package net.jsign.timestamp;

import java.io.IOException;
import java.net.HttpURLConnection;
import net.jsign.DigestAlgorithm;
import net.jsign.asn1.authenticode.AuthenticodeObjectIdentifiers;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.tsp.TimeStampResp;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;

/* loaded from: input_file:net/jsign/timestamp/RFC3161Timestamper.class */
public class RFC3161Timestamper extends Timestamper {
    public RFC3161Timestamper() {
        setURL("http://timestamp.sectigo.com");
    }

    @Override // net.jsign.timestamp.Timestamper
    protected CMSSignedData timestamp(DigestAlgorithm digestAlgorithm, byte[] bArr) throws IOException, TimestampingException {
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(true);
        TimeStampRequest generate = timeStampRequestGenerator.generate(digestAlgorithm.oid, digestAlgorithm.getMessageDigest().digest(bArr));
        byte[] encoded = generate.getEncoded();
        HttpURLConnection httpURLConnection = (HttpURLConnection) this.tsaurl.openConnection();
        httpURLConnection.setConnectTimeout(10000);
        httpURLConnection.setReadTimeout(10000);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty("Content-type", "application/timestamp-query");
        httpURLConnection.setRequestProperty("Content-length", String.valueOf(encoded.length));
        httpURLConnection.setRequestProperty("Accept", "application/timestamp-reply");
        httpURLConnection.setRequestProperty("User-Agent", "Transport");
        httpURLConnection.getOutputStream().write(encoded);
        httpURLConnection.getOutputStream().flush();
        if (httpURLConnection.getResponseCode() >= 400) {
            throw new IOException("Unable to complete the timestamping due to HTTP error: " + httpURLConnection.getResponseCode() + " - " + httpURLConnection.getResponseMessage());
        }
        try {
            TimeStampResponse timeStampResponse = new TimeStampResponse(TimeStampResp.getInstance(new ASN1InputStream(httpURLConnection.getInputStream()).readObject()));
            timeStampResponse.validate(generate);
            if (timeStampResponse.getStatus() != 0) {
                throw new IOException("Unable to complete the timestamping due to an invalid response (" + timeStampResponse.getStatusString() + ")");
            }
            return timeStampResponse.getTimeStampToken().toCMSSignedData();
        } catch (Exception e) {
            throw new TimestampingException("Unable to complete the timestamping", e);
        }
    }

    @Override // net.jsign.timestamp.Timestamper
    protected AttributeTable getUnsignedAttributes(CMSSignedData cMSSignedData) {
        return new AttributeTable(new Attribute(AuthenticodeObjectIdentifiers.SPC_RFC3161_OBJID, new DERSet(cMSSignedData.toASN1Structure())));
    }
}
