package com.itextpdf.kernel.crypto.securityhandler;

import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
import com.itextpdf.commons.bouncycastle.IBouncyCastleFactory;
import com.itextpdf.commons.bouncycastle.asn1.IASN1InputStream;
import com.itextpdf.commons.bouncycastle.asn1.IASN1OutputStream;
import com.itextpdf.commons.bouncycastle.asn1.IASN1Primitive;
import com.itextpdf.commons.bouncycastle.asn1.IDEROctetString;
import com.itextpdf.commons.bouncycastle.asn1.cms.IIssuerAndSerialNumber;
import com.itextpdf.commons.bouncycastle.asn1.cms.IKeyTransRecipientInfo;
import com.itextpdf.commons.bouncycastle.asn1.x509.IAlgorithmIdentifier;
import com.itextpdf.commons.bouncycastle.asn1.x509.ITBSCertificate;
import com.itextpdf.io.util.StreamUtil;
import com.itextpdf.kernel.crypto.CryptoUtil;
import com.itextpdf.kernel.crypto.securityhandler.EncryptionUtils;
import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.kernel.pdf.PdfArray;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfLiteral;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.security.IExternalDecryptionProcess;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;

/* loaded from: classes10.dex */
public abstract class PubKeySecurityHandler extends SecurityHandler {
    private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.getFactory();
    private static final int DEFAULT_KEY_LENGTH = 40;
    private static final int SEED_LENGTH = 20;
    private List<PublicKeyRecipient> recipients;
    private byte[] seed = EncryptionUtils.generateSeed(20);

    /* JADX INFO: Access modifiers changed from: protected */
    public PubKeySecurityHandler() {
        this.recipients = null;
        this.recipients = new ArrayList();
    }

    private void addRecipient(Certificate certificate, int i) {
        this.recipients.add(new PublicKeyRecipient(certificate, i));
    }

    protected static byte[] computeGlobalKeyOnReading(PdfDictionary pdfDictionary, PrivateKey privateKey, Certificate certificate, String str, IExternalDecryptionProcess iExternalDecryptionProcess, boolean z, String str2) {
        PdfArray asArray = pdfDictionary.getAsArray(PdfName.Recipients);
        if (asArray == null) {
            asArray = pdfDictionary.getAsDictionary(PdfName.CF).getAsDictionary(PdfName.DefaultCryptFilter).getAsArray(PdfName.Recipients);
        }
        byte[] fetchEnvelopedData = EncryptionUtils.fetchEnvelopedData(privateKey, certificate, str, iExternalDecryptionProcess, asArray);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str2);
            messageDigest.update(fetchEnvelopedData, 0, 20);
            for (int i = 0; i < asArray.size(); i++) {
                messageDigest.update(asArray.getAsString(i).getValueBytes());
            }
            if (!z) {
                messageDigest.update(new byte[]{-1, -1, -1, -1});
            }
            return messageDigest.digest();
        } catch (Exception e) {
            throw new PdfException(KernelExceptionMessageConstant.PDF_DECRYPTION, (Throwable) e);
        }
    }

    private IKeyTransRecipientInfo computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) throws GeneralSecurityException, IOException {
        IBouncyCastleFactory iBouncyCastleFactory = BOUNCY_CASTLE_FACTORY;
        IASN1InputStream createASN1InputStream = iBouncyCastleFactory.createASN1InputStream(new ByteArrayInputStream(x509Certificate.getTBSCertificate()));
        try {
            ITBSCertificate createTBSCertificate = iBouncyCastleFactory.createTBSCertificate(createASN1InputStream.readObject());
            if (createASN1InputStream != null) {
                createASN1InputStream.close();
            }
            IAlgorithmIdentifier algorithm = createTBSCertificate.getSubjectPublicKeyInfo().getAlgorithm();
            IIssuerAndSerialNumber createIssuerAndSerialNumber = iBouncyCastleFactory.createIssuerAndSerialNumber(createTBSCertificate.getIssuer(), createTBSCertificate.getSerialNumber().getValue());
            return iBouncyCastleFactory.createKeyTransRecipientInfo(iBouncyCastleFactory.createRecipientIdentifier(createIssuerAndSerialNumber), algorithm, iBouncyCastleFactory.createDEROctetString(EncryptionUtils.cipherBytes(x509Certificate, bArr, algorithm)));
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                if (createASN1InputStream != null) {
                    try {
                        createASN1InputStream.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                }
                throw th2;
            }
        }
    }

