package com.itextpdf.text.pdf.security;

import R4.C0178j;
import T5.c;
import c1.e;
import com.itextpdf.text.log.Level;
import com.itextpdf.text.log.Logger;
import com.itextpdf.text.log.LoggerFactory;
import j5.d;
import j5.k;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import l0.C1055a;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.operator.OperatorCreationException;
import s1.C1212e;
import t5.C1247a;
import v5.C1435b;
import x5.C1586a;
import x5.C1587b;
import x5.f;

/* loaded from: classes4.dex */
public class OCSPVerifier extends RootStoreVerifier {
    protected static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OCSPVerifier.class);
    protected static final String id_kp_OCSPSigning = "1.3.6.1.5.5.7.3.9";
    protected List<C1586a> ocsps;

    public OCSPVerifier(CertificateVerifier certificateVerifier, List<C1586a> list) {
        super(certificateVerifier);
        this.ocsps = list;
    }

    public C1586a getOcspResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        C1586a basicOCSPResp;
        if ((x509Certificate == null && x509Certificate2 == null) || (basicOCSPResp = new OcspClientBouncyCastle().getBasicOCSPResp(x509Certificate, x509Certificate2, null)) == null) {
            return null;
        }
        for (C1055a c1055a : basicOCSPResp.b()) {
            if (c1055a.c() == null) {
                return basicOCSPResp;
            }
        }
        return null;
    }

    public boolean isSignatureValid(C1586a c1586a, Certificate certificate) {
        try {
            T5.b bVar = new T5.b(0);
            bVar.f2220a = new c(new O5.c("BC", 0));
            return c1586a.c(new e(bVar, certificate.getPublicKey()));
        } catch (OCSPException | OperatorCreationException unused) {
            return false;
        }
    }

    /* JADX WARN: Type inference failed for: r6v0, types: [w5.c, java.lang.Object] */
    public void isValidResponse(C1586a c1586a, X509Certificate x509Certificate) throws GeneralSecurityException, IOException {
        CRL crl;
        X509Certificate x509Certificate2 = isSignatureValid(c1586a, x509Certificate) ? x509Certificate : null;
        if (x509Certificate2 == null) {
            c1586a.a();
            C1435b[] a3 = c1586a.a();
            int length = a3.length;
            int i7 = 0;
            while (true) {
                if (i7 >= length) {
                    break;
                }
                C1435b c1435b = a3[i7];
                try {
                    ?? obj = new Object();
                    obj.f20890b = new k0.c(9);
                    X509Certificate c7 = obj.c(c1435b);
                    List<String> extendedKeyUsage = c7.getExtendedKeyUsage();
                    if (extendedKeyUsage != null && extendedKeyUsage.contains(id_kp_OCSPSigning) && isSignatureValid(c1586a, c7)) {
                        x509Certificate2 = c7;
                        break;
                    }
                } catch (CertificateParsingException | Exception unused) {
                }
                i7++;
            }
            if (x509Certificate2 == null) {
                throw new VerificationException(x509Certificate, "OCSP response could not be verified");
            }
        }
        x509Certificate2.verify(x509Certificate.getPublicKey());
        if (x509Certificate2.getExtensionValue(d.f18402c.f19335b) == null) {
            try {
                crl = CertificateUtil.getCRL(x509Certificate2);
            } catch (Exception unused2) {
                crl = null;
            }
            if (crl != null && (crl instanceof X509CRL)) {
                CRLVerifier cRLVerifier = new CRLVerifier(null, null);
                cRLVerifier.setRootStore(this.rootStore);
                cRLVerifier.setOnlineCheckingAllowed(this.onlineCheckingAllowed);
                cRLVerifier.verify((X509CRL) crl, x509Certificate2, x509Certificate, new Date());
                return;
            }
        }
        x509Certificate2.checkValidity();
    }

