package com.mixaimaging.pdfbox.pdmodel.encryption;

import K3.A;
import K3.C0383p;
import K3.C0391t0;
import K3.C0394v;
import K3.y0;
import N3.b;
import N3.c;
import N3.d;
import N3.e;
import N3.k;
import N3.s;
import N3.t;
import a4.InterfaceC0472a;
import c2.C0750a;
import c2.i;
import c2.p;
import com.dropbox.core.oauth.DbxOAuthError;
import g4.C1002a;
import g4.C1008g;
import h2.C1028e;
import i4.C1048c;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import k4.C1124c;
import k4.C1127f;
import k4.r;
import k4.y;
import k4.z;
import l4.C1149e;
import p5.a;

/* loaded from: classes.dex */
public final class PublicKeySecurityHandler extends SecurityHandler {
    public static final String FILTER = "Adobe.PubSec";
    private static final String SUBFILTER4 = "adbe.pkcs7.s4";
    private static final String SUBFILTER5 = "adbe.pkcs7.s5";

    public PublicKeySecurityHandler() {
    }

    public PublicKeySecurityHandler(PublicKeyProtectionPolicy publicKeyProtectionPolicy) {
        setProtectionPolicy(publicKeyProtectionPolicy);
        setKeyLength(publicKeyProtectionPolicy.getEncryptionKeyLength());
    }

    private void appendCertInfo(StringBuilder sb, r rVar, X509Certificate x509Certificate, C1048c c1048c) {
        BigInteger b6 = rVar.b();
        if (b6 != null) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber != null ? serialNumber.toString(16) : DbxOAuthError.UNKNOWN;
            sb.append("serial-#: rid ");
            sb.append(b6.toString(16));
            sb.append(" vs. cert ");
            sb.append(bigInteger);
            sb.append(" issuer: rid '");
            sb.append(rVar.a());
            sb.append("' vs. cert '");
            sb.append(c1048c == null ? "null" : c1048c.b());
            sb.append("' ");
        }
    }

    private k computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        C0383p c0383p = new C0383p(x509Certificate.getTBSCertificate());
        C1008g i6 = C1008g.i(c0383p.N());
        c0383p.close();
        C1002a h6 = i6.l().h();
        e eVar = new e(i6.j(), i6.k().u());
        try {
            Cipher cipher = Cipher.getInstance(h6.h().v(), SecurityProvider.getProvider());
            cipher.init(1, x509Certificate.getPublicKey());
            return new k(new s(eVar), h6, new C0391t0(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e6) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e6);
        } catch (NoSuchPaddingException e7) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e7);
        }
    }

    private byte[][] computeRecipientsField(byte[] bArr) throws GeneralSecurityException, IOException {
        PublicKeyProtectionPolicy publicKeyProtectionPolicy = (PublicKeyProtectionPolicy) getProtectionPolicy();
        byte[][] bArr2 = new byte[publicKeyProtectionPolicy.getNumberOfRecipients()];
        Iterator<PublicKeyRecipient> recipientsIterator = publicKeyProtectionPolicy.getRecipientsIterator();
        int i6 = 0;
        while (recipientsIterator.hasNext()) {
            PublicKeyRecipient next = recipientsIterator.next();
            X509Certificate x509 = next.getX509();
            int permissionBytesForPublicKey = next.getPermission().getPermissionBytesForPublicKey();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (permissionBytesForPublicKey >>> 24);
            bArr3[21] = (byte) (permissionBytesForPublicKey >>> 16);
            bArr3[22] = (byte) (permissionBytesForPublicKey >>> 8);
            bArr3[23] = (byte) permissionBytesForPublicKey;
            A createDERForRecipient = createDERForRecipient(bArr3, x509);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            createDERForRecipient.l(byteArrayOutputStream, "DER");
            bArr2[i6] = byteArrayOutputStream.toByteArray();
            i6++;
        }
        return bArr2;
    }

    private A createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        String v5 = InterfaceC0472a.f6503F.v();
        try {
            Provider provider = SecurityProvider.getProvider();
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(v5, provider);
            KeyGenerator keyGenerator = KeyGenerator.getInstance(v5, provider);
            Cipher cipher = Cipher.getInstance(v5, provider);
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            C0383p c0383p = new C0383p(generateParameters.getEncoded("ASN.1"));
            A N5 = c0383p.N();
            c0383p.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            return new b(InterfaceC0472a.f6551V, new d(null, new y0(new t(computeRecipientInfo(x509Certificate, generateKey.getEncoded()))), new c(InterfaceC0472a.f6545T, new C1002a(new C0394v(v5), N5), new C0391t0(cipher.doFinal(bArr))), null)).b();
        } catch (NoSuchAlgorithmException e6) {
            throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + v5 + "; possible reason: using an unsigned .jar file", e6);
        } catch (NoSuchPaddingException e7) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e7);
        }
    }

