package com.lowagie.text.pdf;

import com.lowagie.text.ExceptionConverter;
import com.stripe.android.core.networking.NetworkConstantsKt;
import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Random;
import org.bouncycastle.asn1.ASN1ParsingException;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import vn.w;
import wm.a0;
import wm.l1;
import wm.p1;
import wm.u;
import wm.v;

/* loaded from: classes.dex */
public class OcspClientBouncyCastle implements OcspClient {
    private final X509Certificate checkCert;
    private final X509Certificate rootCert;
    private final String url;

    public OcspClientBouncyCastle(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        this.checkCert = x509Certificate;
        this.rootCert = x509Certificate2;
        this.url = str;
    }

    private static OCSPReq generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        Security.addProvider(bouncyCastleProvider);
        CertificateID certificateID = new CertificateID(new JcaDigestCalculatorProviderBuilder().setProvider(bouncyCastleProvider).build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate), bigInteger);
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        oCSPReqBuilder.addRequest(certificateID);
        w wVar = new w();
        byte[] bArr = new byte[16];
        new Random().nextBytes(bArr);
        u uVar = mn.d.f19233b;
        byte[] p5 = new l1(bArr).p();
        if (!wVar.f26144a.containsKey(uVar)) {
            wVar.f26145b.addElement(uVar);
            wVar.f26144a.put(uVar, new vn.u(uVar, new l1(p5)));
        } else {
            if (!w.f26143c.contains(uVar)) {
                throw new IllegalArgumentException(ab.a.d("extension ", uVar, " already added"));
            }
            a0 E = a0.E(v.C(((vn.u) wVar.f26144a.get(uVar)).f26136f).f27948c);
            a0 E2 = a0.E(p5);
            wm.h hVar = new wm.h(E2.size() + E.size());
            Enumeration J = E.J();
            while (J.hasMoreElements()) {
                hVar.a((wm.g) J.nextElement());
            }
            Enumeration J2 = E2.J();
            while (J2.hasMoreElements()) {
                hVar.a((wm.g) J2.nextElement());
            }
            try {
                wVar.f26144a.put(uVar, new vn.u(uVar, false, new p1(hVar).getEncoded()));
            } catch (IOException e10) {
                throw new ASN1ParsingException(e10.getMessage(), e10);
            }
        }
        vn.u[] uVarArr = new vn.u[wVar.f26145b.size()];
        for (int i10 = 0; i10 != wVar.f26145b.size(); i10++) {
            uVarArr[i10] = (vn.u) wVar.f26144a.get(wVar.f26145b.elementAt(i10));
        }
        oCSPReqBuilder.setRequestExtensions(new vn.v(uVarArr));
        return oCSPReqBuilder.build();
    }

    @Override // com.lowagie.text.pdf.OcspClient
    public byte[] getEncoded() {
        try {
            byte[] encoded = generateOCSPRequest(this.rootCert, this.checkCert.getSerialNumber()).getEncoded();
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.url).openConnection();
            httpURLConnection.setRequestProperty(NetworkConstantsKt.HEADER_CONTENT_TYPE, "application/ocsp-request");
            httpURLConnection.setRequestProperty(NetworkConstantsKt.HEADER_ACCEPT, "application/ocsp-response");
            httpURLConnection.setDoOutput(true);
            DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
            dataOutputStream.write(encoded);
            dataOutputStream.flush();
            dataOutputStream.close();
            if (httpURLConnection.getResponseCode() / 100 != 2) {
                throw new IOException(cg.a.a("invalid.http.response.1", httpURLConnection.getResponseCode()));
            }
            OCSPResp oCSPResp = new OCSPResp((InputStream) httpURLConnection.getContent());
            if (oCSPResp.getStatus() != 0) {
                throw new IOException(cg.a.a("invalid.status.1", oCSPResp.getStatus()));
            }
            BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
            if (basicOCSPResp != null) {
                SingleResp[] responses = basicOCSPResp.getResponses();
                if (responses.length == 1) {
                    CertificateStatus certStatus = responses[0].getCertStatus();
                    if (certStatus == null) {
                        return basicOCSPResp.getEncoded();
                    }
                    if (certStatus instanceof RevokedStatus) {
                        throw new IOException(cg.a.b("ocsp.status.is.revoked", null, null, null, null));
                    }
                    throw new IOException(cg.a.b("ocsp.status.is.unknown", null, null, null, null));
                }
            }
            return null;
        } catch (Exception e10) {
            throw new ExceptionConverter(e10);
        }
    }
}
