package com.digt.trusted.tsp;

import com.digt.trusted.asn1.ASN1InputStream;
import com.digt.trusted.asn1.DEREncodableVector;
import com.digt.trusted.asn1.DERObjectIdentifier;
import com.digt.trusted.asn1.DERSet;
import com.digt.trusted.asn1.cms.Attribute;
import com.digt.trusted.asn1.cms.AttributeTable;
import com.digt.trusted.cms.CMSException;
import com.digt.trusted.cms.CMSProcessable;
import com.digt.trusted.cms.CMSSignedData;
import com.digt.trusted.cms.SignerInformation;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.URL;
import java.net.URLConnection;
import java.security.DigestOutputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Random;

/* loaded from: input_file:com/digt/trusted/tsp/TSPHelper.class */
public class TSPHelper {
    private static final String id_aa_ets_contentTimestamp = "1.2.840.113549.1.9.16.2.20";
    private byte[] dataImprint;

    public TSPHelper(CMSProcessable cMSProcessable) throws IOException, GeneralSecurityException, CMSException {
        setDataImprint(cMSProcessable);
    }

    public byte[] getDataImprint() {
        return this.dataImprint;
    }

    public void setDataImprint(CMSProcessable cMSProcessable) throws IOException, GeneralSecurityException, CMSException {
        MessageDigest messageDigest = MessageDigest.getInstance("GOST3411", "DIGT");
        DigestOutputStream digestOutputStream = new DigestOutputStream(new OutputStream() { // from class: com.digt.trusted.tsp.TSPHelper.1
            @Override // java.io.OutputStream
            public void write(int i) {
            }
        }, messageDigest);
        cMSProcessable.write(digestOutputStream);
        digestOutputStream.close();
        this.dataImprint = messageDigest.digest();
    }

    public static void validateCert(TimeStampToken timeStampToken) throws TSPValidationException {
        try {
            timeStampToken.validate((X509Certificate) timeStampToken.getCertificatesAndCRLs("Collection", "DIGT").getCertificates(null).iterator().next(), "DIGT");
        } catch (Exception e) {
            throw new TSPValidationException("Invalid or absent TSA certificate");
        }
    }

    public TimeStampToken getTimeStampLocal(PrivateKey privateKey, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws GeneralSecurityException, TSPException, IOException {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate2, TSPAlgorithms.GOST3411, "1.2");
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate2);
        arrayList.add(x509Certificate);
        timeStampTokenGenerator.setCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "DIGT"));
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(true);
        TimeStampToken timeStampToken = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(timeStampRequestGenerator.generate(TSPAlgorithms.GOST3411, this.dataImprint, BigInteger.valueOf(new Random().nextLong())), new BigInteger("35"), new Date(), "DIGT").getEncoded()).getTimeStampToken();
        validateCert(timeStampToken);
        return timeStampToken;
    }

    public TimeStampToken getTimeStampOnline(String str) throws IOException, TSPException {
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(true);
        TimeStampRequest generate = timeStampRequestGenerator.generate(TSPAlgorithms.GOST3411, this.dataImprint, BigInteger.valueOf(new Random().nextLong()));
        URLConnection openConnection = new URL(str).openConnection();
        openConnection.setDoOutput(true);
        openConnection.addRequestProperty("Content-Type", "application/timestamp-query");
        OutputStream outputStream = openConnection.getOutputStream();
        outputStream.write(generate.getEncoded());
        outputStream.flush();
        TimeStampResponse timeStampResponse = new TimeStampResponse(openConnection.getInputStream());
        TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
        timeStampResponse.validate(generate);
        validateCert(timeStampToken);
        return timeStampToken;
    }

    public static AttributeTable convertToAttr(TimeStampToken timeStampToken) throws IOException {
        Attribute attribute = new Attribute(new DERObjectIdentifier(id_aa_ets_contentTimestamp), new DERSet(new ASN1InputStream(timeStampToken.getEncoded()).readObject()));
        DEREncodableVector dEREncodableVector = new DEREncodableVector();
        dEREncodableVector.add(attribute);
        return new AttributeTable(dEREncodableVector);
    }

    public TimeStampToken verifySigner(SignerInformation signerInformation) throws TSPValidationException {
        try {
            Attribute attribute = signerInformation.getSignedAttributes().get(new DERObjectIdentifier(id_aa_ets_contentTimestamp));
            if (attribute == null) {
                return null;
            }
            TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(attribute.getAttrValues().getObjectAt(0).getDERObject().getEncoded()));
            if (!Arrays.equals(this.dataImprint, timeStampToken.tstInfo.getMessageImprintDigest())) {
                throw new TSPValidationException("Invalid message imprint digest");
            }
            validateCert(timeStampToken);
            return timeStampToken;
        } catch (Exception e) {
            throw new TSPValidationException("Invalid timestamp data");
        }
    }
}
