package com.qoppa.pdf.e;

import com.qoppa.pdf.PDFException;
import com.qoppa.pdf.SignatureSettings;
import com.qoppa.pdf.SignatureValidity;
import com.qoppa.pdf.c.b.dc;
import java.lang.reflect.Field;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CRL;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;

/* loaded from: input_file:com/qoppa/pdf/e/l.class */
public class l {
    public static Vector<Certificate> b(X509Certificate x509Certificate, Store store) throws CertificateException, PDFException {
        Vector<Certificate> vector = new Vector<>();
        vector.add(x509Certificate);
        Hashtable<X500Principal, Certificate> b2 = b(store);
        X509Certificate x509Certificate2 = x509Certificate;
        while (true) {
            X509Certificate x509Certificate3 = x509Certificate2;
            if (x509Certificate3 == null) {
                break;
            }
            X509Certificate x509Certificate4 = null;
            if (x509Certificate3.getIssuerX500Principal() != null && !x509Certificate3.getIssuerX500Principal().equals(x509Certificate3.getSubjectX500Principal())) {
                x509Certificate4 = (X509Certificate) b2.get(x509Certificate3.getIssuerX500Principal());
                if (x509Certificate4 == null) {
                    try {
                        x509Certificate4 = b(x509Certificate3, SignatureSettings.getTrustedCertificates().values());
                    } catch (Exception unused) {
                    }
                }
                if (x509Certificate4 == null) {
                    break;
                }
                vector.add(x509Certificate4);
            }
            x509Certificate2 = x509Certificate4;
        }
        return vector;
    }

    private static Hashtable<X500Principal, Certificate> b(Store store) throws CertificateException {
        Hashtable<X500Principal, Certificate> hashtable = new Hashtable<>();
        Collection matches = store.getMatches((Selector) null);
        if (matches != null) {
            Iterator it = matches.iterator();
            while (it.hasNext()) {
                X509Certificate certificate = new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) it.next());
                hashtable.put(certificate.getSubjectX500Principal(), certificate);
            }
        }
        return hashtable;
    }

    public static void b(Vector<Certificate> vector, Date date, Store store, Vector<CRL> vector2, SignatureValidity signatureValidity) {
        Hashtable<String, Certificate> trustedCertificates = SignatureSettings.getTrustedCertificates();
        signatureValidity.setValidExpiration(true);
        signatureValidity.setValidCertificateChain(true);
        signatureValidity.setValidRevocationList(true);
        signatureValidity.setTrustedChain(false);
        boolean z = false;
        for (int i = 0; i < vector.size(); i++) {
            X509Certificate x509Certificate = (X509Certificate) vector.get(i);
            if (date == null) {
                signatureValidity.setValidExpiration(false);
            } else if (date.after(x509Certificate.getNotAfter()) || date.before(x509Certificate.getNotBefore())) {
                signatureValidity.setValidExpiration(false);
            }
            try {
                if (i + 1 < vector.size()) {
                    x509Certificate.verify(((X509Certificate) vector.get(i + 1)).getPublicKey());
                } else if (x509Certificate.getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal())) {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    z = true;
                }
            } catch (GeneralSecurityException e) {
                signatureValidity.setValidCertificateChain(false);
                signatureValidity.setException(e, "Error Verifying Certificate.");
            }
            if (store != null) {
                Collection<X509CRLHolder> matches = store.getMatches((Selector) null);
                Object b2 = b(x509Certificate);
                if (matches != null && matches.size() > 0) {
                    for (X509CRLHolder x509CRLHolder : matches) {
                        if (x509CRLHolder.getRevokedCertificate(x509Certificate.getSerialNumber()) != null) {
                            com.qoppa.v.d.c("Certificate is in a CRL revocation list, check results");
                            if (b2 == null || b2.equals(x509CRLHolder.getIssuer())) {
                                signatureValidity.setValidRevocationList(false);
                                break;
                            }
                        }
                    }
                }
            }
            if (vector2 != null) {
                int i2 = 0;
                while (true) {
                    if (i2 >= vector2.size()) {
                        break;
                    }
                    if (vector2.get(i2).isRevoked(x509Certificate)) {
                        signatureValidity.setValidRevocationList(false);
                        break;
                    }
                    i2++;
                }
            }
            X509Certificate x509Certificate2 = (X509Certificate) trustedCertificates.get(SignatureSettings.getUniqueIdentifier(x509Certificate));
            if (x509Certificate2 != null && x509Certificate2.getSerialNumber().equals(x509Certificate.getSerialNumber()) && Arrays.equals(x509Certificate2.getSignature(), x509Certificate.getSignature())) {
                signatureValidity.setTrustedChain(true);
            }
        }
        if (signatureValidity.isTrustedChain() || z) {
            return;
        }
        X509Certificate x509Certificate3 = (X509Certificate) vector.get(vector.size() - 1);
        X509Certificate x509Certificate4 = (X509Certificate) trustedCertificates.get(SignatureSettings.getUniqueIdentifier(x509Certificate3));
        if (x509Certificate4 != null && x509Certificate4.getSerialNumber().equals(x509Certificate3.getSerialNumber()) && Arrays.equals(x509Certificate4.getSignature(), x509Certificate3.getSignature())) {
            signatureValidity.setTrustedChain(true);
        }
    }

    private static Object b(X509Certificate x509Certificate) {
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        try {
            Field declaredField = issuerX500Principal.getClass().getDeclaredField("thisX500Name");
            if (declaredField == null) {
                return null;
            }
            declaredField.setAccessible(true);
            return declaredField.get(issuerX500Principal);
        } catch (Exception e) {
            com.qoppa.v.d.b(e);
            return null;
        }
    }

    private static X509Certificate b(X509Certificate x509Certificate, Collection<Certificate> collection) throws NoSuchAlgorithmException, NoSuchProviderException, CertificateException, InvalidAlgorithmParameterException {
        Iterator<Certificate> it = collection.iterator();
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", dc.f694b);
        CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(x509Certificate));
        while (it.hasNext()) {
            X509Certificate x509Certificate2 = (X509Certificate) it.next();
            if (x509Certificate.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal())) {
                PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate2, null)));
                pKIXParameters.setRevocationEnabled(false);
                try {
                    if (((PKIXCertPathValidatorResult) certPathValidator.validate(generateCertPath, pKIXParameters)).getTrustAnchor().getTrustedCert() != null) {
                        return x509Certificate2;
                    }
                } catch (CertPathValidatorException unused) {
                }
            }
        }
        return null;
    }
}
