package f.h.c.k1.b7;

import f.h.c.k1.b7.s;
import f.h.c.k1.e1;
import f.h.c.k1.i2;
import f.h.c.k1.j3;
import f.h.c.k1.m1;
import f.h.c.k1.o4;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import org.spongycastle.cert.ocsp.BasicOCSPResp;
import org.spongycastle.cert.ocsp.OCSPException;
import org.spongycastle.cert.ocsp.OCSPResp;

/* compiled from: TbsSdkJava */
/* loaded from: classes2.dex */
public class t extends e0 {

    /* renamed from: n, reason: collision with root package name */
    protected static final f.h.c.j1.e f17414n = f.h.c.j1.f.b(t.class);

    /* renamed from: e, reason: collision with root package name */
    protected s.c f17415e;

    /* renamed from: f, reason: collision with root package name */
    protected boolean f17416f;

    /* renamed from: g, reason: collision with root package name */
    protected o4 f17417g;

    /* renamed from: h, reason: collision with root package name */
    protected f.h.c.k1.a f17418h;

    /* renamed from: i, reason: collision with root package name */
    protected Date f17419i;

    /* renamed from: j, reason: collision with root package name */
    protected String f17420j;

    /* renamed from: k, reason: collision with root package name */
    protected z f17421k;

    /* renamed from: l, reason: collision with root package name */
    protected boolean f17422l;

    /* renamed from: m, reason: collision with root package name */
    protected i2 f17423m;

    public t(o4 o4Var) throws GeneralSecurityException {
        super(null);
        this.f17415e = s.c.SIGNING_CERTIFICATE;
        this.f17416f = true;
        this.f17422l = true;
        this.f17417g = o4Var;
        f.h.c.k1.a C = o4Var.C();
        this.f17418h = C;
        ArrayList<String> E = C.E();
        this.f17420j = E.get(E.size() - 1);
        this.f17419i = new Date();
        z d2 = d();
        this.f17421k = d2;
        f.h.c.j1.e eVar = f17414n;
        Object[] objArr = new Object[2];
        objArr[0] = d2.F() ? "document-level timestamp " : "";
        objArr[1] = this.f17420j;
        eVar.info(String.format("Checking %ssignature %s", objArr));
    }

    @Override // f.h.c.k1.b7.e0, f.h.c.k1.b7.f
    public List<n0> b(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        e0 e0Var = new e0(this.a);
        e0Var.c(this.f17352c);
        b bVar = new b(e0Var, e());
        bVar.c(this.f17352c);
        bVar.a(this.f17422l || this.f17353b);
        w wVar = new w(bVar, f());
        wVar.c(this.f17352c);
        wVar.a(this.f17422l || this.f17353b);
        return wVar.b(x509Certificate, x509Certificate2, date);
    }

    protected z d() throws GeneralSecurityException {
        z o0 = this.f17418h.o0(this.f17420j);
        if (!this.f17418h.l0(this.f17420j)) {
            throw new m0(null, "Signature doesn't cover whole document.");
        }
        f17414n.info("The timestamp covers whole document.");
        if (!o0.P()) {
            throw new m0(null, "The document was altered after the final signature was applied.");
        }
        f17414n.info("The signed document has not been modified.");
        return o0;
    }

    public List<X509CRL> e() throws GeneralSecurityException, IOException {
        m1 asArray;
        ArrayList arrayList = new ArrayList();
        i2 i2Var = this.f17423m;
        if (i2Var == null || (asArray = i2Var.getAsArray(j3.CRLS)) == null) {
            return arrayList;
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (int i2 = 0; i2 < asArray.size(); i2++) {
            arrayList.add((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(o4.D0((e1) asArray.getAsStream(i2)))));
        }
        return arrayList;
    }

