package com.timevale.tgtext.text.pdf.security;

import com.timevale.tgtext.bouncycastle.cert.ocsp.BasicOCSPResp;
import com.timevale.tgtext.bouncycastle.cert.ocsp.OCSPException;
import com.timevale.tgtext.bouncycastle.cert.ocsp.OCSPResp;
import com.timevale.tgtext.text.log.Logger;
import com.timevale.tgtext.text.pdf.az;
import com.timevale.tgtext.text.pdf.bg;
import com.timevale.tgtext.text.pdf.ca;
import com.timevale.tgtext.text.pdf.da;
import com.timevale.tgtext.text.pdf.dg;
import com.timevale.tgtext.text.pdf.dy;
import com.timevale.tgtext.text.pdf.security.LtvVerification;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;

/* compiled from: LtvVerifier.java */
/* loaded from: input_file:com/timevale/tgtext/text/pdf/security/n.class */
public class n extends w {
    protected static final Logger OP = com.timevale.tgtext.text.log.b.getLogger((Class<?>) n.class);
    protected LtvVerification.CertificateOption buz;
    protected boolean buA;
    protected dy JJ;
    protected com.timevale.tgtext.text.pdf.a buB;
    protected Date Ij;
    protected String signatureName;
    protected r buC;
    protected boolean buD;
    protected ca buE;

    public n(dy dyVar) throws GeneralSecurityException {
        super(null);
        this.buz = LtvVerification.CertificateOption.SIGNING_CERTIFICATE;
        this.buA = true;
        this.buD = true;
        this.JJ = dyVar;
        this.buB = dyVar.OD();
        ArrayList<String> Ez = this.buB.Ez();
        this.signatureName = Ez.get(Ez.size() - 1);
        this.Ij = new Date();
        this.buC = WV();
        Logger logger = OP;
        Object[] objArr = new Object[2];
        objArr[0] = this.buC.Xr() ? "document-level timestamp " : dg.aNs;
        objArr[1] = this.signatureName;
        logger.info(String.format("Checking %ssignature %s", objArr));
    }

    public void a(f fVar) {
        this.bup = fVar;
    }

    public void a(LtvVerification.CertificateOption certificateOption) {
        this.buz = certificateOption;
    }

    public void co(boolean z) {
        this.buA = z;
    }

    protected r WV() throws GeneralSecurityException {
        r fD = this.buB.fD(this.signatureName);
        if (!this.buB.fC(this.signatureName)) {
            throw new ab(null, "Signature doesn't cover whole document.");
        }
        OP.info("The timestamp covers whole document.");
        if (!fD.verify()) {
            throw new ab(null, "The document was altered after the final signature was applied.");
        }
        OP.info("The signed document has not been modified.");
        return fD;
    }

    public List<ac> v(List<ac> list) throws IOException, GeneralSecurityException {
        if (list == null) {
            list = new ArrayList();
        }
        while (this.buC != null) {
            list.addAll(WW());
        }
        return list;
    }

    public List<ac> WW() throws GeneralSecurityException, IOException {
        OP.info("Verifying signature.");
        ArrayList arrayList = new ArrayList();
        Certificate[] Xl = this.buC.Xl();
        a(Xl);
        int i = 1;
        if (LtvVerification.CertificateOption.WHOLE_CHAIN.equals(this.buz)) {
            i = Xl.length;
        }
        int i2 = 0;
        while (i2 < i) {
            int i3 = i2;
            i2++;
            X509Certificate x509Certificate = (X509Certificate) Xl[i3];
            X509Certificate x509Certificate2 = null;
            if (i2 < Xl.length) {
                x509Certificate2 = (X509Certificate) Xl[i2];
            }
            OP.info(x509Certificate.getSubjectDN().getName());
            List<ac> a = a(x509Certificate, x509Certificate2, this.Ij);
            if (a.size() == 0) {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    if (this.buD && Xl.length > 1) {
                        a.add(new ac(x509Certificate, getClass(), "Root certificate in final revision"));
                    }
                    if (a.size() == 0 && this.buA) {
                        throw new GeneralSecurityException();
                    }
                    if (Xl.length > 1) {
                        a.add(new ac(x509Certificate, getClass(), "Root certificate passed without checking"));
                    }
                } catch (GeneralSecurityException e) {
                    throw new ab(x509Certificate, "Couldn't verify with CRL or OCSP or trusted anchor");
                }
            }
            arrayList.addAll(a);
        }
        WX();
        return arrayList;
    }

    public void a(Certificate[] certificateArr) throws GeneralSecurityException {
        for (int i = 0; i < certificateArr.length; i++) {
            ((X509Certificate) certificateArr[i]).checkValidity(this.Ij);
            if (i > 0) {
                certificateArr[i - 1].verify(certificateArr[i].getPublicKey());
            }
        }
        OP.info("All certificates are valid on " + this.Ij.toString());
    }

    @Override // com.timevale.tgtext.text.pdf.security.w, com.timevale.tgtext.text.pdf.security.f
    public List<ac> a(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        w wVar = new w(this.bup);
        wVar.a(this.bvh);
        b bVar = new b(wVar, WY());
        bVar.a(this.bvh);
        bVar.cn(this.buD || this.buq);
        p pVar = new p(bVar, WZ());
        pVar.a(this.bvh);
        pVar.cn(this.buD || this.buq);
        return pVar.a(x509Certificate, x509Certificate2, date);
    }

    public void WX() throws IOException, GeneralSecurityException {
        OP.info("Switching to previous revision.");
        this.buD = false;
        this.buE = this.JJ.NS().m(da.aCf);
        Calendar Xs = this.buC.Xs();
        if (Xs == null) {
            Xs = this.buC.Pn();
        }
        this.Ij = Xs.getTime();
        ArrayList<String> Ez = this.buB.Ez();
        if (Ez.size() <= 1) {
            OP.info("No signatures in revision");
            this.buC = null;
            return;
        }
        this.signatureName = Ez.get(Ez.size() - 2);
        this.JJ = new dy(this.buB.fF(this.signatureName));
        this.buB = this.JJ.OD();
        ArrayList<String> Ez2 = this.buB.Ez();
        this.signatureName = Ez2.get(Ez2.size() - 1);
        this.buC = WV();
        Logger logger = OP;
        Object[] objArr = new Object[2];
        objArr[0] = this.buC.Xr() ? "document-level timestamp " : dg.aNs;
        objArr[1] = this.signatureName;
        logger.info(String.format("Checking %ssignature %s", objArr));
    }

    public List<X509CRL> WY() throws GeneralSecurityException, IOException {
        bg n;
        ArrayList arrayList = new ArrayList();
        if (this.buE != null && (n = this.buE.n(da.aBi)) != null) {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i = 0; i < n.size(); i++) {
                arrayList.add((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(dy.c((az) n.fC(i)))));
            }
            return arrayList;
        }
        return arrayList;
    }

    public List<BasicOCSPResp> WZ() throws IOException, GeneralSecurityException {
        bg n;
        ArrayList arrayList = new ArrayList();
        if (this.buE != null && (n = this.buE.n(da.aHc)) != null) {
            for (int i = 0; i < n.size(); i++) {
                OCSPResp oCSPResp = new OCSPResp(dy.c((az) n.fC(i)));
                if (oCSPResp.getStatus() == 0) {
                    try {
                        arrayList.add((BasicOCSPResp) oCSPResp.getResponseObject());
                    } catch (OCSPException e) {
                        throw new GeneralSecurityException(e);
                    }
                }
            }
            return arrayList;
        }
        return arrayList;
    }
}