    @Override // com.itextpdf.text.pdf.security.RootStoreVerifier, com.itextpdf.text.pdf.security.CertificateVerifier
    public List<VerificationOK> verify(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        int i7;
        ArrayList arrayList = new ArrayList();
        List<C1586a> list = this.ocsps;
        boolean z7 = false;
        if (list != null) {
            Iterator<C1586a> it = list.iterator();
            i7 = 0;
            while (it.hasNext()) {
                if (verify(it.next(), x509Certificate, x509Certificate2, date)) {
                    i7++;
                }
            }
        } else {
            i7 = 0;
        }
        if (this.onlineCheckingAllowed && i7 == 0 && verify(getOcspResponse(x509Certificate, x509Certificate2), x509Certificate, x509Certificate2, date)) {
            i7++;
            z7 = true;
        }
        LOGGER.info("Valid OCSPs found: " + i7);
        if (i7 > 0) {
            Class<?> cls = getClass();
            StringBuilder sb = new StringBuilder("Valid OCSPs Found: ");
            sb.append(i7);
            sb.append(z7 ? " (online)" : "");
            arrayList.add(new VerificationOK(x509Certificate, cls, sb.toString()));
        }
        CertificateVerifier certificateVerifier = this.verifier;
        if (certificateVerifier != null) {
            arrayList.addAll(certificateVerifier.verify(x509Certificate, x509Certificate2, date));
        }
        return arrayList;
    }

    public boolean verify(C1586a c1586a, X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        Date t7;
        if (c1586a == null) {
            return false;
        }
        C1055a[] b7 = c1586a.b();
        for (int i7 = 0; i7 < b7.length; i7++) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            C1055a c1055a = b7[i7];
            c1055a.getClass();
            j5.b bVar = ((k) c1055a.f18704b).f18417b;
            new C1587b(bVar);
            if (serialNumber.equals(bVar.f18397f.s())) {
                if (x509Certificate2 == null) {
                    x509Certificate2 = x509Certificate;
                }
                try {
                    C1055a c1055a2 = b7[i7];
                    c1055a2.getClass();
                    C1587b c1587b = new C1587b(((k) c1055a2.f18704b).f18417b);
                    C1435b c1435b = new C1435b(x509Certificate2.getEncoded());
                    S5.c cVar = S5.c.f2173b;
                    j5.b bVar2 = c1587b.f21870a;
                    try {
                        C1247a c1247a = bVar2.f18394b;
                        B5.c a3 = cVar.a(c1247a);
                        I5.b bVar3 = new I5.b(1);
                        bVar3.f1384c = a3;
                        if (C1587b.a(new C1212e(4, c1247a, bVar3), c1435b, bVar2.f18397f).equals(bVar2)) {
                            C0178j c0178j = ((k) b7[i7].f18704b).f18420f;
                            if (c0178j == null) {
                                t7 = null;
                            } else {
                                C1435b[] c1435bArr = f.f21875a;
                                try {
                                    t7 = c0178j.t();
                                } catch (Exception e3) {
                                    throw new IllegalStateException("exception processing GeneralizedTime: " + e3.getMessage());
                                }
                            }
                            if (t7 == null) {
                                C0178j c0178j2 = ((k) b7[i7].f18704b).f18419d;
                                C1435b[] c1435bArr2 = f.f21875a;
                                try {
                                    t7 = new Date(c0178j2.t().getTime() + 180000);
                                    Logger logger = LOGGER;
                                    if (logger.isLogging(Level.INFO)) {
                                        logger.info(String.format("No 'next update' for OCSP Response; assuming %s", t7));
                                    }
                                } catch (Exception e7) {
                                    throw new IllegalStateException("exception processing GeneralizedTime: " + e7.getMessage());
                                }
                            }
                            if (date.after(t7)) {
                                Logger logger2 = LOGGER;
                                if (logger2.isLogging(Level.INFO)) {
                                    logger2.info(String.format("OCSP no longer valid: %s after %s", date, t7));
                                }
                            } else if (b7[i7].c() == null) {
                                isValidResponse(c1586a, x509Certificate2);
                                return true;
                            }
                        } else {
                            LOGGER.info("OCSP: Issuers doesn't match.");
                        }
                    } catch (OperatorCreationException e8) {
                        throw new OCSPException("unable to create digest calculator: " + e8.getMessage(), e8);
                        break;
                    }
                } catch (OCSPException unused) {
                    continue;
                }
            }
        }
        return false;
    }

    @Deprecated
    public boolean verifyResponse(C1586a c1586a, X509Certificate x509Certificate) {
        try {
            isValidResponse(c1586a, x509Certificate);
            return true;
        } catch (Exception unused) {
            return false;
        }
    }
}
