycastle.cms.CMSException;
import cfca.sadk.org.bouncycastle.cms.CMSSignedData;
import cfca.sadk.org.bouncycastle.tsp.TSPException;
import cfca.sadk.org.bouncycastle.tsp.TSPValidationException;
import cfca.sadk.org.bouncycastle.tsp.TimeStampToken;
import cfca.sadk.org.bouncycastle.tsp.TimeStampTokenInfo;
import cfca.sadk.timestamp.client.api.Timestamp;
import cfca.sadk.timestamp.client.bean.HashAlgorithm;
import cfca.sadk.timestamp.client.bean.MessageImprint;
import cfca.sadk.timestamp.client.bean.PKIFailureInfo;
import cfca.sadk.timestamp.client.bean.PKIStatus;
import cfca.sadk.timestamp.client.bean.TSTAccuracy;
import cfca.sadk.timestamp.client.bean.TSTInfo;
import cfca.sadk.timestamp.client.env.DefaultSessionLib;
import cfca.sadk.timestamp.client.logging.TscLogging;
import cfca.sadk.timestamp.client.utils.TscStrings;
import cfca.sadk.timestamp.exception.TSAErrorCode;
import cfca.sadk.timestamp.exception.TSAException;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import org.apache.http.util.Args;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:cfca/sadk/timestamp/client/TSASignedData.class */
public final class TSASignedData {
    final TSACertHolder holder;
    final TimeStampToken timeStampToken;
    final Timestamp timestamp;
    final boolean requiredCertOptional;
    final X509Cert signCert;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: cfca.sadk.timestamp.client.TSASignedData$1, reason: invalid class name */
    /* loaded from: input_file:cfca/sadk/timestamp/client/TSASignedData$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$cfca$sadk$timestamp$client$bean$PKIStatus = new int[PKIStatus.values().length];

        static {
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$PKIStatus[PKIStatus.granted.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$PKIStatus[PKIStatus.grantedWithMods.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$PKIStatus[PKIStatus.rejection.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$PKIStatus[PKIStatus.waiting.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$PKIStatus[PKIStatus.revocationWarning.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$cfca$sadk$timestamp$client$bean$PKIStatus[PKIStatus.revocationNotification.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    public TSASignedData(byte[] bArr, byte[] bArr2, boolean z, X509Cert x509Cert) throws TSAException {
        String[] freeTexts;
        if (bArr2 == null) {
            throw new TSAException(TSAErrorCode.timestampTSASignedDataInvalid, "timestamp timestampResponseBytes is null");
        }
        this.requiredCertOptional = z;
        this.signCert = x509Cert;
        try {
            TimeStampResp timeStampResp = TimeStampResp.getInstance(bArr2);
            if (timeStampResp == null) {
                if (TscLogging.ERROR_LOGGER.isErrorEnabled()) {
                    TscLogging.ERROR_LOGGER.error("decoded return timestampResp = null, timestampRequestBytes={}", TscStrings.toHexString(bArr));
                }
                throw new TSAException(TSAErrorCode.timestampTSASignedDataInvalid, "timestamp timestampResponseBytes invalid");
            }
            PKIStatusInfo status = timeStampResp.getStatus();
            if (status == null) {
                throw new TSAException(TSAErrorCode.timestampTSASignedDataMissingStatusInfo, "required statusInfo");
            }
            ContentInfo timeStampToken = timeStampResp.getTimeStampToken();
            boolean z2 = timeStampToken != null;
            cfca.sadk.timestamp.client.bean.PKIStatusInfo buildStatusInfoFrom = buildStatusInfoFrom(status, z2);
            if (buildStatusInfoFrom.getStatus() != PKIStatus.granted && buildStatusInfoFrom.getStatus() != PKIStatus.grantedWithMods) {
                StringBuilder sb = new StringBuilder();
                sb.append(buildStatusInfoFrom.getStatus());
                sb.append(": ");
                if (buildStatusInfoFrom.getFreeText() != null && (freeTexts = buildStatusInfoFrom.getFreeText().getFreeTexts()) != null && freeTexts.length != 0) {
                    for (String str : freeTexts) {
                        sb.append(" ");
                        sb.append(str);
                    }
                }
                sb.append(" #failure: ");
                int failInfo = buildStatusInfoFrom.getFailInfo();
                PKIFailureInfo find = PKIFailureInfo.find(failInfo);
                if (find == null) {
                    sb.append("0x" + Integer.toHexString(failInfo));
                } else {
                    sb.append(find);
                }
                throw new TSAException(TSAErrorCode.timestampClientResponseFailure, sb.toString());
            }
            if (!z2) {
                throw new TSAException(TSAErrorCode.timestampTSASignedDataMissingTimeStampToken, "timeStampToken MUST be present");
            }
            try {
                try {
                    TimeStampToken timeStampToken2 = new TimeStampToken(new CMSSignedData(timeStampToken));
                    TSTInfo buildTSTInfoFrom = buildTSTInfoFrom(timeStampToken2);
                    TSACertHolder fetchSignedCertFrom = fetchSignedCertFrom(timeStampToken2, z);
                    this.timestamp = new Timestamp(buildStatusInfoFrom, buildTSTInfoFrom, buildSignedTimeFrom(timeStampToken2), fetchSignedCertFrom == null ? null : fetchSignedCertFrom.getX509Cert(), buildTSTInfoFrom.getMessageImprint(), bArr, bArr2, timeStampToken);
                    this.timeStampToken = timeStampToken2;
                    this.holder = fetchSignedCertFrom;
                } catch (TSPException e) {
                    throw new TSAException(TSAErrorCode.timeStampTokenFailureWithTSAException, e.getMessage(), (Throwable) e);
                } catch (IOException e2) {
                    throw new TSAException(TSAErrorCode.timeStampTokenFailureWithIOException, e2.getMessage(), e2);
                } catch (IllegalArgumentException e3) {
                    throw new TSAException(TSAErrorCode.timeStampTokenFailureWithIllegalArgumentException, e3.getMessage(), e3);
                } catch (Exception e4) {
                    throw new TSAException(TSAErrorCode.timeStampTokenFailureWithException, e4.getMessage(), e4);
                } catch (TSPValidationException e5) {
                    throw new TSAException(TSAErrorCode.timeStampTokenValidationFailure, e5.getMessage(), (Throwable) e5);
                }
            } catch (CMSException e6) {
                throw new TSAException(TSAErrorCode.timestampTSASignedDataInvalidContentInfo, "invalid tokenContentInfo", (Throwable) e6);
            }
        } catch (Exception e7) {
            throw new TSAException(TSAErrorCode.timestampTSASignedDataInvalid, "timestamp TSASignedData decode failure", e7);
        }
    }