    private IASN1Primitive createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        EncryptionUtils.DERForRecipientParams calculateDERForRecipientParams = EncryptionUtils.calculateDERForRecipientParams(bArr);
        IKeyTransRecipientInfo computeRecipientInfo = computeRecipientInfo(x509Certificate, calculateDERForRecipientParams.abyte0);
        IBouncyCastleFactory iBouncyCastleFactory = BOUNCY_CASTLE_FACTORY;
        IDEROctetString createDEROctetString = iBouncyCastleFactory.createDEROctetString(calculateDERForRecipientParams.abyte1);
        return iBouncyCastleFactory.createContentInfo(iBouncyCastleFactory.createPKCSObjectIdentifiers().getEnvelopedData(), iBouncyCastleFactory.createEnvelopedData(iBouncyCastleFactory.createNullOriginatorInfo(), iBouncyCastleFactory.createDERSet(iBouncyCastleFactory.createRecipientInfo(computeRecipientInfo)), iBouncyCastleFactory.createEncryptedContentInfo(iBouncyCastleFactory.createPKCSObjectIdentifiers().getData(), calculateDERForRecipientParams.algorithmIdentifier, createDEROctetString), iBouncyCastleFactory.createNullASN1Set())).toASN1Primitive();
    }

    private byte[] getEncodedRecipient(int i) throws IOException, GeneralSecurityException {
        PublicKeyRecipient publicKeyRecipient = this.recipients.get(i);
        byte[] cms = publicKeyRecipient.getCms();
        if (cms != null) {
            return cms;
        }
        Certificate certificate = publicKeyRecipient.getCertificate();
        int permission = publicKeyRecipient.getPermission() | (-7999);
        byte[] bArr = new byte[24];
        System.arraycopy(this.seed, 0, bArr, 0, 20);
        bArr[20] = (byte) (-1);
        bArr[21] = (byte) (-1);
        bArr[22] = (byte) (permission >> 8);
        bArr[23] = (byte) permission;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        IASN1OutputStream createAsn1OutputStream = CryptoUtil.createAsn1OutputStream(byteArrayOutputStream, BOUNCY_CASTLE_FACTORY.createASN1Encoding().getDer());
        try {
            createAsn1OutputStream.writeObject(createDERForRecipient(bArr, (X509Certificate) certificate));
            if (createAsn1OutputStream != null) {
                createAsn1OutputStream.close();
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            publicKeyRecipient.setCms(byteArray);
            return byteArray;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                if (createAsn1OutputStream != null) {
                    try {
                        createAsn1OutputStream.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                }
                throw th2;
            }
        }
    }

    private PdfArray getEncodedRecipients() {
        PdfArray pdfArray = new PdfArray();
        for (int i = 0; i < this.recipients.size(); i++) {
            try {
                pdfArray.add(new PdfLiteral(StreamUtil.createEscapedString(getEncodedRecipient(i))));
            } catch (IOException | GeneralSecurityException unused) {
                return null;
            }
        }
        return pdfArray;
    }

    private int getKeyLength(PdfDictionary pdfDictionary) {
        Integer asInt = pdfDictionary.getAsInt(PdfName.Length);
        if (asInt != null) {
            return asInt.intValue();
        }
        return 40;
    }

    private int getRecipientsSize() {
        return this.recipients.size();
    }

    private byte[] getSeed() {
        byte[] bArr = this.seed;
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    protected void addAllRecipients(Certificate[] certificateArr, int[] iArr) {
        if (certificateArr != null) {
            for (int i = 0; i < certificateArr.length; i++) {
                addRecipient(certificateArr[i], iArr[i]);
            }
        }
    }

    protected byte[] computeGlobalKey(String str, boolean z) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(getSeed());
            for (int i = 0; i < getRecipientsSize(); i++) {
                messageDigest.update(getEncodedRecipient(i));
            }
            if (!z) {
                messageDigest.update(new byte[]{-1, -1, -1, -1});
            }
            return messageDigest.digest();
        } catch (PdfException e) {
            throw e;
        } catch (Exception e2) {
            throw new PdfException(KernelExceptionMessageConstant.PDF_ENCRYPTION, (Throwable) e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PdfArray createRecipientsArray() {
        try {
            return getEncodedRecipients();
        } catch (Exception e) {
            throw new PdfException(KernelExceptionMessageConstant.PDF_ENCRYPTION, (Throwable) e);
        }
    }

    protected abstract String getDigestAlgorithm();

    protected abstract void initKey(byte[] bArr, int i);

    /* JADX INFO: Access modifiers changed from: protected */
    public void initKeyAndFillDictionary(PdfDictionary pdfDictionary, Certificate[] certificateArr, int[] iArr, boolean z, boolean z2) {
        addAllRecipients(certificateArr, iArr);
        initKey(computeGlobalKey(getDigestAlgorithm(), z), getKeyLength(pdfDictionary));
        setPubSecSpecificHandlerDicEntries(pdfDictionary, z, z2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initKeyAndReadDictionary(PdfDictionary pdfDictionary, Key key, Certificate certificate, String str, IExternalDecryptionProcess iExternalDecryptionProcess, boolean z) {
        initKey(computeGlobalKeyOnReading(pdfDictionary, (PrivateKey) key, certificate, str, iExternalDecryptionProcess, z, getDigestAlgorithm()), getKeyLength(pdfDictionary));
    }

    protected abstract void setPubSecSpecificHandlerDicEntries(PdfDictionary pdfDictionary, boolean z, boolean z2);
}
