package com.itextpdf.signatures;

import be.i0;
import com.google.android.gms.internal.auth.k2;
import com.google.firebase.perf.network.FirebasePerfUrlConnection;
import com.itextpdf.commons.utils.Base64;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.kernel.pdf.PdfEncryption;
import com.itextpdf.signatures.OID;
import com.itextpdf.signatures.exceptions.SignExceptionMessageConstant;
import e3.u;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.NoSuchElementException;
import md.n;
import rf.f;
import uc.d0;
import uc.e0;
import uc.h;
import uc.n1;
import uc.p1;
import uc.t1;
import uc.v;
import vd.a;
import vd.j;
import vd.m;
import ve.k;
import we.x;
import we.y;
import we.z;
import xd.c;
import xe.b;
import xe.c;
import xe.d;
import xe.g;
import yc.i;
import zd.b;
import zd.d;
import zd.e;
import zd.f;

/* loaded from: classes2.dex */
final class SignUtils {

    /* loaded from: classes2.dex */
    public static class TsaResponse {
        String encoding;
        InputStream tsaResponseStream;
    }

    public static Date add180Sec(Date date) {
        return new Date(date.getTime() + 180000);
    }

    public static boolean checkIfIssuersMatch(b bVar, X509Certificate x509Certificate) {
        c cVar = new c(x509Certificate.getEncoded());
        x xVar = x.f12153b;
        md.b bVar2 = bVar.f13099a;
        try {
            a aVar = bVar2.f8310a;
            return b.a(new y(aVar, new z(xVar.a(aVar))), cVar, bVar2.f8313q).equals(bVar2);
        } catch (k e10) {
            throw new d("unable to create digest calculator: " + e10.getMessage(), e10);
        }
    }

    public static cd.c createSigPolicyQualifiers(cd.b... bVarArr) {
        return new cd.c(bVarArr);
    }

    public static String dateToString(Calendar calendar) {
        return new SimpleDateFormat("yyyy.MM.dd HH:mm:ss z").format(calendar.getTime());
    }

    public static b generateCertificateId(X509Certificate x509Certificate, BigInteger bigInteger, v vVar) {
        g gVar = new g(new k2());
        a aVar = new a(vVar, n1.f11012i);
        try {
            return new b(new c.a(aVar, new d.a(gVar.c(aVar))), new yd.b(x509Certificate), bigInteger);
        } catch (GeneralSecurityException e10) {
            throw new k("exception on setup: " + e10, e10);
        }
    }

    public static b generateCertificateId(X509Certificate x509Certificate, BigInteger bigInteger, a aVar) {
        try {
            return new b(new c.a(aVar, new d.a(new g(new k2()).c(aVar))), new yd.b(x509Certificate), bigInteger);
        } catch (GeneralSecurityException e10) {
            throw new k("exception on setup: " + e10, e10);
        }
    }

    public static e generateOcspRequestWithNonce(b bVar) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new f(bVar));
        vd.k kVar = new vd.k(new j[]{new j(md.d.f8317b, new p1(new p1(PdfEncryption.generateNewDocumentId()).getEncoded()))});
        Iterator it = arrayList.iterator();
        h hVar = new h();
        while (it.hasNext()) {
            try {
                f fVar = (f) it.next();
                hVar.a(new md.h(fVar.f13102a.f13099a, fVar.f13103b));
            } catch (Exception e10) {
                throw new zd.d("exception creating Request", e10);
            }
        }
        return new e(new md.e(new n(new t1(hVar), kVar)));
    }

    public static Iterable<X509Certificate> getCertificates(final KeyStore keyStore) {
        final Enumeration<String> aliases = keyStore.aliases();
        return new Iterable<X509Certificate>() { // from class: com.itextpdf.signatures.SignUtils.1
            @Override // java.lang.Iterable
            public Iterator<X509Certificate> iterator() {
                return new Iterator<X509Certificate>() { // from class: com.itextpdf.signatures.SignUtils.1.1
                    private X509Certificate nextCert;

                    private void tryToGetNextCertificate() {
                        String str;
                        while (aliases.hasMoreElements()) {
                            try {
                                str = (String) aliases.nextElement();
                            } catch (KeyStoreException unused) {
                            }
                            if (keyStore.isCertificateEntry(str) || keyStore.isKeyEntry(str)) {
                                this.nextCert = (X509Certificate) keyStore.getCertificate(str);
                                return;
                            }
                        }
                    }

