package com.itextpdf.text.pdf.security;

import Ba.n;
import La.a;
import La.h;
import La.i;
import Oa.c;
import Pa.d;
import Pa.e;
import Pa.g;
import W9.C0587h;
import com.facebook.internal.C;
import com.itextpdf.text.error_messages.MessageLocalization;
import com.itextpdf.text.io.StreamUtil;
import com.itextpdf.text.log.Level;
import com.itextpdf.text.log.Logger;
import com.itextpdf.text.log.LoggerFactory;
import com.itextpdf.text.pdf.PdfEncryption;
import ib.b;
import j3.C2536d;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import jb.f;
import la.AbstractC2670p;
import la.C2660f;
import la.C2661g;
import la.C2669o;
import la.b0;
import lb.C2683c;
import org.bouncycastle.ocsp.RevokedStatus;

/* loaded from: classes4.dex */
public class OcspClientBouncyCastle implements OcspClient {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OcspClientBouncyCastle.class);
    private final OCSPVerifier verifier;

    @Deprecated
    public OcspClientBouncyCastle() {
        this.verifier = null;
    }

    public OcspClientBouncyCastle(OCSPVerifier oCSPVerifier) {
        this.verifier = oCSPVerifier;
    }

    /* JADX WARN: Type inference failed for: r2v0, types: [java.lang.Object, gb.a] */
    /* JADX WARN: Type inference failed for: r6v4, types: [Ba.n, la.m, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r7v2, types: [java.lang.Object, Pa.f] */
    /* JADX WARN: Type inference failed for: r7v3, types: [java.lang.Object, La.h] */
    /* JADX WARN: Type inference failed for: r7v7, types: [java.lang.Object, Pa.e] */
    private static e generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) throws d, IOException, f, CertificateEncodingException {
        Security.addProvider(new b());
        C2683c c2683c = new C2683c(new Object());
        a aVar = Pa.b.b;
        try {
            MessageDigest c = c2683c.c(aVar);
            C0587h c0587h = new C0587h(4);
            c0587h.c = c;
            Pa.b bVar = new Pa.b(new C(aVar, c0587h), new c(x509Certificate), bigInteger);
            ArrayList arrayList = new ArrayList();
            ?? obj = new Object();
            obj.f3642a = bVar;
            obj.b = null;
            arrayList.add(obj);
            C2669o c2669o = Ba.d.b;
            AbstractC2670p abstractC2670p = new AbstractC2670p(new AbstractC2670p(PdfEncryption.createDocumentId()).h());
            ?? obj2 = new Object();
            obj2.b = c2669o;
            obj2.c = false;
            obj2.f2367d = abstractC2670p;
            i iVar = new i(new h[]{obj2});
            Iterator it = arrayList.iterator();
            C2660f c2660f = new C2660f();
            while (it.hasNext()) {
                try {
                    Pa.f fVar = (Pa.f) it.next();
                    Ba.b bVar2 = fVar.f3642a.f3640a;
                    Ba.h hVar = new Ba.h(0);
                    hVar.c = bVar2;
                    hVar.f255d = fVar.b;
                    c2660f.a(hVar);
                } catch (Exception e2) {
                    throw new d("exception creating Request", e2);
                }
            }
            b0 b0Var = new b0(c2660f);
            ?? obj3 = new Object();
            obj3.b = n.f264g;
            obj3.c = null;
            obj3.f265d = b0Var;
            obj3.f266f = iVar;
            Ba.e eVar = new Ba.e(0);
            eVar.c = obj3;
            ?? obj4 = new Object();
            obj4.f3641a = eVar;
            return obj4;
        } catch (GeneralSecurityException e3) {
            throw new f("exception on setup: " + e3, e3);
        }
    }

    private g getOcspResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) throws GeneralSecurityException, d, IOException, f {
        if (x509Certificate == null || x509Certificate2 == null) {
            return null;
        }
        if (str == null) {
            str = CertificateUtil.getOCSPURL(x509Certificate);
        }
        if (str == null) {
            return null;
        }
        LOGGER.info("Getting OCSP from ".concat(str));
        e generateOCSPRequest = generateOCSPRequest(x509Certificate2, x509Certificate.getSerialNumber());
        generateOCSPRequest.getClass();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new C2536d(byteArrayOutputStream, 5).Q(generateOCSPRequest.f3641a);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
        httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
        httpURLConnection.setDoOutput(true);
        DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
        dataOutputStream.write(byteArray);
        dataOutputStream.flush();
        dataOutputStream.close();
        if (httpURLConnection.getResponseCode() / 100 == 2) {
            return new g(StreamUtil.inputStreamToArray((InputStream) httpURLConnection.getContent()));
        }
        throw new IOException(MessageLocalization.getComposedMessage("invalid.http.response.1", httpURLConnection.getResponseCode()));
    }

    public Pa.a getBasicOCSPResp(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        try {
            g ocspResponse = getOcspResponse(x509Certificate, x509Certificate2, str);
            if (ocspResponse == null) {
                return null;
            }
            C2661g c2661g = ocspResponse.f3643a.b.b;
            c2661g.getClass();
            if (new BigInteger(c2661g.b).intValue() != 0) {
                return null;
            }
            Pa.a aVar = (Pa.a) ocspResponse.a();
            OCSPVerifier oCSPVerifier = this.verifier;
            if (oCSPVerifier != null) {
                oCSPVerifier.isValidResponse(aVar, x509Certificate2);
            }
            return aVar;
        } catch (Exception e2) {
            Logger logger = LOGGER;
            if (logger.isLogging(Level.ERROR)) {
                logger.error(e2.getMessage());
            }
            return null;
        }
    }

    @Override // com.itextpdf.text.pdf.security.OcspClient
    public byte[] getEncoded(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        try {
            Pa.a basicOCSPResp = getBasicOCSPResp(x509Certificate, x509Certificate2, str);
            if (basicOCSPResp == null) {
                return null;
            }
            Pa.i[] c = basicOCSPResp.c();
            if (c.length != 1) {
                return null;
            }
            Pa.c n10 = c[0].n();
            if (n10 == null) {
                return basicOCSPResp.b();
            }
            if (n10 instanceof RevokedStatus) {
                throw new IOException(MessageLocalization.getComposedMessage("ocsp.status.is.revoked", new Object[0]));
            }
            throw new IOException(MessageLocalization.getComposedMessage("ocsp.status.is.unknown", new Object[0]));
        } catch (Exception e2) {
            Logger logger = LOGGER;
            if (!logger.isLogging(Level.ERROR)) {
                return null;
            }
            logger.error(e2.getMessage());
            return null;
        }
    }
}
