package com.itextpdf.signatures;

import a.h;
import ag.j;
import bg.t;
import ce.o;
import ce.r0;
import ce.s;
import ce.u0;
import ce.v;
import ce.x0;
import cf.a;
import cf.i;
import cg.a;
import com.alibaba.sdk.android.oss.common.utils.HttpHeaders;
import com.itextpdf.io.codec.Base64;
import com.itextpdf.kernel.PdfException;
import com.itextpdf.kernel.pdf.PdfEncryption;
import com.itextpdf.signatures.OID;
import gf.b;
import gf.d;
import gf.e;
import gf.f;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.Objects;
import jf.f;
import ke.c;
import p000if.f0;
import te.l;

/* loaded from: classes2.dex */
final class SignUtils {

    /* loaded from: classes2.dex */
    public static class TsaResponse {
        public String encoding;
        public InputStream tsaResponseStream;
    }

    public static Date add180Sec(Date date) {
        return new Date(date.getTime() + 180000);
    }

    public static boolean checkIfIssuersMatch(b bVar, X509Certificate x509Certificate) {
        ef.b bVar2 = new ef.b(x509Certificate.getEncoded());
        t tVar = new t();
        Objects.requireNonNull(bVar);
        try {
            return b.a(tVar.a(bVar.f29745a.f35789a), bVar2, bVar.f29745a.f35792d).equals(bVar.f29745a);
        } catch (j e10) {
            StringBuilder a10 = h.a("unable to create digest calculator: ");
            a10.append(e10.getMessage());
            throw new d(a10.toString(), e10);
        }
    }

    public static c createSigPolicyQualifiers(ke.b... bVarArr) {
        return new c(bVarArr);
    }

    public static String dateToString(Calendar calendar) {
        return new SimpleDateFormat("yyyy.MM.dd HH:mm:ss z").format(calendar.getTime());
    }

    public static b generateCertificateId(X509Certificate x509Certificate, BigInteger bigInteger, o oVar) {
        return new b(new cg.b(new cg.c()).a(new a(oVar, r0.f3323a)), new ff.c(x509Certificate), bigInteger);
    }

    public static b generateCertificateId(X509Certificate x509Certificate, BigInteger bigInteger, a aVar) {
        return new b(new cg.b(new cg.c()).a(aVar), new ff.c(x509Certificate), bigInteger);
    }

    public static e generateOcspRequestWithNonce(b bVar) {
        f fVar = new f();
        fVar.f29748a.add(new f.a(fVar, bVar, null));
        fVar.f29749b = new cf.j(new i[]{new i(te.d.f35796b, false, new u0(new u0(PdfEncryption.generateNewDocumentId()).h()))});
        ce.f fVar2 = new ce.f(10);
        for (f.a aVar : fVar.f29748a) {
            try {
                fVar2.a(new ke.a(aVar.f29750a.f29745a, aVar.f29751b));
            } catch (Exception e10) {
                throw new d("exception creating Request", e10);
            }
        }
        return new e(new ke.a(new l(null, new x0(fVar2), fVar.f29749b), (he.d) null));
    }

    public static Iterable<X509Certificate> getCertificates(final KeyStore keyStore) {
        final Enumeration<String> aliases = keyStore.aliases();
        return new Iterable<X509Certificate>() { // from class: com.itextpdf.signatures.SignUtils.1
            @Override // java.lang.Iterable
            public Iterator<X509Certificate> iterator() {
                return new Iterator<X509Certificate>() { // from class: com.itextpdf.signatures.SignUtils.1.1
                    private X509Certificate nextCert;

                    private void tryToGetNextCertificate() {
                        String str;
                        while (aliases.hasMoreElements()) {
                            try {
                                str = (String) aliases.nextElement();
                            } catch (KeyStoreException unused) {
                            }
                            if (keyStore.isCertificateEntry(str) || keyStore.isKeyEntry(str)) {
                                this.nextCert = (X509Certificate) keyStore.getCertificate(str);
                                return;
                            }
                        }
                    }

                    @Override // java.util.Iterator
                    public boolean hasNext() {
                        if (this.nextCert == null) {
                            tryToGetNextCertificate();
                        }
                        return this.nextCert != null;
                    }

                    @Override // java.util.Iterator
                    public X509Certificate next() {
                        if (!hasNext()) {
                            throw new NoSuchElementException();
                        }
                        X509Certificate x509Certificate = this.nextCert;
                        this.nextCert = null;
                        return x509Certificate;
                    }

