package com.itextpdf.signatures;

import com.itextpdf.signatures.logs.SignLogMessageConstant;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/* loaded from: classes4.dex */
public class IssuingCertificateRetriever implements IIssuingCertificateRetriever {
    private static final a70.b LOGGER = a70.c.i(IssuingCertificateRetriever.class);
    private final Map<String, Certificate> certificateMap = new HashMap();

    private Collection<Certificate> processCertificatesFromAIA(String str) {
        if (str == null) {
            return null;
        }
        try {
            InputStream issuerCertByURI = getIssuerCertByURI(str);
            try {
                Collection<Certificate> parseCertificates = parseCertificates(issuerCertByURI);
                if (issuerCertByURI != null) {
                    issuerCertByURI.close();
                }
                return parseCertificates;
            } finally {
            }
        } catch (Exception unused) {
            LOGGER.warn(SignLogMessageConstant.UNABLE_TO_PARSE_AIA_CERT);
            return null;
        }
    }

    @Override // com.itextpdf.signatures.IIssuingCertificateRetriever
    public Certificate[] getCrlIssuerCertificates(CRL crl) {
        List list = (List) processCertificatesFromAIA(CertificateUtil.getIssuerCertURL(crl));
        if (list != null) {
            return retrieveMissingCertificates((Certificate[]) list.toArray(new Certificate[0]));
        }
        Certificate certificate = this.certificateMap.get(((X509CRL) crl).getIssuerX500Principal().getName());
        return certificate == null ? new Certificate[0] : retrieveMissingCertificates(new Certificate[]{certificate});
    }

    public InputStream getIssuerCertByURI(String str) throws IOException {
        return SignUtils.getHttpResponse(new URL(str));
    }

    public Collection<Certificate> parseCertificates(InputStream inputStream) throws CertificateException {
        return SignUtils.readAllCerts(inputStream, null);
    }

    @Override // com.itextpdf.signatures.IIssuingCertificateRetriever
    public Certificate[] retrieveMissingCertificates(Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
        arrayList.add(x509Certificate);
        int i11 = 1;
        while (!CertificateUtil.isSelfSigned(x509Certificate)) {
            if (i11 >= certificateArr.length || !CertificateUtil.isIssuerCertificate(x509Certificate, (X509Certificate) certificateArr[i11])) {
                Collection<Certificate> processCertificatesFromAIA = processCertificatesFromAIA(CertificateUtil.getIssuerCertURL(x509Certificate));
                if (processCertificatesFromAIA == null || processCertificatesFromAIA.isEmpty()) {
                    Certificate certificate = this.certificateMap.get(x509Certificate.getIssuerX500Principal().getName());
                    if (certificate == null) {
                        while (i11 < certificateArr.length) {
                            arrayList.add(certificateArr[i11]);
                            i11++;
                        }
                        return (Certificate[]) arrayList.toArray(new Certificate[0]);
                    }
                    arrayList.add(certificate);
                } else {
                    arrayList.addAll(processCertificatesFromAIA);
                }
            } else {
                arrayList.add(certificateArr[i11]);
                i11++;
            }
            x509Certificate = (X509Certificate) arrayList.get(arrayList.size() - 1);
        }
        return (Certificate[]) arrayList.toArray(new Certificate[0]);
    }

    @Override // com.itextpdf.signatures.IIssuingCertificateRetriever
    public void setTrustedCertificates(Collection<Certificate> collection) {
        for (Certificate certificate : collection) {
            this.certificateMap.put(((X509Certificate) certificate).getSubjectX500Principal().getName(), certificate);
        }
    }
}
