package com.tom_roush.pdfbox.pdmodel.encryption;

import com.tom_roush.pdfbox.cos.COSArray;
import com.tom_roush.pdfbox.cos.COSDictionary;
import com.tom_roush.pdfbox.cos.COSName;
import com.tom_roush.pdfbox.cos.COSString;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSEnvelopedData;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.KeyTransRecipientId;
import org.spongycastle.cms.RecipientId;
import org.spongycastle.cms.RecipientInformation;
import org.spongycastle.cms.RecipientInformationStore;
import org.spongycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;

/* loaded from: classes.dex */
public final class PublicKeySecurityHandler extends SecurityHandler {
    public static void appendCertInfo(StringBuilder sb, KeyTransRecipientId keyTransRecipientId, X509Certificate x509Certificate, X509CertificateHolder x509CertificateHolder) {
        BigInteger bigInteger = keyTransRecipientId.baseSelector.serialNumber;
        if (bigInteger != null) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            String bigInteger2 = serialNumber != null ? serialNumber.toString(16) : "unknown";
            sb.append("serial-#: rid ");
            sb.append(bigInteger.toString(16));
            sb.append(" vs. cert ");
            sb.append(bigInteger2);
            sb.append(" issuer: rid '");
            sb.append(keyTransRecipientId.baseSelector.issuer);
            sb.append("' vs. cert '");
            sb.append(x509CertificateHolder == null ? "null" : X500Name.getInstance(x509CertificateHolder.x509Certificate.tbsCert.issuer));
            sb.append("' ");
        }
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public final void hasProtectionPolicy() {
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public final void prepareForDecryption(PDEncryption pDEncryption, COSArray cOSArray, DecryptionMaterial decryptionMaterial) {
        PDEncryption pDEncryption2 = pDEncryption;
        if (!(decryptionMaterial instanceof PublicKeyDecryptionMaterial)) {
            throw new IOException("Provided decryption material is not compatible with the document");
        }
        this.decryptMetadata = pDEncryption.isEncryptMetaData();
        COSDictionary cOSDictionary = pDEncryption2.dictionary;
        COSName cOSName = COSName.LENGTH;
        if (cOSDictionary.getInt(cOSName, null, 40) != 0) {
            this.keyLength = pDEncryption2.dictionary.getInt(cOSName, null, 40);
        }
        PublicKeyDecryptionMaterial publicKeyDecryptionMaterial = (PublicKeyDecryptionMaterial) decryptionMaterial;
        try {
            int size = ((COSArray) pDEncryption2.dictionary.getItem(COSName.RECIPIENTS)).size();
            byte[][] bArr = new byte[size];
            StringBuilder sb = new StringBuilder();
            byte[] bArr2 = null;
            int i4 = 0;
            boolean z = false;
            int i7 = 0;
            while (true) {
                COSDictionary cOSDictionary2 = pDEncryption2.dictionary;
                COSName cOSName2 = COSName.RECIPIENTS;
                if (i4 >= ((COSArray) cOSDictionary2.getItem(cOSName2)).size()) {
                    break;
                }
                byte[] bArr3 = ((COSString) ((COSArray) pDEncryption2.dictionary.getItem(cOSName2)).get(i4)).bytes;
                RecipientInformationStore recipientInformationStore = new CMSEnvelopedData(bArr3).recipientInfoStore;
                recipientInformationStore.getClass();
                Iterator it = new ArrayList(recipientInformationStore.all).iterator();
                int i10 = 0;
                while (true) {
                    if (it.hasNext()) {
                        RecipientInformation recipientInformation = (RecipientInformation) it.next();
                        X509Certificate certificate = publicKeyDecryptionMaterial.getCertificate();
                        X509CertificateHolder x509CertificateHolder = certificate != null ? new X509CertificateHolder(certificate.getEncoded()) : null;
                        RecipientId recipientId = recipientInformation.rid;
                        if (recipientId.match(x509CertificateHolder) && !z) {
                            JceKeyTransEnvelopedRecipient jceKeyTransEnvelopedRecipient = new JceKeyTransEnvelopedRecipient((PrivateKey) publicKeyDecryptionMaterial.getPrivateKey());
                            jceKeyTransEnvelopedRecipient.setProvider();
                            bArr2 = recipientInformation.getContent(jceKeyTransEnvelopedRecipient);
                            z = true;
                            break;
                        }
                        i10++;
                        if (certificate != null) {
                            sb.append('\n');
                            sb.append(i10);
                            sb.append(": ");
                            if (recipientId instanceof KeyTransRecipientId) {
                                appendCertInfo(sb, (KeyTransRecipientId) recipientId, certificate, x509CertificateHolder);
                            }
                        }
                    }
                }
                bArr[i4] = bArr3;
                i7 += bArr3.length;
                i4++;
                pDEncryption2 = pDEncryption;
            }
            if (!z || bArr2 == null) {
                throw new IOException("The certificate matches none of " + i4 + " recipient entries" + sb.toString());
            }
            if (bArr2.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr4 = new byte[4];
            int i11 = 20;
            System.arraycopy(bArr2, 20, bArr4, 0, 4);
            AccessPermission accessPermission = new AccessPermission(bArr4);
            accessPermission.readOnly = true;
            this.currentAccessPermission = accessPermission;
            byte[] bArr5 = new byte[i7 + 20];
            int i12 = 0;
            System.arraycopy(bArr2, 0, bArr5, 0, 20);
            int i13 = 0;
            while (i13 < size) {
                byte[] bArr6 = bArr[i13];
                System.arraycopy(bArr6, i12, bArr5, i11, bArr6.length);
                i11 += bArr6.length;
                i13++;
                i12 = 0;
            }
            try {
                byte[] digest = MessageDigest.getInstance("SHA-1").digest(bArr5);
                int i14 = this.keyLength;
                byte[] bArr7 = new byte[i14 / 8];
                this.encryptionKey = bArr7;
                System.arraycopy(digest, 0, bArr7, 0, i14 / 8);
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException(e2);
            }
        } catch (KeyStoreException e4) {
            throw new IOException(e4);
        } catch (CertificateEncodingException e9) {
            throw new IOException(e9);
        } catch (CMSException e10) {
            throw new IOException(e10);
        }
    }
}
