package com.gss.eid.common;

import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.Security;
import java.util.Collection;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.ResponseBody;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.DEREncodableVector;
import org.spongycastle.asn1.DERObjectIdentifier;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.cms.Attribute;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.SignerInformationStore;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2ParameterSpec;
import org.spongycastle.tsp.TSPAlgorithms;
import org.spongycastle.tsp.TimeStampRequest;
import org.spongycastle.tsp.TimeStampRequestGenerator;
import org.spongycastle.tsp.TimeStampResponse;
import org.spongycastle.tsp.TimeStampToken;

@Metadata(bv = {1, 0, 3}, d1 = {"\u0000\u0016\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\u001a\u0012\u0010\u0000\u001a\u0004\u0018\u00010\u00012\u0006\u0010\u0002\u001a\u00020\u0001H\u0002\u001a\u0010\u0010\u0003\u001a\u0004\u0018\u00010\u00042\u0006\u0010\u0005\u001a\u00020\u0006¨\u0006\u0007"}, d2 = {"addTimestamp", "Lorg/spongycastle/cms/CMSSignedData;", "signedData", "getTimeStampToken", "Lorg/spongycastle/tsp/TimeStampToken;", "myData", "", "eid_release"}, k = 2, mv = {1, 1, 16})
/* loaded from: classes2.dex */
public final class PkiKt {
    private static final CMSSignedData addTimestamp(CMSSignedData cMSSignedData) {
        SignerInformationStore signerInfos = cMSSignedData.getSignerInfos();
        Intrinsics.checkExpressionValueIsNotNull(signerInfos, "signedData.signerInfos");
        Collection<SignerInformation> signers = signerInfos.getSigners();
        Intrinsics.checkExpressionValueIsNotNull(signers, "signedData.signerInfos.signers");
        SignerInformation next = signers.iterator().next();
        byte[] signature = next.getSignature();
        Intrinsics.checkExpressionValueIsNotNull(signature, "si.signature");
        TimeStampToken timeStampToken = getTimeStampToken(signature);
        if (timeStampToken == null) {
            Intrinsics.throwNpe();
        }
        Attribute attribute = new Attribute(new DERObjectIdentifier("1.2.840.113549.1.9.16.2.14"), new DERSet(new ASN1InputStream(timeStampToken.getEncoded()).readObject()));
        DEREncodableVector dEREncodableVector = new DEREncodableVector();
        dEREncodableVector.add(attribute);
        SignerInformation replaceUnsignedAttributes = SignerInformation.replaceUnsignedAttributes(next, new AttributeTable(dEREncodableVector));
        Intrinsics.checkExpressionValueIsNotNull(replaceUnsignedAttributes, "SignerInformation.replac…nsignedAttributes(si, at)");
        signers.clear();
        signers.add(replaceUnsignedAttributes);
        CMSSignedData replaceSigners = CMSSignedData.replaceSigners(cMSSignedData, new SignerInformationStore(signers));
        Intrinsics.checkExpressionValueIsNotNull(replaceSigners, "CMSSignedData.replaceSigners(signedData, sis)");
        return replaceSigners;
    }

    public static final TimeStampToken getTimeStampToken(byte[] myData) {
        Intrinsics.checkParameterIsNotNull(myData, "myData");
        Security.addProvider(new BouncyCastleProvider());
        OkHttpClient okHttpClient = new OkHttpClient();
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(true);
        MessageDigest messageDigest = MessageDigest.getInstance(McElieceCCA2ParameterSpec.DEFAULT_MD);
        messageDigest.update(myData);
        TimeStampRequest requests = timeStampRequestGenerator.generate(TSPAlgorithms.SHA256, messageDigest.digest(), BigInteger.valueOf(100L));
        MediaType parse = MediaType.parse("application/ocsp-request");
        Intrinsics.checkExpressionValueIsNotNull(requests, "requests");
        Request build = new Request.Builder().url("https://ca.signfiles.com/tsa/get.aspx").post(RequestBody.create(parse, requests.getEncoded())).addHeader("Content-type", "application/timestamp-query").addHeader("Content-Transfer-Encoding", "binary").build();
        Intrinsics.checkExpressionValueIsNotNull(build, "Request.Builder()\n      …binary\")\n        .build()");
        ResponseBody body = okHttpClient.newCall(build).execute().body();
        TimeStampResponse timeStampResponse = new TimeStampResponse(body != null ? body.byteStream() : null);
        timeStampResponse.validate(requests);
        return timeStampResponse.getTimeStampToken();
    }
}
