package com.itextpdf.text.pdf.security;

import com.itextpdf.text.log.Level;
import com.itextpdf.text.pdf.PRStream;
import com.itextpdf.text.pdf.PdfArray;
import com.itextpdf.text.pdf.PdfDictionary;
import com.itextpdf.text.pdf.PdfName;
import com.itextpdf.text.pdf.security.LtvVerification;
import com.itextpdf.text.pdf.w2;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;

/* compiled from: LtvVerifier.java */
/* loaded from: classes2.dex */
public class s extends z {

    /* renamed from: n, reason: collision with root package name */
    protected static final com.itextpdf.text.log.d f20798n = com.itextpdf.text.log.e.b(s.class);

    /* renamed from: e, reason: collision with root package name */
    protected LtvVerification.CertificateOption f20799e;

    /* renamed from: f, reason: collision with root package name */
    protected boolean f20800f;

    /* renamed from: g, reason: collision with root package name */
    protected w2 f20801g;

    /* renamed from: h, reason: collision with root package name */
    protected com.itextpdf.text.pdf.a f20802h;

    /* renamed from: i, reason: collision with root package name */
    protected Date f20803i;

    /* renamed from: j, reason: collision with root package name */
    protected String f20804j;

    /* renamed from: k, reason: collision with root package name */
    protected w f20805k;

    /* renamed from: l, reason: collision with root package name */
    protected boolean f20806l;

    /* renamed from: m, reason: collision with root package name */
    protected PdfDictionary f20807m;

    public s(w2 w2Var) throws GeneralSecurityException {
        super(null);
        this.f20799e = LtvVerification.CertificateOption.SIGNING_CERTIFICATE;
        this.f20800f = true;
        this.f20806l = true;
        this.f20801g = w2Var;
        com.itextpdf.text.pdf.a H = w2Var.H();
        this.f20802h = H;
        ArrayList<String> E = H.E();
        this.f20804j = E.get(E.size() - 1);
        this.f20803i = new Date();
        this.f20805k = d();
        com.itextpdf.text.log.d dVar = f20798n;
        if (dVar.a(Level.INFO)) {
            Object[] objArr = new Object[2];
            objArr[0] = this.f20805k.F() ? "document-level timestamp " : "";
            objArr[1] = this.f20804j;
            dVar.g(String.format("Checking %ssignature %s", objArr));
        }
    }

    @Override // com.itextpdf.text.pdf.security.z, com.itextpdf.text.pdf.security.f
    public List<h0> b(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        z zVar = new z(this.f20770a);
        zVar.c(this.f20845c);
        b bVar = new b(zVar, e());
        bVar.c(this.f20845c);
        bVar.a(this.f20806l || this.f20771b);
        t tVar = new t(bVar, f());
        tVar.c(this.f20845c);
        tVar.a(this.f20806l || this.f20771b);
        return tVar.b(x509Certificate, x509Certificate2, date);
    }

    protected w d() throws GeneralSecurityException {
        w o02 = this.f20802h.o0(this.f20804j);
        if (!this.f20802h.l0(this.f20804j)) {
            throw new VerificationException(null, "Signature doesn't cover whole document.");
        }
        com.itextpdf.text.log.d dVar = f20798n;
        dVar.g("The timestamp covers whole document.");
        if (!o02.P()) {
            throw new VerificationException(null, "The document was altered after the final signature was applied.");
        }
        dVar.g("The signed document has not been modified.");
        return o02;
    }

    public List<X509CRL> e() throws GeneralSecurityException, IOException {
        PdfArray asArray;
        ArrayList arrayList = new ArrayList();
        PdfDictionary pdfDictionary = this.f20807m;
        if (pdfDictionary == null || (asArray = pdfDictionary.getAsArray(PdfName.CRLS)) == null) {
            return arrayList;
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (int i7 = 0; i7 < asArray.size(); i7++) {
            arrayList.add((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(w2.J0((PRStream) asArray.getAsStream(i7)))));
        }
        return arrayList;
    }

