package org.adullact.parapheur.applets.splittedsign;

import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URL;
import java.net.URLConnection;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TSPValidationException;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.util.Store;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/adullact/parapheur/applets/splittedsign/TimeStamper.class */
public class TimeStamper {
    static final String DEFAULT_DIGEST = "SHA1";
    static final int DEFAULT_NONCE_LENGTH = 20;
    static final Logger logger = Logger.getLogger(TimeStamper.class.getName());

    public static byte[] stampSignatures(InputStream inputStream, String str) throws XMLSignatureException {
        if (inputStream == null || str == null) {
            throw new InvalidParameterException("Null argument!");
        }
        try {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
            byte[] bArr = new byte[DEFAULT_NONCE_LENGTH];
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            HashMap hashMap3 = new HashMap();
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.setSeed(simpleDateFormat.format(new Date()).getBytes());
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Document parse = newInstance.newDocumentBuilder().parse(inputStream);
            NodeList elementsByTagNameNS = parse.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
            int length = elementsByTagNameNS.getLength();
            if (length == 0) {
                throw new XMLSignatureException("The document is not signed");
            }
            for (int i = 0; i < length; i++) {
                secureRandom.nextBytes(bArr);
                hashMap2.put(new BigInteger(bArr), (Element) elementsByTagNameNS.item(i));
            }
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            MessageDigest messageDigest = MessageDigest.getInstance(DEFAULT_DIGEST);
            TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
            for (BigInteger bigInteger : hashMap2.keySet()) {
                XMLSignature unmarshalXMLSignature = xMLSignatureFactory.unmarshalXMLSignature(new DOMStructure((Node) hashMap2.get(bigInteger)));
                messageDigest.reset();
                byte[] digest = messageDigest.digest(unmarshalXMLSignature.getSignatureValue().getValue());
                hashMap3.put(bigInteger, digest);
                hashMap.put(bigInteger, timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, digest, bigInteger));
            }
            for (BigInteger bigInteger2 : hashMap.keySet()) {
                byte[] queryStamp = queryStamp((TimeStampRequest) hashMap.get(bigInteger2), str);
                if (queryStamp == null) {
                    throw new XMLSignatureException("Stamp generation failed!");
                }
                if (!validateStamp(bigInteger2, (TimeStampRequest) hashMap.get(bigInteger2), new TimeStampResponse(queryStamp))) {
                    throw new XMLSignatureException("Invalid time stamp!");
                }
                Element element = (Element) hashMap2.get(bigInteger2);
                Element childElement = getChildElement(element, "ds:Object");
                if (childElement == null) {
                    throw new XMLSignatureException("Invalid signature!");
                }
                Element childElement2 = getChildElement(childElement, "xad:QualifyingProperties");
                if (childElement2 == null) {
                    throw new XMLSignatureException("Invalid signature!");
                }
                Element childElement3 = getChildElement(childElement2, "xad:UnsignedProperties");
                if (childElement3 == null) {
                    childElement3 = XADESSignUtil.createXadesElement(parse, "http://uri.etsi.org/01903/v1.1.1#", "UnsignedProperties");
                    childElement2.appendChild(childElement3);
                }
                Element childElement4 = getChildElement(childElement3, "xad:UnsignedSignatureProperties");
                if (childElement4 == null) {
                    childElement4 = XADESSignUtil.createXadesElement(parse, "http://uri.etsi.org/01903/v1.1.1#", "UnsignedSignatureProperties");
                    childElement3.appendChild(childElement4);
                }
                Element createXadesElement = XADESSignUtil.createXadesElement(parse, "http://uri.etsi.org/01903/v1.1.1#", "SignatureTimeStamp");
                childElement4.appendChild(createXadesElement);
                Element createXadesElement2 = XADESSignUtil.createXadesElement(parse, "http://uri.etsi.org/01903/v1.1.1#", "HashDataInfo");
                createXadesElement2.setAttribute("uri", "#" + element.getAttribute("Id"));
                createXadesElement.appendChild(createXadesElement2);
                Element createXadesElement3 = XADESSignUtil.createXadesElement(parse, "http://uri.etsi.org/01903/v1.1.1#", "Transforms");
                createXadesElement2.appendChild(createXadesElement3);
                Element createElement = parse.createElement("ds:Transform");
                createElement.setAttribute("Algorithm", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
                createXadesElement3.appendChild(createElement);
                Element createXadesElement4 = XADESSignUtil.createXadesElement(parse, "http://uri.etsi.org/01903/v1.1.1#", "EncapsulatedTimeStamp");
                createXadesElement4.setAttribute("Id", element.getAttribute("Id") + "_TS");
                createXadesElement4.appendChild(parse.createTextNode(new String(org.bouncycastle.util.encoders.Base64.encode(queryStamp), "UTF8")));
                createXadesElement.appendChild(createXadesElement4);
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            newTransformer.transform(new DOMSource(parse), new StreamResult(byteArrayOutputStream));
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e);
            throw new XMLSignatureException(e.getMessage(), e);
        } catch (TransformerException e2) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e2);
            throw new XMLSignatureException(e2.getMessage(), e2);
        } catch (TSPValidationException e3) {
            logger.log(Level.SEVERE, (String) null, e3);
            throw new XMLSignatureException(e3.getMessage(), e3);
        } catch (NoSuchAlgorithmException e4) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e4);
            throw new XMLSignatureException(e4.getMessage(), e4);
        } catch (CertStoreException e5) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e5);
            throw new XMLSignatureException(e5.getMessage(), e5);
        } catch (CertificateExpiredException e6) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e6);
            throw new XMLSignatureException(e6.getMessage(), e6);
        } catch (ParserConfigurationException e7) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e7);
            throw new XMLSignatureException(e7.getMessage(), e7);
        } catch (OperatorCreationException e8) {
            logger.log(Level.SEVERE, (String) null, e8);
            throw new XMLSignatureException(e8.getMessage(), e8);
        } catch (TSPException e9) {
            logger.log(Level.SEVERE, (String) null, e9);
            throw new XMLSignatureException(e9.getMessage(), e9);
        } catch (MarshalException e10) {
            logger.log(Level.SEVERE, (String) null, e10);
            throw new XMLSignatureException(e10.getMessage(), e10);
        } catch (CertificateNotYetValidException e11) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e11);
            throw new XMLSignatureException(e11.getMessage(), e11);
        } catch (SAXException e12) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e12);
            throw new XMLSignatureException(e12.getMessage(), e12);
        }
    }