                    @Override // java.util.Iterator
                    public void remove() {
                        throw new UnsupportedOperationException("remove");
                    }
                };
            }
        };
    }

    public static Iterable<X509Certificate> getCertsFromOcspResponse(gf.a aVar) {
        ArrayList arrayList = new ArrayList();
        ef.b[] a10 = aVar.a();
        ff.b bVar = new ff.b();
        for (ef.b bVar2 : a10) {
            try {
                arrayList.add(bVar.a(bVar2));
            } catch (Exception unused) {
            }
        }
        return arrayList;
    }

    public static byte[] getExtensionValueByOid(X509Certificate x509Certificate, String str) {
        return x509Certificate.getExtensionValue(str);
    }

    public static <T> T getFirstElement(Iterable<T> iterable) {
        return iterable.iterator().next();
    }

    public static InputStream getHttpResponse(URL url) {
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        if (httpURLConnection.getResponseCode() / 100 == 2) {
            return (InputStream) httpURLConnection.getContent();
        }
        throw new PdfException(PdfException.InvalidHttpResponse1).setMessageParams(Integer.valueOf(httpURLConnection.getResponseCode()));
    }

    public static InputStream getHttpResponseForOcspRequest(byte[] bArr, URL url) {
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
        httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
        httpURLConnection.setDoOutput(true);
        DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
        dataOutputStream.write(bArr);
        dataOutputStream.flush();
        dataOutputStream.close();
        if (httpURLConnection.getResponseCode() / 100 == 2) {
            return (InputStream) httpURLConnection.getContent();
        }
        throw new PdfException(PdfException.InvalidHttpResponse1).setMessageParams(Integer.valueOf(httpURLConnection.getResponseCode()));
    }

    public static yf.a getIssuerX509Name(s sVar) {
        return new yf.a(sVar.w(0).c().h());
    }

    public static MessageDigest getMessageDigest(String str) {
        return new BouncyCastleDigest().getMessageDigest(str);
    }

    public static MessageDigest getMessageDigest(String str, IExternalDigest iExternalDigest) {
        return iExternalDigest.getMessageDigest(str);
    }

    public static MessageDigest getMessageDigest(String str, String str2) {
        return (str2 == null || str2.startsWith("SunPKCS11") || str2.startsWith("SunMSCAPI")) ? MessageDigest.getInstance(DigestAlgorithms.normalizeDigestName(str)) : MessageDigest.getInstance(str, str2);
    }

    public static String getPrivateKeyAlgorithm(PrivateKey privateKey) {
        String algorithm = privateKey.getAlgorithm();
        return algorithm.equals("EC") ? "ECDSA" : algorithm;
    }

    public static Signature getSignatureHelper(String str, String str2) {
        return str2 == null ? Signature.getInstance(str) : Signature.getInstance(str, str2);
    }

    public static Calendar getTimeStampDate(tg.e eVar) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.setTime(eVar.f35831c.f35836b);
        return gregorianCalendar;
    }

    public static TsaResponse getTsaResponseForUserRequest(String str, byte[] bArr, String str2, String str3) {
        try {
            URLConnection openConnection = new URL(str).openConnection();
            openConnection.setDoInput(true);
            openConnection.setDoOutput(true);
            openConnection.setUseCaches(false);
            openConnection.setRequestProperty("Content-Type", "application/timestamp-query");
            openConnection.setRequestProperty("Content-Transfer-Encoding", "binary");
            if (str2 != null && !str2.equals("")) {
                String a10 = y.l.a(str2, com.huawei.openalliance.ad.constant.t.bE, str3);
                StringBuilder a11 = h.a("Basic ");
                a11.append(Base64.encodeBytes(a10.getBytes(StandardCharsets.UTF_8), 8));
                openConnection.setRequestProperty(HttpHeaders.AUTHORIZATION, a11.toString());
            }
            OutputStream outputStream = openConnection.getOutputStream();
            outputStream.write(bArr);
            outputStream.close();
            TsaResponse tsaResponse = new TsaResponse();
            tsaResponse.tsaResponseStream = openConnection.getInputStream();
            tsaResponse.encoding = openConnection.getContentEncoding();
            return tsaResponse;
        } catch (IOException unused) {
            throw new PdfException(PdfException.FailedToGetTsaResponseFrom1).setMessageParams(str);
        }
    }

