package com.itextpdf.kernel.crypto.securityhandler;

import b10.a;
import b10.v;
import com.itextpdf.io.util.StreamUtil;
import com.itextpdf.kernel.crypto.CryptoUtil;
import com.itextpdf.kernel.crypto.securityhandler.EncryptionUtils;
import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.kernel.pdf.PdfArray;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfLiteral;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.security.IExternalDecryptionProcess;
import d00.f;
import d00.g;
import d00.h;
import d00.i;
import d00.n;
import d00.w;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import t00.b;
import zz.o;
import zz.q1;
import zz.v1;
import zz.y;

/* loaded from: classes3.dex */
public abstract class PubKeySecurityHandler extends SecurityHandler {
    public static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final int SEED_LENGTH = 20;
    private List<PublicKeyRecipient> recipients;
    private byte[] seed = EncryptionUtils.generateSeed(20);

    public PubKeySecurityHandler() {
        this.recipients = null;
        this.recipients = new ArrayList();
    }

    private void addRecipient(Certificate certificate, int i11) {
        this.recipients.add(new PublicKeyRecipient(certificate, i11));
    }

    public static byte[] computeGlobalKeyOnReading(PdfDictionary pdfDictionary, PrivateKey privateKey, Certificate certificate, String str, IExternalDecryptionProcess iExternalDecryptionProcess, boolean z11, String str2) {
        PdfName pdfName = PdfName.Recipients;
        PdfArray asArray = pdfDictionary.getAsArray(pdfName);
        if (asArray == null) {
            asArray = pdfDictionary.getAsDictionary(PdfName.CF).getAsDictionary(PdfName.DefaultCryptFilter).getAsArray(pdfName);
        }
        byte[] fetchEnvelopedData = EncryptionUtils.fetchEnvelopedData(privateKey, certificate, str, iExternalDecryptionProcess, asArray);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str2);
            messageDigest.update(fetchEnvelopedData, 0, 20);
            for (int i11 = 0; i11 < asArray.size(); i11++) {
                messageDigest.update(asArray.getAsString(i11).getValueBytes());
            }
            if (!z11) {
                messageDigest.update(new byte[]{-1, -1, -1, -1});
            }
            return messageDigest.digest();
        } catch (Exception e11) {
            throw new PdfException(KernelExceptionMessageConstant.PDF_DECRYPTION, (Throwable) e11);
        }
    }

    private n computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) throws GeneralSecurityException, IOException {
        v j11 = v.j(new o(new ByteArrayInputStream(x509Certificate.getTBSCertificate())).x());
        a j12 = j11.o().j();
        i iVar = new i(j11.l(), j11.m().B());
        return new n(new d00.v(iVar), j12, new q1(EncryptionUtils.cipherBytes(x509Certificate, bArr, j12)));
    }

    private y createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        EncryptionUtils.DERForRecipientParams calculateDERForRecipientParams = EncryptionUtils.calculateDERForRecipientParams(bArr);
        return new f(b.f46000k2, new h(null, new v1(new w(computeRecipientInfo(x509Certificate, calculateDERForRecipientParams.abyte0))), new g(b.f45994i2, calculateDERForRecipientParams.algorithmIdentifier, new q1(calculateDERForRecipientParams.abyte1)), null)).f();
    }

    private byte[] getEncodedRecipient(int i11) throws IOException, GeneralSecurityException {
        PublicKeyRecipient publicKeyRecipient = this.recipients.get(i11);
        byte[] cms = publicKeyRecipient.getCms();
        if (cms != null) {
            return cms;
        }
        Certificate certificate = publicKeyRecipient.getCertificate();
        int permission = ((publicKeyRecipient.getPermission() | StandardSecurityHandler.PERMS_MASK_1_FOR_REVISION_3_OR_GREATER) & (-4)) + 1;
        byte[] bArr = new byte[24];
        System.arraycopy(this.seed, 0, bArr, 0, 20);
        bArr[20] = (byte) (permission >> 24);
        bArr[21] = (byte) (permission >> 16);
        bArr[22] = (byte) (permission >> 8);
        bArr[23] = (byte) permission;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CryptoUtil.createAsn1OutputStream(byteArrayOutputStream, "DER").v(createDERForRecipient(bArr, (X509Certificate) certificate));
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        publicKeyRecipient.setCms(byteArray);
        return byteArray;
    }

    private PdfArray getEncodedRecipients() {
        PdfArray pdfArray = new PdfArray();
        for (int i11 = 0; i11 < this.recipients.size(); i11++) {
            try {
                pdfArray.add(new PdfLiteral(StreamUtil.createEscapedString(getEncodedRecipient(i11))));
            } catch (IOException | GeneralSecurityException unused) {
                return null;
            }
        }
        return pdfArray;
    }

    private int getRecipientsSize() {
        return this.recipients.size();
    }

    private byte[] getSeed() {
        byte[] bArr = this.seed;
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    public void addAllRecipients(Certificate[] certificateArr, int[] iArr) {
        if (certificateArr != null) {
            for (int i11 = 0; i11 < certificateArr.length; i11++) {
                addRecipient(certificateArr[i11], iArr[i11]);
            }
        }
    }

    public byte[] computeGlobalKey(String str, boolean z11) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(getSeed());
            for (int i11 = 0; i11 < getRecipientsSize(); i11++) {
                messageDigest.update(getEncodedRecipient(i11));
            }
            if (!z11) {
                messageDigest.update(new byte[]{-1, -1, -1, -1});
            }
            return messageDigest.digest();
        } catch (Exception e11) {
            throw new PdfException(KernelExceptionMessageConstant.PDF_ENCRYPTION, (Throwable) e11);
        }
    }

    public PdfArray createRecipientsArray() {
        try {
            return getEncodedRecipients();
        } catch (Exception e11) {
            throw new PdfException(KernelExceptionMessageConstant.PDF_ENCRYPTION, (Throwable) e11);
        }
    }

    public abstract String getDigestAlgorithm();

    public abstract void initKey(byte[] bArr, int i11);

    public void initKeyAndFillDictionary(PdfDictionary pdfDictionary, Certificate[] certificateArr, int[] iArr, boolean z11, boolean z12) {
        addAllRecipients(certificateArr, iArr);
        Integer asInt = pdfDictionary.getAsInt(PdfName.Length);
        initKey(computeGlobalKey(getDigestAlgorithm(), z11), asInt != null ? asInt.intValue() : 40);
        setPubSecSpecificHandlerDicEntries(pdfDictionary, z11, z12);
    }

    public void initKeyAndReadDictionary(PdfDictionary pdfDictionary, Key key, Certificate certificate, String str, IExternalDecryptionProcess iExternalDecryptionProcess, boolean z11) {
        byte[] computeGlobalKeyOnReading = computeGlobalKeyOnReading(pdfDictionary, (PrivateKey) key, certificate, str, iExternalDecryptionProcess, z11, getDigestAlgorithm());
        Integer asInt = pdfDictionary.getAsInt(PdfName.Length);
        initKey(computeGlobalKeyOnReading, asInt != null ? asInt.intValue() : 40);
    }

    public abstract void setPubSecSpecificHandlerDicEntries(PdfDictionary pdfDictionary, boolean z11, boolean z12);
}
