package com.tom_roush.pdfbox.pdmodel.encryption;

import I2.u;
import Ia.c;
import Ka.C0146a;
import Ka.v;
import Qa.l;
import Qa.s;
import Qa.t;
import R2.a;
import Ra.e;
import T9.H;
import com.tom_roush.pdfbox.cos.COSArray;
import com.tom_roush.pdfbox.cos.COSBase;
import com.tom_roush.pdfbox.cos.COSDictionary;
import com.tom_roush.pdfbox.cos.COSName;
import com.tom_roush.pdfbox.cos.COSString;
import com.tom_roush.pdfbox.pdmodel.PDDocument;
import fa.AbstractC0785A;
import fa.AbstractC0810u;
import fa.AbstractC0813x;
import fa.AbstractC0814y;
import fa.C0791a0;
import fa.C0798h;
import fa.C0801k;
import fa.C0807q;
import fa.C0809t;
import fa.d0;
import fa.q0;
import fa.r;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import ka.C1116f;
import ka.C1117g;
import ka.C1118h;
import ka.C1123m;
import ka.C1131u;
import ka.C1132v;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;

/* loaded from: classes3.dex */
public final class PublicKeySecurityHandler extends SecurityHandler {
    public static final String FILTER = "Adobe.PubSec";
    private static final String SUBFILTER4 = "adbe.pkcs7.s4";
    private static final String SUBFILTER5 = "adbe.pkcs7.s5";

    public PublicKeySecurityHandler() {
    }

    public PublicKeySecurityHandler(PublicKeyProtectionPolicy publicKeyProtectionPolicy) {
        setProtectionPolicy(publicKeyProtectionPolicy);
        setKeyLength(publicKeyProtectionPolicy.getEncryptionKeyLength());
    }

    private void appendCertInfo(StringBuilder sb2, l lVar, X509Certificate x509Certificate, X509CertificateHolder x509CertificateHolder) {
        BigInteger bigInteger = lVar.f4670a.f4536c;
        if (bigInteger != null) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            String bigInteger2 = serialNumber != null ? serialNumber.toString(16) : H.f5574b;
            sb2.append("serial-#: rid ");
            sb2.append(bigInteger.toString(16));
            sb2.append(" vs. cert ");
            sb2.append(bigInteger2);
            sb2.append(" issuer: rid '");
            sb2.append(lVar.f4670a.f4535b);
            sb2.append("' vs. cert '");
            sb2.append(x509CertificateHolder == null ? "null" : c.q(x509CertificateHolder.f25838a.f2882b.f2941n));
            sb2.append("' ");
        }
    }

    /* JADX WARN: Type inference failed for: r6v4, types: [fa.r, fa.a0] */
    private C1123m computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) {
        C0801k c0801k = new C0801k(x509Certificate.getTBSCertificate());
        v q7 = v.q(c0801k.e());
        c0801k.close();
        C0146a c0146a = q7.f2945x.f2933a;
        C1118h c1118h = new C1118h(q7.f2941n, q7.f2939c.B());
        try {
            Cipher cipher = Cipher.getInstance(c0146a.f2873a.f18128a, SecurityProvider.getProvider());
            cipher.init(1, x509Certificate.getPublicKey());
            return new C1123m(new C1131u(c1118h), c0146a, new r(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e7) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e7);
        } catch (NoSuchPaddingException e10) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e10);
        }
    }

    private byte[][] computeRecipientsField(byte[] bArr) {
        PublicKeyProtectionPolicy publicKeyProtectionPolicy = (PublicKeyProtectionPolicy) getProtectionPolicy();
        byte[][] bArr2 = new byte[publicKeyProtectionPolicy.getNumberOfRecipients()];
        Iterator<PublicKeyRecipient> recipientsIterator = publicKeyProtectionPolicy.getRecipientsIterator();
        int i3 = 0;
        while (recipientsIterator.hasNext()) {
            PublicKeyRecipient next = recipientsIterator.next();
            X509Certificate x509 = next.getX509();
            int permissionBytesForPublicKey = next.getPermission().getPermissionBytesForPublicKey();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (permissionBytesForPublicKey >>> 24);
            bArr3[21] = (byte) (permissionBytesForPublicKey >>> 16);
            bArr3[22] = (byte) (permissionBytesForPublicKey >>> 8);
            bArr3[23] = (byte) permissionBytesForPublicKey;
            AbstractC0810u createDERForRecipient = createDERForRecipient(bArr3, x509);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            createDERForRecipient.getClass();
            C0809t.a(byteArrayOutputStream, "DER").o(createDERForRecipient);
            bArr2[i3] = byteArrayOutputStream.toByteArray();
            i3++;
        }
        return bArr2;
    }

