package com.itextpdf.text.pdf.security;

import F6.e;
import G6.d;
import H6.b;
import Y5.C0235h;
import com.itextpdf.text.log.Level;
import com.itextpdf.text.log.Logger;
import com.itextpdf.text.log.LoggerFactory;
import g1.C0778d;
import g6.C0788b;
import g6.j;
import java.math.BigInteger;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import l1.s;
import m6.C1292a;
import o3.C1336f;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.crypto.ExtendedDigest;
import p6.C1369a;
import p6.C1370b;
import p6.c;
import p6.g;
import w3.C1517c;

/* loaded from: classes2.dex */
public class OCSPVerifier extends RootStoreVerifier {
    protected static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OCSPVerifier.class);
    protected static final String id_kp_OCSPSigning = "1.3.6.1.5.5.7.3.9";
    protected List<C1369a> ocsps;

    public OCSPVerifier(CertificateVerifier certificateVerifier, List<C1369a> list) {
        super(certificateVerifier);
        this.ocsps = list;
    }

    public C1369a getOcspResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        C1369a basicOCSPResp;
        if ((x509Certificate == null && x509Certificate2 == null) || (basicOCSPResp = new OcspClientBouncyCastle().getBasicOCSPResp(x509Certificate, x509Certificate2, null)) == null) {
            return null;
        }
        for (C1336f c1336f : basicOCSPResp.b()) {
            if (c1336f.b() == null) {
                return basicOCSPResp;
            }
        }
        return null;
    }

    public boolean isSignatureValid(C1369a c1369a, Certificate certificate) {
        try {
            C1517c c1517c = new C1517c(2);
            c1517c.f18529b = new b(new C6.b("BC", 0));
            return c1369a.c(new C0778d(c1517c, certificate.getPublicKey(), 8, false));
        } catch (e | c unused) {
            return false;
        }
    }

    public void isValidResponse(C1369a c1369a, X509Certificate x509Certificate) {
        CRL crl;
        X509Certificate x509Certificate2 = isSignatureValid(c1369a, x509Certificate) ? x509Certificate : null;
        if (x509Certificate2 == null) {
            c1369a.a();
            n6.c[] a2 = c1369a.a();
            int length = a2.length;
            int i8 = 0;
            while (true) {
                if (i8 >= length) {
                    break;
                }
                n6.c cVar = a2[i8];
                try {
                    s sVar = new s(4);
                    sVar.f16560b = new n3.b(23);
                    X509Certificate a8 = sVar.a(cVar);
                    List<String> extendedKeyUsage = a8.getExtendedKeyUsage();
                    if (extendedKeyUsage != null && extendedKeyUsage.contains(id_kp_OCSPSigning) && isSignatureValid(c1369a, a8)) {
                        x509Certificate2 = a8;
                        break;
                    }
                } catch (CertificateParsingException | Exception unused) {
                }
                i8++;
            }
            if (x509Certificate2 == null) {
                throw new VerificationException(x509Certificate, "OCSP response could not be verified");
            }
        }
        x509Certificate2.verify(x509Certificate.getPublicKey());
        if (x509Certificate2.getExtensionValue(OCSPObjectIdentifiers.f17204c.f17070a) == null) {
            try {
                crl = CertificateUtil.getCRL(x509Certificate2);
            } catch (Exception unused2) {
                crl = null;
            }
            if (crl != null && (crl instanceof X509CRL)) {
                CRLVerifier cRLVerifier = new CRLVerifier(null, null);
                cRLVerifier.setRootStore(this.rootStore);
                cRLVerifier.setOnlineCheckingAllowed(this.onlineCheckingAllowed);
                cRLVerifier.verify((X509CRL) crl, x509Certificate2, x509Certificate, new Date());
                return;
            }
        }
        x509Certificate2.checkValidity();
    }

