package com.itextpdf.text.pdf.security;

import com.itextpdf.text.pdf.PRStream;
import com.itextpdf.text.pdf.PdfArray;
import com.itextpdf.text.pdf.PdfDictionary;
import com.itextpdf.text.pdf.PdfName;
import com.itextpdf.text.pdf.l;
import com.itextpdf.text.pdf.security.LtvVerification;
import ij.d0;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import org.spongycastle.cert.ocsp.BasicOCSPResp;
import org.spongycastle.cert.ocsp.OCSPException;
import org.spongycastle.cert.ocsp.OCSPResp;

/* loaded from: classes4.dex */
public class b extends e {

    /* renamed from: n, reason: collision with root package name */
    public static final ri.d f37645n = ri.e.b(b.class);

    /* renamed from: e, reason: collision with root package name */
    public LtvVerification.CertificateOption f37646e;

    /* renamed from: f, reason: collision with root package name */
    public boolean f37647f;

    /* renamed from: g, reason: collision with root package name */
    public l f37648g;

    /* renamed from: h, reason: collision with root package name */
    public com.itextpdf.text.pdf.a f37649h;

    /* renamed from: i, reason: collision with root package name */
    public Date f37650i;

    /* renamed from: j, reason: collision with root package name */
    public String f37651j;

    /* renamed from: k, reason: collision with root package name */
    public d f37652k;

    /* renamed from: l, reason: collision with root package name */
    public boolean f37653l;

    /* renamed from: m, reason: collision with root package name */
    public PdfDictionary f37654m;

    public b(l lVar) throws GeneralSecurityException {
        super(null);
        this.f37646e = LtvVerification.CertificateOption.SIGNING_CERTIFICATE;
        this.f37647f = true;
        this.f37653l = true;
        this.f37648g = lVar;
        com.itextpdf.text.pdf.a C = lVar.C();
        this.f37649h = C;
        ArrayList<String> E = C.E();
        this.f37651j = E.get(E.size() - 1);
        this.f37650i = new Date();
        d d11 = d();
        this.f37652k = d11;
        f37645n.info(String.format("Checking %ssignature %s", d11.F() ? "document-level timestamp " : "", this.f37651j));
    }

    @Override // com.itextpdf.text.pdf.security.e, ij.e
    public List<d0> b(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        e eVar = new e(this.f51151a);
        eVar.f37685c = this.f37685c;
        a aVar = new a(eVar, e());
        aVar.f37685c = this.f37685c;
        boolean z11 = true;
        aVar.f51152b = this.f37653l || this.f51152b;
        c cVar = new c(aVar, f());
        cVar.f37685c = this.f37685c;
        if (!this.f37653l && !this.f51152b) {
            z11 = false;
        }
        cVar.f51152b = z11;
        return cVar.b(x509Certificate, x509Certificate2, date);
    }

    public d d() throws GeneralSecurityException {
        d o02 = this.f37649h.o0(this.f37651j);
        if (!this.f37649h.l0(this.f37651j)) {
            throw new VerificationException(null, "Signature doesn't cover whole document.");
        }
        ri.d dVar = f37645n;
        dVar.info("The timestamp covers whole document.");
        if (!o02.P()) {
            throw new VerificationException(null, "The document was altered after the final signature was applied.");
        }
        dVar.info("The signed document has not been modified.");
        return o02;
    }

    public List<X509CRL> e() throws GeneralSecurityException, IOException {
        PdfArray asArray;
        ArrayList arrayList = new ArrayList();
        PdfDictionary pdfDictionary = this.f37654m;
        if (pdfDictionary == null || (asArray = pdfDictionary.getAsArray(PdfName.CRLS)) == null) {
            return arrayList;
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (int i11 = 0; i11 < asArray.size(); i11++) {
            arrayList.add((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(l.D0((PRStream) asArray.getAsStream(i11)))));
        }
        return arrayList;
    }

