package com.mixplorer.libs.metadata.pdf.pdfbox.pdmodel.encryption;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Vector;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import libs.a0;
import libs.b0;
import libs.d6;
import libs.e9;
import libs.em0;
import libs.gc0;
import libs.gh;
import libs.gh0;
import libs.h7;
import libs.hc0;
import libs.hk;
import libs.i2;
import libs.ic0;
import libs.ij;
import libs.iv;
import libs.jc0;
import libs.k70;
import libs.kc0;
import libs.kw;
import libs.lw;
import libs.n9;
import libs.o60;
import libs.oh;
import libs.qm0;
import libs.r;
import libs.sc;
import libs.t8;
import libs.tc;
import libs.u;
import libs.v;
import libs.v8;
import libs.vu;
import libs.wc;
import libs.z5;
import libs.z8;

/* loaded from: classes.dex */
public final class PublicKeySecurityHandler extends SecurityHandler {
    public static final String FILTER = "Adobe.PubSec";
    private static final String SUBFILTER = "adbe.pkcs7.s4";
    private PublicKeyProtectionPolicy policy;

    public PublicKeySecurityHandler() {
        this.policy = null;
    }

    public PublicKeySecurityHandler(PublicKeyProtectionPolicy publicKeyProtectionPolicy) {
        this.policy = null;
        this.policy = publicKeyProtectionPolicy;
        this.keyLength = publicKeyProtectionPolicy.getEncryptionKeyLength();
    }

    private void appendCertInfo(StringBuilder sb, kw kwVar, X509Certificate x509Certificate, qm0 qm0Var) {
        BigInteger bigInteger = kwVar.f1.h1;
        if (bigInteger != null) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            String bigInteger2 = serialNumber != null ? serialNumber.toString(16) : "unknown";
            sb.append("serial-#: rid ");
            sb.append(bigInteger.toString(16));
            sb.append(" vs. cert ");
            sb.append(bigInteger2);
            sb.append(" issuer: rid '");
            sb.append(kwVar.f1.g1);
            sb.append("' vs. cert '");
            sb.append(qm0Var == null ? "null" : em0.g(qm0Var.a.g1.j1));
            sb.append("' ");
        }
    }

    private lw computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) {
        r rVar = new r(x509Certificate.getTBSCertificate());
        u j = rVar.j();
        gh0 gh0Var = j instanceof gh0 ? (gh0) j : j != null ? new gh0(b0.n(j)) : null;
        rVar.close();
        i2 i2Var = gh0Var.i1.f1;
        vu vuVar = new vu(gh0Var.h1, gh0Var.g1.q());
        try {
            Cipher cipher = Cipher.getInstance(i2Var.g().f1);
            cipher.init(1, x509Certificate.getPublicKey());
            return new lw(new hc0(vuVar), i2Var, new sc(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
        } catch (NoSuchPaddingException e2) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e2);
        }
    }

    private byte[][] computeRecipientsField(byte[] bArr) {
        byte[][] bArr2 = new byte[this.policy.getNumberOfRecipients()];
        Iterator recipientsIterator = this.policy.getRecipientsIterator();
        int i = 0;
        while (recipientsIterator.hasNext()) {
            PublicKeyRecipient publicKeyRecipient = (PublicKeyRecipient) recipientsIterator.next();
            X509Certificate x509 = publicKeyRecipient.getX509();
            int permissionBytesForPublicKey = publicKeyRecipient.getPermission().getPermissionBytesForPublicKey();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (permissionBytesForPublicKey >>> 24);
            bArr3[21] = (byte) (permissionBytesForPublicKey >>> 16);
            bArr3[22] = (byte) (permissionBytesForPublicKey >>> 8);
            bArr3[23] = (byte) permissionBytesForPublicKey;
            a0 createDERForRecipient = createDERForRecipient(bArr3, x509);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new tc(byteArrayOutputStream, 0).P0(createDERForRecipient);
            bArr2[i] = byteArrayOutputStream.toByteArray();
            i++;
        }
        return bArr2;
    }

    private a0 createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) {
        try {
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance("1.2.840.113549.3.2");
            KeyGenerator keyGenerator = KeyGenerator.getInstance("1.2.840.113549.3.2", "SC");
            Cipher cipher = Cipher.getInstance("1.2.840.113549.3.2", "SC");
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            r rVar = new r(generateParameters.getEncoded("ASN.1"));
            a0 j = rVar.j();
            rVar.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            byte[] doFinal = cipher.doFinal(bArr);
            oh ohVar = new oh(new wc(new ic0(computeRecipientInfo(x509Certificate, generateKey.getEncoded())), 0), new gh(k70.O, new i2(new v("1.2.840.113549.3.2"), j), new sc(doFinal)));
            v vVar = k70.Q;
            ij ijVar = new ij(9);
            ijVar.b(vVar);
            ((Vector) ijVar.g1).addElement(new d6(ohVar));
            return new z5(ijVar);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
        } catch (NoSuchPaddingException e2) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e2);
        }
    }

    @Override // com.mixplorer.libs.metadata.pdf.pdfbox.pdmodel.encryption.SecurityHandler
    public boolean hasProtectionPolicy() {
        return this.policy != null;
    }