                    @Override // java.util.Iterator
                    public boolean hasNext() {
                        if (this.nextCert == null) {
                            tryToGetNextCertificate();
                        }
                        return this.nextCert != null;
                    }

                    @Override // java.util.Iterator
                    public X509Certificate next() {
                        if (!hasNext()) {
                            throw new NoSuchElementException();
                        }
                        X509Certificate x509Certificate = this.nextCert;
                        this.nextCert = null;
                        return x509Certificate;
                    }

                    @Override // java.util.Iterator
                    public void remove() {
                        throw new UnsupportedOperationException("remove");
                    }
                };
            }
        };
    }

    public static Iterable<X509Certificate> getCertsFromOcspResponse(zd.a aVar) {
        ArrayList arrayList = new ArrayList();
        xd.c[] a10 = aVar.a();
        yd.a aVar2 = new yd.a();
        for (xd.c cVar : a10) {
            try {
                arrayList.add(aVar2.a(cVar));
            } catch (Exception unused) {
            }
        }
        return arrayList;
    }

    public static byte[] getExtensionValueByOid(X509Certificate x509Certificate, String str) {
        return x509Certificate.getExtensionValue(str);
    }

    public static <T> T getFirstElement(Iterable<T> iterable) {
        return iterable.iterator().next();
    }

    public static InputStream getHttpResponse(URL url) {
        HttpURLConnection httpURLConnection = (HttpURLConnection) ((URLConnection) FirebasePerfUrlConnection.instrument(url.openConnection()));
        if (httpURLConnection.getResponseCode() / 100 == 2) {
            return (InputStream) httpURLConnection.getContent();
        }
        throw new PdfException(SignExceptionMessageConstant.INVALID_HTTP_RESPONSE).setMessageParams(Integer.valueOf(httpURLConnection.getResponseCode()));
    }

    public static InputStream getHttpResponseForOcspRequest(byte[] bArr, URL url) {
        HttpURLConnection httpURLConnection = (HttpURLConnection) ((URLConnection) FirebasePerfUrlConnection.instrument(url.openConnection()));
        httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
        httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
        httpURLConnection.setDoOutput(true);
        DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
        dataOutputStream.write(bArr);
        dataOutputStream.flush();
        dataOutputStream.close();
        if (httpURLConnection.getResponseCode() / 100 == 2) {
            return (InputStream) httpURLConnection.getContent();
        }
        throw new PdfException(SignExceptionMessageConstant.INVALID_HTTP_RESPONSE).setMessageParams(Integer.valueOf(httpURLConnection.getResponseCode()));
    }

    public static te.a getIssuerX509Name(d0 d0Var) {
        return new te.a(d0Var.H(0).d().getEncoded());
    }

    public static MessageDigest getMessageDigest(String str) {
        return new BouncyCastleDigest().getMessageDigest(str);
    }

    public static MessageDigest getMessageDigest(String str, IExternalDigest iExternalDigest) {
        return iExternalDigest.getMessageDigest(str);
    }

    public static MessageDigest getMessageDigest(String str, String str2) {
        return (str2 == null || str2.startsWith("SunPKCS11") || str2.startsWith("SunMSCAPI")) ? MessageDigest.getInstance(DigestAlgorithms.normalizeDigestName(str)) : MessageDigest.getInstance(str, str2);
    }

    public static String getPrivateKeyAlgorithm(PrivateKey privateKey) {
        String algorithm = privateKey.getAlgorithm();
        return algorithm.equals("EC") ? "ECDSA" : algorithm;
    }