    private void prepareEncryptionDictAES(PDEncryption pDEncryption, i iVar, byte[][] bArr) {
        PDCryptFilterDictionary pDCryptFilterDictionary = new PDCryptFilterDictionary();
        pDCryptFilterDictionary.setCryptFilterMethod(iVar);
        pDCryptFilterDictionary.setLength(getKeyLength());
        C0750a c0750a = new C0750a();
        for (byte[] bArr2 : bArr) {
            c0750a.a0(new p(bArr2));
        }
        pDCryptFilterDictionary.getCOSObject().m1(i.I8, c0750a);
        c0750a.T(true);
        pDEncryption.setDefaultCryptFilterDictionary(pDCryptFilterDictionary);
        i iVar2 = i.f12635v3;
        pDEncryption.setStreamFilterName(iVar2);
        pDEncryption.setStringFilterName(iVar2);
        pDCryptFilterDictionary.getCOSObject().T(true);
        setAES(true);
    }

    @Override // com.mixaimaging.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareDocumentForEncryption(C1028e c1028e) throws IOException {
        byte[] digest;
        try {
            PDEncryption u5 = c1028e.u();
            if (u5 == null) {
                u5 = new PDEncryption();
            }
            u5.setFilter(FILTER);
            u5.setLength(getKeyLength());
            int computeVersionNumber = computeVersionNumber();
            u5.setVersion(computeVersionNumber);
            u5.removeV45filters();
            int i6 = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                byte[][] computeRecipientsField = computeRecipientsField(bArr);
                int i7 = 20;
                for (byte[] bArr2 : computeRecipientsField) {
                    i7 += bArr2.length;
                }
                byte[] bArr3 = new byte[i7];
                System.arraycopy(bArr, 0, bArr3, 0, 20);
                for (byte[] bArr4 : computeRecipientsField) {
                    System.arraycopy(bArr4, 0, bArr3, i6, bArr4.length);
                    i6 += bArr4.length;
                }
                if (computeVersionNumber == 4) {
                    u5.setSubFilter(SUBFILTER5);
                    digest = MessageDigests.getSHA1().digest(bArr3);
                    prepareEncryptionDictAES(u5, i.f12459K0, computeRecipientsField);
                } else if (computeVersionNumber != 5) {
                    u5.setSubFilter(SUBFILTER4);
                    digest = MessageDigests.getSHA1().digest(bArr3);
                    u5.setRecipients(computeRecipientsField);
                } else {
                    u5.setSubFilter(SUBFILTER5);
                    digest = MessageDigests.getSHA256().digest(bArr3);
                    prepareEncryptionDictAES(u5, i.f12547f1, computeRecipientsField);
                }
                setEncryptionKey(new byte[getKeyLength() / 8]);
                System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
                c1028e.u0(u5);
                c1028e.c().E0(u5.getCOSObject());
            } catch (NoSuchAlgorithmException e6) {
                throw new RuntimeException(e6);
            }
        } catch (GeneralSecurityException e7) {
            throw new IOException(e7);
        }
    }

