package com.sg.openews.api.tsp;

import com.kica.security.asn1.ASN1EncodableVector;
import com.kica.security.asn1.ASN1InputStream;
import com.kica.security.asn1.DEROctetString;
import com.kica.security.asn1.DERSequence;
import com.kica.security.asn1.cms.CMSObjectIdentifiers;
import com.kica.security.asn1.cms.ContentInfo;
import com.sg.openews.api.crypto.SGMessageDigest;
import com.sg.openews.api.exception.SGCryptoException;
import com.sg.openews.api.exception.SGPkcs7Exception;
import com.sg.openews.api.key.SGCertificate;
import com.sg.openews.api.key.SGPrivateKey;
import com.sg.openews.api.pkcs7.SGSignedDataGenerator;
import com.sg.openews.common.util.ByteUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Random;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes7.dex */
public class SGTimeStampClient {
    public static final int ANONYMOUS = 0;
    public static final int CERT = 2;
    public static final int IDPW = 1;
    public String account;
    public int authType;
    public SGMessageDigest digester;
    public String hashAlgorithm;
    public String password;
    public byte[] digestData = null;
    public SGCertificate signCert = null;
    public SGPrivateKey signKey = null;

    public SGTimeStampClient(String str) throws SGCryptoException {
        this.hashAlgorithm = str;
        this.digester = new SGMessageDigest(this.hashAlgorithm);
    }

    private List decodeKeys(byte[] bArr) throws IOException {
        Enumeration objects = DERSequence.getInstance(new ASN1InputStream(bArr).readObject()).getObjects();
        ArrayList arrayList = new ArrayList();
        while (objects.hasMoreElements()) {
            arrayList.add(DEROctetString.getInstance(objects.nextElement()).getOctets());
        }
        return arrayList;
    }

    private byte[] encodeKeys(List list) throws IOException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i = 0; i < list.size(); i++) {
            aSN1EncodableVector.add(new DEROctetString((byte[]) list.get(i)));
        }
        return new DERSequence(aSN1EncodableVector).getEncoded();
    }

    public int getNonce() {
        byte[] bArr = new byte[4];
        new Random().nextBytes(bArr);
        return Math.abs(ByteUtils.bytesToInt(bArr));
    }

    public SGTimeStampToken getTimeStampToken(String str) throws IOException, TSPException, SGPkcs7Exception, SGCryptoException, CertificateExpiredException, CertificateNotYetValidException, NoSuchProviderException {
        return getTimeStampToken(str, 10000);
    }

    public SGTimeStampToken getTimeStampToken(String str, int i) throws IOException, TSPException, CertificateExpiredException, CertificateNotYetValidException, NoSuchProviderException {
        TimeStampRequest generate;
        byte[] encoded;
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(true);
        int i2 = this.authType;
        if (i2 == 0) {
            generate = timeStampRequestGenerator.generate(TSPAlgorithms.SHA256, this.digestData, BigInteger.valueOf(getNonce()));
            encoded = new ContentInfo(CMSObjectIdentifiers.data, new DEROctetString(generate.getEncoded())).getEncoded();
        } else if (i2 == 1) {
            generate = timeStampRequestGenerator.generate(TSPAlgorithms.SHA256, this.digestData, BigInteger.valueOf(getNonce()));
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(this.password.getBytes(), "HMACSHA256");
                Mac mac = Mac.getInstance("HMACSHA256");
                mac.init(secretKeySpec);
                mac.update(this.account.getBytes());
                byte[] doFinal = mac.doFinal();
                ArrayList arrayList = new ArrayList();
                arrayList.add(this.account.getBytes());
                arrayList.add(doFinal);
                arrayList.add(generate.getEncoded());
                try {
                    encoded = new ContentInfo(CMSObjectIdentifiers.authenticatedData, new DEROctetString(encodeKeys(arrayList))).getEncoded();
                } catch (IOException e) {
                    throw new IOException("Failed to encode data.(account, hmac, tspRequest)", e);
                }
            } catch (InvalidKeyException e2) {
                throw new TSPException("InvalidKeyException for HMACSHA256", e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new TSPException("NoSuchAlgorithmException for HMACSHA256", e3);
            }
        } else if (i2 != 2) {
            encoded = null;
            generate = null;
        } else {
            generate = timeStampRequestGenerator.generate(TSPAlgorithms.SHA256, this.digestData, BigInteger.valueOf(getNonce()));
            SGSignedDataGenerator sGSignedDataGenerator = new SGSignedDataGenerator();
            try {
                sGSignedDataGenerator.init();
                sGSignedDataGenerator.addSignerCertificate(this.signCert, this.signKey);
                sGSignedDataGenerator.update(generate.getEncoded());
                encoded = sGSignedDataGenerator.getEncoded();
            } catch (SGCryptoException e4) {
                throw new TSPException("Failed to add signer certificate.", e4);
            } catch (SGPkcs7Exception e5) {
                throw new TSPException("Failed to generate signed data.", e5);
            }
        }
        HttpTspConnection httpTspConnection = new HttpTspConnection(str);
        try {
            httpTspConnection.connect(i);
            byte[] sendAndReceive = httpTspConnection.sendAndReceive(encoded);
            httpTspConnection.disconnect();
            TimeStampResponse timeStampResponse = new TimeStampResponse(sendAndReceive);
            timeStampResponse.validate(generate);
            TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
            if (timeStampResponse.getStatus() != 0 && timeStampResponse.getStatus() != 1) {
                throw new TSPException(timeStampResponse.getStatusString());
            }
            if (timeStampToken == null) {
                throw new TSPException("Failed to get timeStampToken from TimeStampResponse");
            }
            timeStampToken.validate(timeStampToken.getIssuerCertificate());
            return new SGTimeStampToken(timeStampToken);
        } catch (Throwable th) {
            httpTspConnection.disconnect();
            throw th;
        }
    }

    public void setAccount(SGCertificate sGCertificate, SGPrivateKey sGPrivateKey) {
        this.signCert = sGCertificate;
        this.signKey = sGPrivateKey;
    }

    public void setAccount(String str, String str2) {
        this.account = str;
        this.password = str2;
    }

    public void setAuthType(int i) {
        this.authType = i;
    }

    public void setContent(InputStream inputStream) throws IOException {
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                this.digestData = this.digester.digest();
                return;
            }
            this.digester.update(bArr, 0, read);
        }
    }

    public void setContent(byte[] bArr) throws IOException {
        setContent(bArr, 0, bArr.length);
    }

    public void setContent(byte[] bArr, int i, int i2) throws IOException {
        setContent(new ByteArrayInputStream(bArr, i, i2));
    }
}
