package com.itextpdf.text.pdf.security;

import com.itextpdf.text.pdf.bd;
import com.itextpdf.text.pdf.bl;
import com.itextpdf.text.pdf.cg;
import com.itextpdf.text.pdf.df;
import com.itextpdf.text.pdf.ek;
import com.itextpdf.text.pdf.security.s;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;

/* compiled from: LtvVerifier.java */
/* loaded from: classes2.dex */
public class t extends ae {

    /* renamed from: a, reason: collision with root package name */
    protected static final com.itextpdf.text.e.d f11041a = com.itextpdf.text.e.e.a((Class<?>) t.class);

    /* renamed from: b, reason: collision with root package name */
    protected s.b f11042b;
    protected boolean e;
    protected ek f;
    protected com.itextpdf.text.pdf.a g;
    protected Date h;
    protected String i;
    protected z j;
    protected boolean k;
    protected cg l;

    public t(ek ekVar) throws GeneralSecurityException {
        super(null);
        this.f11042b = s.b.SIGNING_CERTIFICATE;
        this.e = true;
        this.k = true;
        this.f = ekVar;
        this.g = ekVar.X();
        this.i = this.g.d().get(r0.size() - 1);
        this.h = new Date();
        this.j = a();
        com.itextpdf.text.e.d dVar = f11041a;
        Object[] objArr = new Object[2];
        objArr[0] = this.j.u() ? "document-level timestamp " : "";
        objArr[1] = this.i;
        dVar.e(String.format("Checking %ssignature %s", objArr));
    }

    protected z a() throws GeneralSecurityException {
        z r = this.g.r(this.i);
        if (!this.g.q(this.i)) {
            throw new VerificationException(null, "Signature doesn't cover whole document.");
        }
        f11041a.e("The timestamp covers whole document.");
        if (!r.m()) {
            throw new VerificationException(null, "The document was altered after the final signature was applied.");
        }
        f11041a.e("The signed document has not been modified.");
        return r;
    }

    @Override // com.itextpdf.text.pdf.security.ae, com.itextpdf.text.pdf.security.f
    public List<al> a(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        ae aeVar = new ae(this.f11013c);
        aeVar.a(this.n);
        b bVar = new b(aeVar, d());
        bVar.a(this.n);
        bVar.a(this.k || this.f11014d);
        w wVar = new w(bVar, e());
        wVar.a(this.n);
        wVar.a(this.k || this.f11014d);
        return wVar.a(x509Certificate, x509Certificate2, date);
    }

    public List<al> a(List<al> list) throws IOException, GeneralSecurityException {
        if (list == null) {
            list = new ArrayList<>();
        }
        while (this.j != null) {
            list.addAll(b());
        }
        return list;
    }

    public void a(f fVar) {
        this.f11013c = fVar;
    }

    public void a(s.b bVar) {
        this.f11042b = bVar;
    }

    public void a(Certificate[] certificateArr) throws GeneralSecurityException {
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= certificateArr.length) {
                f11041a.e("All certificates are valid on " + this.h.toString());
                return;
            }
            ((X509Certificate) certificateArr[i2]).checkValidity(this.h);
            if (i2 > 0) {
                certificateArr[i2 - 1].verify(certificateArr[i2].getPublicKey());
            }
            i = i2 + 1;
        }
    }

    public List<al> b() throws GeneralSecurityException, IOException {
        f11041a.e("Verifying signature.");
        ArrayList arrayList = new ArrayList();
        Certificate[] p = this.j.p();
        a(p);
        int length = s.b.WHOLE_CHAIN.equals(this.f11042b) ? p.length : 1;
        int i = 0;
        while (i < length) {
            int i2 = i + 1;
            X509Certificate x509Certificate = (X509Certificate) p[i];
            X509Certificate x509Certificate2 = i2 < p.length ? (X509Certificate) p[i2] : null;
            f11041a.e(x509Certificate.getSubjectDN().getName());
            List<al> a2 = a(x509Certificate, x509Certificate2, this.h);
            if (a2.size() == 0) {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    if (this.k && p.length > 1) {
                        a2.add(new al(x509Certificate, getClass(), "Root certificate in final revision"));
                    }
                    if (a2.size() == 0 && this.e) {
                        throw new GeneralSecurityException();
                    }
                    if (p.length > 1) {
                        a2.add(new al(x509Certificate, getClass(), "Root certificate passed without checking"));
                    }
                } catch (GeneralSecurityException e) {
                    throw new VerificationException(x509Certificate, "Couldn't verify with CRL or OCSP or trusted anchor");
                }
            }
            arrayList.addAll(a2);
            i = i2;
        }
        c();
        return arrayList;
    }

    public void b(boolean z) {
        this.e = z;
    }

    public void c() throws IOException, GeneralSecurityException {
        f11041a.e("Switching to previous revision.");
        this.k = false;
        this.l = this.f.h().i(df.cM);
        Calendar w = this.j.w();
        if (w == null) {
            w = this.j.d();
        }
        this.h = w.getTime();
        ArrayList<String> d2 = this.g.d();
        if (d2.size() <= 1) {
            f11041a.e("No signatures in revision");
            this.j = null;
            return;
        }
        this.i = d2.get(d2.size() - 2);
        this.f = new ek(this.g.t(this.i));
        this.g = this.f.X();
        this.i = this.g.d().get(r0.size() - 1);
        this.j = a();
        com.itextpdf.text.e.d dVar = f11041a;
        Object[] objArr = new Object[2];
        objArr[0] = this.j.u() ? "document-level timestamp " : "";
        objArr[1] = this.i;
        dVar.e(String.format("Checking %ssignature %s", objArr));
    }

    public List<X509CRL> d() throws GeneralSecurityException, IOException {
        bl j;
        ArrayList arrayList = new ArrayList();
        if (this.l != null && (j = this.l.j(df.bP)) != null) {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            int i = 0;
            while (true) {
                int i2 = i;
                if (i2 >= j.b()) {
                    return arrayList;
                }
                arrayList.add((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(ek.a((bd) j.f(i2)))));
                i = i2 + 1;
            }
        }
        return arrayList;
    }

    public List<BasicOCSPResp> e() throws IOException, GeneralSecurityException {
        bl j;
        ArrayList arrayList = new ArrayList();
        if (this.l != null && (j = this.l.j(df.hL)) != null) {
            int i = 0;
            while (true) {
                int i2 = i;
                if (i2 >= j.b()) {
                    return arrayList;
                }
                OCSPResp oCSPResp = new OCSPResp(ek.a((bd) j.f(i2)));
                if (oCSPResp.getStatus() == 0) {
                    try {
                        arrayList.add((BasicOCSPResp) oCSPResp.getResponseObject());
                    } catch (OCSPException e) {
                        throw new GeneralSecurityException((Throwable) e);
                    }
                }
                i = i2 + 1;
            }
        }
        return arrayList;
    }
}
