package ee.sk.digidoc.factory;

import ee.sk.digidoc.Base64Util;
import ee.sk.digidoc.DigiDocException;
import ee.sk.digidoc.Signature;
import ee.sk.digidoc.SignedDoc;
import ee.sk.digidoc.TimestampInfo;
import ee.sk.utils.ConfigManager;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Authenticator;
import java.net.URL;
import java.net.URLConnection;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampToken;

/* loaded from: input_file:ee/sk/digidoc/factory/BouncyCastleTimestampFactory.class */
public class BouncyCastleTimestampFactory implements TimestampFactory {
    private Logger m_logger;

    public BouncyCastleTimestampFactory() {
        this.m_logger = null;
        this.m_logger = Logger.getLogger(BouncyCastleTimestampFactory.class);
    }

    @Override // ee.sk.digidoc.factory.TimestampFactory
    public void init() throws DigiDocException {
    }

    @Override // ee.sk.digidoc.factory.TimestampFactory
    public boolean verifyTimestamp(TimestampInfo timestampInfo, X509Certificate x509Certificate) throws DigiDocException {
        boolean z = false;
        TimeStampToken timeStampToken = timestampInfo.getTimeStampToken();
        if (this.m_logger.isDebugEnabled()) {
            this.m_logger.debug("Verifying TS: " + timestampInfo.getId() + " nr: " + timestampInfo.getSerialNumber() + " msg-imprint: " + Base64Util.encode(timeStampToken.getTimeStampInfo().getMessageImprintDigest()) + " real digest: " + Base64Util.encode(timestampInfo.getHash()));
        }
        if (!SignedDoc.compareDigests(timestampInfo.getMessageImprint(), timestampInfo.getHash())) {
            this.m_logger.error("TS digest: " + Base64Util.encode(timestampInfo.getMessageImprint()) + " real digest: " + Base64Util.encode(timestampInfo.getHash()));
            throw new DigiDocException(DigiDocException.ERR_TIMESTAMP_VERIFY, "Bad digest for timestamp: " + timestampInfo.getId(), null);
        }
        if (timeStampToken != null) {
            if (this.m_logger.isDebugEnabled()) {
                this.m_logger.debug("TS: " + timeStampToken.getTimeStampInfo().getSerialNumber());
            }
            z = true;
        }
        return z;
    }

    private int findTSAIndex(Signature signature, String str) {
        if (this.m_logger.isDebugEnabled()) {
            this.m_logger.debug("Cearch index for: " + str);
        }
        int intProperty = ConfigManager.instance().getIntProperty("DIGIDOC_TSA_COUNT", 0);
        for (int i = 0; i < intProperty; i++) {
            String property = ConfigManager.instance().getProperty("DIGIDOC_TSA" + (i + 1) + "_CN");
            if (property != null && property.equals(str)) {
                return i + 1;
            }
        }
        return 0;
    }

    private X509Certificate findTSACert(int i) throws DigiDocException {
        return SignedDoc.readCertificate(ConfigManager.instance().getProperty("DIGIDOC_TSA" + i + "_CERT"));
    }

    private X509Certificate findTSACACert(int i) throws DigiDocException {
        String property = ConfigManager.instance().getProperty("DIGIDOC_TSA" + i + "_CA_CERT");
        if (this.m_logger.isDebugEnabled()) {
            this.m_logger.debug("Read ca cert: " + property);
        }
        return SignedDoc.readCertificate(property);
    }

    @Override // ee.sk.digidoc.factory.TimestampFactory
    public ArrayList verifySignaturesTimestamps(Signature signature) {
        TimestampInfo timestampInfo;
        Date date = null;
        Date date2 = null;
        ArrayList arrayList = new ArrayList();
        ArrayList findTSACerts = signature.findTSACerts();
        for (int i = 0; i < signature.countTimestampInfos() && (timestampInfo = signature.getTimestampInfo(i)) != null; i++) {
            if (timestampInfo.getType() == 3) {
                date = timestampInfo.getTime();
            }
            if (timestampInfo.getType() == 4) {
                date2 = timestampInfo.getTime();
            }
            boolean z = false;
            DigiDocException digiDocException = null;
            int i2 = 0;
            while (true) {
                if (i2 >= findTSACerts.size()) {
                    break;
                }
                X509Certificate x509Certificate = (X509Certificate) findTSACerts.get(i2);
                if (this.m_logger.isDebugEnabled()) {
                    this.m_logger.debug("Verifying TS: " + timestampInfo.getId() + " with: " + SignedDoc.getCommonName(x509Certificate.getSubjectDN().getName()));
                }
                try {
                } catch (DigiDocException e) {
                    digiDocException = e;
                    this.m_logger.error("TS: " + timestampInfo.getId() + " - ERROR: " + e);
                }
                if (verifyTimestamp(timestampInfo, x509Certificate)) {
                    z = true;
                    if (this.m_logger.isDebugEnabled()) {
                        this.m_logger.debug("TS: " + timestampInfo.getId() + " - OK");
                    }
                } else {
                    this.m_logger.error("TS: " + timestampInfo.getId() + " - NOK");
                    i2++;
                }
            }
            if (!z) {
                arrayList.add(digiDocException);
            }
        }
        if (date != null && date2 != null) {
            if (this.m_logger.isDebugEnabled()) {
                this.m_logger.debug("SignatureTimeStamp: " + date + " SigAndRefsTimeStamp: " + date2);
            }
            if (date.after(date2)) {
                arrayList.add(new DigiDocException(DigiDocException.ERR_TIMESTAMP_VERIFY, "SignatureTimeStamp time must be before SigAndRefsTimeStamp time!", null));
            }
        }
        return arrayList;
    }