    private final cfca.sadk.timestamp.client.bean.PKIStatusInfo buildStatusInfoFrom(PKIStatusInfo pKIStatusInfo, boolean z) throws TSAException {
        String[] strArr;
        int i;
        Args.notNull(pKIStatusInfo, "statusInfo");
        if (pKIStatusInfo.getStatus() == null) {
            throw new TSAException(TSAErrorCode.timestampTSASignedDataMissingStatusCode, "required statusCode");
        }
        PKIStatus find = PKIStatus.find(pKIStatusInfo.getStatus().intValue());
        if (find == null) {
            throw new TSAException(TSAErrorCode.timestampTSASignedDataUnknownStatusCode, "invalid statusCode=" + pKIStatusInfo.getStatus());
        }
        switch (AnonymousClass1.$SwitchMap$cfca$sadk$timestamp$client$bean$PKIStatus[find.ordinal()]) {
            case TSACertHolder.CERT_TYPE_SM2CERT /* 1 */:
            case TSACertHolder.CERT_TYPE_RSACERT /* 2 */:
            case 3:
            case 4:
            case 5:
            case 6:
                if (find == PKIStatus.granted || find == PKIStatus.grantedWithMods) {
                    if (!z) {
                        throw new TSAException(TSAErrorCode.timestampTSASignedDataMissingTimeStampToken, "timeStampToken MUST be present");
                    }
                    strArr = null;
                    i = 0;
                } else {
                    if (z) {
                        throw new TSAException(TSAErrorCode.timestampTSASignedDataContainTimeStampToken, "timeStampToken MUST NOT be present");
                    }
                    DERBitString failInfo = pKIStatusInfo.getFailInfo();
                    if (failInfo == null) {
                        throw new TSAException(TSAErrorCode.timestampTSASignedDataMissingFailInfo, "requred failInfo");
                    }
                    byte[] bytes = failInfo.getBytes();
                    if (isFailInfoValid(bytes)) {
                        throw new TSAException(TSAErrorCode.timestampTSASignedDataInvalidFailInfo, "invalid failInfo=0x" + ((bytes == null || bytes.length == 0) ? "" : "0x" + TscStrings.toHexString(bytes)));
                    }
                    int intValue = failInfo.intValue();
                    PKIFailureInfo find2 = PKIFailureInfo.find(intValue);
                    if (find2 == null) {
                        StringBuilder sb = new StringBuilder();
                        sb.append("failure=0x" + Integer.toHexString(intValue));
                        sb.append(",data=0x" + TscStrings.toHexString(bytes));
                        throw new TSAException(TSAErrorCode.timestampTSASignedDataInvalidFailInfo, "These are the only values of PKIFailureInfo that SHALL be supported, " + sb.toString());
                    }
                    try {
                        PKIFreeText statusString = pKIStatusInfo.getStatusString();
                        if (statusString != null) {
                            strArr = new String[statusString.size()];
                            for (int i2 = 0; i2 < strArr.length; i2++) {
                                strArr[i2] = statusString.getStringAt(i2).getString();
                            }
                        } else {
                            strArr = null;
                        }
                        i = find2.value;
                    } catch (Exception e) {
                        throw new TSAException(TSAErrorCode.timestampTSASignedDataPKIFreeTextFailure, "PKIFreeText fetch failure", e);
                    }
                }
                return new cfca.sadk.timestamp.client.bean.PKIStatusInfo(find.no, strArr, i);
            default:
                throw new TSAException(TSAErrorCode.timestampTSASignedDataUnknownStatusCode, "invalid statusCode=" + pKIStatusInfo.getStatus());
        }
    }