    public static Signature getSignatureHelper(String str, String str2) {
        return str2 == null ? Signature.getInstance(str) : Signature.getInstance(str, str2);
    }

    public static Calendar getTimeStampDate(rf.f fVar) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.setTime(fVar.f10100c.f10104b);
        return gregorianCalendar;
    }

    public static TsaResponse getTsaResponseForUserRequest(String str, byte[] bArr, String str2, String str3) {
        try {
            URLConnection uRLConnection = (URLConnection) FirebasePerfUrlConnection.instrument(new URL(str).openConnection());
            uRLConnection.setDoInput(true);
            uRLConnection.setDoOutput(true);
            uRLConnection.setUseCaches(false);
            uRLConnection.setRequestProperty("Content-Type", "application/timestamp-query");
            uRLConnection.setRequestProperty("Content-Transfer-Encoding", "binary");
            if (str2 != null && !str2.equals("")) {
                uRLConnection.setRequestProperty("Authorization", "Basic " + Base64.encodeBytes(androidx.concurrent.futures.b.b(str2, ":", str3).getBytes(StandardCharsets.UTF_8), 8));
            }
            OutputStream outputStream = uRLConnection.getOutputStream();
            outputStream.write(bArr);
            outputStream.close();
            TsaResponse tsaResponse = new TsaResponse();
            tsaResponse.tsaResponseStream = uRLConnection.getInputStream();
            tsaResponse.encoding = uRLConnection.getContentEncoding();
            return tsaResponse;
        } catch (IOException unused) {
            throw new PdfException(SignExceptionMessageConstant.FAILED_TO_GET_TSA_RESPONSE).setMessageParams(str);
        }
    }

    @Deprecated
    public static boolean hasUnsupportedCriticalExtension(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("X509Certificate can't be null.");
        }
        if (!x509Certificate.hasUnsupportedCriticalExtension()) {
            return false;
        }
        Iterator<String> it = x509Certificate.getCriticalExtensionOIDs().iterator();
        while (it.hasNext()) {
            if (!OID.X509Extensions.SUPPORTED_CRITICAL_EXTENSIONS.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    public static void isSignatureValid(rf.f fVar, X509Certificate x509Certificate, String str) {
        if (str == null) {
            str = "BC";
        }
        be.n nVar = new be.n();
        ve.e eVar = new ve.e();
        xe.b bVar = new xe.b();
        bVar.f12280a = new g(new u(str));
        xe.a c10 = bVar.c(x509Certificate);
        xe.d dVar = new xe.d();
        dVar.f12289a = new g(new u(str));
        xe.c cVar = new xe.c(dVar);
        i0 i0Var = new i0(nVar, eVar, c10, cVar);
        f.a aVar = fVar.d;
        try {
            xd.c b10 = c10.b();
            ve.g a10 = cVar.a(aVar.b());
            OutputStream a11 = a10.a();
            a11.write(b10.getEncoded());
            a11.close();
            if (!sf.a.c(aVar.a(), a10.b())) {
                throw new rf.c("certificate hash does not match certID hash.");
            }
            dd.b bVar2 = aVar.f10102b;
            dd.a aVar2 = aVar.f10101a;
            if ((aVar2 != null ? aVar2.f3436i : bVar2.f3440p) != null) {
                i iVar = new i(b10.f12275a);
                if (!(aVar2 != null ? aVar2.f3436i : bVar2.f3440p).f11500i.u(iVar.f12566i)) {
                    throw new rf.c("certificate serial number does not match certID for signature.");
                }
                m[] mVarArr = (aVar2 != null ? aVar2.f3436i : bVar2.f3440p).f11499a.f11498a;
                int length = mVarArr.length;
                m[] mVarArr2 = new m[length];
                boolean z10 = false;
                System.arraycopy(mVarArr, 0, mVarArr2, 0, mVarArr.length);
                int i10 = 0;
                while (true) {
                    if (i10 == length) {
                        break;
                    }
                    m mVar = mVarArr2[i10];
                    if (mVar.f11497i == 4 && td.c.n(mVar.f11496a).equals(td.c.n(iVar.f12565a))) {
                        z10 = true;
                        break;
                    }
                    i10++;
                }
                if (!z10) {
                    throw new rf.c("certificate name does not match certID for signature. ");
                }
            }
            rf.b.a(b10);
            if (!b10.a(fVar.f10100c.f10104b)) {
                throw new rf.c("certificate not valid when time stamp created.");
            }
            if (!fVar.f10099b.d(i0Var)) {
                throw new rf.c("signature not created by certificate.");
            }
        } catch (be.e e10) {
            Exception exc = e10.f1084a;
            if (exc != null) {
                throw new rf.a(e10.getMessage(), exc);
            }
            throw new rf.a("CMS exception: " + e10, e10);
        } catch (IOException e11) {
            throw new rf.a("problem processing certificate: " + e11, e11);
        } catch (k e12) {
            throw new rf.a("unable to create digest: " + e12.getMessage(), e12);
        }
    }

