package com.itextpdf.signatures;

import com.itextpdf.forms.PdfAcroForm;
import com.itextpdf.io.util.q;
import com.itextpdf.kernel.counter.event.IMetaInfo;
import com.itextpdf.kernel.pdf.DocumentProperties;
import com.itextpdf.kernel.pdf.PdfArray;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfDocument;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.pdf.PdfReader;
import com.itextpdf.signatures.LtvVerification;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import org.bouncycastle.cert.ocsp.OCSPException;
import t6.c0;
import t6.e;
import t6.e0;
import t6.f0;
import t6.s;
import t6.x;
import t6.z;
import td.g;

/* compiled from: LtvVerifier.java */
/* loaded from: classes2.dex */
public class b extends x {

    /* renamed from: p, reason: collision with root package name */
    public static final gj.a f21477p = gj.b.f(b.class);

    /* renamed from: d, reason: collision with root package name */
    public LtvVerification.CertificateOption f21478d;

    /* renamed from: e, reason: collision with root package name */
    public boolean f21479e;

    /* renamed from: f, reason: collision with root package name */
    public PdfDocument f21480f;

    /* renamed from: g, reason: collision with root package name */
    public PdfAcroForm f21481g;

    /* renamed from: h, reason: collision with root package name */
    public Date f21482h;

    /* renamed from: i, reason: collision with root package name */
    public String f21483i;

    /* renamed from: j, reason: collision with root package name */
    public c f21484j;

    /* renamed from: k, reason: collision with root package name */
    public boolean f21485k;

    /* renamed from: l, reason: collision with root package name */
    public PdfDictionary f21486l;

    /* renamed from: m, reason: collision with root package name */
    public String f21487m;

    /* renamed from: n, reason: collision with root package name */
    public IMetaInfo f21488n;

    /* renamed from: o, reason: collision with root package name */
    public c0 f21489o;

    public b(PdfDocument pdfDocument) throws GeneralSecurityException {
        super(null);
        this.f21478d = LtvVerification.CertificateOption.SIGNING_CERTIFICATE;
        this.f21479e = true;
        this.f21485k = true;
        this.f21487m = null;
        g(pdfDocument);
    }

    public b(PdfDocument pdfDocument, String str) throws GeneralSecurityException {
        super(null);
        this.f21478d = LtvVerification.CertificateOption.SIGNING_CERTIFICATE;
        this.f21479e = true;
        this.f21485k = true;
        this.f21487m = str;
        g(pdfDocument);
    }

    @Override // t6.x, t6.e
    public List<f0> b(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        x xVar = new x(this.f40372a);
        xVar.c(this.f40421c);
        t6.b bVar = new t6.b(xVar, e());
        bVar.c(this.f40421c);
        bVar.a(this.f21485k || this.f40373b);
        s sVar = new s(bVar, f());
        sVar.c(this.f40421c);
        sVar.a(this.f21485k || this.f40373b);
        return sVar.b(x509Certificate, x509Certificate2, date);
    }

    public c d() throws GeneralSecurityException {
        c m10 = this.f21489o.m(this.f21483i, this.f21487m);
        if (!this.f21489o.n(this.f21483i)) {
            throw new VerificationException(null, "Signature doesn't cover whole document.");
        }
        gj.a aVar = f21477p;
        aVar.info("The timestamp covers whole document.");
        if (!m10.S()) {
            throw new VerificationException(null, "The document was altered after the final signature was applied.");
        }
        aVar.info("The signed document has not been modified.");
        return m10;
    }

    public List<X509CRL> e() throws GeneralSecurityException, IOException {
        PdfArray asArray;
        ArrayList arrayList = new ArrayList();
        PdfDictionary pdfDictionary = this.f21486l;
        if (pdfDictionary == null || (asArray = pdfDictionary.getAsArray(PdfName.CRLs)) == null) {
            return arrayList;
        }
        for (int i10 = 0; i10 < asArray.size(); i10++) {
            arrayList.add((X509CRL) z.y(new ByteArrayInputStream(asArray.getAsStream(i10).getBytes())));
        }
        return arrayList;
    }

    public List<td.a> f() throws IOException, GeneralSecurityException {
        PdfArray asArray;
        ArrayList arrayList = new ArrayList();
        PdfDictionary pdfDictionary = this.f21486l;
        if (pdfDictionary == null || (asArray = pdfDictionary.getAsArray(PdfName.OCSPs)) == null) {
            return arrayList;
        }
        for (int i10 = 0; i10 < asArray.size(); i10++) {
            g gVar = new g(asArray.getAsStream(i10).getBytes());
            if (gVar.c() == 0) {
                try {
                    arrayList.add((td.a) gVar.b());
                } catch (OCSPException e10) {
                    throw new GeneralSecurityException(e10.toString());
                }
            }
        }
        return arrayList;
    }

