package com.itextpdf.text.pdf.security;

import a8.a;
import com.google.common.net.HttpHeaders;
import com.itextpdf.text.error_messages.MessageLocalization;
import com.itextpdf.text.io.StreamUtil;
import com.itextpdf.text.log.Level;
import com.itextpdf.text.log.Logger;
import com.itextpdf.text.log.LoggerFactory;
import com.itextpdf.text.pdf.PdfEncryption;
import ha.c;
import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import k8.l;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cms.v;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorException;
import r7.f;
import r7.g;
import r7.k;
import r7.w0;
import r7.z0;
import u8.o;
import u8.p;
import y8.b;
import y8.d;
import y8.e;
import y8.h;

/* loaded from: classes3.dex */
public class OcspClientBouncyCastle implements OcspClient {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OcspClientBouncyCastle.class);
    private final OCSPVerifier verifier;

    @Deprecated
    public OcspClientBouncyCastle() {
        this.verifier = null;
    }

    public OcspClientBouncyCastle(OCSPVerifier oCSPVerifier) {
        this.verifier = oCSPVerifier;
    }

    private static d generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) throws OCSPException, IOException, OperatorException, CertificateEncodingException {
        Security.addProvider(new BouncyCastleProvider());
        b bVar = new b(new v(new c(1), 5).g(b.b), new JcaX509CertificateHolder(x509Certificate), bigInteger);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new e(bVar));
        p pVar = new p(new o[]{new o(k8.d.b, new w0(new w0(PdfEncryption.createDocumentId()).getEncoded()))});
        Iterator it = arrayList.iterator();
        f fVar = new f();
        while (it.hasNext()) {
            try {
                fVar.a(new a(((e) it.next()).f6853a.f6851a, null, 3));
            } catch (Exception e) {
                throw new OCSPException("exception creating Request", e);
            }
        }
        return new d(new a(new l(null, new z0(fVar), pVar), null, 2));
    }

    private y8.f getOcspResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) throws GeneralSecurityException, OCSPException, IOException, OperatorException {
        if (x509Certificate == null || x509Certificate2 == null) {
            return null;
        }
        if (str == null) {
            str = CertificateUtil.getOCSPURL(x509Certificate);
        }
        if (str == null) {
            return null;
        }
        LOGGER.info("Getting OCSP from ".concat(str));
        byte[] encoded = generateOCSPRequest(x509Certificate2, x509Certificate.getSerialNumber()).f6852a.getEncoded();
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestProperty(HttpHeaders.CONTENT_TYPE, "application/ocsp-request");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, "application/ocsp-response");
        httpURLConnection.setDoOutput(true);
        DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
        dataOutputStream.write(encoded);
        dataOutputStream.flush();
        dataOutputStream.close();
        if (httpURLConnection.getResponseCode() / 100 == 2) {
            return new y8.f(StreamUtil.inputStreamToArray((InputStream) httpURLConnection.getContent()));
        }
        throw new IOException(MessageLocalization.getComposedMessage("invalid.http.response.1", httpURLConnection.getResponseCode()));
    }

    public y8.a getBasicOCSPResp(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        try {
            y8.f ocspResponse = getOcspResponse(x509Certificate, x509Certificate2, str);
            if (ocspResponse == null) {
                return null;
            }
            g gVar = ocspResponse.f6854a.f4104a.f4105a;
            byte[] bArr = gVar.f5768a;
            int length = bArr.length;
            int i10 = gVar.b;
            if (length - i10 > 4) {
                throw new ArithmeticException("ASN.1 Enumerated out of int range");
            }
            if (k.v(i10, -1, bArr) != 0) {
                return null;
            }
            y8.a aVar = (y8.a) ocspResponse.a();
            OCSPVerifier oCSPVerifier = this.verifier;
            if (oCSPVerifier != null) {
                oCSPVerifier.isValidResponse(aVar, x509Certificate2);
            }
            return aVar;
        } catch (Exception e) {
            Logger logger = LOGGER;
            if (logger.isLogging(Level.ERROR)) {
                logger.error(e.getMessage());
            }
            return null;
        }
    }

    @Override // com.itextpdf.text.pdf.security.OcspClient
    public byte[] getEncoded(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        try {
            y8.a basicOCSPResp = getBasicOCSPResp(x509Certificate, x509Certificate2, str);
            if (basicOCSPResp == null) {
                return null;
            }
            ab.o[] b = basicOCSPResp.b();
            if (b.length != 1) {
                return null;
            }
            y8.c w = b[0].w();
            if (w == null) {
                return basicOCSPResp.getEncoded();
            }
            if (w instanceof h) {
                throw new IOException(MessageLocalization.getComposedMessage("ocsp.status.is.revoked", new Object[0]));
            }
            throw new IOException(MessageLocalization.getComposedMessage("ocsp.status.is.unknown", new Object[0]));
        } catch (Exception e) {
            Logger logger = LOGGER;
            if (!logger.isLogging(Level.ERROR)) {
                return null;
            }
            logger.error(e.getMessage());
            return null;
        }
    }
}