    public static boolean isSignatureValid(zd.a aVar, Certificate certificate, String str) {
        ve.a c0181b;
        if (str == null) {
            str = "BC";
        }
        xe.b bVar = new xe.b();
        bVar.f12280a = new g(new u(str));
        PublicKey publicKey = certificate.getPublicKey();
        md.a aVar2 = aVar.f13096a;
        try {
            a aVar3 = aVar2.f8307i;
            if (aVar3.f11463a.u(jd.a.d)) {
                c0181b = xe.b.a(bVar, aVar3, publicKey);
            } else {
                if (publicKey instanceof le.a) {
                    ((le.a) publicKey).getClass();
                    throw null;
                }
                Signature d = bVar.d(aVar3, publicKey);
                Signature b10 = xe.b.b(bVar, aVar3, publicKey);
                c0181b = b10 != null ? new b.C0181b(d, b10) : new b.c(d);
            }
            OutputStream a10 = c0181b.a();
            a10.write(aVar2.f8306a.m("DER"));
            a10.close();
            return c0181b.b(aVar2.f8308p.H());
        } catch (Exception e10) {
            throw new zd.d("exception processing sig: " + e10, e10);
        }
    }

    public static CRL parseCrlFromStream(InputStream inputStream) {
        return CertificateFactory.getInstance("X.509").generateCRL(inputStream);
    }

    public static Collection<Certificate> readAllCerts(byte[] bArr) {
        ue.f i10;
        ue.e eVar = new ue.e();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        eVar.f11098p = byteArrayInputStream;
        eVar.f11096a = null;
        eVar.f11097i = 0;
        if (!byteArrayInputStream.markSupported()) {
            eVar.f11098p = new BufferedInputStream(eVar.f11098p);
        }
        ArrayList arrayList = new ArrayList();
        while (true) {
            try {
                e0 e0Var = eVar.f11096a;
                if (e0Var == null) {
                    eVar.f11098p.mark(10);
                    int read = eVar.f11098p.read();
                    if (read != -1) {
                        if (read != 48) {
                            eVar.f11098p.reset();
                            i10 = ue.e.j(eVar.f11098p);
                        } else {
                            eVar.f11098p.reset();
                            i10 = eVar.i(eVar.f11098p);
                        }
                    }
                    i10 = null;
                } else if (eVar.f11097i != e0Var.f10971a.length) {
                    i10 = eVar.h();
                } else {
                    eVar.f11096a = null;
                    eVar.f11097i = 0;
                    i10 = null;
                }
                if (i10 == null) {
                    return arrayList;
                }
                arrayList.add(i10);
            } catch (Exception e10) {
                throw new vf.a(e10.toString(), e10);
            }
        }
    }

    public static boolean verifyCertificateSignature(X509Certificate x509Certificate, PublicKey publicKey, String str) {
        try {
            if (str == null) {
                x509Certificate.verify(publicKey);
            } else {
                x509Certificate.verify(publicKey, str);
            }
            return true;
        } catch (Exception unused) {
            return false;
        }
    }
}