    public List<BasicOCSPResp> f() throws IOException, GeneralSecurityException {
        PdfArray asArray;
        ArrayList arrayList = new ArrayList();
        PdfDictionary pdfDictionary = this.f37654m;
        if (pdfDictionary == null || (asArray = pdfDictionary.getAsArray(PdfName.OCSPS)) == null) {
            return arrayList;
        }
        for (int i11 = 0; i11 < asArray.size(); i11++) {
            OCSPResp oCSPResp = new OCSPResp(l.D0((PRStream) asArray.getAsStream(i11)));
            if (oCSPResp.getStatus() == 0) {
                try {
                    arrayList.add((BasicOCSPResp) oCSPResp.getResponseObject());
                } catch (OCSPException e11) {
                    throw new GeneralSecurityException((Throwable) e11);
                }
            }
        }
        return arrayList;
    }

    public void g(LtvVerification.CertificateOption certificateOption) {
        this.f37646e = certificateOption;
    }

    public void h(ij.e eVar) {
        this.f51151a = eVar;
    }

    public void i(boolean z11) {
        this.f37647f = z11;
    }

    public void j() throws IOException, GeneralSecurityException {
        ri.d dVar = f37645n;
        dVar.info("Switching to previous revision.");
        this.f37653l = false;
        this.f37654m = this.f37648g.F().getAsDict(PdfName.DSS);
        Calendar z11 = this.f37652k.z();
        if (z11 == null) {
            z11 = this.f37652k.v();
        }
        this.f37650i = z11.getTime();
        ArrayList<String> E = this.f37649h.E();
        if (E.size() <= 1) {
            dVar.info("No signatures in revision");
            this.f37652k = null;
            return;
        }
        this.f37651j = E.get(E.size() - 2);
        l lVar = new l(this.f37649h.h(this.f37651j), (byte[]) null);
        this.f37648g = lVar;
        com.itextpdf.text.pdf.a C = lVar.C();
        this.f37649h = C;
        ArrayList<String> E2 = C.E();
        this.f37651j = E2.get(E2.size() - 1);
        d d11 = d();
        this.f37652k = d11;
        dVar.info(String.format("Checking %ssignature %s", d11.F() ? "document-level timestamp " : "", this.f37651j));
    }

    public List<d0> k(List<d0> list) throws IOException, GeneralSecurityException {
        if (list == null) {
            list = new ArrayList<>();
        }
        while (this.f37652k != null) {
            list.addAll(m());
        }
        return list;
    }

    public void l(Certificate[] certificateArr) throws GeneralSecurityException {
        for (int i11 = 0; i11 < certificateArr.length; i11++) {
            ((X509Certificate) certificateArr[i11]).checkValidity(this.f37650i);
            if (i11 > 0) {
                certificateArr[i11 - 1].verify(certificateArr[i11].getPublicKey());
            }
        }
        f37645n.info("All certificates are valid on " + this.f37650i.toString());
    }

    public List<d0> m() throws GeneralSecurityException, IOException {
        f37645n.info("Verifying signature.");
        ArrayList arrayList = new ArrayList();
        Certificate[] u11 = this.f37652k.u();
        l(u11);
        int length = LtvVerification.CertificateOption.WHOLE_CHAIN.equals(this.f37646e) ? u11.length : 1;
        int i11 = 0;
        while (i11 < length) {
            int i12 = i11 + 1;
            X509Certificate x509Certificate = (X509Certificate) u11[i11];
            X509Certificate x509Certificate2 = i12 < u11.length ? (X509Certificate) u11[i12] : null;
            f37645n.info(x509Certificate.getSubjectDN().getName());
            List<d0> b11 = b(x509Certificate, x509Certificate2, this.f37650i);
            if (b11.size() == 0) {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    if (this.f37653l && u11.length > 1) {
                        b11.add(new d0(x509Certificate, getClass(), "Root certificate in final revision"));
                    }
                    if (b11.size() == 0 && this.f37647f) {
                        throw new GeneralSecurityException();
                    }
                    if (u11.length > 1) {
                        b11.add(new d0(x509Certificate, getClass(), "Root certificate passed without checking"));
                    }
                } catch (GeneralSecurityException unused) {
                    throw new VerificationException(x509Certificate, "Couldn't verify with CRL or OCSP or trusted anchor");
                }
            }
            arrayList.addAll(b11);
            i11 = i12;
        }
        j();
        return arrayList;
    }
}
