package com.itextpdf.text.pdf.security;

import D1.v;
import Ja.C0385j;
import Jb.b;
import Jb.c;
import Q3.d;
import Za.k;
import com.itextpdf.text.log.Level;
import com.itextpdf.text.log.Logger;
import com.itextpdf.text.log.LoggerFactory;
import com.itextpdf.text.pdf.a;
import g0.C3205u;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import jb.C3431a;
import lb.C3510c;
import nb.C3621a;
import nb.C3622b;
import nb.h;
import rb.InterfaceC3804c;

/* loaded from: classes3.dex */
public class OCSPVerifier extends RootStoreVerifier {
    protected static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OCSPVerifier.class);
    protected static final String id_kp_OCSPSigning = "1.3.6.1.5.5.7.3.9";
    protected List<C3621a> ocsps;

    public OCSPVerifier(CertificateVerifier certificateVerifier, List<C3621a> list) {
        super(certificateVerifier);
        this.ocsps = list;
    }

    public C3621a getOcspResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        C3621a basicOCSPResp;
        if ((x509Certificate == null && x509Certificate2 == null) || (basicOCSPResp = new OcspClientBouncyCastle().getBasicOCSPResp(x509Certificate, x509Certificate2, null)) == null) {
            return null;
        }
        for (C3205u c3205u : basicOCSPResp.c()) {
            if (c3205u.q() == null) {
                return basicOCSPResp;
            }
        }
        return null;
    }

    public boolean isSignatureValid(C3621a c3621a, Certificate certificate) {
        try {
            b bVar = new b(0);
            bVar.f2321a = new c(new v("BC", 1));
            return c3621a.d(new d(bVar, false, certificate.getPublicKey(), 10));
        } catch (Hb.d | nb.d unused) {
            return false;
        }
    }

    public void isValidResponse(C3621a c3621a, X509Certificate x509Certificate) throws GeneralSecurityException, IOException {
        CRL crl;
        X509Certificate x509Certificate2 = isSignatureValid(c3621a, x509Certificate) ? x509Certificate : null;
        if (x509Certificate2 == null) {
            c3621a.a();
            C3510c[] a10 = c3621a.a();
            int length = a10.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    break;
                }
                C3510c c3510c = a10[i2];
                try {
                    C3205u c3205u = new C3205u(13, false);
                    c3205u.b = new Object();
                    X509Certificate s10 = c3205u.s(c3510c);
                    List<String> extendedKeyUsage = s10.getExtendedKeyUsage();
                    if (extendedKeyUsage != null && extendedKeyUsage.contains(id_kp_OCSPSigning) && isSignatureValid(c3621a, s10)) {
                        x509Certificate2 = s10;
                        break;
                    }
                } catch (CertificateParsingException | Exception unused) {
                }
                i2++;
            }
            if (x509Certificate2 == null) {
                throw new VerificationException(x509Certificate, "OCSP response could not be verified");
            }
        }
        x509Certificate2.verify(x509Certificate.getPublicKey());
        if (x509Certificate2.getExtensionValue(Za.d.f5023c.f2299a) == null) {
            try {
                crl = CertificateUtil.getCRL(x509Certificate2);
            } catch (Exception unused2) {
                crl = null;
            }
            if (crl != null && (crl instanceof X509CRL)) {
                CRLVerifier cRLVerifier = new CRLVerifier(null, null);
                cRLVerifier.setRootStore(this.rootStore);
                cRLVerifier.setOnlineCheckingAllowed(this.onlineCheckingAllowed);
                cRLVerifier.verify((X509CRL) crl, x509Certificate2, x509Certificate, new Date());
                return;
            }
        }
        x509Certificate2.checkValidity();
    }

