package com.itextpdf.text.pdf.security;

import com.itextpdf.text.pdf.c3;
import com.itextpdf.text.pdf.d1;
import com.itextpdf.text.pdf.e2;
import com.itextpdf.text.pdf.h4;
import com.itextpdf.text.pdf.k1;
import com.itextpdf.text.pdf.security.LtvVerification;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;

/* compiled from: LtvVerifier.java */
/* loaded from: classes4.dex */
public class s extends b0 {

    /* renamed from: e, reason: collision with root package name */
    protected static final com.itextpdf.text.log.c f33590e = com.itextpdf.text.log.d.b(s.class);
    protected LtvVerification.CertificateOption f;
    protected boolean g;
    protected h4 h;
    protected com.itextpdf.text.pdf.a i;
    protected Date j;
    protected String k;
    protected w l;
    protected boolean m;
    protected e2 n;

    public s(h4 h4Var) throws GeneralSecurityException {
        super(null);
        this.f = LtvVerification.CertificateOption.SIGNING_CERTIFICATE;
        this.g = true;
        this.m = true;
        this.h = h4Var;
        com.itextpdf.text.pdf.a C = h4Var.C();
        this.i = C;
        ArrayList<String> E = C.E();
        this.k = E.get(E.size() - 1);
        this.j = new Date();
        w d2 = d();
        this.l = d2;
        com.itextpdf.text.log.c cVar = f33590e;
        Object[] objArr = new Object[2];
        objArr[0] = d2.F() ? "document-level timestamp " : "";
        objArr[1] = this.k;
        cVar.g(String.format("Checking %ssignature %s", objArr));
    }

    @Override // com.itextpdf.text.pdf.security.b0, com.itextpdf.text.pdf.security.f
    public List<i0> b(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        b0 b0Var = new b0(this.f33570a);
        b0Var.c(this.f33544d);
        b bVar = new b(b0Var, e());
        bVar.c(this.f33544d);
        bVar.a(this.m || this.f33571b);
        t tVar = new t(bVar, f());
        tVar.c(this.f33544d);
        tVar.a(this.m || this.f33571b);
        return tVar.b(x509Certificate, x509Certificate2, date);
    }

    protected w d() throws GeneralSecurityException {
        w m0 = this.i.m0(this.k);
        if (!this.i.j0(this.k)) {
            throw new VerificationException(null, "Signature doesn't cover whole document.");
        }
        com.itextpdf.text.log.c cVar = f33590e;
        cVar.g("The timestamp covers whole document.");
        if (!m0.N()) {
            throw new VerificationException(null, "The document was altered after the final signature was applied.");
        }
        cVar.g("The signed document has not been modified.");
        return m0;
    }

    public List<X509CRL> e() throws GeneralSecurityException, IOException {
        k1 a0;
        ArrayList arrayList = new ArrayList();
        e2 e2Var = this.n;
        if (e2Var == null || (a0 = e2Var.a0(c3.oa)) == null) {
            return arrayList;
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (int i = 0; i < a0.size(); i++) {
            arrayList.add((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(h4.D0((d1) a0.x0(i)))));
        }
        return arrayList;
    }

    public List<BasicOCSPResp> f() throws IOException, GeneralSecurityException {
        k1 a0;
        ArrayList arrayList = new ArrayList();
        e2 e2Var = this.n;
        if (e2Var == null || (a0 = e2Var.a0(c3.jg)) == null) {
            return arrayList;
        }
        for (int i = 0; i < a0.size(); i++) {
            OCSPResp oCSPResp = new OCSPResp(h4.D0((d1) a0.x0(i)));
            if (oCSPResp.getStatus() == 0) {
                try {
                    arrayList.add((BasicOCSPResp) oCSPResp.getResponseObject());
                } catch (OCSPException e2) {
                    throw new GeneralSecurityException((Throwable) e2);
                }
            }
        }
        return arrayList;
    }

    public void g(LtvVerification.CertificateOption certificateOption) {
        this.f = certificateOption;
    }

    public void h(f fVar) {
        this.f33570a = fVar;
    }

    public void i(boolean z) {
        this.g = z;
    }

    public void j() throws IOException, GeneralSecurityException {
        com.itextpdf.text.log.c cVar = f33590e;
        cVar.g("Switching to previous revision.");
        this.m = false;
        this.n = this.h.F().d0(c3.lb);
        Calendar z = this.l.z();
        if (z == null) {
            z = this.l.v();
        }
        this.j = z.getTime();
        ArrayList<String> E = this.i.E();
        if (E.size() <= 1) {
            cVar.g("No signatures in revision");
            this.l = null;
            return;
        }
        this.k = E.get(E.size() - 2);
        h4 h4Var = new h4(this.i.h(this.k));
        this.h = h4Var;
        com.itextpdf.text.pdf.a C = h4Var.C();
        this.i = C;
        ArrayList<String> E2 = C.E();
        this.k = E2.get(E2.size() - 1);
        w d2 = d();
        this.l = d2;
        Object[] objArr = new Object[2];
        objArr[0] = d2.F() ? "document-level timestamp " : "";
        objArr[1] = this.k;
        cVar.g(String.format("Checking %ssignature %s", objArr));
    }

    public List<i0> k(List<i0> list) throws IOException, GeneralSecurityException {
        if (list == null) {
            list = new ArrayList<>();
        }
        while (this.l != null) {
            list.addAll(m());
        }
        return list;
    }

    public void l(Certificate[] certificateArr) throws GeneralSecurityException {
        for (int i = 0; i < certificateArr.length; i++) {
            ((X509Certificate) certificateArr[i]).checkValidity(this.j);
            if (i > 0) {
                certificateArr[i - 1].verify(certificateArr[i].getPublicKey());
            }
        }
        f33590e.g("All certificates are valid on " + this.j.toString());
    }

    public List<i0> m() throws GeneralSecurityException, IOException {
        f33590e.g("Verifying signature.");
        ArrayList arrayList = new ArrayList();
        Certificate[] u = this.l.u();
        l(u);
        int length = LtvVerification.CertificateOption.WHOLE_CHAIN.equals(this.f) ? u.length : 1;
        int i = 0;
        while (i < length) {
            int i2 = i + 1;
            X509Certificate x509Certificate = (X509Certificate) u[i];
            X509Certificate x509Certificate2 = i2 < u.length ? (X509Certificate) u[i2] : null;
            f33590e.g(x509Certificate.getSubjectDN().getName());
            List<i0> b2 = b(x509Certificate, x509Certificate2, this.j);
            if (b2.size() == 0) {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    if (this.m && u.length > 1) {
                        b2.add(new i0(x509Certificate, getClass(), "Root certificate in final revision"));
                    }
                    if (b2.size() == 0 && this.g) {
                        throw new GeneralSecurityException();
                    }
                    if (u.length > 1) {
                        b2.add(new i0(x509Certificate, getClass(), "Root certificate passed without checking"));
                    }
                } catch (GeneralSecurityException unused) {
                    throw new VerificationException(x509Certificate, "Couldn't verify with CRL or OCSP or trusted anchor");
                }
            }
            arrayList.addAll(b2);
            i = i2;
        }
        j();
        return arrayList;
    }
}
