package com.itextpdf.text.pdf.security;

import java.io.IOException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;

/* compiled from: CRLVerifier.java */
/* loaded from: classes2.dex */
public class b extends z {

    /* renamed from: f, reason: collision with root package name */
    protected static final com.itextpdf.text.log.d f23035f = com.itextpdf.text.log.e.b(b.class);

    /* renamed from: e, reason: collision with root package name */
    List<X509CRL> f23036e;

    public b(f fVar, List<X509CRL> list) {
        super(fVar);
        this.f23036e = list;
    }

    @Override // com.itextpdf.text.pdf.security.z, com.itextpdf.text.pdf.security.f
    public List<h0> b(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        int i7;
        ArrayList arrayList = new ArrayList();
        List<X509CRL> list = this.f23036e;
        boolean z6 = false;
        if (list != null) {
            Iterator<X509CRL> it = list.iterator();
            i7 = 0;
            while (it.hasNext()) {
                if (f(it.next(), x509Certificate, x509Certificate2, date)) {
                    i7++;
                }
            }
        } else {
            i7 = 0;
        }
        if (this.f23084b && i7 == 0 && f(d(x509Certificate, x509Certificate2), x509Certificate, x509Certificate2, date)) {
            i7++;
            z6 = true;
        }
        f23035f.g("Valid CRLs found: " + i7);
        if (i7 > 0) {
            Class<?> cls = getClass();
            StringBuilder sb = new StringBuilder();
            sb.append("Valid CRLs found: ");
            sb.append(i7);
            sb.append(z6 ? " (online)" : "");
            arrayList.add(new h0(x509Certificate, cls, sb.toString()));
        }
        f fVar = this.f23083a;
        if (fVar != null) {
            arrayList.addAll(fVar.b(x509Certificate, x509Certificate2, date));
        }
        return arrayList;
    }

    public X509CRL d(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            String c7 = d.c(x509Certificate);
            if (c7 == null) {
                return null;
            }
            f23035f.g("Getting CRL from " + c7);
            return (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new URL(c7).openStream());
        } catch (IOException | GeneralSecurityException unused) {
            return null;
        }
    }

    public boolean e(X509CRL x509crl, X509Certificate x509Certificate) {
        if (x509Certificate != null) {
            try {
                x509crl.verify(x509Certificate.getPublicKey());
                return true;
            } catch (GeneralSecurityException unused) {
                f23035f.h("CRL not issued by the same authority as the certificate that is being checked");
            }
        }
        KeyStore keyStore = this.f23158c;
        if (keyStore == null) {
            return false;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.f23158c.isCertificateEntry(nextElement)) {
                    x509crl.verify(((X509Certificate) this.f23158c.getCertificate(nextElement)).getPublicKey());
                    return true;
                }
            }
        } catch (GeneralSecurityException unused2) {
        }
        return false;
    }

    public boolean f(X509CRL x509crl, X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException {
        if (x509crl != null && date != null && x509crl.getIssuerX500Principal().equals(x509Certificate.getIssuerX500Principal()) && date.after(x509crl.getThisUpdate()) && date.before(x509crl.getNextUpdate())) {
            if (e(x509crl, x509Certificate2) && x509crl.isRevoked(x509Certificate)) {
                throw new VerificationException(x509Certificate, "The certificate has been revoked.");
            }
            return true;
        }
        return false;
    }
}
