package com.itextpdf.signatures;

import com.itextpdf.io.LogMessageConstant;
import com.itextpdf.io.util.StreamUtil;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.bouncycastle.cert.ocsp.d;
import org.bouncycastle.cert.ocsp.e;
import org.bouncycastle.cert.ocsp.g;
import org.bouncycastle.cert.ocsp.i;
import org.bouncycastle.jce.provider.a;
import org.bouncycastle.operator.k;
import org.slf4j.b;
import org.slf4j.c;

/* loaded from: classes3.dex */
public class OcspClientBouncyCastle implements IOcspClient {
    private static final b LOGGER = c.e(OcspClientBouncyCastle.class);
    private final OCSPVerifier verifier;

    public OcspClientBouncyCastle(OCSPVerifier oCSPVerifier) {
        this.verifier = oCSPVerifier;
    }

    private static e generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) throws d, IOException, k, CertificateEncodingException {
        Security.addProvider(new a());
        return SignUtils.generateOcspRequestWithNonce(SignUtils.generateCertificateId(x509Certificate, bigInteger, org.bouncycastle.cert.ocsp.b.b));
    }

    private g getOcspResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) throws GeneralSecurityException, d, IOException, k {
        if (x509Certificate == null || x509Certificate2 == null) {
            return null;
        }
        if (str == null) {
            str = CertificateUtil.getOCSPURL(x509Certificate);
        }
        if (str == null) {
            return null;
        }
        LOGGER.info("Getting OCSP from " + str);
        return new g(StreamUtil.inputStreamToArray(SignUtils.getHttpResponseForOcspRequest(generateOCSPRequest(x509Certificate2, x509Certificate.getSerialNumber()).a.g(), new URL(str))));
    }

    public org.bouncycastle.cert.ocsp.a getBasicOCSPResp(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        try {
            g ocspResponse = getOcspResponse(x509Certificate, x509Certificate2, str);
            if (ocspResponse == null || ocspResponse.a.a.a.z().intValue() != 0) {
                return null;
            }
            org.bouncycastle.cert.ocsp.a aVar = (org.bouncycastle.cert.ocsp.a) ocspResponse.a();
            OCSPVerifier oCSPVerifier = this.verifier;
            if (oCSPVerifier != null) {
                oCSPVerifier.isValidResponse(aVar, x509Certificate2);
            }
            return aVar;
        } catch (Exception e) {
            LOGGER.error(e.getMessage());
            return null;
        }
    }

    @Override // com.itextpdf.signatures.IOcspClient
    public byte[] getEncoded(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        try {
            org.bouncycastle.cert.ocsp.a basicOCSPResp = getBasicOCSPResp(x509Certificate, x509Certificate2, str);
            if (basicOCSPResp == null) {
                return null;
            }
            retrofit2.adapter.rxjava2.d[] b = basicOCSPResp.b();
            if (b.length != 1) {
                return null;
            }
            org.bouncycastle.cert.ocsp.c h = b[0].h();
            if (h == null) {
                return basicOCSPResp.a.g();
            }
            if (h instanceof i) {
                throw new IOException(LogMessageConstant.OCSP_STATUS_IS_REVOKED);
            }
            throw new IOException(LogMessageConstant.OCSP_STATUS_IS_UNKNOWN);
        } catch (Exception e) {
            LOGGER.error(e.getMessage());
            return null;
        }
    }
}