    @Override // com.mixplorer.libs.metadata.pdf.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareDocumentForEncryption(o60 o60Var) {
        if (this.keyLength == 256) {
            throw new IOException("256 bit key length is not supported yet for public key security");
        }
        try {
            Security.addProvider(new h7());
            PDEncryption e = o60Var.e();
            if (e == null) {
                e = new PDEncryption();
            }
            e.setFilter(FILTER);
            e.setLength(this.keyLength);
            e.setVersion(2);
            e.removeV45filters();
            e.setSubFilter(SUBFILTER);
            int i = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                e.setRecipients(computeRecipientsField(bArr));
                int i2 = 20;
                for (int i3 = 0; i3 < e.getRecipientsLength(); i3++) {
                    i2 += e.getRecipientStringAt(i3).g1.length;
                }
                byte[] bArr2 = new byte[i2];
                System.arraycopy(bArr, 0, bArr2, 0, 20);
                for (int i4 = 0; i4 < e.getRecipientsLength(); i4++) {
                    n9 recipientStringAt = e.getRecipientStringAt(i4);
                    byte[] bArr3 = recipientStringAt.g1;
                    System.arraycopy(bArr3, 0, bArr2, i, bArr3.length);
                    i += recipientStringAt.g1.length;
                }
                byte[] digest = MessageDigests.getSHA1().digest(bArr2);
                int i5 = this.keyLength;
                byte[] bArr4 = new byte[i5 / 8];
                this.encryptionKey = bArr4;
                System.arraycopy(digest, 0, bArr4, 0, i5 / 8);
                o60Var.i1 = e;
                z8 z8Var = o60Var.f1;
                z8Var.j1.f1(e9.P1, e.getCOSDictionary());
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException(e2);
            }
        } catch (GeneralSecurityException e3) {
            throw new IOException(e3);
        }
    }

    @Override // com.mixplorer.libs.metadata.pdf.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareForDecryption(PDEncryption pDEncryption, v8 v8Var, DecryptionMaterial decryptionMaterial) {
        if (!(decryptionMaterial instanceof PublicKeyDecryptionMaterial)) {
            throw new IOException("Provided decryption material is not compatible with the document");
        }
        setDecryptMetadata(pDEncryption.isEncryptMetaData());
        if (pDEncryption.getLength() != 0) {
            this.keyLength = pDEncryption.getLength();
        }
        PublicKeyDecryptionMaterial publicKeyDecryptionMaterial = (PublicKeyDecryptionMaterial) decryptionMaterial;
        try {
            int recipientsLength = pDEncryption.getRecipientsLength();
            byte[][] bArr = new byte[recipientsLength];
            StringBuilder sb = new StringBuilder();
            int i = 0;
            boolean z = false;
            byte[] bArr2 = null;
            int i2 = 0;
            while (i < pDEncryption.getRecipientsLength()) {
                byte[] bArr3 = pDEncryption.getRecipientStringAt(i).g1;
                kc0 kc0Var = (kc0) new hk(bArr3).a;
                kc0Var.getClass();
                Iterator it = new ArrayList(kc0Var.f1).iterator();
                int i3 = 0;
                while (true) {
                    if (it.hasNext()) {
                        jc0 jc0Var = (jc0) it.next();
                        X509Certificate certificate = publicKeyDecryptionMaterial.getCertificate();
                        qm0 qm0Var = certificate != null ? new qm0(certificate.getEncoded()) : null;
                        gc0 gc0Var = jc0Var.a;
                        if (gc0Var.B0(qm0Var) && !z) {
                            iv ivVar = new iv((PrivateKey) publicKeyDecryptionMaterial.getPrivateKey());
                            ivVar.b();
                            bArr2 = jc0Var.a(ivVar);
                            z = true;
                            break;
                        }
                        i3++;
                        if (certificate != null) {
                            sb.append('\n');
                            sb.append(i3);
                            sb.append(": ");
                            if (gc0Var instanceof kw) {
                                appendCertInfo(sb, (kw) gc0Var, certificate, qm0Var);
                            }
                        }
                    }
                }
                bArr[i] = bArr3;
                i2 += bArr3.length;
                i++;
            }
            if (!z || bArr2 == null) {
                throw new IOException("The certificate matches none of " + i + " recipient entries" + sb.toString());
            }
            if (bArr2.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr4 = new byte[4];
            int i4 = 20;
            System.arraycopy(bArr2, 20, bArr4, 0, 4);
            AccessPermission accessPermission = new AccessPermission(bArr4);
            accessPermission.setReadOnly();
            setCurrentAccessPermission(accessPermission);
            byte[] bArr5 = new byte[i2 + 20];
            int i5 = 0;
            System.arraycopy(bArr2, 0, bArr5, 0, 20);
            int i6 = 0;
            while (i6 < recipientsLength) {
                byte[] bArr6 = bArr[i6];
                System.arraycopy(bArr6, i5, bArr5, i4, bArr6.length);
                i4 += bArr6.length;
                i6++;
                i5 = 0;
            }
            byte[] digest = MessageDigests.getSHA1().digest(bArr5);
            int i7 = this.keyLength;
            byte[] bArr7 = new byte[i7 / 8];
            this.encryptionKey = bArr7;
            System.arraycopy(digest, 0, bArr7, 0, i7 / 8);
        } catch (KeyStoreException e) {
            throw new IOException(e);
        } catch (CertificateEncodingException e2) {
            throw new IOException(e2);
        } catch (t8 e3) {
            throw new IOException(e3);
        }
    }
}