    @Deprecated
    public static boolean hasUnsupportedCriticalExtension(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("X509Certificate can't be null.");
        }
        if (!x509Certificate.hasUnsupportedCriticalExtension()) {
            return false;
        }
        Iterator<String> it = x509Certificate.getCriticalExtensionOIDs().iterator();
        while (it.hasNext()) {
            if (!OID.X509Extensions.SUPPORTED_CRITICAL_EXTENSIONS.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    public static void isSignatureValid(tg.e eVar, X509Certificate x509Certificate, String str) {
        if (str == null) {
            str = "BC";
        }
        jf.f fVar = new jf.f();
        fVar.f31148a = new f.c(fVar, str);
        boolean z10 = true;
        f0 f0Var = new f0(new x4.s(1), new ag.d(), fVar.f31148a.a(x509Certificate), fVar.f31148a.b());
        Objects.requireNonNull(eVar);
        if (!f0Var.f30769a.c()) {
            throw new IllegalArgumentException("verifier provider needs an associated certificate");
        }
        try {
            ef.b b10 = f0Var.f30769a.b();
            ag.e a10 = f0Var.f30770b.a(eVar.f35832d.b());
            OutputStream a11 = a10.a();
            a11.write(b10.f12181a.h());
            a11.close();
            if (!ug.a.d(eVar.f35832d.a(), a10.b())) {
                throw new tg.c("certificate hash does not match certID hash.");
            }
            if (eVar.f35832d.c() != null) {
                cf.s sVar = b10.f12181a.f3358b;
                af.c cVar = sVar.f3409e;
                if (!eVar.f35832d.c().f3397b.o(sVar.f3407c)) {
                    throw new tg.c("certificate serial number does not match certID for signature.");
                }
                cf.l[] lVarArr = eVar.f35832d.c().f3396a.f3395a;
                int length = lVarArr.length;
                cf.l[] lVarArr2 = new cf.l[length];
                System.arraycopy(lVarArr, 0, lVarArr2, 0, length);
                int i10 = 0;
                while (true) {
                    if (i10 == length) {
                        z10 = false;
                        break;
                    } else if (lVarArr2[i10].f3394b == 4 && af.c.k(lVarArr2[i10].f3393a).equals(af.c.k(cVar))) {
                        break;
                    } else {
                        i10++;
                    }
                }
                if (!z10) {
                    throw new tg.c("certificate name does not match certID for signature. ");
                }
            }
            tg.b.a(b10);
            if (!b10.a(eVar.f35831c.f35836b)) {
                throw new tg.c("certificate not valid when time stamp created.");
            }
            if (!eVar.f35830b.f(f0Var)) {
                throw new tg.c("signature not created by certificate.");
            }
        } catch (j e10) {
            StringBuilder a12 = h.a("unable to create digest: ");
            a12.append(e10.getMessage());
            throw new tg.a(a12.toString(), e10, 0);
        } catch (p000if.f e11) {
            if (e11.f30768a != null) {
                throw new tg.a(e11.getMessage(), e11.f30768a, 0);
            }
            throw new tg.a("CMS exception: " + e11, e11, 0);
        } catch (IOException e12) {
            throw new tg.a("problem processing certificate: " + e12, e12, 0);
        }
    }

    public static boolean isSignatureValid(gf.a aVar, Certificate certificate, String str) {
        Signature signature;
        if (str == null) {
            str = "BC";
        }
        cg.a aVar2 = new cg.a();
        aVar2.f3438a = new cg.f(new u.d(str, 2));
        PublicKey publicKey = certificate.getPublicKey();
        Objects.requireNonNull(aVar);
        try {
            a aVar3 = aVar.f29742a.f35786b;
            try {
                Signature e10 = aVar2.f3438a.e(aVar3);
                e10.initVerify(publicKey);
                try {
                    signature = aVar2.f3438a.d(aVar3);
                    if (signature != null) {
                        signature.initVerify(publicKey);
                    }
                } catch (Exception unused) {
                    signature = null;
                }
                a.c bVar = signature != null ? new a.b(aVar2, aVar3, e10, signature) : new a.c(aVar2, aVar3, e10);
                OutputStream outputStream = bVar.f3444b;
                if (outputStream == null) {
                    throw new IllegalStateException("verifier not initialised");
                }
                outputStream.write(aVar.f29742a.f35785a.i("DER"));
                outputStream.close();
                return bVar.a(aVar.f29742a.f35787c.u());
            } catch (GeneralSecurityException e11) {
                throw new j("exception on setup: " + e11, e11);
            }
        } catch (Exception e12) {
            throw new d("exception processing sig: " + e12, e12);
        }
    }

    public static CRL parseCrlFromStream(InputStream inputStream) {
        return CertificateFactory.getInstance("X.509").generateCRL(inputStream);
    }

    public static Collection<Certificate> readAllCerts(byte[] bArr) {
        Certificate S;
        zf.d dVar = new zf.d();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        dVar.f38020c = byteArrayInputStream;
        dVar.f38018a = null;
        dVar.f38019b = 0;
        if (!byteArrayInputStream.markSupported()) {
            dVar.f38020c = new BufferedInputStream(dVar.f38020c);
        }
        ArrayList arrayList = new ArrayList();
        while (true) {
            try {
                v vVar = dVar.f38018a;
                if (vVar == null) {
                    dVar.f38020c.mark(10);
                    int read = dVar.f38020c.read();
                    if (read != -1) {
                        if (read != 48) {
                            dVar.f38020c.reset();
                            S = dVar.T(dVar.f38020c);
                        } else {
                            dVar.f38020c.reset();
                            S = dVar.S(dVar.f38020c);
                        }
                    }
                    S = null;
                } else if (dVar.f38019b != vVar.f3338a.length) {
                    S = dVar.R();
                } else {
                    dVar.f38018a = null;
                    dVar.f38019b = 0;
                    S = null;
                }
                if (S == null) {
                    return arrayList;
                }
                arrayList.add(S);
            } catch (Exception e10) {
                throw new tg.a(e10.toString(), e10, 1);
            }
        }
    }

    public static boolean verifyCertificateSignature(X509Certificate x509Certificate, PublicKey publicKey, String str) {
        try {
            if (str == null) {
                x509Certificate.verify(publicKey);
            } else {
                x509Certificate.verify(publicKey, str);
            }
            return true;
        } catch (Exception unused) {
            return false;
        }
    }
}