    @Override // ee.sk.digidoc.factory.TimestampFactory
    public TimeStampResponse requestTimestamp(String str, byte[] bArr, String str2) {
        try {
            if (this.m_logger.isDebugEnabled()) {
                this.m_logger.debug("TS req: " + str + " dig-len: " + (bArr != null ? bArr.length : 0) + " url: " + str2 + " digest: " + Base64Util.encode(bArr));
            }
            TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
            timeStampRequestGenerator.setCertReq(true);
            TimeStampRequest generate = timeStampRequestGenerator.generate(str, bArr);
            if (this.m_logger.isDebugEnabled()) {
                this.m_logger.debug("TS req nonce: " + (generate.getNonce() != null ? generate.getNonce().toString() : "NULL") + " msg-imprint: " + (generate.getMessageImprintDigest() != null ? Base64Util.encode(generate.getMessageImprintDigest()) : "NULL"));
            }
            URL url = new URL(str2);
            if (ConfigManager.instance().getProperty("DIGIDOC_OCSP_AUTH") != null) {
                String property = ConfigManager.instance().getProperty("DIGIDOC_OCSP_AUTH_USER");
                String property2 = ConfigManager.instance().getProperty("DIGIDOC_OCSP_AUTH_PASSWD");
                if (this.m_logger.isDebugEnabled()) {
                    this.m_logger.debug("OCSP http auth: " + property + "/" + property2);
                }
                Authenticator.setDefault(new HttpAuthenticator(property, property2));
            }
            if (this.m_logger.isDebugEnabled()) {
                this.m_logger.debug("Connecting to: " + str2);
            }
            URLConnection openConnection = url.openConnection();
            if (this.m_logger.isDebugEnabled()) {
                this.m_logger.debug("Conn opened: " + (openConnection != null ? "OK" : "NULL"));
            }
            openConnection.setAllowUserInteraction(false);
            openConnection.setUseCaches(false);
            openConnection.setDoOutput(true);
            openConnection.setDoInput(true);
            openConnection.setRequestProperty("Content-Type", "application/timestamp-query");
            OutputStream outputStream = openConnection.getOutputStream();
            if (this.m_logger.isDebugEnabled()) {
                this.m_logger.debug("OS: " + (outputStream != null ? "OK" : "NULL"));
            }
            if (outputStream != null) {
                outputStream.write(generate.getEncoded());
                outputStream.close();
            }
            if (this.m_logger.isDebugEnabled()) {
                this.m_logger.debug("Wrote: " + generate.getEncoded().length);
            }
            InputStream inputStream = openConnection.getInputStream();
            int contentLength = openConnection.getContentLength();
            byte[] bArr2 = null;
            if (this.m_logger.isDebugEnabled()) {
                this.m_logger.debug("Recv: " + contentLength + " bytes");
            }
            if (contentLength > 0) {
                do {
                    byte[] bArr3 = new byte[inputStream.available()];
                    int read = inputStream.read(bArr3);
                    if (bArr2 == null) {
                        bArr2 = new byte[read];
                        System.arraycopy(bArr3, 0, bArr2, 0, read);
                    } else {
                        byte[] bArr4 = new byte[bArr2.length + read];
                        System.arraycopy(bArr2, 0, bArr4, 0, bArr2.length);
                        System.arraycopy(bArr3, 0, bArr4, bArr2.length, read);
                        bArr2 = bArr4;
                    }
                    contentLength -= read;
                } while (contentLength > 0);
            }
            inputStream.close();
            if (this.m_logger.isDebugEnabled()) {
                this.m_logger.debug("Received: " + (bArr2 != null ? bArr2.length : 0) + " bytes");
            }
            TimeStampResponse timeStampResponse = bArr2 != null ? new TimeStampResponse(bArr2) : null;
            if (this.m_logger.isDebugEnabled() && timeStampResponse != null && timeStampResponse.getTimeStampToken() != null && timeStampResponse.getTimeStampToken().getTimeStampInfo() != null) {
                this.m_logger.debug("TS resp: " + timeStampResponse.getTimeStampToken().getTimeStampInfo().getSerialNumber().toString() + " msg-imprint: " + Base64Util.encode(timeStampResponse.getTimeStampToken().getTimeStampInfo().getMessageImprintDigest()));
            }
            return timeStampResponse;
        } catch (Exception e) {
            this.m_logger.error("Timestamp getting error: " + e);
            return null;
        }
    }

    public TimeStampToken readTsTok(byte[] bArr) {
        try {
            TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(new ASN1InputStream(bArr)));
            if (this.m_logger.isDebugEnabled() && timeStampToken != null && timeStampToken.getTimeStampInfo() != null) {
                this.m_logger.debug("TSTok: " + timeStampToken.getTimeStampInfo().getSerialNumber().toString() + " hash: " + Base64Util.encode(timeStampToken.getTimeStampInfo().getMessageImprintDigest()));
            }
            return timeStampToken;
        } catch (Exception e) {
            this.m_logger.error("Timestamp getting error: " + e);
            return null;
        }
    }
}
