package com.lowagie.text.pdf;

import com.google.common.net.HttpHeaders;
import com.lowagie.text.ExceptionConverter;
import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Vector;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.CertificateStatus;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.RevokedStatus;
import org.bouncycastle.ocsp.SingleResp;

/* loaded from: classes.dex */
public class OcspClientBouncyCastle implements OcspClient {
    private X509Certificate checkCert;
    private X509Certificate rootCert;
    private String url;

    public OcspClientBouncyCastle(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        this.checkCert = x509Certificate;
        this.rootCert = x509Certificate2;
        this.url = str;
    }

    private static OCSPReq generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) throws OCSPException, IOException {
        Security.addProvider(new BouncyCastleProvider());
        CertificateID certificateID = new CertificateID("1.3.14.3.2.26", x509Certificate, bigInteger);
        OCSPReqGenerator oCSPReqGenerator = new OCSPReqGenerator();
        oCSPReqGenerator.addRequest(certificateID);
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        vector.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        vector2.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));
        oCSPReqGenerator.setRequestExtensions(new X509Extensions(vector, vector2));
        return oCSPReqGenerator.generate();
    }

    @Override // com.lowagie.text.pdf.OcspClient
    public byte[] getEncoded() {
        try {
            byte[] encoded = generateOCSPRequest(this.rootCert, this.checkCert.getSerialNumber()).getEncoded();
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.url).openConnection();
            httpURLConnection.setRequestProperty(HttpHeaders.CONTENT_TYPE, "application/ocsp-request");
            httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, "application/ocsp-response");
            httpURLConnection.setDoOutput(true);
            DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
            dataOutputStream.write(encoded);
            dataOutputStream.flush();
            dataOutputStream.close();
            if (httpURLConnection.getResponseCode() / 100 != 2) {
                throw new IOException("Invalid HTTP response");
            }
            OCSPResp oCSPResp = new OCSPResp((InputStream) httpURLConnection.getContent());
            if (oCSPResp.getStatus() != 0) {
                throw new IOException("Invalid status: " + oCSPResp.getStatus());
            }
            BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
            if (basicOCSPResp != null) {
                SingleResp[] responses = basicOCSPResp.getResponses();
                if (responses.length == 1) {
                    Object certStatus = responses[0].getCertStatus();
                    if (certStatus == CertificateStatus.GOOD) {
                        return basicOCSPResp.getEncoded();
                    }
                    if (certStatus instanceof RevokedStatus) {
                        throw new IOException("OCSP Status is revoked!");
                    }
                    throw new IOException("OCSP Status is unknown!");
                }
            }
            return null;
        } catch (Exception e) {
            throw new ExceptionConverter(e);
        }
    }
}
