package com.itextpdf.signatures;

import a30.e;
import com.itextpdf.commons.utils.DateTimeUtil;
import com.itextpdf.signatures.exceptions.SignExceptionMessageConstant;
import com.itextpdf.signatures.logs.SignLogMessageConstant;
import f10.a;
import java.security.KeyStore;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import q30.b;
import q30.c;

/* loaded from: classes4.dex */
public class CertificateVerification {
    public static final String CERTIFICATE_REVOKED = "Certificate revoked";
    public static final String HAS_UNSUPPORTED_EXTENSIONS = "Has unsupported critical extension";
    private static final b LOGGER = c.i(CertificateVerification.class);

    private static void logExceptionMessages(List<Exception> list) {
        for (Exception exc : list) {
            LOGGER.a(exc.getMessage() == null ? SignLogMessageConstant.EXCEPTION_WITHOUT_MESSAGE : exc.getMessage(), exc);
        }
    }

    public static String verifyCertificate(X509Certificate x509Certificate, Collection<CRL> collection) {
        return verifyCertificate(x509Certificate, collection, DateTimeUtil.getCurrentTimeCalendar());
    }

    public static String verifyCertificate(X509Certificate x509Certificate, Collection<CRL> collection, Calendar calendar) {
        if (SignUtils.hasUnsupportedCriticalExtension(x509Certificate)) {
            return HAS_UNSUPPORTED_EXTENSIONS;
        }
        try {
            x509Certificate.checkValidity(calendar.getTime());
            if (collection == null) {
                return null;
            }
            Iterator<CRL> it = collection.iterator();
            while (it.hasNext()) {
                if (it.next().isRevoked(x509Certificate)) {
                    return CERTIFICATE_REVOKED;
                }
            }
            return null;
        } catch (Exception e11) {
            return e11.getMessage();
        }
    }

    public static List<VerificationException> verifyCertificates(Certificate[] certificateArr, KeyStore keyStore) {
        return verifyCertificates(certificateArr, keyStore, DateTimeUtil.getCurrentTimeCalendar());
    }

    public static List<VerificationException> verifyCertificates(Certificate[] certificateArr, KeyStore keyStore, Calendar calendar) {
        return verifyCertificates(certificateArr, keyStore, null, calendar);
    }

    public static List<VerificationException> verifyCertificates(Certificate[] certificateArr, KeyStore keyStore, Collection<CRL> collection) {
        return verifyCertificates(certificateArr, keyStore, collection, DateTimeUtil.getCurrentTimeCalendar());
    }

    public static List<VerificationException> verifyCertificates(Certificate[] certificateArr, KeyStore keyStore, Collection<CRL> collection, Calendar calendar) {
        ArrayList arrayList = new ArrayList();
        for (int i11 = 0; i11 < certificateArr.length; i11++) {
            X509Certificate x509Certificate = (X509Certificate) certificateArr[i11];
            String verifyCertificate = verifyCertificate(x509Certificate, collection, calendar);
            if (verifyCertificate != null) {
                arrayList.add(new VerificationException(x509Certificate, verifyCertificate));
            }
            try {
                for (X509Certificate x509Certificate2 : SignUtils.getCertificates(keyStore)) {
                    if (verifyCertificate(x509Certificate2, collection, calendar) == null) {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                        return arrayList;
                    }
                }
            } catch (Exception unused) {
            }
            int i12 = 0;
            while (i12 < certificateArr.length) {
                if (i12 != i11) {
                    try {
                        x509Certificate.verify(((X509Certificate) certificateArr[i12]).getPublicKey());
                        break;
                    } catch (Exception unused2) {
                        continue;
                    }
                }
                i12++;
            }
            if (i12 == certificateArr.length) {
                arrayList.add(new VerificationException(x509Certificate, SignExceptionMessageConstant.CANNOT_BE_VERIFIED_CERTIFICATE_CHAIN));
            }
        }
        if (arrayList.size() == 0) {
            arrayList.add(new VerificationException(null, SignExceptionMessageConstant.INVALID_STATE_WHILE_CHECKING_CERT_CHAIN));
        }
        return arrayList;
    }

    public static boolean verifyOcspCertificates(a aVar, KeyStore keyStore, String str) {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<X509Certificate> it = SignUtils.getCertificates(keyStore).iterator();
            while (it.hasNext()) {
                try {
                } catch (Exception e11) {
                    arrayList.add(e11);
                }
                if (SignUtils.isSignatureValid(aVar, it.next(), str)) {
                    return true;
                }
            }
        } catch (Exception e12) {
            arrayList.add(e12);
        }
        logExceptionMessages(arrayList);
        return false;
    }

    public static boolean verifyTimestampCertificates(e eVar, KeyStore keyStore, String str) {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<X509Certificate> it = SignUtils.getCertificates(keyStore).iterator();
            while (it.hasNext()) {
                try {
                    SignUtils.isSignatureValid(eVar, it.next(), str);
                    return true;
                } catch (Exception e11) {
                    arrayList.add(e11);
                }
            }
        } catch (Exception e12) {
            arrayList.add(e12);
        }
        logExceptionMessages(arrayList);
        return false;
    }
}
