package com.itextpdf.text.pdf.l;

import com.itextpdf.text.C0009b;
import com.itextpdf.text.pdf.C0078bs;
import com.itextpdf.text.pdf.bT;
import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.Security;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.ocsp.RevokedStatus;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: input_file:com/itextpdf/text/pdf/l/E.class */
public class E implements D {

    /* renamed from: a, reason: collision with root package name */
    private static final com.itextpdf.text.g.b f1168a = com.itextpdf.text.g.c.a(E.class);

    private static OCSPReq a(X509Certificate x509Certificate, BigInteger bigInteger) {
        Security.addProvider(new BouncyCastleProvider());
        CertificateID certificateID = new CertificateID(new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate), bigInteger);
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        oCSPReqBuilder.addRequest(certificateID);
        oCSPReqBuilder.setRequestExtensions(new Extensions(new Extension[]{new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(bT.e()).getEncoded()))}));
        return oCSPReqBuilder.build();
    }

    private static OCSPResp c(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        if (x509Certificate == null || x509Certificate2 == null) {
            return null;
        }
        if (str == null) {
            str = C0078bs.b(x509Certificate);
        }
        if (str == null) {
            return null;
        }
        f1168a.d("Getting OCSP from " + str);
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        Security.addProvider(new BouncyCastleProvider());
        CertificateID certificateID = new CertificateID(new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate2), serialNumber);
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        oCSPReqBuilder.addRequest(certificateID);
        oCSPReqBuilder.setRequestExtensions(new Extensions(new Extension[]{new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(bT.e()).getEncoded()))}));
        byte[] encoded = oCSPReqBuilder.build().getEncoded();
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
        httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
        httpURLConnection.setDoOutput(true);
        DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
        dataOutputStream.write(encoded);
        dataOutputStream.flush();
        dataOutputStream.close();
        if (httpURLConnection.getResponseCode() / 100 != 2) {
            throw new IOException(com.itextpdf.text.b.a.a("invalid.http.response.1", httpURLConnection.getResponseCode()));
        }
        return new OCSPResp(C0009b.a((InputStream) httpURLConnection.getContent()));
    }

    public final BasicOCSPResp b(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        OCSPResp oCSPResp;
        String str2 = str;
        if (x509Certificate == null || x509Certificate2 == null) {
            oCSPResp = null;
        } else {
            if (str2 == null) {
                try {
                    str2 = C0078bs.b(x509Certificate);
                } catch (Exception e) {
                    com.itextpdf.text.g.b bVar = f1168a;
                    com.itextpdf.text.g.a aVar = com.itextpdf.text.g.a.ERROR;
                    if (!bVar.b()) {
                        return null;
                    }
                    f1168a.e(e.getMessage());
                    return null;
                }
            }
            if (str2 == null) {
                oCSPResp = null;
            } else {
                f1168a.d("Getting OCSP from " + str2);
                BigInteger serialNumber = x509Certificate.getSerialNumber();
                Security.addProvider(new BouncyCastleProvider());
                CertificateID certificateID = new CertificateID(new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate2), serialNumber);
                OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
                oCSPReqBuilder.addRequest(certificateID);
                oCSPReqBuilder.setRequestExtensions(new Extensions(new Extension[]{new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(bT.e()).getEncoded()))}));
                byte[] encoded = oCSPReqBuilder.build().getEncoded();
                HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str2).openConnection();
                httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
                httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
                httpURLConnection.setDoOutput(true);
                DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
                dataOutputStream.write(encoded);
                dataOutputStream.flush();
                dataOutputStream.close();
                if (httpURLConnection.getResponseCode() / 100 != 2) {
                    throw new IOException(com.itextpdf.text.b.a.a("invalid.http.response.1", httpURLConnection.getResponseCode()));
                }
                oCSPResp = new OCSPResp(C0009b.a((InputStream) httpURLConnection.getContent()));
            }
        }
        OCSPResp oCSPResp2 = oCSPResp;
        if (oCSPResp != null && oCSPResp2.getStatus() == 0) {
            return (BasicOCSPResp) oCSPResp2.getResponseObject();
        }
        return null;
    }

    @Override // com.itextpdf.text.pdf.l.D
    public final byte[] a(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        try {
            BasicOCSPResp b2 = b(x509Certificate, x509Certificate2, null);
            if (b2 != null) {
                SingleResp[] responses = b2.getResponses();
                if (responses.length == 1) {
                    CertificateStatus certStatus = responses[0].getCertStatus();
                    if (certStatus == CertificateStatus.GOOD) {
                        return b2.getEncoded();
                    }
                    if (certStatus instanceof RevokedStatus) {
                        throw new IOException(com.itextpdf.text.b.a.a("ocsp.status.is.revoked", new Object[0]));
                    }
                    throw new IOException(com.itextpdf.text.b.a.a("ocsp.status.is.unknown", new Object[0]));
                }
            }
            return null;
        } catch (Exception e) {
            com.itextpdf.text.g.b bVar = f1168a;
            com.itextpdf.text.g.a aVar = com.itextpdf.text.g.a.ERROR;
            if (!bVar.b()) {
                return null;
            }
            f1168a.e(e.getMessage());
            return null;
        }
    }
}
