package com.itextpdf.signatures.validation.v1;

import com.itextpdf.commons.utils.DateTimeUtil;
import com.itextpdf.commons.utils.MessageFormatUtil;
import com.itextpdf.kernel.pdf.PdfArray;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfDocument;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.pdf.PdfStream;
import com.itextpdf.signatures.CertificateUtil;
import com.itextpdf.signatures.IssuingCertificateRetriever;
import com.itextpdf.signatures.PdfPKCS7;
import com.itextpdf.signatures.SignatureUtil;
import com.itextpdf.signatures.validation.v1.context.CertificateSource;
import com.itextpdf.signatures.validation.v1.context.TimeBasedContext;
import com.itextpdf.signatures.validation.v1.context.ValidationContext;
import com.itextpdf.signatures.validation.v1.context.ValidatorContext;
import com.itextpdf.signatures.validation.v1.report.ReportItem;
import com.itextpdf.signatures.validation.v1.report.ValidationReport;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import o.AbstractC3173l;

/* loaded from: classes3.dex */
class SignatureValidator {
    static final String CANNOT_PARSE_CERT_FROM_DSS = "Certificate {0} stored in DSS dictionary cannot be parsed.";
    static final String CANNOT_VERIFY_SIGNATURE = "Signature {0} cannot be mathematically verified.";
    static final String CANNOT_VERIFY_TIMESTAMP = "Signature timestamp attribute cannot be verified";
    static final String CERTS_FROM_DSS = "Certificates from DSS check.";
    static final String DOCUMENT_IS_NOT_COVERED = "Signature {0} doesn't cover entire document.";
    static final String SIGNATURE_VERIFICATION = "Signature verification check.";
    static final String TIMESTAMP_VERIFICATION = "Timestamp verification check.";
    private final ValidationContext baseValidationContext = new ValidationContext(ValidatorContext.SIGNATURE_VALIDATOR, CertificateSource.SIGNER_CERT, TimeBasedContext.PRESENT);
    private final CertificateChainValidator certificateChainValidator;
    private final IssuingCertificateRetriever certificateRetriever;
    private final PdfDocument document;
    private final SignatureValidationProperties properties;

    public SignatureValidator(PdfDocument pdfDocument, ValidatorChainBuilder validatorChainBuilder) {
        this.document = pdfDocument;
        this.certificateRetriever = validatorChainBuilder.getCertificateRetriever();
        this.properties = validatorChainBuilder.getProperties();
        this.certificateChainValidator = validatorChainBuilder.getCertificateChainValidator();
    }

    private List<Certificate> getCertificatesFromDss(ValidationReport validationReport) {
        PdfArray asArray;
        PdfDictionary asDictionary = this.document.getCatalog().getPdfObject().getAsDictionary(PdfName.DSS);
        ArrayList arrayList = new ArrayList();
        if (asDictionary != null && (asArray = asDictionary.getAsArray(PdfName.Certs)) != null) {
            for (int i4 = 0; i4 < asArray.size(); i4++) {
                PdfStream asStream = asArray.getAsStream(i4);
                try {
                    arrayList.add(CertificateUtil.generateCertificate(new ByteArrayInputStream(asStream.getBytes())));
                } catch (GeneralSecurityException e10) {
                    validationReport.addReportItem(new ReportItem(CERTS_FROM_DSS, MessageFormatUtil.format(CANNOT_PARSE_CERT_FROM_DSS, asStream), e10, ReportItem.ReportItemStatus.INFO));
                }
            }
        }
        return arrayList;
    }

    private PdfPKCS7 mathematicallyVerifySignature(ValidationReport validationReport) {
        SignatureUtil signatureUtil = new SignatureUtil(this.document);
        String str = (String) AbstractC3173l.g(1, signatureUtil.getSignatureNames());
        PdfPKCS7 readSignatureData = signatureUtil.readSignatureData(str);
        if (!signatureUtil.signatureCoversWholeDocument(str)) {
            validationReport.addReportItem(new ReportItem(SIGNATURE_VERIFICATION, MessageFormatUtil.format(DOCUMENT_IS_NOT_COVERED, str), ReportItem.ReportItemStatus.INVALID));
        }
        try {
            if (!readSignatureData.verifySignatureIntegrityAndAuthenticity()) {
                validationReport.addReportItem(new ReportItem(SIGNATURE_VERIFICATION, MessageFormatUtil.format(CANNOT_VERIFY_SIGNATURE, str), ReportItem.ReportItemStatus.INVALID));
            }
        } catch (GeneralSecurityException e10) {
            validationReport.addReportItem(new ReportItem(SIGNATURE_VERIFICATION, MessageFormatUtil.format(CANNOT_VERIFY_SIGNATURE, str), e10, ReportItem.ReportItemStatus.INVALID));
        }
        return readSignatureData;
    }

    private boolean stopValidation(ValidationReport validationReport, ValidationContext validationContext) {
        return (this.properties.getContinueAfterFailure(validationContext) || validationReport.getValidationResult() == ValidationReport.ValidationResult.VALID) ? false : true;
    }

    private ValidationReport validateTimestampChain(ValidationReport validationReport, Certificate[] certificateArr, X509Certificate x509Certificate) {
        this.certificateRetriever.addKnownCertificates(Arrays.asList(certificateArr));
        return this.certificateChainValidator.validate(validationReport, this.baseValidationContext.setCertificateSource(CertificateSource.TIMESTAMP), x509Certificate, DateTimeUtil.getCurrentTimeDate());
    }

    public ValidationReport validateLatestSignature() {
        ValidationReport validationReport = new ValidationReport();
        PdfPKCS7 mathematicallyVerifySignature = mathematicallyVerifySignature(validationReport);
        if (stopValidation(validationReport, this.baseValidationContext)) {
            return validationReport;
        }
        this.certificateRetriever.addKnownCertificates(getCertificatesFromDss(validationReport));
        if (mathematicallyVerifySignature.isTsp()) {
            return validateTimestampChain(validationReport, mathematicallyVerifySignature.getCertificates(), mathematicallyVerifySignature.getSigningCertificate());
        }
        Date currentTimeDate = DateTimeUtil.getCurrentTimeDate();
        if (mathematicallyVerifySignature.getTimeStampTokenInfo() != null) {
            try {
                if (!mathematicallyVerifySignature.verifyTimestampImprint()) {
                    validationReport.addReportItem(new ReportItem(TIMESTAMP_VERIFICATION, CANNOT_VERIFY_TIMESTAMP, ReportItem.ReportItemStatus.INVALID));
                }
            } catch (GeneralSecurityException e10) {
                validationReport.addReportItem(new ReportItem(TIMESTAMP_VERIFICATION, CANNOT_VERIFY_TIMESTAMP, e10, ReportItem.ReportItemStatus.INVALID));
            }
            if (stopValidation(validationReport, this.baseValidationContext)) {
                return validationReport;
            }
            Certificate[] timestampCertificates = mathematicallyVerifySignature.getTimestampCertificates();
            validateTimestampChain(validationReport, timestampCertificates, (X509Certificate) timestampCertificates[0]);
            if (stopValidation(validationReport, this.baseValidationContext)) {
                return validationReport;
            }
            currentTimeDate = mathematicallyVerifySignature.getTimeStampDate().getTime();
        }
        this.certificateRetriever.addKnownCertificates(Arrays.asList(mathematicallyVerifySignature.getCertificates()));
        return this.certificateChainValidator.validate(validationReport, this.baseValidationContext, mathematicallyVerifySignature.getSigningCertificate(), currentTimeDate);
    }
}
