package com.itextpdf.signatures;

import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.SingleResp;

/* loaded from: classes.dex */
public class n extends r {
    protected static final org.slf4j.b a = org.slf4j.c.a((Class<?>) n.class);
    protected List<BasicOCSPResp> b;

    public n(e eVar, List<BasicOCSPResp> list) {
        super(eVar);
        this.b = list;
    }

    @Override // com.itextpdf.signatures.r, com.itextpdf.signatures.e
    public List<v> a(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) {
        int i;
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        if (this.b != null) {
            Iterator<BasicOCSPResp> it = this.b.iterator();
            i = 0;
            while (it.hasNext()) {
                if (a(it.next(), x509Certificate, x509Certificate2, date)) {
                    i++;
                }
            }
        } else {
            i = 0;
        }
        if (this.d && i == 0 && a(a(x509Certificate, x509Certificate2), x509Certificate, x509Certificate2, date)) {
            i++;
            z = true;
        }
        a.info("Valid OCSPs found: " + i);
        if (i > 0) {
            Class<?> cls = getClass();
            StringBuilder sb = new StringBuilder();
            sb.append("Valid OCSPs Found: ");
            sb.append(i);
            sb.append(z ? " (online)" : "");
            arrayList.add(new v(x509Certificate, cls, sb.toString()));
        }
        if (this.c != null) {
            arrayList.addAll(this.c.a(x509Certificate, x509Certificate2, date));
        }
        return arrayList;
    }

    public BasicOCSPResp a(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        BasicOCSPResp b;
        if ((x509Certificate == null && x509Certificate2 == null) || (b = new o(null).b(x509Certificate, x509Certificate2, null)) == null) {
            return null;
        }
        for (SingleResp singleResp : b.getResponses()) {
            if (singleResp.getCertStatus() == CertificateStatus.GOOD) {
                return b;
            }
        }
        return null;
    }

    @Deprecated
    public void a(BasicOCSPResp basicOCSPResp, X509Certificate x509Certificate) {
        a(basicOCSPResp, x509Certificate, com.itextpdf.io.util.b.b());
    }

    public void a(BasicOCSPResp basicOCSPResp, X509Certificate x509Certificate, Date date) {
        CRL crl;
        X509Certificate x509Certificate2 = a(basicOCSPResp, (Certificate) x509Certificate) ? x509Certificate : null;
        if (x509Certificate2 == null) {
            if (basicOCSPResp.getCerts() == null) {
                if (this.e != null) {
                    try {
                        Iterator<X509Certificate> it = s.a(this.e).iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            X509Certificate next = it.next();
                            if (a(basicOCSPResp, (Certificate) next)) {
                                x509Certificate2 = next;
                                break;
                            }
                        }
                    } catch (Exception unused) {
                        x509Certificate2 = (X509Certificate) null;
                    }
                }
                if (x509Certificate2 == null) {
                    throw new VerificationException(x509Certificate, "OCSP response could not be verified: it does not contain certificate chain and response is not signed by issuer certificate or any from the root store.");
                }
                return;
            }
            Iterator<X509Certificate> it2 = s.a(basicOCSPResp).iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                X509Certificate next2 = it2.next();
                try {
                    List<String> extendedKeyUsage = next2.getExtendedKeyUsage();
                    if (extendedKeyUsage != null && extendedKeyUsage.contains("1.3.6.1.5.5.7.3.9") && a(basicOCSPResp, (Certificate) next2)) {
                        x509Certificate2 = next2;
                        break;
                    }
                } catch (CertificateParsingException unused2) {
                }
            }
            if (x509Certificate2 == null) {
                throw new VerificationException(x509Certificate, "OCSP response could not be verified");
            }
            x509Certificate2.verify(x509Certificate.getPublicKey());
            x509Certificate2.checkValidity(date);
            if (x509Certificate2.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId()) == null) {
                try {
                    crl = d.a(x509Certificate2);
                } catch (Exception unused3) {
                    crl = (CRL) null;
                }
                if (crl == null || !(crl instanceof X509CRL)) {
                    org.slf4j.c.a((Class<?>) n.class).error("Authorized OCSP responder certificate revocation status cannot be checked");
                    return;
                }
                b bVar = new b(null, null);
                bVar.a(this.e);
                bVar.a(this.d);
                if (!bVar.a((X509CRL) crl, x509Certificate2, x509Certificate, date)) {
                    throw new VerificationException(x509Certificate, "Authorized OCSP responder certificate was revoked.");
                }
            }
        }
    }

    public boolean a(BasicOCSPResp basicOCSPResp, Certificate certificate) {
        try {
            return s.a(basicOCSPResp, certificate, "BC");
        } catch (Exception unused) {
            return false;
        }
    }

    public boolean a(BasicOCSPResp basicOCSPResp, X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) {
        if (basicOCSPResp == null) {
            return false;
        }
        SingleResp[] responses = basicOCSPResp.getResponses();
        X509Certificate x509Certificate3 = x509Certificate2;
        for (int i = 0; i < responses.length; i++) {
            if (x509Certificate.getSerialNumber().equals(responses[i].getCertID().getSerialNumber())) {
                if (x509Certificate3 == null) {
                    x509Certificate3 = x509Certificate;
                }
                try {
                    if (s.a(responses[i].getCertID(), x509Certificate3)) {
                        if (responses[i].getNextUpdate() == null) {
                            Date a2 = s.a(responses[i].getThisUpdate());
                            a.info(com.itextpdf.io.util.j.a("No 'next update' for OCSP Response; assuming {0}", a2));
                            if (date.after(a2)) {
                                a.info(com.itextpdf.io.util.j.a("OCSP no longer valid: {0} after {1}", date, a2));
                            }
                        } else if (date.after(responses[i].getNextUpdate())) {
                            a.info(com.itextpdf.io.util.j.a("OCSP no longer valid: {0} after {1}", date, responses[i].getNextUpdate()));
                        }
                        if (responses[i].getCertStatus() == CertificateStatus.GOOD) {
                            a(basicOCSPResp, x509Certificate3, date);
                            return true;
                        }
                    } else {
                        a.info("OCSP: Issuers doesn't match.");
                    }
                } catch (OCSPException unused) {
                    continue;
                }
            }
        }
        return false;
    }
}
