package com.tom_roush.pdfbox.pdmodel.encryption;

import cg.p;
import com.yandex.metrica.push.common.CoreConstants;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.j1;
import org.bouncycastle.asn1.o1;
import org.bouncycastle.asn1.q;
import org.bouncycastle.asn1.s;
import org.bouncycastle.asn1.t;
import org.bouncycastle.cms.CMSException;
import zm.a0;
import zm.r;
import zm.z;

/* loaded from: classes3.dex */
public final class PublicKeySecurityHandler extends SecurityHandler {
    public static final String FILTER = "Adobe.PubSec";
    private static final String SUBFILTER4 = "adbe.pkcs7.s4";
    private static final String SUBFILTER5 = "adbe.pkcs7.s5";
    private h policy;

    public PublicKeySecurityHandler() {
        this.policy = null;
    }

    public PublicKeySecurityHandler(h hVar) {
        this.policy = hVar;
        this.keyLength = hVar.a();
    }

    private void appendCertInfo(StringBuilder sb2, r rVar, X509Certificate x509Certificate, xm.b bVar) {
        BigInteger c10 = rVar.c();
        if (c10 != null) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber != null ? serialNumber.toString(16) : CoreConstants.Transport.UNKNOWN;
            sb2.append("serial-#: rid ");
            sb2.append(c10.toString(16));
            sb2.append(" vs. cert ");
            sb2.append(bigInteger);
            sb2.append(" issuer: rid '");
            sb2.append(rVar.a());
            sb2.append("' vs. cert '");
            sb2.append(bVar == null ? "null" : bVar.b());
            sb2.append("' ");
        }
    }

    private gm.j computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        org.bouncycastle.asn1.l lVar = new org.bouncycastle.asn1.l(x509Certificate.getTBSCertificate());
        vm.g i10 = vm.g.i(lVar.u());
        lVar.close();
        vm.a h10 = i10.l().h();
        gm.e eVar = new gm.e(i10.j(), i10.k().v());
        try {
            Cipher cipher = Cipher.getInstance(h10.h().w(), m.a());
            cipher.init(1, x509Certificate.getPublicKey());
            return new gm.j(new gm.r(eVar), h10, new j1(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e10) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    private byte[][] computeRecipientsField(byte[] bArr) throws GeneralSecurityException, IOException {
        byte[][] bArr2 = new byte[this.policy.c()];
        Iterator<i> d10 = this.policy.d();
        int i10 = 0;
        while (d10.hasNext()) {
            i next = d10.next();
            X509Certificate b10 = next.b();
            int g10 = next.a().g();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (g10 >>> 24);
            bArr3[21] = (byte) (g10 >>> 16);
            bArr3[22] = (byte) (g10 >>> 8);
            bArr3[23] = (byte) g10;
            t createDERForRecipient = createDERForRecipient(bArr3, b10);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            s.b(byteArrayOutputStream, "DER").u(createDERForRecipient);
            bArr2[i10] = byteArrayOutputStream.toByteArray();
            i10++;
        }
        return bArr2;
    }

    private int computeVersionNumber() {
        int i10 = this.keyLength;
        if (i10 == 40) {
            return 1;
        }
        if (i10 == 128) {
            return 2;
        }
        if (i10 == 256) {
            return 5;
        }
        throw new IllegalArgumentException("key length must be 40, 128 or 256");
    }