    public void g(PdfDocument pdfDocument) throws GeneralSecurityException {
        this.f21480f = pdfDocument;
        this.f21481g = PdfAcroForm.getAcroForm(pdfDocument, true);
        c0 c0Var = new c0(pdfDocument);
        this.f21489o = c0Var;
        List<String> h10 = c0Var.h();
        this.f21483i = h10.get(h10.size() - 1);
        this.f21482h = com.itextpdf.io.util.c.d();
        c d10 = d();
        this.f21484j = d10;
        gj.a aVar = f21477p;
        Object[] objArr = new Object[2];
        objArr[0] = d10.H() ? "document-level timestamp " : "";
        objArr[1] = this.f21483i;
        aVar.info(q.a("Checking {0}signature {1}", objArr));
    }

    public void h(LtvVerification.CertificateOption certificateOption) {
        this.f21478d = certificateOption;
    }

    public void i(IMetaInfo iMetaInfo) {
        this.f21488n = iMetaInfo;
    }

    public void j(e eVar) {
        this.f40372a = eVar;
    }

    public void k(boolean z10) {
        this.f21479e = z10;
    }

    public void l() throws IOException, GeneralSecurityException {
        gj.a aVar = f21477p;
        aVar.info("Switching to previous revision.");
        this.f21485k = false;
        this.f21486l = this.f21480f.getCatalog().getPdfObject().getAsDictionary(PdfName.DSS);
        Calendar B = this.f21484j.B();
        if (B == e0.f40374a) {
            B = this.f21484j.x();
        }
        this.f21482h = B.getTime();
        List<String> h10 = this.f21489o.h();
        if (h10.size() <= 1) {
            aVar.info("No signatures in revision");
            this.f21484j = null;
            return;
        }
        this.f21483i = h10.get(h10.size() - 2);
        PdfDocument pdfDocument = new PdfDocument(new PdfReader(this.f21489o.c(this.f21483i)), new DocumentProperties().setEventCountingMetaInfo(this.f21488n));
        this.f21480f = pdfDocument;
        this.f21481g = PdfAcroForm.getAcroForm(pdfDocument, true);
        c0 c0Var = new c0(this.f21480f);
        this.f21489o = c0Var;
        List<String> h11 = c0Var.h();
        this.f21483i = h11.get(h11.size() - 1);
        c d10 = d();
        this.f21484j = d10;
        Object[] objArr = new Object[2];
        objArr[0] = d10.H() ? "document-level timestamp " : "";
        objArr[1] = this.f21483i;
        aVar.info(q.a("Checking {0}signature {1}", objArr));
    }

    public List<f0> m(List<f0> list) throws IOException, GeneralSecurityException {
        if (list == null) {
            list = new ArrayList<>();
        }
        while (this.f21484j != null) {
            list.addAll(o());
        }
        return list;
    }

    public void n(Certificate[] certificateArr) throws GeneralSecurityException {
        for (int i10 = 0; i10 < certificateArr.length; i10++) {
            ((X509Certificate) certificateArr[i10]).checkValidity(this.f21482h);
            if (i10 > 0) {
                certificateArr[i10 - 1].verify(certificateArr[i10].getPublicKey());
            }
        }
        f21477p.info("All certificates are valid on " + this.f21482h.toString());
    }

    public List<f0> o() throws GeneralSecurityException, IOException {
        f21477p.info("Verifying signature.");
        ArrayList arrayList = new ArrayList();
        Certificate[] w10 = this.f21484j.w();
        n(w10);
        int length = LtvVerification.CertificateOption.WHOLE_CHAIN.equals(this.f21478d) ? w10.length : 1;
        int i10 = 0;
        while (i10 < length) {
            int i11 = i10 + 1;
            X509Certificate x509Certificate = (X509Certificate) w10[i10];
            X509Certificate x509Certificate2 = i11 < w10.length ? (X509Certificate) w10[i11] : null;
            f21477p.info(x509Certificate.getSubjectDN().getName());
            List<f0> b10 = b(x509Certificate, x509Certificate2, this.f21482h);
            if (b10.size() == 0) {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    if (this.f21485k && w10.length > 1) {
                        b10.add(new f0(x509Certificate, getClass(), "Root certificate in final revision"));
                    }
                    if (b10.size() == 0 && this.f21479e) {
                        throw new GeneralSecurityException();
                    }
                    if (w10.length > 1) {
                        b10.add(new f0(x509Certificate, getClass(), "Root certificate passed without checking"));
                    }
                } catch (GeneralSecurityException unused) {
                    throw new VerificationException(x509Certificate, "Couldn't verify with CRL or OCSP or trusted anchor");
                }
            }
            arrayList.addAll(b10);
            i10 = i11;
        }
        l();
        return arrayList;
    }
}
