package bo.gob.adsib.fido_android.Util;

import android.net.Uri;
import bo.gob.adsib.fido_android.MyApplication;
import bo.gob.adsib.fido_android.R;
import com.itextpdf.text.pdf.AcroFields;
import com.itextpdf.text.pdf.PdfArray;
import com.itextpdf.text.pdf.PdfDictionary;
import com.itextpdf.text.pdf.PdfIndirectReference;
import com.itextpdf.text.pdf.PdfName;
import com.itextpdf.text.pdf.PdfNumber;
import com.itextpdf.text.pdf.PdfObject;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.security.PdfPKCS7;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.bouncycastle.x509.extension.X509ExtensionUtil;

/* loaded from: classes.dex */
public class Validar implements Iterable<CertDate> {
    private List<CertDate> certificados;
    private String token;
    private String url;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public Validar(Uri uri) {
        try {
            this.certificados = listarCertificados(uri);
        } catch (Exception unused) {
        }
    }

    public Validar(Uri uri, String str, String str2) {
        this(uri);
        this.url = str;
        this.token = str2;
    }

    private boolean bloqueaDocumento(PdfArray pdfArray) {
        PdfDictionary pdfDictionary;
        PdfName asName;
        PdfNumber asNumber;
        if (pdfArray == null || pdfArray.size() == 0) {
            return false;
        }
        Iterator<PdfObject> it = pdfArray.iterator();
        while (it.hasNext()) {
            PdfObject next = it.next();
            if (next.isIndirect()) {
                next = ((PdfIndirectReference) next).getIndRef();
            }
            if (!next.isIndirect() && next.isDictionary() && (asName = (pdfDictionary = (PdfDictionary) next).getAsName(PdfName.TRANSFORMMETHOD)) != null && !new PdfName("UR").equals(asName) && (PdfName.DOCMDP.equals(asName) || PdfName.FIELDMDP.equals(asName))) {
                PdfDictionary asDict = pdfDictionary.getAsDict(PdfName.TRANSFORMPARAMS);
                if (asDict != null && (asNumber = asDict.getAsNumber(PdfName.P)) != null) {
                    return asNumber.intValue() == 1;
                }
            }
        }
        return false;
    }

    public static URL[] getCrlURLs(X509Certificate x509Certificate) {
        LinkedList linkedList = new LinkedList();
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.31");
        if (extensionValue != null) {
            try {
                for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).getDistributionPoints()) {
                    for (GeneralName generalName : ((GeneralNames) distributionPoint.getDistributionPoint().getName()).getNames()) {
                        if (generalName.getTagNo() == 6) {
                            linkedList.add(new URL(((DERIA5String) generalName.getName()).getString()));
                        }
                    }
                }
            } catch (IOException unused) {
            }
        }
        return (URL[]) linkedList.toArray(new URL[linkedList.size()]);
    }

    public String getToken() {
        return this.token;
    }

    public String getUrl() {
        return this.url;
    }

    public boolean isBloquea() {
        try {
            Iterator<CertDate> it = this.certificados.iterator();
            while (it.hasNext()) {
                if (it.next().isBloquea()) {
                    return true;
                }
            }
            return false;
        } catch (Exception unused) {
            return false;
        }
    }

    @Override // java.lang.Iterable
    public Iterator<CertDate> iterator() {
        return this.certificados.iterator();
    }

    public List<CertDate> listarCertificados(Uri uri) throws Exception {
        InputStreamReader inputStreamReader = new InputStreamReader(MyApplication.getContext().getResources().openRawResource(R.raw.timestamp));
        PemReader pemReader = new PemReader(inputStreamReader);
        Certificate generateCertificate = CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(pemReader.readPemObject().getContent()));
        pemReader.close();
        inputStreamReader.close();
        ArrayList arrayList = new ArrayList();
        AcroFields acroFields = new PdfReader(new FileInputStream(MyApplication.getContext().getContentResolver().openFileDescriptor(uri, "r").getFileDescriptor())).getAcroFields();
        for (String str : acroFields.getSignatureNames()) {
            PdfArray asArray = acroFields.getFieldItem(str).getWidget(0).getAsDict(PdfName.V).getAsArray(PdfName.REFERENCE);
            PdfPKCS7 verifySignature = acroFields.verifySignature(str);
            CertDate certDate = (verifySignature.getTimeStampToken() == null || !verifySignature.getTimeStampToken().isSignatureValid(new JcaSimpleSignerInfoVerifierBuilder().build(generateCertificate.getPublicKey()))) ? new CertDate(verifySignature.getSigningCertificate(), verifySignature.getSignDate(), null, bloqueaDocumento(asArray)) : new CertDate(verifySignature.getSigningCertificate(), verifySignature.getSignDate(), verifySignature.getTimeStampDate(), bloqueaDocumento(asArray));
            certDate.setValid(verifySignature.verify());
            certDate.setPKI(verificarPKI(certDate.getCertificate()));
            certDate.setOCSP(verificarOcsp((X509Certificate) certDate.getCertificate()));
            arrayList.add(certDate);
        }
        return arrayList;
    }

    public boolean verificarOcsp(X509Certificate x509Certificate) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            URL[] crlURLs = getCrlURLs(x509Certificate);
            if (crlURLs.length == 0) {
                return false;
            }
            crlURLs[0] = new URL(crlURLs[0].toString().replace("http://", "https://"));
            HttpURLConnection httpURLConnection = (HttpURLConnection) crlURLs[0].openConnection();
            InputStream errorStream = (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 206) ? httpURLConnection.getErrorStream() : httpURLConnection.getInputStream();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(errorStream));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine);
                sb.append("\n");
            }
            bufferedReader.close();
            errorStream.close();
            httpURLConnection.disconnect();
            X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(sb.toString().getBytes()));
            if (x509crl == null) {
                return false;
            }
            return x509crl.getRevokedCertificate(x509Certificate.getSerialNumber()) == null;
        } catch (IOException | CRLException | CertificateException unused) {
            return false;
        }
    }

    public boolean verificarPKI(Certificate certificate) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            PemReader pemReader = new PemReader(new InputStreamReader(MyApplication.getContext().getResources().openRawResource(R.raw.firmadigital_bo)));
            LinkedList linkedList = new LinkedList();
            while (true) {
                PemObject readPemObject = pemReader.readPemObject();
                if (readPemObject == null) {
                    break;
                }
                linkedList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(readPemObject.getContent())));
            }
            for (int i = 0; i < linkedList.size(); i++) {
                String valueToString = IETFUtils.valueToString(new JcaX509CertificateHolder((X509Certificate) linkedList.get(i)).getSubject().getRDNs(new ASN1ObjectIdentifier("2.5.4.3"))[0].getFirst().getValue());
                if (valueToString.equals("Entidad Certificadora Publica ADSIB") || valueToString.equals("Entidad Certificadora Autorizada Digicert")) {
                    try {
                        certificate.verify(((X509Certificate) linkedList.get(i)).getPublicKey());
                        return true;
                    } catch (GeneralSecurityException unused) {
                        continue;
                    }
                }
            }
        } catch (IOException | GeneralSecurityException unused2) {
        }
        return false;
    }
}
