package ru.CryptoPro.AdES.evidence.ocsp;

import java.io.ByteArrayInputStream;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.SingleResponse;
import ru.CryptoPro.AdES.AdESConfig;
import ru.CryptoPro.AdES.AdESConfigParameters;
import ru.CryptoPro.AdES.evidence.AbstractEvidenceSingleCollector;
import ru.CryptoPro.AdES.evidence.Evidence;
import ru.CryptoPro.AdES.exception.AdESException;
import ru.CryptoPro.AdES.service.OCSPServiceConnectorImpl;
import ru.CryptoPro.AdES.tools.AdESUtility;
import ru.CryptoPro.JCP.tools.JCPLogger;

/* loaded from: classes4.dex */
public class OCSPEvidenceCollectorImpl extends AbstractEvidenceSingleCollector<BasicOCSPResponse> {
    private Evidence<BasicOCSPResponse> getEvidence(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws AdESException {
        BasicOCSPResponse basicOCSPResponse;
        OCSPValidatorImpl oCSPValidatorImpl;
        JCPLogger.subTrace("Collecting OCSP evidences...");
        Iterator<String> it2 = AdESUtility.getOcspUrls(x509Certificate).iterator();
        while (true) {
            if (!it2.hasNext()) {
                if (this.signerMustHaveOcspEvidence) {
                    throw new AdESException("The signer certificate: sn " + x509Certificate.getSerialNumber().toString(16) + ", subject " + x509Certificate.getSubjectDN() + ", issuer " + x509Certificate.getIssuerDN() + " must have OCSP evidence but it doesn't contain any OCSP reference(s) or service(s) is(are) unavailable. OCSP evidence is not found", AdESException.ecOnlineCallFailed);
                }
                return null;
            }
            String next = it2.next();
            JCPLogger.subTrace("Try to use following url: ", next);
            OCSPServiceConnectorImpl oCSPServiceConnectorImpl = new OCSPServiceConnectorImpl(next);
            oCSPServiceConnectorImpl.setProvider(this.provider);
            oCSPServiceConnectorImpl.setCheckableCertificate(x509Certificate);
            oCSPServiceConnectorImpl.setIssuerCertificate(x509Certificate2);
            try {
                BasicOCSPResponse basicOCSPResponse2 = BasicOCSPResponse.getInstance(oCSPServiceConnectorImpl.getEncoded());
                if (this.internalDate == null) {
                    throw new AdESException("Internal timestamp is undefined", AdESException.ecTimestampNotFound);
                }
                try {
                    ASN1Sequence responses = basicOCSPResponse2.getTbsResponseData().getResponses();
                    Date date2 = basicOCSPResponse2.getTbsResponseData().getProducedAt().getDate();
                    for (int i = 0; i < responses.size(); i++) {
                        if (needRecall(date2, SingleResponse.getInstance(responses.getObjectAt(i)), date)) {
                            if (date == null) {
                                date = Calendar.getInstance().getTime();
                            }
                            return getEvidence(x509Certificate, x509Certificate2, date);
                        }
                    }
                    ASN1Sequence certs = basicOCSPResponse2.getCerts();
                    for (int i2 = 0; i2 < certs.size(); i2++) {
                        try {
                            this.additionalCertificateValues.add((X509Certificate) AdESUtility.CERT_FACTORY.generateCertificate(new ByteArrayInputStream(certs.getObjectAt(i2).toASN1Primitive().getEncoded(ASN1Encoding.DER))));
                        } catch (Exception e) {
                            JCPLogger.thrown(e);
                        }
                    }
                    JCPLogger.subTrace("Removing certificates from OCSP response...");
                    basicOCSPResponse = new BasicOCSPResponse(basicOCSPResponse2.getTbsResponseData(), basicOCSPResponse2.getSignatureAlgorithm(), basicOCSPResponse2.getSignature(), null);
                    JCPLogger.subTrace("Validating of OCSP (online)...");
                    oCSPValidatorImpl = new OCSPValidatorImpl();
                    oCSPValidatorImpl.setValidationDate(Calendar.getInstance().getTime());
                    oCSPValidatorImpl.setInternalDate(this.internalDate);
                    oCSPValidatorImpl.setExternalDate(this.externalDate);
                    oCSPValidatorImpl.setProvider(this.provider);
                    oCSPValidatorImpl.setCertificateValues(this.additionalCertificateValues);
                } catch (ParseException e2) {
                    e = e2;
                }
                try {
                    oCSPValidatorImpl.validate((OCSPValidatorImpl) basicOCSPResponse);
                    JCPLogger.subTrace("Creating OCSP evidence block...");
                    return new OCSPEvidenceImpl(basicOCSPResponse, x509Certificate, x509Certificate2, this.certificateChain, oCSPValidatorImpl.getEvidenceChain());
                } catch (AdESException e3) {
                    e = e3;
                    JCPLogger.thrown(e);
                }
            } catch (AdESException e4) {
                if (!e4.getErrorCode().equals(AdESException.ecOnlineCallFailed)) {
                    throw e4;
                }
                JCPLogger.ignoredException(e4);
            }
        }
    }

    private boolean needRecall(Date date, SingleResponse singleResponse, Date date2) throws AdESException {
        try {
            JCPLogger.subTrace("Recalling OCSP service...");
            Date date3 = singleResponse.getThisUpdate().getDate();
            if (!date3.before(this.internalDate)) {
                return false;
            }
            JCPLogger.subTraceFormat("Current TSP time: {0}, OCSP time (thisUpdate): {1}. Need to retry.", this.internalDate, date3);
            if ((date2 == null ? 0L : Calendar.getInstance().getTime().getTime() - date2.getTime()) > AdESConfigParameters.TIMEOUT_MAX) {
                throw new AdESException("Time of call has been exhausted. Try to sign/enhance again later", AdESException.ecOnlineCallFailed);
            }
            long time = this.internalDate.getTime() - date.getTime();
            if (time < 200) {
                time = 200;
            }
            long serviceDesyncTimeout = AdESConfig.getServiceDesyncTimeout();
            if (time > serviceDesyncTimeout) {
                throw new AdESException(String.format("TSP and OCSP services' time is out of sync (max delay: %d ms); TSP time: %s, OCSP time (produced): %s", Long.valueOf(serviceDesyncTimeout), this.internalDate, date), AdESException.ecOnlineCallFailed);
            }
            JCPLogger.subTraceFormat("Will try to retrieve an OCSP response again after {0}  ms.", Long.valueOf(time));
            try {
                Thread.sleep(time);
            } catch (InterruptedException unused) {
            }
            return true;
        } catch (ParseException e) {
            JCPLogger.thrown(e);
            return true;
        }
    }

    @Override // ru.CryptoPro.AdES.evidence.SingleEvidenceCollector
    public Evidence<BasicOCSPResponse> make(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws AdESException {
        return getEvidence(x509Certificate, x509Certificate2, null);
    }
}
