package d.c.c.g.m;

import com.itextpdf.text.pdf.security.VerificationException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;

/* compiled from: OCSPVerifier.java */
/* loaded from: classes.dex */
public class v extends D {

    /* renamed from: e, reason: collision with root package name */
    public static final d.c.c.f.c f5681e = d.c.c.f.d.a((Class<?>) v.class);

    /* renamed from: f, reason: collision with root package name */
    public List<BasicOCSPResp> f5682f;

    public v(C0227f c0227f, List<BasicOCSPResp> list) {
        super(c0227f);
        this.f5682f = list;
    }

    @Override // d.c.c.g.m.D, d.c.c.g.m.C0227f
    public List<K> a(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        int i2;
        ArrayList arrayList = new ArrayList();
        List<BasicOCSPResp> list = this.f5682f;
        boolean z = false;
        if (list != null) {
            Iterator<BasicOCSPResp> it = list.iterator();
            i2 = 0;
            while (it.hasNext()) {
                if (a(it.next(), x509Certificate, x509Certificate2, date)) {
                    i2++;
                }
            }
        } else {
            i2 = 0;
        }
        if (this.f5658b && i2 == 0 && a(a(x509Certificate, x509Certificate2), x509Certificate, x509Certificate2, date)) {
            i2++;
            z = true;
        }
        f5681e.d("Valid OCSPs found: " + i2);
        if (i2 > 0) {
            StringBuilder sb = new StringBuilder();
            sb.append("Valid OCSPs Found: ");
            sb.append(i2);
            sb.append(z ? " (online)" : "");
            arrayList.add(new K(x509Certificate, v.class, sb.toString()));
        }
        C0227f c0227f = this.f5657a;
        if (c0227f != null) {
            arrayList.addAll(c0227f.a(x509Certificate, x509Certificate2, date));
        }
        return arrayList;
    }

    public BasicOCSPResp a(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        BasicOCSPResp b2;
        if ((x509Certificate == null && x509Certificate2 == null) || (b2 = new x().b(x509Certificate, x509Certificate2, null)) == null) {
            return null;
        }
        for (SingleResp singleResp : b2.getResponses()) {
            if (singleResp.getCertStatus() == CertificateStatus.GOOD) {
                return b2;
            }
        }
        return null;
    }

    public void a(BasicOCSPResp basicOCSPResp, X509Certificate x509Certificate) throws GeneralSecurityException, IOException {
        X509CertificateHolder[] certs = basicOCSPResp.getCerts();
        if (certs.length > 0) {
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certs[0]);
            try {
                certificate.verify(x509Certificate.getPublicKey());
            } catch (GeneralSecurityException unused) {
                if (super.a(certificate, x509Certificate, null).size() == 0) {
                    throw new VerificationException(certificate, "Responder certificate couldn't be verified");
                }
            }
            x509Certificate = certificate;
        }
        if (!b(basicOCSPResp, x509Certificate)) {
            throw new VerificationException(x509Certificate, "OCSP response could not be verified");
        }
    }

    public boolean a(BasicOCSPResp basicOCSPResp, Certificate certificate) {
        try {
            return basicOCSPResp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate.getPublicKey()));
        } catch (OperatorCreationException | OCSPException unused) {
            return false;
        }
    }

    public boolean a(BasicOCSPResp basicOCSPResp, X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        if (basicOCSPResp == null) {
            return false;
        }
        SingleResp[] responses = basicOCSPResp.getResponses();
        X509Certificate x509Certificate3 = x509Certificate2;
        for (int i2 = 0; i2 < responses.length; i2++) {
            if (x509Certificate.getSerialNumber().equals(responses[i2].getCertID().getSerialNumber())) {
                if (x509Certificate3 == null) {
                    x509Certificate3 = x509Certificate;
                }
                try {
                    if (responses[i2].getCertID().matchesIssuer(new X509CertificateHolder(x509Certificate3.getEncoded()), new BcDigestCalculatorProvider())) {
                        Date nextUpdate = responses[i2].getNextUpdate();
                        if (nextUpdate == null) {
                            nextUpdate = new Date(responses[i2].getThisUpdate().getTime() + 180000);
                            f5681e.d(String.format("No 'next update' for OCSP Response; assuming %s", nextUpdate));
                        }
                        if (date.after(nextUpdate)) {
                            f5681e.d(String.format("OCSP no longer valid: %s after %s", date, nextUpdate));
                        } else if (responses[i2].getCertStatus() == CertificateStatus.GOOD) {
                            a(basicOCSPResp, x509Certificate3);
                            return true;
                        }
                    } else {
                        f5681e.d("OCSP: Issuers doesn't match.");
                    }
                } catch (OCSPException unused) {
                    continue;
                }
            }
        }
        return false;
    }

    public boolean b(BasicOCSPResp basicOCSPResp, X509Certificate x509Certificate) {
        if (a(basicOCSPResp, (Certificate) x509Certificate)) {
            return true;
        }
        KeyStore keyStore = this.f5594d;
        if (keyStore == null) {
            return false;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                try {
                    if (this.f5594d.isCertificateEntry(aliases.nextElement()) && a(basicOCSPResp, this.f5594d.getCertificate(r2))) {
                        return true;
                    }
                } catch (GeneralSecurityException unused) {
                }
            }
        } catch (GeneralSecurityException unused2) {
        }
        return false;
    }
}