    public List<BasicOCSPResp> f() throws IOException, GeneralSecurityException {
        PdfArray asArray;
        ArrayList arrayList = new ArrayList();
        PdfDictionary pdfDictionary = this.f20807m;
        if (pdfDictionary == null || (asArray = pdfDictionary.getAsArray(PdfName.OCSPS)) == null) {
            return arrayList;
        }
        for (int i7 = 0; i7 < asArray.size(); i7++) {
            OCSPResp oCSPResp = new OCSPResp(w2.J0((PRStream) asArray.getAsStream(i7)));
            if (oCSPResp.getStatus() == 0) {
                try {
                    arrayList.add((BasicOCSPResp) oCSPResp.getResponseObject());
                } catch (OCSPException e7) {
                    throw new GeneralSecurityException((Throwable) e7);
                }
            }
        }
        return arrayList;
    }

    public void g(LtvVerification.CertificateOption certificateOption) {
        this.f20799e = certificateOption;
    }

    public void h(f fVar) {
        this.f20770a = fVar;
    }

    public void i(boolean z6) {
        this.f20800f = z6;
    }

    public void j() throws IOException, GeneralSecurityException {
        com.itextpdf.text.log.d dVar = f20798n;
        dVar.g("Switching to previous revision.");
        this.f20806l = false;
        this.f20807m = this.f20801g.K().getAsDict(PdfName.DSS);
        Calendar z6 = this.f20805k.z();
        if (z6 == null) {
            z6 = this.f20805k.v();
        }
        this.f20803i = z6.getTime();
        ArrayList<String> E = this.f20802h.E();
        if (E.size() <= 1) {
            dVar.g("No signatures in revision");
            this.f20805k = null;
            return;
        }
        this.f20804j = E.get(E.size() - 2);
        w2 w2Var = new w2(this.f20802h.h(this.f20804j));
        this.f20801g = w2Var;
        com.itextpdf.text.pdf.a H = w2Var.H();
        this.f20802h = H;
        ArrayList<String> E2 = H.E();
        this.f20804j = E2.get(E2.size() - 1);
        this.f20805k = d();
        if (dVar.a(Level.INFO)) {
            Object[] objArr = new Object[2];
            objArr[0] = this.f20805k.F() ? "document-level timestamp " : "";
            objArr[1] = this.f20804j;
            dVar.g(String.format("Checking %ssignature %s", objArr));
        }
    }

    public List<h0> k(List<h0> list) throws IOException, GeneralSecurityException {
        if (list == null) {
            list = new ArrayList<>();
        }
        while (this.f20805k != null) {
            list.addAll(m());
        }
        return list;
    }

    public void l(Certificate[] certificateArr) throws GeneralSecurityException {
        for (int i7 = 0; i7 < certificateArr.length; i7++) {
            ((X509Certificate) certificateArr[i7]).checkValidity(this.f20803i);
            if (i7 > 0) {
                certificateArr[i7 - 1].verify(certificateArr[i7].getPublicKey());
            }
        }
        f20798n.g("All certificates are valid on " + this.f20803i.toString());
    }

    public List<h0> m() throws GeneralSecurityException, IOException {
        f20798n.g("Verifying signature.");
        ArrayList arrayList = new ArrayList();
        Certificate[] u6 = this.f20805k.u();
        l(u6);
        int length = LtvVerification.CertificateOption.WHOLE_CHAIN.equals(this.f20799e) ? u6.length : 1;
        int i7 = 0;
        while (i7 < length) {
            int i8 = i7 + 1;
            X509Certificate x509Certificate = (X509Certificate) u6[i7];
            X509Certificate x509Certificate2 = i8 < u6.length ? (X509Certificate) u6[i8] : null;
            f20798n.g(x509Certificate.getSubjectDN().getName());
            List<h0> b7 = b(x509Certificate, x509Certificate2, this.f20803i);
            if (b7.size() == 0) {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    if (this.f20806l && u6.length > 1) {
                        b7.add(new h0(x509Certificate, getClass(), "Root certificate in final revision"));
                    }
                    if (b7.size() == 0 && this.f20800f) {
                        throw new GeneralSecurityException();
                    }
                    if (u6.length > 1) {
                        b7.add(new h0(x509Certificate, getClass(), "Root certificate passed without checking"));
                    }
                } catch (GeneralSecurityException unused) {
                    throw new VerificationException(x509Certificate, "Couldn't verify with CRL or OCSP or trusted anchor");
                }
            }
            arrayList.addAll(b7);
            i7 = i8;
        }
        j();
        return arrayList;
    }
}
