package net.jsign.timestamp;

import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.jsign.DigestAlgorithm;
import net.jsign.asn1.authenticode.AuthenticodeObjectIdentifiers;
import net.jsign.asn1.authenticode.AuthenticodeSignedDataGenerator;
import net.jsign.mscab.CFHeader;
import org.apache.commons.io.HexDump;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.selector.X509CertificateHolderSelector;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.PKCS7ProcessableObject;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Selector;

/* loaded from: input_file:net/jsign/timestamp/Timestamper.class */
public abstract class Timestamper {
    protected URL tsaurl;
    protected List<URL> tsaurls;
    protected Logger log = Logger.getLogger(getClass().getName());
    protected int retries = 3;
    protected int retryWait = 10;

    /* renamed from: net.jsign.timestamp.Timestamper$1, reason: invalid class name */
    /* loaded from: input_file:net/jsign/timestamp/Timestamper$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$net$jsign$timestamp$TimestampingMode = new int[TimestampingMode.values().length];

        static {
            try {
                $SwitchMap$net$jsign$timestamp$TimestampingMode[TimestampingMode.AUTHENTICODE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$net$jsign$timestamp$TimestampingMode[TimestampingMode.RFC3161.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public void setURL(String str) {
        setURLs(str);
    }

    public void setURLs(String... strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            try {
                arrayList.add(new URL(str));
            } catch (MalformedURLException e) {
                throw new IllegalArgumentException("Invalid timestamping URL: " + str, e);
            }
        }
        this.tsaurls = arrayList;
    }

    public void setRetries(int i) {
        this.retries = i;
    }

    public void setRetryWait(int i) {
        this.retryWait = i;
    }

    public CMSSignedData timestamp(DigestAlgorithm digestAlgorithm, CMSSignedData cMSSignedData) throws TimestampingException, IOException, CMSException {
        CMSSignedData cMSSignedData2 = null;
        int max = Math.max(this.retries, this.tsaurls.size());
        TimestampingException timestampingException = new TimestampingException("Unable to complete the timestamping after " + max + " attempt" + (max > 1 ? "s" : ""));
        for (int i = 0; i < Math.max(this.retries, this.tsaurls.size()); i++) {
            if (i > 0) {
                try {
                    long j = this.retryWait * 1000;
                    this.log.fine("Timestamping failed, retrying in " + (j / 1000) + " seconds");
                    Thread.sleep(j);
                } catch (InterruptedException e) {
                }
            }
            try {
                this.tsaurl = this.tsaurls.get(i % this.tsaurls.size());
                this.log.fine("Timestamping with " + this.tsaurl);
                long currentTimeMillis = System.currentTimeMillis();
                cMSSignedData2 = timestamp(digestAlgorithm, getEncryptedDigest(cMSSignedData));
                this.log.fine("Timestamping completed in " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                break;
            } catch (IOException | TimestampingException e2) {
                timestampingException.addSuppressed(e2);
            }
        }
        if (cMSSignedData2 == null) {
            throw timestampingException;
        }
        return modifySignedData(cMSSignedData, getCounterSignature(cMSSignedData2), getExtraCertificates(cMSSignedData2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] post(URL url, byte[] bArr, Map<String, String> map) throws IOException {
        this.log.finest("POST " + url);
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        httpURLConnection.setConnectTimeout(10000);
        httpURLConnection.setReadTimeout(10000);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty("Content-length", String.valueOf(bArr.length));
        httpURLConnection.setRequestProperty("User-Agent", "Transport");
        for (Map.Entry<String, String> entry : map.entrySet()) {
            httpURLConnection.setRequestProperty(entry.getKey(), entry.getValue());
        }
        if (this.log.isLoggable(Level.FINEST)) {
            for (String str : httpURLConnection.getRequestProperties().keySet()) {
                this.log.finest(str + ": " + httpURLConnection.getRequestProperty(str));
            }
            log("Content", bArr);
        }
        httpURLConnection.getOutputStream().write(bArr);
        httpURLConnection.getOutputStream().flush();
        Iterator<String> it = httpURLConnection.getHeaderFields().keySet().iterator();
        while (it.hasNext()) {
            String next = it.next();
            this.log.finest((next != null ? next + ": " : "") + httpURLConnection.getHeaderField(next));
        }
        if (httpURLConnection.getResponseCode() < 400) {
            byte[] byteArray = IOUtils.toByteArray(httpURLConnection.getInputStream());
            log("Content", byteArray);
            return byteArray;
        }
        byte[] byteArray2 = httpURLConnection.getErrorStream() != null ? IOUtils.toByteArray(httpURLConnection.getErrorStream()) : new byte[0];
        if (httpURLConnection.getErrorStream() != null) {
            log("Error", byteArray2);
        }
        throw new IOException("Unable to complete the timestamping due to HTTP error: " + httpURLConnection.getResponseCode() + " - " + httpURLConnection.getResponseMessage());
    }

