package com.itextpdf.signatures;

import com.itextpdf.forms.PdfAcroForm;
import com.itextpdf.kernel.counter.event.IMetaInfo;
import com.itextpdf.kernel.pdf.DocumentProperties;
import com.itextpdf.kernel.pdf.PdfArray;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfDocument;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.pdf.PdfReader;
import com.itextpdf.signatures.LtvVerification;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;

/* loaded from: classes2.dex */
public class t extends a0 {
    protected static final org.slf4j.c p = org.slf4j.d.a((Class<?>) t.class);
    protected LtvVerification.CertificateOption d;
    protected boolean e;
    protected PdfDocument f;
    protected PdfAcroForm g;
    protected Date h;
    protected String i;
    protected x j;
    protected boolean k;
    protected PdfDictionary l;
    protected String m;
    protected IMetaInfo n;
    private SignatureUtil o;

    public t(PdfDocument pdfDocument) throws GeneralSecurityException {
        super(null);
        this.d = LtvVerification.CertificateOption.SIGNING_CERTIFICATE;
        this.e = true;
        this.k = true;
        this.m = null;
        a(pdfDocument);
    }

    public t(PdfDocument pdfDocument, String str) throws GeneralSecurityException {
        super(null);
        this.d = LtvVerification.CertificateOption.SIGNING_CERTIFICATE;
        this.e = true;
        this.k = true;
        this.m = null;
        this.m = str;
        a(pdfDocument);
    }

    protected x a() throws GeneralSecurityException {
        x a = this.o.a(this.i, this.m);
        if (!this.o.h(this.i)) {
            throw new VerificationException(null, "Signature doesn't cover whole document.");
        }
        p.info("The timestamp covers whole document.");
        if (!a.y()) {
            throw new VerificationException(null, "The document was altered after the final signature was applied.");
        }
        p.info("The signed document has not been modified.");
        return a;
    }

    @Override // com.itextpdf.signatures.a0, com.itextpdf.signatures.f
    public List<g0> a(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        a0 a0Var = new a0(this.a);
        a0Var.a(this.c);
        b bVar = new b(a0Var, b());
        bVar.a(this.c);
        bVar.a(this.k || this.b);
        u uVar = new u(bVar, c());
        uVar.a(this.c);
        uVar.a(this.k || this.b);
        return uVar.a(x509Certificate, x509Certificate2, date);
    }

    public List<g0> a(List<g0> list) throws IOException, GeneralSecurityException {
        if (list == null) {
            list = new ArrayList<>();
        }
        while (this.j != null) {
            list.addAll(e());
        }
        return list;
    }

    public void a(IMetaInfo iMetaInfo) {
        this.n = iMetaInfo;
    }

    protected void a(PdfDocument pdfDocument) throws GeneralSecurityException {
        this.f = pdfDocument;
        this.g = PdfAcroForm.getAcroForm(pdfDocument, true);
        SignatureUtil signatureUtil = new SignatureUtil(pdfDocument);
        this.o = signatureUtil;
        List<String> b = signatureUtil.b();
        this.i = b.get(b.size() - 1);
        this.h = com.itextpdf.io.util.b.b();
        x a = a();
        this.j = a;
        org.slf4j.c cVar = p;
        Object[] objArr = new Object[2];
        objArr[0] = a.w() ? "document-level timestamp " : "";
        objArr[1] = this.i;
        cVar.info(com.itextpdf.io.util.l.a("Checking {0}signature {1}", objArr));
    }

    public void a(LtvVerification.CertificateOption certificateOption) {
        this.d = certificateOption;
    }

    public void a(f fVar) {
        this.a = fVar;
    }

    public void a(Certificate[] certificateArr) throws GeneralSecurityException {
        for (int i = 0; i < certificateArr.length; i++) {
            ((X509Certificate) certificateArr[i]).checkValidity(this.h);
            if (i > 0) {
                certificateArr[i - 1].verify(certificateArr[i].getPublicKey());
            }
        }
        p.info("All certificates are valid on " + this.h.toString());
    }

