package d.c.c.g.m;

import com.itextpdf.text.pdf.security.LtvVerification;
import com.itextpdf.text.pdf.security.VerificationException;
import d.c.c.g.C0158b;
import d.c.c.g.C0187ia;
import d.c.c.g.C0192jb;
import d.c.c.g.C0244pa;
import d.c.c.g.La;
import d.c.c.g.Pb;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;

/* compiled from: LtvVerifier.java */
/* loaded from: classes.dex */
public class t extends D {

    /* renamed from: e, reason: collision with root package name */
    public static final d.c.c.f.c f5672e = d.c.c.f.d.a((Class<?>) t.class);

    /* renamed from: f, reason: collision with root package name */
    public LtvVerification.CertificateOption f5673f;

    /* renamed from: g, reason: collision with root package name */
    public boolean f5674g;

    /* renamed from: h, reason: collision with root package name */
    public Pb f5675h;

    /* renamed from: i, reason: collision with root package name */
    public C0158b f5676i;

    /* renamed from: j, reason: collision with root package name */
    public Date f5677j;

    /* renamed from: k, reason: collision with root package name */
    public String f5678k;

    /* renamed from: l, reason: collision with root package name */
    public y f5679l;
    public boolean m;
    public La n;

    public t(Pb pb) throws GeneralSecurityException {
        super(null);
        this.f5673f = LtvVerification.CertificateOption.SIGNING_CERTIFICATE;
        this.f5674g = true;
        this.m = true;
        this.f5675h = pb;
        this.f5676i = pb.g();
        ArrayList<String> e2 = this.f5676i.e();
        this.f5678k = e2.get(e2.size() - 1);
        this.f5677j = new Date();
        this.f5679l = a();
        d.c.c.f.c cVar = f5672e;
        Object[] objArr = new Object[2];
        objArr[0] = this.f5679l.w() ? "document-level timestamp " : "";
        objArr[1] = this.f5678k;
        cVar.d(String.format("Checking %ssignature %s", objArr));
    }

    public y a() throws GeneralSecurityException {
        y v = this.f5676i.v(this.f5678k);
        if (!this.f5676i.t(this.f5678k)) {
            throw new VerificationException(null, "Signature doesn't cover whole document.");
        }
        f5672e.d("The timestamp covers whole document.");
        if (!v.x()) {
            throw new VerificationException(null, "The document was altered after the final signature was applied.");
        }
        f5672e.d("The signed document has not been modified.");
        return v;
    }

    @Override // d.c.c.g.m.D, d.c.c.g.m.C0227f
    public List<K> a(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        D d2 = new D(this.f5657a);
        d2.a(this.f5594d);
        C0223b c0223b = new C0223b(d2, b());
        c0223b.a(this.f5594d);
        c0223b.a(this.m || this.f5658b);
        v vVar = new v(c0223b, c());
        vVar.a(this.f5594d);
        vVar.a(this.m || this.f5658b);
        return vVar.a(x509Certificate, x509Certificate2, date);
    }

    public List<K> a(List<K> list) throws IOException, GeneralSecurityException {
        if (list == null) {
            list = new ArrayList<>();
        }
        while (this.f5679l != null) {
            list.addAll(e());
        }
        return list;
    }

    public void a(LtvVerification.CertificateOption certificateOption) {
        this.f5673f = certificateOption;
    }

    public void a(C0227f c0227f) {
        this.f5657a = c0227f;
    }

    public void a(Certificate[] certificateArr) throws GeneralSecurityException {
        for (int i2 = 0; i2 < certificateArr.length; i2++) {
            ((X509Certificate) certificateArr[i2]).checkValidity(this.f5677j);
            if (i2 > 0) {
                certificateArr[i2 - 1].verify(certificateArr[i2].getPublicKey());
            }
        }
        f5672e.d("All certificates are valid on " + this.f5677j.toString());
    }

    public List<X509CRL> b() throws GeneralSecurityException, IOException {
        C0244pa e2;
        ArrayList arrayList = new ArrayList();
        La la = this.n;
        if (la == null || (e2 = la.e(C0192jb.cc)) == null) {
            return arrayList;
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (int i2 = 0; i2 < e2.size(); i2++) {
            arrayList.add((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(Pb.a((C0187ia) e2.l(i2)))));
        }
        return arrayList;
    }

    public void b(boolean z) {
        this.f5674g = z;
    }

    public List<BasicOCSPResp> c() throws IOException, GeneralSecurityException {
        C0244pa e2;
        ArrayList arrayList = new ArrayList();
        La la = this.n;
        if (la == null || (e2 = la.e(C0192jb.Uh)) == null) {
            return arrayList;
        }
        for (int i2 = 0; i2 < e2.size(); i2++) {
            OCSPResp oCSPResp = new OCSPResp(Pb.a((C0187ia) e2.l(i2)));
            if (oCSPResp.getStatus() == 0) {
                try {
                    arrayList.add((BasicOCSPResp) oCSPResp.getResponseObject());
                } catch (OCSPException e3) {
                    throw new GeneralSecurityException((Throwable) e3);
                }
            }
        }
        return arrayList;
    }

    public void d() throws IOException, GeneralSecurityException {
        f5672e.d("Switching to previous revision.");
        this.m = false;
        this.n = this.f5675h.i().g(C0192jb.Zc);
        Calendar s = this.f5679l.s();
        if (s == null) {
            s = this.f5679l.o();
        }
        this.f5677j = s.getTime();
        ArrayList<String> e2 = this.f5676i.e();
        if (e2.size() <= 1) {
            f5672e.d("No signatures in revision");
            this.f5679l = null;
            return;
        }
        this.f5678k = e2.get(e2.size() - 2);
        this.f5675h = new Pb(this.f5676i.c(this.f5678k));
        this.f5676i = this.f5675h.g();
        ArrayList<String> e3 = this.f5676i.e();
        this.f5678k = e3.get(e3.size() - 1);
        this.f5679l = a();
        d.c.c.f.c cVar = f5672e;
        Object[] objArr = new Object[2];
        objArr[0] = this.f5679l.w() ? "document-level timestamp " : "";
        objArr[1] = this.f5678k;
        cVar.d(String.format("Checking %ssignature %s", objArr));
    }

    public List<K> e() throws GeneralSecurityException, IOException {
        f5672e.d("Verifying signature.");
        ArrayList arrayList = new ArrayList();
        Certificate[] n = this.f5679l.n();
        a(n);
        int length = LtvVerification.CertificateOption.WHOLE_CHAIN.equals(this.f5673f) ? n.length : 1;
        int i2 = 0;
        while (i2 < length) {
            int i3 = i2 + 1;
            X509Certificate x509Certificate = (X509Certificate) n[i2];
            X509Certificate x509Certificate2 = i3 < n.length ? (X509Certificate) n[i3] : null;
            f5672e.d(x509Certificate.getSubjectDN().getName());
            List<K> a2 = a(x509Certificate, x509Certificate2, this.f5677j);
            if (a2.size() == 0) {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    if (this.m && n.length > 1) {
                        a2.add(new K(x509Certificate, getClass(), "Root certificate in final revision"));
                    }
                    if (a2.size() == 0 && this.f5674g) {
                        throw new GeneralSecurityException();
                    }
                    if (n.length > 1) {
                        a2.add(new K(x509Certificate, getClass(), "Root certificate passed without checking"));
                    }
                } catch (GeneralSecurityException unused) {
                    throw new VerificationException(x509Certificate, "Couldn't verify with CRL or OCSP or trusted anchor");
                }
            }
            arrayList.addAll(a2);
            i2 = i3;
        }
        d();
        return arrayList;
    }
}