    private void log(String str, byte[] bArr) throws IOException {
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.finest(str + ":");
            StringBuffer stringBuffer = new StringBuffer();
            HexDump.dump(bArr, 0L, stringBuffer, 0, bArr.length);
            this.log.finest(stringBuffer.toString());
        }
    }

    private byte[] getEncryptedDigest(CMSSignedData cMSSignedData) {
        return ((SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next()).toASN1Structure().getEncryptedDigest().getOctets();
    }

    protected Collection<X509CertificateHolder> getExtraCertificates(CMSSignedData cMSSignedData) {
        return null;
    }

    protected abstract Attribute getCounterSignature(CMSSignedData cMSSignedData);

    @Deprecated
    protected AttributeTable getUnsignedAttributes(CMSSignedData cMSSignedData) {
        return new AttributeTable(getCounterSignature(cMSSignedData));
    }

    @Deprecated
    protected CMSSignedData modifySignedData(CMSSignedData cMSSignedData, AttributeTable attributeTable, Collection<X509CertificateHolder> collection) throws IOException, CMSException {
        return modifySignedData(cMSSignedData, Attribute.getInstance(attributeTable.toASN1EncodableVector().get(0)), collection);
    }

    protected CMSSignedData modifySignedData(CMSSignedData cMSSignedData, Attribute attribute, Collection<X509CertificateHolder> collection) throws IOException, CMSException {
        SignerInformation signerInformation = (SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next();
        AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
        SignerInformation replaceUnsignedAttributes = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes == null ? new AttributeTable(attribute) : unsignedAttributes.add(attribute.getAttrType(), attribute.getAttrValues().getObjectAt(0)));
        ArrayList arrayList = new ArrayList(cMSSignedData.getCertificates().getMatches((Selector) null));
        if (collection != null) {
            for (X509CertificateHolder x509CertificateHolder : collection) {
                if (cMSSignedData.getCertificates().getMatches(new X509CertificateHolderSelector(x509CertificateHolder.getIssuer(), x509CertificateHolder.getSerialNumber())).isEmpty()) {
                    arrayList.add(x509CertificateHolder);
                }
            }
        }
        CollectionStore collectionStore = new CollectionStore(arrayList);
        ContentInfo encapContentInfo = SignedData.getInstance(new ASN1InputStream(cMSSignedData.toASN1Structure().getContent().toASN1Primitive().getEncoded("DER")).readObject()).getEncapContentInfo();
        PKCS7ProcessableObject pKCS7ProcessableObject = new PKCS7ProcessableObject(encapContentInfo.getContentType(), encapContentInfo.getContent());
        CMSSignedDataGenerator authenticodeSignedDataGenerator = AuthenticodeObjectIdentifiers.isAuthenticode(cMSSignedData.getSignedContentTypeOID()) ? new AuthenticodeSignedDataGenerator() : new CMSSignedDataGenerator();
        authenticodeSignedDataGenerator.addCertificates(collectionStore);
        authenticodeSignedDataGenerator.addSigners(new SignerInformationStore(replaceUnsignedAttributes));
        return authenticodeSignedDataGenerator.generate(pKCS7ProcessableObject, true);
    }

    protected abstract CMSSignedData timestamp(DigestAlgorithm digestAlgorithm, byte[] bArr) throws IOException, TimestampingException;

    public static Timestamper create(TimestampingMode timestampingMode) {
        switch (AnonymousClass1.$SwitchMap$net$jsign$timestamp$TimestampingMode[timestampingMode.ordinal()]) {
            case CFHeader.FLAG_PREV_CABINET /* 1 */:
                return new AuthenticodeTimestamper();
            case CFHeader.FLAG_NEXT_CABINET /* 2 */:
                return new RFC3161Timestamper();
            default:
                throw new IllegalArgumentException("Unsupported timestamping mode: " + timestampingMode);
        }
    }
}