    public List<X509CRL> b() throws GeneralSecurityException, IOException {
        PdfArray asArray;
        ArrayList arrayList = new ArrayList();
        PdfDictionary pdfDictionary = this.l;
        if (pdfDictionary == null || (asArray = pdfDictionary.getAsArray(PdfName.CRLs)) == null) {
            return arrayList;
        }
        for (int i = 0; i < asArray.size(); i++) {
            arrayList.add((X509CRL) c0.a(new ByteArrayInputStream(asArray.getAsStream(i).getBytes())));
        }
        return arrayList;
    }

    public void b(boolean z) {
        this.e = z;
    }

    public List<BasicOCSPResp> c() throws IOException, GeneralSecurityException {
        PdfArray asArray;
        ArrayList arrayList = new ArrayList();
        PdfDictionary pdfDictionary = this.l;
        if (pdfDictionary == null || (asArray = pdfDictionary.getAsArray(PdfName.OCSPs)) == null) {
            return arrayList;
        }
        for (int i = 0; i < asArray.size(); i++) {
            OCSPResp oCSPResp = new OCSPResp(asArray.getAsStream(i).getBytes());
            if (oCSPResp.getStatus() == 0) {
                try {
                    arrayList.add((BasicOCSPResp) oCSPResp.getResponseObject());
                } catch (OCSPException e) {
                    throw new GeneralSecurityException(e.toString());
                }
            }
        }
        return arrayList;
    }

    public void d() throws IOException, GeneralSecurityException {
        p.info("Switching to previous revision.");
        this.k = false;
        this.l = this.f.getCatalog().getPdfObject().getAsDictionary(PdfName.DSS);
        Calendar s = this.j.s();
        if (s == c0.a) {
            s = this.j.o();
        }
        this.h = s.getTime();
        List<String> b = this.o.b();
        if (b.size() <= 1) {
            p.info("No signatures in revision");
            this.j = null;
            return;
        }
        this.i = b.get(b.size() - 2);
        PdfDocument pdfDocument = new PdfDocument(new PdfReader(this.o.b(this.i)), new DocumentProperties().setEventCountingMetaInfo(this.n));
        this.f = pdfDocument;
        this.g = PdfAcroForm.getAcroForm(pdfDocument, true);
        SignatureUtil signatureUtil = new SignatureUtil(this.f);
        this.o = signatureUtil;
        List<String> b2 = signatureUtil.b();
        this.i = b2.get(b2.size() - 1);
        x a = a();
        this.j = a;
        org.slf4j.c cVar = p;
        Object[] objArr = new Object[2];
        objArr[0] = a.w() ? "document-level timestamp " : "";
        objArr[1] = this.i;
        cVar.info(com.itextpdf.io.util.l.a("Checking {0}signature {1}", objArr));
    }

    public List<g0> e() throws GeneralSecurityException, IOException {
        p.info("Verifying signature.");
        ArrayList arrayList = new ArrayList();
        Certificate[] n = this.j.n();
        a(n);
        int length = LtvVerification.CertificateOption.WHOLE_CHAIN.equals(this.d) ? n.length : 1;
        int i = 0;
        while (i < length) {
            int i2 = i + 1;
            X509Certificate x509Certificate = (X509Certificate) n[i];
            X509Certificate x509Certificate2 = i2 < n.length ? (X509Certificate) n[i2] : null;
            p.info(x509Certificate.getSubjectDN().getName());
            List<g0> a = a(x509Certificate, x509Certificate2, this.h);
            if (a.size() == 0) {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    if (this.k && n.length > 1) {
                        a.add(new g0(x509Certificate, getClass(), "Root certificate in final revision"));
                    }
                    if (a.size() == 0 && this.e) {
                        throw new GeneralSecurityException();
                    }
                    if (n.length > 1) {
                        a.add(new g0(x509Certificate, getClass(), "Root certificate passed without checking"));
                    }
                } catch (GeneralSecurityException unused) {
                    throw new VerificationException(x509Certificate, "Couldn't verify with CRL or OCSP or trusted anchor");
                }
            }
            arrayList.addAll(a);
            i = i2;
        }
        d();
        return arrayList;
    }
}