    @Override // com.itextpdf.text.pdf.security.RootStoreVerifier, com.itextpdf.text.pdf.security.CertificateVerifier
    public List<VerificationOK> verify(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        int i2;
        ArrayList arrayList = new ArrayList();
        List<C3621a> list = this.ocsps;
        boolean z10 = false;
        if (list != null) {
            Iterator<C3621a> it = list.iterator();
            i2 = 0;
            while (it.hasNext()) {
                if (verify(it.next(), x509Certificate, x509Certificate2, date)) {
                    i2++;
                }
            }
        } else {
            i2 = 0;
        }
        if (this.onlineCheckingAllowed && i2 == 0 && verify(getOcspResponse(x509Certificate, x509Certificate2), x509Certificate, x509Certificate2, date)) {
            i2++;
            z10 = true;
        }
        LOGGER.info("Valid OCSPs found: " + i2);
        if (i2 > 0) {
            Class<?> cls = getClass();
            StringBuilder sb2 = new StringBuilder("Valid OCSPs Found: ");
            sb2.append(i2);
            sb2.append(z10 ? " (online)" : "");
            arrayList.add(new VerificationOK(x509Certificate, cls, sb2.toString()));
        }
        CertificateVerifier certificateVerifier = this.verifier;
        if (certificateVerifier != null) {
            arrayList.addAll(certificateVerifier.verify(x509Certificate, x509Certificate2, date));
        }
        return arrayList;
    }

    public boolean verify(C3621a c3621a, X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        Date o5;
        if (c3621a == null) {
            return false;
        }
        C3205u[] c10 = c3621a.c();
        for (int i2 = 0; i2 < c10.length; i2++) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            C3205u c3205u = c10[i2];
            c3205u.getClass();
            Za.b bVar = ((k) c3205u.b).f5035a;
            new C3622b(bVar);
            if (serialNumber.equals(bVar.f5020d.q())) {
                if (x509Certificate2 == null) {
                    x509Certificate2 = x509Certificate;
                }
                try {
                    C3205u c3205u2 = c10[i2];
                    c3205u2.getClass();
                    C3622b c3622b = new C3622b(((k) c3205u2.b).f5035a);
                    C3510c c3510c = new C3510c(x509Certificate2.getEncoded());
                    Ib.b bVar2 = Ib.b.b;
                    Za.b bVar3 = c3622b.f26090a;
                    try {
                        C3431a c3431a = bVar3.f5018a;
                        InterfaceC3804c a10 = bVar2.a(c3431a);
                        Ib.c cVar = new Ib.c(0);
                        cVar.b = a10;
                        if (C3622b.a(new d(9, c3431a, cVar), c3510c, bVar3.f5020d).equals(bVar3)) {
                            C0385j c0385j = ((k) c10[i2].b).f5037d;
                            if (c0385j == null) {
                                o5 = null;
                            } else {
                                C3510c[] c3510cArr = h.f26095a;
                                try {
                                    o5 = c0385j.o();
                                } catch (Exception e3) {
                                    throw new IllegalStateException(a.i(e3, new StringBuilder("exception processing GeneralizedTime: ")));
                                }
                            }
                            if (o5 == null) {
                                C0385j c0385j2 = ((k) c10[i2].b).f5036c;
                                C3510c[] c3510cArr2 = h.f26095a;
                                try {
                                    o5 = new Date(c0385j2.o().getTime() + 180000);
                                    Logger logger = LOGGER;
                                    if (logger.isLogging(Level.INFO)) {
                                        logger.info(String.format("No 'next update' for OCSP Response; assuming %s", o5));
                                    }
                                } catch (Exception e8) {
                                    throw new IllegalStateException(a.i(e8, new StringBuilder("exception processing GeneralizedTime: ")));
                                }
                            }
                            if (date.after(o5)) {
                                Logger logger2 = LOGGER;
                                if (logger2.isLogging(Level.INFO)) {
                                    logger2.info(String.format("OCSP no longer valid: %s after %s", date, o5));
                                }
                            } else if (c10[i2].q() == null) {
                                isValidResponse(c3621a, x509Certificate2);
                                return true;
                            }
                        } else {
                            LOGGER.info("OCSP: Issuers doesn't match.");
                        }
                    } catch (Hb.d e10) {
                        throw new nb.d("unable to create digest calculator: " + e10.getMessage(), e10);
                        break;
                    }
                } catch (nb.d unused) {
                    continue;
                }
            }
        }
        return false;
    }

    @Deprecated
    public boolean verifyResponse(C3621a c3621a, X509Certificate x509Certificate) {
        try {
            isValidResponse(c3621a, x509Certificate);
            return true;
        } catch (Exception unused) {
            return false;
        }
    }
}