    private boolean isFailInfoValid(byte[] bArr) {
        return bArr == null || bArr.length == 0 || bArr.length > 4;
    }

    private final TSTInfo buildTSTInfoFrom(TimeStampToken timeStampToken) throws TSAException {
        TSTAccuracy tSTAccuracy;
        Args.notNull(timeStampToken, "timeStampToken");
        TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
        if (timeStampInfo.getMessageImprintAlgOID() == null) {
            throw new TSAException(TSAErrorCode.timeStampTokenInfoMissingHashAlgorithm, "required hashAlgorithmOID");
        }
        HashAlgorithm findHashAlgorithm = HashAlgorithm.findHashAlgorithm(timeStampInfo.getMessageImprintAlgOID().getId());
        if (findHashAlgorithm == null) {
            throw new TSAException(TSAErrorCode.timeStampTokenInfoInvalidHashAlgorithm, timeStampInfo.getMessageImprintAlgOID().getId());
        }
        if (timeStampInfo.getMessageImprintDigest() == null) {
            throw new TSAException(TSAErrorCode.timeStampTokenInfoMissingHashedMessage, "required hashedMessage");
        }
        if (timeStampInfo.getMessageImprintDigest().length != findHashAlgorithm.hashLength) {
            throw new TSAException(TSAErrorCode.timeStampTokenInfoInvalidHashedMessage, "required hashedMessage length=" + findHashAlgorithm.hashLength);
        }
        MessageImprint messageImprint = new MessageImprint(findHashAlgorithm, timeStampInfo.getMessageImprintDigest());
        if (timeStampInfo.getAccuracy() == null) {
            tSTAccuracy = null;
        } else {
            try {
                ASN1Integer seconds = timeStampInfo.getAccuracy().getSeconds();
                ASN1Integer millis = timeStampInfo.getAccuracy().getMillis();
                ASN1Integer micros = timeStampInfo.getAccuracy().getMicros();
                tSTAccuracy = new TSTAccuracy(seconds == null ? 0 : seconds.getValue().intValue(), millis == null ? 0 : millis.getValue().intValue(), micros == null ? 0 : micros.getValue().intValue());
            } catch (Exception e) {
                throw new TSAException(TSAErrorCode.timeStampTokenInfoAccuracyFetchFailure, "accuracy fetch failure", e);
            }
        }
        try {
            byte[] encoded = timeStampInfo.toASN1Structure().getExtensions() == null ? null : timeStampInfo.toASN1Structure().getExtensions().getEncoded();
            try {
                try {
                    try {
                        try {
                            try {
                                return new TSTInfo(timeStampInfo.toASN1Structure().getVersion().getValue().intValue(), timeStampInfo.getPolicy() == null ? null : timeStampInfo.getPolicy().getId(), messageImprint, timeStampInfo.getSerialNumber(), timeStampInfo.getGenTime(), tSTAccuracy, timeStampInfo.isOrdered(), timeStampInfo.getNonce() == null ? null : timeStampInfo.getNonce(), timeStampInfo.getTsa() == null ? null : timeStampInfo.getTsa().toString(), encoded);
                            } catch (Exception e2) {
                                throw new TSAException(TSAErrorCode.timeStampTokenInfoVersionFetchFailure, "version fetch failure", e2);
                            }
                        } catch (Exception e3) {
                            throw new TSAException(TSAErrorCode.timeStampTokenInfoTsaNameFetchFailure, "tsaName fetch failure", e3);
                        }
                    } catch (Exception e4) {
                        throw new TSAException(TSAErrorCode.timeStampTokenInfoPolicyFetchFailure, "serialNumber fetch failure", e4);
                    }
                } catch (Exception e5) {
                    throw new TSAException(TSAErrorCode.timeStampTokenInfoPolicyFetchFailure, "policy fetch failure", e5);
                }
            } catch (Exception e6) {
                throw new TSAException(TSAErrorCode.timeStampTokenInfoNonceFetchFailure, "nonce fetch failure", e6);
            }
        } catch (Exception e7) {
            throw new TSAException(TSAErrorCode.timeStampTokenInfoExtensionsFetchFailure, "extensions fetch failure", e7);
        }
    }

