package com.lowagie.text.pdf;

import com.google.common.net.HttpHeaders;
import com.google.firebase.perf.network.FirebasePerfUrlConnection;
import com.lowagie.text.ExceptionConverter;
import com.lowagie.text.error_messages.MessageLocalization;
import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Random;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: classes4.dex */
public class OcspClientBouncyCastle implements OcspClient {
    private final X509Certificate checkCert;
    private final X509Certificate rootCert;
    private final String url;

    public OcspClientBouncyCastle(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        this.checkCert = x509Certificate;
        this.rootCert = x509Certificate2;
        this.url = str;
    }

    private static OCSPReq generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) throws OCSPException, IOException, OperatorCreationException, CertificateEncodingException {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        Security.addProvider(bouncyCastleProvider);
        CertificateID certificateID = new CertificateID(new JcaDigestCalculatorProviderBuilder().setProvider(bouncyCastleProvider).build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate), bigInteger);
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        oCSPReqBuilder.addRequest(certificateID);
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        byte[] bArr = new byte[16];
        new Random().nextBytes(bArr);
        extensionsGenerator.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(bArr));
        oCSPReqBuilder.setRequestExtensions(extensionsGenerator.generate());
        return oCSPReqBuilder.build();
    }

    @Override // com.lowagie.text.pdf.OcspClient
    public byte[] getEncoded() {
        try {
            byte[] encoded = generateOCSPRequest(this.rootCert, this.checkCert.getSerialNumber()).getEncoded();
            HttpURLConnection httpURLConnection = (HttpURLConnection) ((URLConnection) FirebasePerfUrlConnection.instrument(new URL(this.url).openConnection()));
            httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
            httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, "application/ocsp-response");
            httpURLConnection.setDoOutput(true);
            DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
            dataOutputStream.write(encoded);
            dataOutputStream.flush();
            dataOutputStream.close();
            if (httpURLConnection.getResponseCode() / 100 != 2) {
                throw new IOException(MessageLocalization.getComposedMessage("invalid.http.response.1", httpURLConnection.getResponseCode()));
            }
            OCSPResp oCSPResp = new OCSPResp((InputStream) httpURLConnection.getContent());
            if (oCSPResp.getStatus() != 0) {
                throw new IOException(MessageLocalization.getComposedMessage("invalid.status.1", oCSPResp.getStatus()));
            }
            BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
            if (basicOCSPResp == null) {
                return null;
            }
            SingleResp[] responses = basicOCSPResp.getResponses();
            if (responses.length != 1) {
                return null;
            }
            CertificateStatus certStatus = responses[0].getCertStatus();
            if (certStatus == null) {
                return basicOCSPResp.getEncoded();
            }
            if (certStatus instanceof RevokedStatus) {
                throw new IOException(MessageLocalization.getComposedMessage("ocsp.status.is.revoked"));
            }
            throw new IOException(MessageLocalization.getComposedMessage("ocsp.status.is.unknown"));
        } catch (Exception e) {
            throw new ExceptionConverter(e);
        }
    }
}