    static Element getChildElement(Element element, String str) {
        NodeList childNodes = element.getChildNodes();
        Element element2 = null;
        int i = 0;
        while (true) {
            if (i >= childNodes.getLength()) {
                break;
            }
            Node item = childNodes.item(i);
            if ((item instanceof Element) && ((Element) item).getTagName().equals(str)) {
                element2 = (Element) item;
                break;
            }
            i++;
        }
        return element2;
    }

    static byte[] queryStamp(TimeStampRequest timeStampRequest, String str) {
        int read;
        try {
            URLConnection openConnection = new URL(str).openConnection();
            openConnection.setRequestProperty("Content-Type", "application/timestamp-query");
            openConnection.setDoOutput(true);
            openConnection.setDoInput(true);
            openConnection.setUseCaches(false);
            DataOutputStream dataOutputStream = new DataOutputStream(openConnection.getOutputStream());
            dataOutputStream.write(timeStampRequest.getEncoded());
            dataOutputStream.flush();
            dataOutputStream.close();
            DataInputStream dataInputStream = new DataInputStream(openConnection.getInputStream());
            while (dataInputStream.available() == 0) {
                try {
                    Thread.sleep(300L);
                } catch (InterruptedException e) {
                    logger.log(Level.SEVERE, (String) null, (Throwable) e);
                    return null;
                }
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[2048];
            do {
                read = dataInputStream.read(bArr);
                if (read > 0) {
                    byteArrayOutputStream.write(bArr, 0, read);
                }
            } while (read != -1);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e2) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e2);
            return null;
        }
    }

    static boolean validateStamp(BigInteger bigInteger, TimeStampRequest timeStampRequest, TimeStampResponse timeStampResponse) throws TSPValidationException, CertStoreException, CertificateExpiredException, CertificateNotYetValidException, OperatorCreationException {
        try {
            if ((timeStampResponse.getStatus() != 0 && timeStampResponse.getStatus() != 1) || !bigInteger.equals(timeStampResponse.getTimeStampToken().getTimeStampInfo().getNonce())) {
                return false;
            }
            timeStampResponse.validate(timeStampRequest);
            return validate(timeStampResponse.getTimeStampToken().toCMSSignedData().getSignerInfos(), timeStampResponse.getTimeStampToken().getCertificates(), timeStampResponse);
        } catch (CMSException e) {
            logger.log(Level.SEVERE, (String) null, e);
            throw new TSPValidationException(e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e2);
            throw new TSPValidationException(e2.getMessage());
        } catch (NoSuchProviderException e3) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e3);
            throw new TSPValidationException(e3.getMessage());
        } catch (TSPException e4) {
            logger.log(Level.SEVERE, (String) null, e4);
            throw new TSPValidationException(e4.getMessage());
        }
    }

    static boolean validate(SignerInformationStore signerInformationStore, Store store, TimeStampResponse timeStampResponse) throws CertStoreException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, TSPException, TSPValidationException, CertificateExpiredException, CertificateNotYetValidException, OperatorCreationException {
        Iterator it = signerInformationStore.getSigners().iterator();
        Date date = new Date();
        TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
        while (it.hasNext()) {
            X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) store.getMatches(((SignerInformation) it.next()).getSID()).iterator().next();
            SignerInformationVerifier build = new BcRSASignerInfoVerifierBuilder(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(x509CertificateHolder);
            if (!x509CertificateHolder.getNotBefore().before(date) || !x509CertificateHolder.getNotAfter().after(date)) {
                return false;
            }
            timeStampToken.validate(build);
        }
        return true;
    }
}