    private final TSACertHolder fetchSignedCertFrom(TimeStampToken timeStampToken, boolean z) throws TSAException {
        Args.notNull(timeStampToken, "timeStampToken");
        try {
            Collection matches = timeStampToken.getCertificates().getMatches(timeStampToken.getSID());
            if (matches.size() > 1) {
                throw new TSAException(TSAErrorCode.timeStampTokenSignedCertMoreThanOne, "signedCert more than one");
            }
            Iterator it = matches.iterator();
            TSACertHolder tSACertHolder = null;
            while (it.hasNext()) {
                try {
                    tSACertHolder = TSACertHolder.from((X509CertificateHolder) it.next());
                } catch (Exception e) {
                    throw new TSAException(TSAErrorCode.timeStampTokenSignedCertFetchFailure, "signedCert fetch failure: " + e.getMessage(), e);
                }
            }
            if (z && tSACertHolder == null && this.holder == null) {
                throw new TSAException(TSAErrorCode.timeStampTokenSignedCertMissing, "signedCert missing");
            }
            if (tSACertHolder == null && this.holder != null) {
                tSACertHolder = this.holder;
            }
            return tSACertHolder;
        } catch (Exception e2) {
            throw new TSAException(TSAErrorCode.timeStampTokenSignedCertFetchFailure, "signedCert fetch failure: " + e2.getMessage(), e2);
        }
    }

    final X509Cert buildSignedCertFrom(X509CertificateHolder x509CertificateHolder) throws TSAException {
        if (x509CertificateHolder == null) {
            throw new TSAException(TSAErrorCode.timeStampTokenSignedCertMissing, "signedCert missing");
        }
        try {
            try {
                return new X509Cert(x509CertificateHolder.getEncoded());
            } catch (Exception e) {
                throw new TSAException(TSAErrorCode.timeStampTokenSignedCertConvertToX509CertFailure, "signedCert convert to X509Cert failure: " + e.getMessage(), e);
            }
        } catch (Exception e2) {
            throw new TSAException(TSAErrorCode.timeStampTokenSignedCertFetchCertBytesFailure, "signedCert fetch certBytes: " + e2.getMessage(), e2);
        }
    }

    private final Date buildSignedTimeFrom(TimeStampToken timeStampToken) throws TSAException {
        Args.notNull(timeStampToken, "timeStampToken");
        AttributeTable signedAttributes = timeStampToken.getSignedAttributes();
        if (signedAttributes == null) {
            throw new TSAException(TSAErrorCode.timeStampTokenSignedTimeMissing, "required signedAttributes");
        }
        Attribute attribute = signedAttributes.get(PKCSObjectIdentifiers.pkcs_9_at_signingTime);
        if (attribute == null) {
            throw new TSAException(TSAErrorCode.timeStampTokenSignedTimeMissing, "required signing-time attribute value");
        }
        ASN1Set attrValues = attribute.getAttrValues();
        if (attrValues == null) {
            throw new TSAException(TSAErrorCode.timeStampTokenSignedTimeMissing, "required vaild signing-time attribute value");
        }
        if (attrValues.size() != 1) {
            throw new TSAException(TSAErrorCode.timeStampTokenSignedTimeRequiredSingle, "required vaild signing-time attribute value");
        }
        try {
            return Time.getInstance(attrValues.getObjectAt(0)).getDate();
        } catch (Exception e) {
            throw new TSAException(TSAErrorCode.timeStampTokenSignedTimeInvalidStructure, "signing-time attribute value not a valid 'Time' structure");
        }
    }