    private t createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        String w10 = pm.a.E.w();
        try {
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(w10, m.a());
            KeyGenerator keyGenerator = KeyGenerator.getInstance(w10, m.a());
            Cipher cipher = Cipher.getInstance(w10, m.a());
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            org.bouncycastle.asn1.l lVar = new org.bouncycastle.asn1.l(generateParameters.getEncoded("ASN.1"));
            t u10 = lVar.u();
            lVar.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            return new gm.b(pm.a.U, new gm.d(null, new o1(new gm.s(computeRecipientInfo(x509Certificate, generateKey.getEncoded()))), new gm.c(pm.a.S, new vm.a(new q(w10), u10), new j1(cipher.doFinal(bArr))), null)).b();
        } catch (NoSuchAlgorithmException e10) {
            throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + w10 + "; possible reason: using an unsigned .jar file", e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    private void prepareEncryptionDictAES(e eVar, cg.i iVar, byte[][] bArr) {
        d dVar = new d();
        dVar.c(iVar);
        dVar.d(this.keyLength);
        cg.a aVar = new cg.a();
        for (byte[] bArr2 : bArr) {
            aVar.Z(new p(bArr2));
        }
        dVar.e().t2(cg.i.f9476n7, aVar);
        aVar.M(true);
        eVar.u(dVar);
        cg.i iVar2 = cg.i.f9372e2;
        eVar.F(iVar2);
        eVar.G(iVar2);
        dVar.e().M(true);
        setAES(true);
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public boolean hasProtectionPolicy() {
        return this.policy != null;
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareDocumentForEncryption(ig.b bVar) throws IOException {
        byte[] bArr;
        try {
            e k10 = bVar.k();
            if (k10 == null) {
                k10 = new e();
            }
            k10.v(FILTER);
            k10.w(this.keyLength);
            int computeVersionNumber = computeVersionNumber();
            k10.K(computeVersionNumber);
            k10.s();
            int i10 = 20;
            byte[] bArr2 = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr2, 0, 20);
                byte[][] computeRecipientsField = computeRecipientsField(bArr2);
                int i11 = 20;
                for (byte[] bArr3 : computeRecipientsField) {
                    i11 += bArr3.length;
                }
                byte[] bArr4 = new byte[i11];
                System.arraycopy(bArr2, 0, bArr4, 0, 20);
                for (byte[] bArr5 : computeRecipientsField) {
                    System.arraycopy(bArr5, 0, bArr4, i10, bArr5.length);
                    i10 += bArr5.length;
                }
                if (computeVersionNumber != 4 && computeVersionNumber != 5) {
                    k10.H(SUBFILTER4);
                    bArr = c.b().digest(bArr4);
                    k10.B(computeRecipientsField);
                    int i12 = this.keyLength;
                    byte[] bArr6 = new byte[i12 / 8];
                    this.encryptionKey = bArr6;
                    System.arraycopy(bArr, 0, bArr6, 0, i12 / 8);
                    bVar.j0(k10);
                    bVar.c().l1(k10.e());
                }
                k10.H(SUBFILTER5);
                byte[] digest = c.c().digest(bArr4);
                prepareEncryptionDictAES(k10, computeVersionNumber == 5 ? cg.i.f9501q : cg.i.f9490p, computeRecipientsField);
                bArr = digest;
                int i122 = this.keyLength;
                byte[] bArr62 = new byte[i122 / 8];
                this.encryptionKey = bArr62;
                System.arraycopy(bArr, 0, bArr62, 0, i122 / 8);
                bVar.j0(k10);
                bVar.c().l1(k10.e());
            } catch (NoSuchAlgorithmException e10) {
                throw new RuntimeException(e10);
            }
        } catch (GeneralSecurityException e11) {
            throw new IOException(e11);
        }
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareForDecryption(e eVar, cg.a aVar, b bVar) throws IOException {
        byte[] digest;
        boolean z10;
        g gVar;
        if (!(bVar instanceof g)) {
            throw new IOException("Provided decryption material is not compatible with the document");
        }
        setDecryptMetadata(eVar.r());
        if (eVar.f() != 0) {
            this.keyLength = eVar.f();
        }
        g gVar2 = (g) bVar;
        try {
            X509Certificate a10 = gVar2.a();
            byte[] bArr = null;
            xm.b bVar2 = a10 != null ? new xm.b(a10.getEncoded()) : null;
            cg.d e10 = eVar.e();
            cg.i iVar = cg.i.f9476n7;
            cg.a aVar2 = (cg.a) e10.w1(iVar);
            if (aVar2 == null) {
                aVar2 = (cg.a) eVar.c().e().w1(iVar);
            }
            int size = aVar2.size();
            byte[][] bArr2 = new byte[size];
            StringBuilder sb2 = new StringBuilder();
            int i10 = 0;
            boolean z11 = false;
            int i11 = 0;
            while (i10 < aVar2.size()) {
                byte[] T = ((p) aVar2.N0(i10)).T();
                Iterator<a0> it2 = new zm.c(T).a().a().iterator();
                int i12 = 0;
                while (true) {
                    if (!it2.hasNext()) {
                        gVar = gVar2;
                        break;
                    }
                    a0 next = it2.next();
                    z c10 = next.c();
                    if (!z11 && c10.T1(bVar2)) {
                        bArr = next.a(new an.e((PrivateKey) gVar2.b()));
                        gVar = gVar2;
                        z11 = true;
                        break;
                    }
                    g gVar3 = gVar2;
                    int i13 = i12 + 1;
                    if (a10 != null) {
                        sb2.append('\n');
                        sb2.append(i13);
                        sb2.append(": ");
                        if (c10 instanceof r) {
                            appendCertInfo(sb2, (r) c10, a10, bVar2);
                        }
                    }
                    i12 = i13;
                    gVar2 = gVar3;
                }
                bArr2[i10] = T;
                i11 += T.length;
                i10++;
                gVar2 = gVar;
            }
            if (!z11 || bArr == null) {
                throw new IOException("The certificate matches none of " + aVar2.size() + " recipient entries" + sb2.toString());
            }
            if (bArr.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            int i14 = 20;
            System.arraycopy(bArr, 20, bArr3, 0, 4);
            a aVar3 = new a(bArr3);
            aVar3.s();
            setCurrentAccessPermission(aVar3);
            byte[] bArr4 = new byte[i11 + 20];
            int i15 = 0;
            System.arraycopy(bArr, 0, bArr4, 0, 20);
            int i16 = 0;
            while (i16 < size) {
                byte[] bArr5 = bArr2[i16];
                System.arraycopy(bArr5, i15, bArr4, i14, bArr5.length);
                i14 += bArr5.length;
                i16++;
                i15 = 0;
            }
            if (eVar.q() != 4 && eVar.q() != 5) {
                digest = c.b().digest(bArr4);
                int i17 = this.keyLength;
                byte[] bArr6 = new byte[i17 / 8];
                this.encryptionKey = bArr6;
                System.arraycopy(digest, 0, bArr6, 0, i17 / 8);
            }
            digest = c.c().digest(bArr4);
            d c11 = eVar.c();
            if (c11 != null) {
                cg.i b10 = c11.b();
                if (!cg.i.f9490p.equals(b10) && !cg.i.f9501q.equals(b10)) {
                    z10 = false;
                    setAES(z10);
                }
                z10 = true;
                setAES(z10);
            }
            int i172 = this.keyLength;
            byte[] bArr62 = new byte[i172 / 8];
            this.encryptionKey = bArr62;
            System.arraycopy(digest, 0, bArr62, 0, i172 / 8);
        } catch (KeyStoreException e11) {
            throw new IOException(e11);
        } catch (CertificateEncodingException e12) {
            throw new IOException(e12);
        } catch (CMSException e13) {
            throw new IOException(e13);
        }
    }
}
