package z1;

import com.itextpdf.text.log.Level;
import com.itextpdf.text.pdf.PRStream;
import com.itextpdf.text.pdf.PdfArray;
import com.itextpdf.text.pdf.PdfDictionary;
import com.itextpdf.text.pdf.PdfName;
import com.itextpdf.text.pdf.security.LtvVerification;
import com.itextpdf.text.pdf.security.VerificationException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;

/* loaded from: classes8.dex */
public class kj1 extends rj1 {
    public static final m71 n = n71.b(kj1.class);
    public LtvVerification.CertificateOption e;
    public boolean f;
    public ob1 g;
    public s71 h;
    public Date i;
    public String j;
    public oj1 k;
    public boolean l;
    public PdfDictionary m;

    public kj1(ob1 ob1Var) throws GeneralSecurityException {
        super(null);
        this.e = LtvVerification.CertificateOption.SIGNING_CERTIFICATE;
        this.f = true;
        this.l = true;
        this.g = ob1Var;
        s71 H = ob1Var.H();
        this.h = H;
        ArrayList<String> E = H.E();
        this.j = E.get(E.size() - 1);
        this.i = new Date();
        this.k = d();
        if (n.a(Level.INFO)) {
            m71 m71Var = n;
            Object[] objArr = new Object[2];
            objArr[0] = this.k.F() ? "document-level timestamp " : "";
            objArr[1] = this.j;
            m71Var.info(String.format("Checking %ssignature %s", objArr));
        }
    }

    @Override // z1.rj1, z1.xi1
    public List<zj1> b(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        rj1 rj1Var = new rj1(this.a);
        rj1Var.c(this.c);
        ti1 ti1Var = new ti1(rj1Var, e());
        ti1Var.c(this.c);
        ti1Var.a(this.l || this.b);
        lj1 lj1Var = new lj1(ti1Var, f());
        lj1Var.c(this.c);
        lj1Var.a(this.l || this.b);
        return lj1Var.b(x509Certificate, x509Certificate2, date);
    }

    public oj1 d() throws GeneralSecurityException {
        oj1 o0 = this.h.o0(this.j);
        if (!this.h.l0(this.j)) {
            throw new VerificationException(null, "Signature doesn't cover whole document.");
        }
        n.info("The timestamp covers whole document.");
        if (!o0.P()) {
            throw new VerificationException(null, "The document was altered after the final signature was applied.");
        }
        n.info("The signed document has not been modified.");
        return o0;
    }

    public List<X509CRL> e() throws GeneralSecurityException, IOException {
        PdfArray asArray;
        ArrayList arrayList = new ArrayList();
        PdfDictionary pdfDictionary = this.m;
        if (pdfDictionary == null || (asArray = pdfDictionary.getAsArray(PdfName.CRLS)) == null) {
            return arrayList;
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (int i = 0; i < asArray.size(); i++) {
            arrayList.add((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(ob1.J0((PRStream) asArray.getAsStream(i)))));
        }
        return arrayList;
    }

    public List<BasicOCSPResp> f() throws IOException, GeneralSecurityException {
        PdfArray asArray;
        ArrayList arrayList = new ArrayList();
        PdfDictionary pdfDictionary = this.m;
        if (pdfDictionary == null || (asArray = pdfDictionary.getAsArray(PdfName.OCSPS)) == null) {
            return arrayList;
        }
        for (int i = 0; i < asArray.size(); i++) {
            OCSPResp oCSPResp = new OCSPResp(ob1.J0((PRStream) asArray.getAsStream(i)));
            if (oCSPResp.getStatus() == 0) {
                try {
                    arrayList.add((BasicOCSPResp) oCSPResp.getResponseObject());
                } catch (OCSPException e) {
                    throw new GeneralSecurityException((Throwable) e);
                }
            }
        }
        return arrayList;
    }

    public void g(LtvVerification.CertificateOption certificateOption) {
        this.e = certificateOption;
    }

    public void h(xi1 xi1Var) {
        this.a = xi1Var;
    }

    public void i(boolean z) {
        this.f = z;
    }

    public void j() throws IOException, GeneralSecurityException {
        n.info("Switching to previous revision.");
        this.l = false;
        this.m = this.g.K().getAsDict(PdfName.DSS);
        Calendar z = this.k.z();
        if (z == null) {
            z = this.k.v();
        }
        this.i = z.getTime();
        ArrayList<String> E = this.h.E();
        if (E.size() <= 1) {
            n.info("No signatures in revision");
            this.k = null;
            return;
        }
        this.j = E.get(E.size() - 2);
        ob1 ob1Var = new ob1(this.h.h(this.j));
        this.g = ob1Var;
        s71 H = ob1Var.H();
        this.h = H;
        ArrayList<String> E2 = H.E();
        this.j = E2.get(E2.size() - 1);
        this.k = d();
        if (n.a(Level.INFO)) {
            m71 m71Var = n;
            Object[] objArr = new Object[2];
            objArr[0] = this.k.F() ? "document-level timestamp " : "";
            objArr[1] = this.j;
            m71Var.info(String.format("Checking %ssignature %s", objArr));
        }
    }

    public List<zj1> k(List<zj1> list) throws IOException, GeneralSecurityException {
        if (list == null) {
            list = new ArrayList<>();
        }
        while (this.k != null) {
            list.addAll(m());
        }
        return list;
    }

    public void l(Certificate[] certificateArr) throws GeneralSecurityException {
        for (int i = 0; i < certificateArr.length; i++) {
            ((X509Certificate) certificateArr[i]).checkValidity(this.i);
            if (i > 0) {
                certificateArr[i - 1].verify(certificateArr[i].getPublicKey());
            }
        }
        n.info("All certificates are valid on " + this.i.toString());
    }

    public List<zj1> m() throws GeneralSecurityException, IOException {
        n.info("Verifying signature.");
        ArrayList arrayList = new ArrayList();
        Certificate[] u = this.k.u();
        l(u);
        int length = LtvVerification.CertificateOption.WHOLE_CHAIN.equals(this.e) ? u.length : 1;
        int i = 0;
        while (i < length) {
            int i2 = i + 1;
            X509Certificate x509Certificate = (X509Certificate) u[i];
            X509Certificate x509Certificate2 = i2 < u.length ? (X509Certificate) u[i2] : null;
            n.info(x509Certificate.getSubjectDN().getName());
            List<zj1> b = b(x509Certificate, x509Certificate2, this.i);
            if (b.size() == 0) {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    if (this.l && u.length > 1) {
                        b.add(new zj1(x509Certificate, getClass(), "Root certificate in final revision"));
                    }
                    if (b.size() == 0 && this.f) {
                        throw new GeneralSecurityException();
                    }
                    if (u.length > 1) {
                        b.add(new zj1(x509Certificate, getClass(), "Root certificate passed without checking"));
                    }
                } catch (GeneralSecurityException unused) {
                    throw new VerificationException(x509Certificate, "Couldn't verify with CRL or OCSP or trusted anchor");
                }
            }
            arrayList.addAll(b);
            i = i2;
        }
        j();
        return arrayList;
    }
}
