package com.itextpdf.text.pdf.security;

import com.itextpdf.text.log.Level;
import com.itextpdf.text.log.Logger;
import com.itextpdf.text.log.LoggerFactory;
import f.a.b.c;
import f.a.b.e.a;
import f.a.b.e.d;
import f.a.b.e.h;
import f.a.b.e.j;
import f.a.g.p.t;
import f.a.g.q.b;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public class OCSPVerifier extends RootStoreVerifier {
    public static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OCSPVerifier.class);
    public static final String id_kp_OCSPSigning = "1.3.6.1.5.5.7.3.9";
    public List<a> ocsps;

    public OCSPVerifier(CertificateVerifier certificateVerifier, List<a> list) {
        super(certificateVerifier);
        this.ocsps = list;
    }

    public a getOcspResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        a basicOCSPResp;
        if ((x509Certificate == null && x509Certificate2 == null) || (basicOCSPResp = new OcspClientBouncyCastle().getBasicOCSPResp(x509Certificate, x509Certificate2, null)) == null) {
            return null;
        }
        for (j jVar : basicOCSPResp.b()) {
            if (jVar.b() == null) {
                return basicOCSPResp;
            }
        }
        return null;
    }

    public boolean isSignatureValid(a aVar, Certificate certificate) {
        try {
            f.a.g.q.a aVar2 = new f.a.g.q.a();
            aVar2.e("BC");
            return aVar.c(new b(aVar2, certificate.getPublicKey()));
        } catch (d | f.a.g.j unused) {
            return false;
        }
    }

    public void isValidResponse(a aVar, X509Certificate x509Certificate) {
        CRL crl;
        X509Certificate x509Certificate2 = isSignatureValid(aVar, x509Certificate) ? x509Certificate : null;
        if (x509Certificate2 == null) {
            aVar.a();
            c[] a2 = aVar.a();
            int length = a2.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                try {
                    X509Certificate a3 = new f.a.b.d.b().a(a2[i]);
                    List<String> extendedKeyUsage = a3.getExtendedKeyUsage();
                    if (extendedKeyUsage != null && extendedKeyUsage.contains(id_kp_OCSPSigning) && isSignatureValid(aVar, a3)) {
                        x509Certificate2 = a3;
                        break;
                    }
                } catch (CertificateParsingException | Exception unused) {
                }
                i++;
            }
            if (x509Certificate2 == null) {
                throw new VerificationException(x509Certificate, "OCSP response could not be verified");
            }
        }
        x509Certificate2.verify(x509Certificate.getPublicKey());
        if (x509Certificate2.getExtensionValue(f.a.a.u2.d.f4013d.x) == null) {
            try {
                crl = CertificateUtil.getCRL(x509Certificate2);
            } catch (Exception unused2) {
                crl = null;
            }
            if (crl != null && (crl instanceof X509CRL)) {
                CRLVerifier cRLVerifier = new CRLVerifier(null, null);
                cRLVerifier.setRootStore(this.rootStore);
                cRLVerifier.setOnlineCheckingAllowed(this.onlineCheckingAllowed);
                cRLVerifier.verify((X509CRL) crl, x509Certificate2, x509Certificate, new Date());
                return;
            }
        }
        x509Certificate2.checkValidity();
    }

    @Override // com.itextpdf.text.pdf.security.RootStoreVerifier, com.itextpdf.text.pdf.security.CertificateVerifier
    public List<VerificationOK> verify(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) {
        int i;
        ArrayList arrayList = new ArrayList();
        List<a> list = this.ocsps;
        boolean z = false;
        if (list != null) {
            Iterator<a> it = list.iterator();
            i = 0;
            while (it.hasNext()) {
                if (verify(it.next(), x509Certificate, x509Certificate2, date)) {
                    i++;
                }
            }
        } else {
            i = 0;
        }
        if (this.onlineCheckingAllowed && i == 0 && verify(getOcspResponse(x509Certificate, x509Certificate2), x509Certificate, x509Certificate2, date)) {
            i++;
            z = true;
        }
        LOGGER.info("Valid OCSPs found: " + i);
        if (i > 0) {
            Class<?> cls = getClass();
            StringBuilder sb = new StringBuilder();
            sb.append("Valid OCSPs Found: ");
            sb.append(i);
            sb.append(z ? " (online)" : "");
            arrayList.add(new VerificationOK(x509Certificate, cls, sb.toString()));
        }
        CertificateVerifier certificateVerifier = this.verifier;
        if (certificateVerifier != null) {
            arrayList.addAll(certificateVerifier.verify(x509Certificate, x509Certificate2, date));
        }
        return arrayList;
    }

    public boolean verify(a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) {
        if (aVar == null) {
            return false;
        }
        j[] b2 = aVar.b();
        for (int i = 0; i < b2.length; i++) {
            if (x509Certificate.getSerialNumber().equals(b2[i].a().f4053b.H0.s())) {
                if (x509Certificate2 == null) {
                    x509Certificate2 = x509Certificate;
                }
                try {
                    if (b2[i].a().b(new c(x509Certificate2.getEncoded()), new t())) {
                        f.a.a.j jVar = b2[i].f4061a.H0;
                        Date a2 = jVar == null ? null : h.a(jVar);
                        if (a2 == null) {
                            a2 = new Date(h.a(b2[i].f4061a.y).getTime() + 180000);
                            Logger logger = LOGGER;
                            if (logger.isLogging(Level.INFO)) {
                                logger.info(String.format("No 'next update' for OCSP Response; assuming %s", a2));
                            }
                        }
                        if (date.after(a2)) {
                            Logger logger2 = LOGGER;
                            if (logger2.isLogging(Level.INFO)) {
                                logger2.info(String.format("OCSP no longer valid: %s after %s", date, a2));
                            }
                        } else if (b2[i].b() == null) {
                            isValidResponse(aVar, x509Certificate2);
                            return true;
                        }
                    } else {
                        LOGGER.info("OCSP: Issuers doesn't match.");
                    }
                } catch (d unused) {
                    continue;
                }
            }
        }
        return false;
    }

    @Deprecated
    public boolean verifyResponse(a aVar, X509Certificate x509Certificate) {
        try {
            isValidResponse(aVar, x509Certificate);
            return true;
        } catch (Exception unused) {
            return false;
        }
    }
}
