package org.adullact.parapheur.applets.splittedsign.utils;

import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.ByteArrayRequestEntity;
import org.apache.commons.httpclient.methods.PostMethod;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TSPUtil;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:org/adullact/parapheur/applets/splittedsign/utils/TimeStampTokenUtil.class */
public class TimeStampTokenUtil {
    private static final Logger logger = Logger.getLogger("TimeStampTokenUtil");

    public static X509Certificate validateTimeStampToken(TimeStampToken timeStampToken, Set<X509Certificate> set, final String str) throws Exception {
        BigInteger serialNumber = timeStampToken.getSID().getSerialNumber();
        Iterator<? extends Certificate> it = new JcaCertStoreBuilder().addCertificates(timeStampToken.getCertificates()).build().getCertificates(null).iterator();
        X509Certificate x509Certificate = null;
        while (it.hasNext()) {
            X509Certificate x509Certificate2 = (X509Certificate) it.next();
            if (serialNumber != null) {
                if (x509Certificate2.getSerialNumber().equals(serialNumber)) {
                    logger.log(Level.INFO, "using certificate with serial: {0}", x509Certificate2.getSerialNumber());
                    x509Certificate = x509Certificate2;
                }
            } else if (x509Certificate == null) {
                x509Certificate = x509Certificate2;
            }
            logger.log(Level.INFO, "Certificate subject dn {0}", x509Certificate2.getSubjectDN());
            logger.log(Level.INFO, "Certificate serial {0}", x509Certificate2.getSerialNumber());
        }
        if (x509Certificate == null) {
            throw new Exception("certificate not found");
        }
        logger.log(Level.INFO, "validateCertificate:{0}", x509Certificate.getSubjectDN());
        TSPUtil.validateCertificate(new X509CertificateHolder(x509Certificate.getEncoded()));
        logger.log(Level.INFO, "checkValidity:{0}", x509Certificate.getSubjectDN());
        x509Certificate.checkValidity();
        PKIXCertPathChecker pKIXCertPathChecker = new PKIXCertPathChecker() { // from class: org.adullact.parapheur.applets.splittedsign.utils.TimeStampTokenUtil.1
            @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
            public void init(boolean z) throws CertPathValidatorException {
            }

            @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
            public boolean isForwardCheckingSupported() {
                return true;
            }

            @Override // java.security.cert.PKIXCertPathChecker
            public Set<String> getSupportedExtensions() {
                return Collections.EMPTY_SET;
            }

            @Override // java.security.cert.PKIXCertPathChecker
            public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
                try {
                    X509Certificate x509Certificate3 = X509Util.toX509Certificate(certificate.getEncoded(), str);
                    if (x509Certificate3.getExtendedKeyUsage() != null) {
                        List<String> extendedKeyUsage = x509Certificate3.getExtendedKeyUsage();
                        if (extendedKeyUsage.size() == 1 && extendedKeyUsage.contains(KeyPurposeId.id_kp_timeStamping.getId()) && collection.contains(Extension.extendedKeyUsage.getId())) {
                            collection.remove(Extension.extendedKeyUsage.getId());
                        }
                    }
                } catch (Exception e) {
                    TimeStampTokenUtil.logger.warning(e.toString());
                    throw new CertPathValidatorException(e.toString(), e);
                }
            }
        };
        logger.log(Level.INFO, "validateChain:{0}", x509Certificate.getSubjectDN());
        X509Util.validateChain(x509Certificate, set, pKIXCertPathChecker, str);
        return x509Certificate;
    }

    public static TimeStampToken getTimeStampToken(URL url, String str, String str2, byte[] bArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, BigInteger bigInteger, String str3) throws IOException, TSPException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, CertStoreException, CertificateExpiredException, CertificateNotYetValidException {
        logger.info(String.format("getTimeStampToken (%s, %s, %s, %s, %s, %d, %s)", url.toString(), str, str2, HexString.hexify(bArr), aSN1ObjectIdentifier, bigInteger, str3));
        logger.info(String.format("hash:%s len:%d", HexString.hexify(bArr), Integer.valueOf(bArr.length)));
        PostMethod postMethod = new PostMethod(url.toString());
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(true);
        TimeStampRequest generate = timeStampRequestGenerator.generate(aSN1ObjectIdentifier, bArr, bigInteger);
        postMethod.setRequestEntity(new ByteArrayRequestEntity(generate.getEncoded()));
        postMethod.setRequestHeader("Content-type", "application/timestamp-query");
        if (str != null && !"".equals(str) && str2 != null && !"".equals(str2)) {
            String str4 = "Basic " + new String(Base64.encode((str + ":" + str2).getBytes()));
            postMethod.setRequestHeader("Authorization", str4);
            logger.log(Level.INFO, "add basic authorization:{0}", str4);
        }
        new HttpClient().executeMethod(postMethod);
        TimeStampResponse timeStampResponse = new TimeStampResponse(postMethod.getResponseBodyAsStream());
        if (timeStampResponse.getStatus() != 0) {
            throw new TSPException(String.format("response error status %d - %s", Integer.valueOf(timeStampResponse.getStatus()), timeStampResponse.getStatusString()));
        }
        timeStampResponse.validate(generate);
        logger.info("TimestampResponse validated");
        TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
        logger.log(Level.INFO, "TimeStampToken: {0}", HexString.hexify(timeStampToken.getEncoded()));
        return timeStampToken;
    }

    public static void main(String[] strArr) throws Exception {
        URL url = new URL("http://tsa.swisssign.net");
        byte[] parseHexString = HexString.parseHexString("A6E4E9F5BBF46B694736A105C972D203E21FDEA926ABED9DF7A7AA5C5AE68FAA");
        Security.addProvider(new BouncyCastleProvider());
        System.out.println("hash " + parseHexString.length + " bytes");
        TimeStampToken timeStampToken = getTimeStampToken(url, null, null, parseHexString, TSPAlgorithms.SHA256, BigInteger.valueOf(0L), "BC");
        if (timeStampToken == null) {
            System.out.println("NO TST");
            return;
        }
        byte[] encoded = timeStampToken.getEncoded();
        FileOutputStream fileOutputStream = new FileOutputStream("prova.txt");
        fileOutputStream.write(HexString.hexify(encoded).getBytes());
        fileOutputStream.flush();
        fileOutputStream.close();
        System.out.println("Got tsr " + encoded.length + " bytes");
    }
}
