package com.itextpdf.signatures;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.cert.ocsp.OCSPException;

/* loaded from: classes3.dex */
public class v extends g0 {

    /* renamed from: e, reason: collision with root package name */
    protected static final org.slf4j.c f41853e = org.slf4j.d.i(v.class);

    /* renamed from: f, reason: collision with root package name */
    protected static final String f41854f = "1.3.6.1.5.5.7.3.9";

    /* renamed from: d, reason: collision with root package name */
    protected List<org.bouncycastle.cert.ocsp.a> f41855d;

    public v(f fVar, List<org.bouncycastle.cert.ocsp.a> list) {
        super(fVar);
        this.f41855d = list;
    }

    @Override // com.itextpdf.signatures.g0, com.itextpdf.signatures.f
    public List<n0> b(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        int i10;
        ArrayList arrayList = new ArrayList();
        List<org.bouncycastle.cert.ocsp.a> list = this.f41855d;
        boolean z10 = false;
        if (list != null) {
            Iterator<org.bouncycastle.cert.ocsp.a> it = list.iterator();
            i10 = 0;
            while (it.hasNext()) {
                if (h(it.next(), x509Certificate, x509Certificate2, date)) {
                    i10++;
                }
            }
        } else {
            i10 = 0;
        }
        if (this.f41754b && i10 == 0 && h(d(x509Certificate, x509Certificate2), x509Certificate, x509Certificate2, date)) {
            i10++;
            z10 = true;
        }
        f41853e.n0("Valid OCSPs found: " + i10);
        if (i10 > 0) {
            Class<?> cls = getClass();
            StringBuilder sb2 = new StringBuilder();
            sb2.append("Valid OCSPs Found: ");
            sb2.append(i10);
            sb2.append(z10 ? " (online)" : "");
            arrayList.add(new n0(x509Certificate, cls, sb2.toString()));
        }
        f fVar = this.f41753a;
        if (fVar != null) {
            arrayList.addAll(fVar.b(x509Certificate, x509Certificate2, date));
        }
        return arrayList;
    }

    public org.bouncycastle.cert.ocsp.a d(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        org.bouncycastle.cert.ocsp.a c10;
        if ((x509Certificate == null && x509Certificate2 == null) || (c10 = new x(null).c(x509Certificate, x509Certificate2, null)) == null) {
            return null;
        }
        for (org.bouncycastle.cert.ocsp.n nVar : c10.h()) {
            if (nVar.b() == org.bouncycastle.cert.ocsp.d.f98538a) {
                return c10;
            }
        }
        return null;
    }

    public boolean e(org.bouncycastle.cert.ocsp.a aVar, Certificate certificate) {
        try {
            return i0.x(aVar, certificate, "BC");
        } catch (Exception unused) {
            return false;
        }
    }

    @Deprecated
    public void f(org.bouncycastle.cert.ocsp.a aVar, X509Certificate x509Certificate) throws GeneralSecurityException, IOException {
        g(aVar, x509Certificate, com.itextpdf.io.util.b.d());
    }

    public void g(org.bouncycastle.cert.ocsp.a aVar, X509Certificate x509Certificate, Date date) throws GeneralSecurityException {
        CRL crl;
        X509Certificate x509Certificate2 = null;
        X509Certificate x509Certificate3 = e(aVar, x509Certificate) ? x509Certificate : null;
        if (x509Certificate3 == null) {
            if (aVar.a() == null) {
                KeyStore keyStore = this.f41757c;
                if (keyStore != null) {
                    try {
                        for (X509Certificate x509Certificate4 : i0.h(keyStore)) {
                            if (e(aVar, x509Certificate4)) {
                                x509Certificate2 = x509Certificate4;
                                break;
                            }
                        }
                    } catch (Exception unused) {
                    }
                }
                x509Certificate2 = x509Certificate3;
                if (x509Certificate2 == null) {
                    throw new VerificationException(x509Certificate, "OCSP response could not be verified: it does not contain certificate chain and response is not signed by issuer certificate or any from the root store.");
                }
                return;
            }
            Iterator<X509Certificate> it = i0.i(aVar).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                X509Certificate next = it.next();
                try {
                    List<String> extendedKeyUsage = next.getExtendedKeyUsage();
                    if (extendedKeyUsage != null && extendedKeyUsage.contains(f41854f) && e(aVar, next)) {
                        x509Certificate3 = next;
                        break;
                    }
                } catch (CertificateParsingException unused2) {
                }
            }
            if (x509Certificate3 == null) {
                throw new VerificationException(x509Certificate, "OCSP response could not be verified");
            }
            x509Certificate3.verify(x509Certificate.getPublicKey());
            x509Certificate3.checkValidity(date);
            if (x509Certificate3.getExtensionValue(org.bouncycastle.asn1.ocsp.e.f97258f.A()) == null) {
                try {
                    crl = d.b(x509Certificate3);
                } catch (Exception unused3) {
                    crl = null;
                }
                if (crl == null || !(crl instanceof X509CRL)) {
                    org.slf4j.d.i(v.class).f("Authorized OCSP responder certificate revocation status cannot be checked");
                    return;
                }
                b bVar = new b(null, null);
                bVar.c(this.f41757c);
                bVar.a(this.f41754b);
                if (!bVar.f((X509CRL) crl, x509Certificate3, x509Certificate, date)) {
                    throw new VerificationException(x509Certificate, "Authorized OCSP responder certificate was revoked.");
                }
            }
        }
    }

    public boolean h(org.bouncycastle.cert.ocsp.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        if (aVar == null) {
            return false;
        }
        org.bouncycastle.cert.ocsp.n[] h10 = aVar.h();
        for (int i10 = 0; i10 < h10.length; i10++) {
            if (x509Certificate.getSerialNumber().equals(h10[i10].a().f())) {
                if (x509Certificate2 == null) {
                    x509Certificate2 = x509Certificate;
                }
                try {
                    if (i0.b(h10[i10].a(), x509Certificate2)) {
                        if (h10[i10].f() == null) {
                            Date a10 = i0.a(h10[i10].h());
                            org.slf4j.c cVar = f41853e;
                            cVar.n0(com.itextpdf.io.util.n.a("No 'next update' for OCSP Response; assuming {0}", a10));
                            if (date.after(a10)) {
                                cVar.n0(com.itextpdf.io.util.n.a("OCSP no longer valid: {0} after {1}", date, a10));
                            }
                        } else if (date.after(h10[i10].f())) {
                            f41853e.n0(com.itextpdf.io.util.n.a("OCSP no longer valid: {0} after {1}", date, h10[i10].f()));
                        }
                        if (h10[i10].b() == org.bouncycastle.cert.ocsp.d.f98538a) {
                            g(aVar, x509Certificate2, date);
                            return true;
                        }
                    } else {
                        f41853e.n0("OCSP: Issuers doesn't match.");
                    }
                } catch (OCSPException unused) {
                    continue;
                }
            }
        }
        return false;
    }
}