    final boolean verifySignedData(BusinessTrustCerts businessTrustCerts) throws TSAException {
        return verifySignedData(businessTrustCerts, DefaultSessionLib.SESSION);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean verifySignedData(BusinessTrustCerts businessTrustCerts, Session session) throws TSAException {
        boolean z = false;
        TSACertHolder tSACertHolder = null;
        if (this.holder != null || this.signCert != null) {
            try {
                tSACertHolder = this.requiredCertOptional ? TSACertHolder.from(this.holder) : this.signCert != null ? TSACertHolder.from(this.signCert) : TSACertHolder.from(this.holder);
                this.timeStampToken.validate(TSASignerInformationVerifier.buildSignerInformationVerifier(tSACertHolder, session));
                z = true;
            } catch (TSPException e) {
                throw new TSAException(TSAErrorCode.timeStampTokenSignedDataInvalidSignature, "invalid signature@TSPException: " + e.getMessage(), (Throwable) e);
            } catch (TSPValidationException e2) {
                throw new TSAException(TSAErrorCode.timeStampTokenSignedDataInvalidSignature, "invalid signature@TSPValidationException: " + e2.getMessage(), (Throwable) e2);
            } catch (Exception e3) {
                throw new TSAException(TSAErrorCode.timeStampTokenSignedDataInvalidSignature, "invalid signature@Exception: " + e3.getMessage(), e3);
            }
        }
        if (z && businessTrustCerts != null && tSACertHolder != null) {
            X509Cert x509Cert = tSACertHolder.getX509Cert();
            if (!businessTrustCerts.verifyCertSignature(x509Cert)) {
                throw new TSAException(TSAErrorCode.timeStampTokenSignedCertInvalidSignature, "invalid signature: ");
            }
            if (!businessTrustCerts.verifyCertValidate(x509Cert, true)) {
                throw new TSAException(TSAErrorCode.timeStampTokenSignedCertInvalidValidate, "invalid signature: ");
            }
            if (businessTrustCerts.isRevoke(x509Cert)) {
                throw new TSAException(TSAErrorCode.timeStampTokenSignedCertIsRevoked, "invalid signature: ");
            }
        }
        return z;
    }

    final byte[] getSourceData() throws TSAException {
        byte[] bArr = null;
        if (this.timeStampToken != null && this.timeStampToken.getTimeStampInfo() != null) {
            try {
                bArr = this.timeStampToken.getTimeStampInfo().getEncoded();
            } catch (IOException e) {
                throw new TSAException(TSAErrorCode.timeStampTokenSourceDataFetchFailure, e.getMessage(), e);
            } catch (Exception e2) {
                throw new TSAException(TSAErrorCode.timeStampTokenSourceDataFetchFailure, e2.getMessage(), e2);
            }
        }
        return bArr;
    }

    final X509Cert getSignedCert() {
        X509Cert x509Cert = null;
        if (this.timestamp != null && this.timestamp.getTimestampCert() != null) {
            x509Cert = this.timestamp.getTimestampCert();
        }
        return x509Cert;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final MessageImprint getMessageImprint() {
        MessageImprint messageImprint = null;
        if (this.timestamp != null) {
            messageImprint = this.timestamp.getMessageImprint();
        }
        return messageImprint;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final BigInteger getNonce() {
        BigInteger bigInteger = null;
        if (this.timestamp != null && this.timestamp.getTstInfo() != null) {
            bigInteger = this.timestamp.getTstInfo().getNonce();
        }
        return bigInteger;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String getPolicyID() {
        String str = null;
        if (this.timestamp != null && this.timestamp.getTstInfo() != null) {
            str = this.timestamp.getTstInfo().getPolicyId();
        }
        return str;
    }

    final Date getGenTime() {
        Date date = null;
        if (this.timeStampToken != null && this.timeStampToken.getTimeStampInfo() != null) {
            date = this.timeStampToken.getTimeStampInfo().getGenTime();
        }
        return date;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Timestamp getTimeStamp() {
        return this.timestamp;
    }
}