    @Override // com.mixaimaging.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareForDecryption(PDEncryption pDEncryption, C0750a c0750a, DecryptionMaterial decryptionMaterial) throws IOException {
        byte[] digest;
        boolean z5;
        PublicKeyDecryptionMaterial publicKeyDecryptionMaterial;
        if (!(decryptionMaterial instanceof PublicKeyDecryptionMaterial)) {
            throw new IOException("Provided decryption material is not compatible with the document - did you pass a null keyStore?");
        }
        PDCryptFilterDictionary defaultCryptFilterDictionary = pDEncryption.getDefaultCryptFilterDictionary();
        if (defaultCryptFilterDictionary != null && defaultCryptFilterDictionary.getLength() != 0) {
            setKeyLength(defaultCryptFilterDictionary.getLength());
            setDecryptMetadata(defaultCryptFilterDictionary.isEncryptMetaData());
        } else if (pDEncryption.getLength() != 0) {
            setKeyLength(pDEncryption.getLength());
            setDecryptMetadata(pDEncryption.isEncryptMetaData());
        }
        PublicKeyDecryptionMaterial publicKeyDecryptionMaterial2 = (PublicKeyDecryptionMaterial) decryptionMaterial;
        try {
            X509Certificate certificate = publicKeyDecryptionMaterial2.getCertificate();
            byte[] bArr = null;
            C1048c c1048c = certificate != null ? new C1048c(certificate.getEncoded()) : null;
            c2.d cOSObject = pDEncryption.getCOSObject();
            i iVar = i.I8;
            C0750a u02 = cOSObject.u0(iVar);
            if (u02 == null && defaultCryptFilterDictionary != null) {
                u02 = defaultCryptFilterDictionary.getCOSObject().u0(iVar);
            }
            if (u02 == null) {
                throw new IOException("/Recipients entry is missing in encryption dictionary");
            }
            int size = u02.size();
            byte[][] bArr2 = new byte[size];
            StringBuilder sb = new StringBuilder();
            int i6 = 0;
            boolean z6 = false;
            int i7 = 0;
            while (i6 < u02.size()) {
                byte[] Y5 = ((p) u02.y0(i6)).Y();
                Iterator it = new C1124c(Y5).a().a().iterator();
                int i8 = 0;
                while (true) {
                    if (!it.hasNext()) {
                        publicKeyDecryptionMaterial = publicKeyDecryptionMaterial2;
                        break;
                    }
                    z zVar = (z) it.next();
                    y c6 = zVar.c();
                    if (!z6 && c6.n0(c1048c)) {
                        publicKeyDecryptionMaterial = publicKeyDecryptionMaterial2;
                        bArr = zVar.a(new C1149e((PrivateKey) publicKeyDecryptionMaterial2.getPrivateKey()));
                        z6 = true;
                        break;
                    }
                    PublicKeyDecryptionMaterial publicKeyDecryptionMaterial3 = publicKeyDecryptionMaterial2;
                    int i9 = i8 + 1;
                    if (certificate != null) {
                        sb.append('\n');
                        sb.append(i9);
                        sb.append(": ");
                        if (c6 instanceof r) {
                            appendCertInfo(sb, (r) c6, certificate, c1048c);
                        }
                    }
                    i8 = i9;
                    publicKeyDecryptionMaterial2 = publicKeyDecryptionMaterial3;
                }
                bArr2[i6] = Y5;
                i7 += Y5.length;
                i6++;
                publicKeyDecryptionMaterial2 = publicKeyDecryptionMaterial;
            }
            if (!z6 || bArr == null) {
                throw new IOException("The certificate matches none of " + u02.size() + " recipient entries" + sb.toString());
            }
            if (bArr.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            int i10 = 20;
            System.arraycopy(bArr, 20, bArr3, 0, 4);
            AccessPermission accessPermission = new AccessPermission(bArr3);
            accessPermission.setReadOnly();
            setCurrentAccessPermission(accessPermission);
            byte[] bArr4 = new byte[i7 + 20];
            int i11 = 0;
            System.arraycopy(bArr, 0, bArr4, 0, 20);
            int i12 = 0;
            while (i12 < size) {
                byte[] bArr5 = bArr2[i12];
                System.arraycopy(bArr5, i11, bArr4, i10, bArr5.length);
                i10 += bArr5.length;
                i12++;
                i11 = 0;
            }
            if (pDEncryption.getVersion() != 4 && pDEncryption.getVersion() != 5) {
                digest = MessageDigests.getSHA1().digest(bArr4);
                setEncryptionKey(new byte[getKeyLength() / 8]);
                System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
            }
            if (!isDecryptMetadata()) {
                bArr4 = a.i(bArr4, i7 + 24);
                System.arraycopy(new byte[]{-1, -1, -1, -1}, 0, bArr4, bArr4.length - 4, 4);
            }
            digest = pDEncryption.getVersion() == 4 ? MessageDigests.getSHA1().digest(bArr4) : MessageDigests.getSHA256().digest(bArr4);
            if (defaultCryptFilterDictionary != null) {
                i cryptFilterMethod = defaultCryptFilterDictionary.getCryptFilterMethod();
                if (!i.f12459K0.equals(cryptFilterMethod) && !i.f12547f1.equals(cryptFilterMethod)) {
                    z5 = false;
                    setAES(z5);
                }
                z5 = true;
                setAES(z5);
            }
            setEncryptionKey(new byte[getKeyLength() / 8]);
            System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
        } catch (KeyStoreException e6) {
            throw new IOException(e6);
        } catch (CertificateEncodingException e7) {
            throw new IOException(e7);
        } catch (C1127f e8) {
            throw new IOException(e8);
        }
    }
}