    public List<BasicOCSPResp> f() throws IOException, GeneralSecurityException {
        m1 asArray;
        ArrayList arrayList = new ArrayList();
        i2 i2Var = this.f17423m;
        if (i2Var == null || (asArray = i2Var.getAsArray(j3.OCSPS)) == null) {
            return arrayList;
        }
        for (int i2 = 0; i2 < asArray.size(); i2++) {
            OCSPResp oCSPResp = new OCSPResp(o4.D0((e1) asArray.getAsStream(i2)));
            if (oCSPResp.getStatus() == 0) {
                try {
                    arrayList.add((BasicOCSPResp) oCSPResp.getResponseObject());
                } catch (OCSPException e2) {
                    throw new GeneralSecurityException((Throwable) e2);
                }
            }
        }
        return arrayList;
    }

    public void g(s.c cVar) {
        this.f17415e = cVar;
    }

    public void h(f fVar) {
        this.a = fVar;
    }

    public void i(boolean z) {
        this.f17416f = z;
    }

    public void j() throws IOException, GeneralSecurityException {
        f17414n.info("Switching to previous revision.");
        this.f17422l = false;
        this.f17423m = this.f17417g.F().getAsDict(j3.DSS);
        Calendar z = this.f17421k.z();
        if (z == null) {
            z = this.f17421k.v();
        }
        this.f17419i = z.getTime();
        ArrayList<String> E = this.f17418h.E();
        if (E.size() <= 1) {
            f17414n.info("No signatures in revision");
            this.f17421k = null;
            return;
        }
        this.f17420j = E.get(E.size() - 2);
        o4 o4Var = new o4(this.f17418h.h(this.f17420j));
        this.f17417g = o4Var;
        f.h.c.k1.a C = o4Var.C();
        this.f17418h = C;
        ArrayList<String> E2 = C.E();
        this.f17420j = E2.get(E2.size() - 1);
        z d2 = d();
        this.f17421k = d2;
        f.h.c.j1.e eVar = f17414n;
        Object[] objArr = new Object[2];
        objArr[0] = d2.F() ? "document-level timestamp " : "";
        objArr[1] = this.f17420j;
        eVar.info(String.format("Checking %ssignature %s", objArr));
    }

    public List<n0> k(List<n0> list) throws IOException, GeneralSecurityException {
        if (list == null) {
            list = new ArrayList<>();
        }
        while (this.f17421k != null) {
            list.addAll(m());
        }
        return list;
    }

    public void l(Certificate[] certificateArr) throws GeneralSecurityException {
        for (int i2 = 0; i2 < certificateArr.length; i2++) {
            ((X509Certificate) certificateArr[i2]).checkValidity(this.f17419i);
            if (i2 > 0) {
                certificateArr[i2 - 1].verify(certificateArr[i2].getPublicKey());
            }
        }
        f17414n.info("All certificates are valid on " + this.f17419i.toString());
    }

    public List<n0> m() throws GeneralSecurityException, IOException {
        f17414n.info("Verifying signature.");
        ArrayList arrayList = new ArrayList();
        Certificate[] u = this.f17421k.u();
        l(u);
        int length = s.c.WHOLE_CHAIN.equals(this.f17415e) ? u.length : 1;
        int i2 = 0;
        while (i2 < length) {
            int i3 = i2 + 1;
            X509Certificate x509Certificate = (X509Certificate) u[i2];
            X509Certificate x509Certificate2 = i3 < u.length ? (X509Certificate) u[i3] : null;
            f17414n.info(x509Certificate.getSubjectDN().getName());
            List<n0> b2 = b(x509Certificate, x509Certificate2, this.f17419i);
            if (b2.size() == 0) {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    if (this.f17422l && u.length > 1) {
                        b2.add(new n0(x509Certificate, getClass(), "Root certificate in final revision"));
                    }
                    if (b2.size() == 0 && this.f17416f) {
                        throw new GeneralSecurityException();
                    }
                    if (u.length > 1) {
                        b2.add(new n0(x509Certificate, getClass(), "Root certificate passed without checking"));
                    }
                } catch (GeneralSecurityException unused) {
                    throw new m0(x509Certificate, "Couldn't verify with CRL or OCSP or trusted anchor");
                }
            }
            arrayList.addAll(b2);
            i2 = i3;
        }
        j();
        return arrayList;
    }
}