    @Override // com.itextpdf.text.pdf.security.RootStoreVerifier, com.itextpdf.text.pdf.security.CertificateVerifier
    public List<VerificationOK> verify(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) {
        int i8;
        ArrayList arrayList = new ArrayList();
        List<C1369a> list = this.ocsps;
        boolean z4 = false;
        if (list != null) {
            Iterator<C1369a> it = list.iterator();
            i8 = 0;
            while (it.hasNext()) {
                if (verify(it.next(), x509Certificate, x509Certificate2, date)) {
                    i8++;
                }
            }
        } else {
            i8 = 0;
        }
        if (this.onlineCheckingAllowed && i8 == 0 && verify(getOcspResponse(x509Certificate, x509Certificate2), x509Certificate, x509Certificate2, date)) {
            i8++;
            z4 = true;
        }
        LOGGER.info("Valid OCSPs found: " + i8);
        if (i8 > 0) {
            Class<?> cls = getClass();
            StringBuilder sb = new StringBuilder("Valid OCSPs Found: ");
            sb.append(i8);
            sb.append(z4 ? " (online)" : "");
            arrayList.add(new VerificationOK(x509Certificate, cls, sb.toString()));
        }
        CertificateVerifier certificateVerifier = this.verifier;
        if (certificateVerifier != null) {
            arrayList.addAll(certificateVerifier.verify(x509Certificate, x509Certificate2, date));
        }
        return arrayList;
    }

    public boolean verify(C1369a c1369a, X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) {
        Date x7;
        if (c1369a == null) {
            return false;
        }
        C1336f[] b8 = c1369a.b();
        for (int i8 = 0; i8 < b8.length; i8++) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            C1336f c1336f = b8[i8];
            c1336f.getClass();
            C0788b c0788b = ((j) c1336f.f16957b).f14234a;
            new C1370b(c0788b);
            if (serialNumber.equals(c0788b.f14216e.w())) {
                if (x509Certificate2 == null) {
                    x509Certificate2 = x509Certificate;
                }
                try {
                    C1336f c1336f2 = b8[i8];
                    c1336f2.getClass();
                    C1370b c1370b = new C1370b(((j) c1336f2.f16957b).f14234a);
                    n6.c cVar = new n6.c(x509Certificate2.getEncoded());
                    G6.c cVar2 = G6.c.f1430b;
                    C0788b c0788b2 = c1370b.f17554a;
                    try {
                        C1292a c1292a = c0788b2.f14213a;
                        ExtendedDigest d8 = cVar2.d(c1292a);
                        d dVar = new d(0);
                        dVar.f1432b = d8;
                        if (C1370b.a(new C0778d(7, c1292a, dVar), cVar, c0788b2.f14216e).equals(c0788b2)) {
                            C0235h c0235h = ((j) b8[i8].f16957b).f14237e;
                            if (c0235h == null) {
                                x7 = null;
                            } else {
                                n6.c[] cVarArr = g.f17560a;
                                try {
                                    x7 = c0235h.x();
                                } catch (Exception e8) {
                                    throw new IllegalStateException("exception processing GeneralizedTime: " + e8.getMessage());
                                }
                            }
                            if (x7 == null) {
                                C0235h c0235h2 = ((j) b8[i8].f16957b).f14236c;
                                n6.c[] cVarArr2 = g.f17560a;
                                try {
                                    x7 = new Date(c0235h2.x().getTime() + 180000);
                                    Logger logger = LOGGER;
                                    if (logger.isLogging(Level.INFO)) {
                                        logger.info(String.format("No 'next update' for OCSP Response; assuming %s", x7));
                                    }
                                } catch (Exception e9) {
                                    throw new IllegalStateException("exception processing GeneralizedTime: " + e9.getMessage());
                                }
                            }
                            if (date.after(x7)) {
                                Logger logger2 = LOGGER;
                                if (logger2.isLogging(Level.INFO)) {
                                    logger2.info(String.format("OCSP no longer valid: %s after %s", date, x7));
                                }
                            } else if (b8[i8].b() == null) {
                                isValidResponse(c1369a, x509Certificate2);
                                return true;
                            }
                        } else {
                            LOGGER.info("OCSP: Issuers doesn't match.");
                        }
                    } catch (e e10) {
                        throw new c("unable to create digest calculator: " + e10.getMessage(), e10);
                        break;
                    }
                } catch (c unused) {
                    continue;
                }
            }
        }
        return false;
    }

    @Deprecated
    public boolean verifyResponse(C1369a c1369a, X509Certificate x509Certificate) {
        try {
            isValidResponse(c1369a, x509Certificate);
            return true;
        } catch (Exception unused) {
            return false;
        }
    }
}