    /* JADX WARN: Type inference failed for: r1v4, types: [fa.e0, fa.y] */
    /* JADX WARN: Type inference failed for: r5v3, types: [fa.r, fa.a0] */
    /* JADX WARN: Type inference failed for: r7v6, types: [fa.q0, fa.x, fa.u] */
    private AbstractC0810u createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) {
        String str = Ba.c.f497d0.f18128a;
        try {
            Provider provider = SecurityProvider.getProvider();
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(str, provider);
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str, provider);
            Cipher cipher = Cipher.getInstance(str, provider);
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            C0801k c0801k = new C0801k(generateParameters.getEncoded("ASN.1"));
            AbstractC0810u e7 = c0801k.e();
            c0801k.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            byte[] doFinal = cipher.doFinal(bArr);
            ?? abstractC0814y = new AbstractC0814y(new C1132v(computeRecipientInfo(x509Certificate, generateKey.getEncoded())));
            abstractC0814y.f18095i = -1;
            C1117g c1117g = new C1117g(abstractC0814y, new C1116f(Ba.c.f514n0, new C0146a(new C0807q(str), e7), new r(doFinal)));
            C0807q c0807q = Ba.c.f516p0;
            AbstractC0810u k6 = c1117g.k();
            boolean z10 = (k6 instanceof C0791a0) || (k6 instanceof q0) || (k6 instanceof d0);
            C0798h c0798h = new C0798h(2);
            c0798h.a(c0807q);
            c0798h.a(z10 ? new AbstractC0785A(true, 0, c1117g) : new AbstractC0785A(true, 0, c1117g));
            if (!z10) {
                return new AbstractC0813x(c0798h);
            }
            ?? abstractC0813x = new AbstractC0813x(c0798h);
            abstractC0813x.f18130c = -1;
            return abstractC0813x;
        } catch (NoSuchAlgorithmException e10) {
            throw new IOException(a.k("Could not find a suitable javax.crypto provider for algorithm ", str, "; possible reason: using an unsigned .jar file"), e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    private void prepareEncryptionDictAES(PDEncryption pDEncryption, COSName cOSName, byte[][] bArr) {
        PDCryptFilterDictionary pDCryptFilterDictionary = new PDCryptFilterDictionary();
        pDCryptFilterDictionary.setCryptFilterMethod(cOSName);
        pDCryptFilterDictionary.setLength(getKeyLength());
        COSArray cOSArray = new COSArray();
        for (byte[] bArr2 : bArr) {
            cOSArray.add((COSBase) new COSString(bArr2));
        }
        pDCryptFilterDictionary.getCOSObject().setItem(COSName.RECIPIENTS, (COSBase) cOSArray);
        cOSArray.setDirect(true);
        pDEncryption.setDefaultCryptFilterDictionary(pDCryptFilterDictionary);
        COSName cOSName2 = COSName.DEFAULT_CRYPT_FILTER;
        pDEncryption.setStreamFilterName(cOSName2);
        pDEncryption.setStringFilterName(cOSName2);
        pDCryptFilterDictionary.getCOSObject().setDirect(true);
        setAES(true);
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareDocumentForEncryption(PDDocument pDDocument) {
        byte[] digest;
        try {
            PDEncryption encryption = pDDocument.getEncryption();
            if (encryption == null) {
                encryption = new PDEncryption();
            }
            encryption.setFilter(FILTER);
            encryption.setLength(getKeyLength());
            int computeVersionNumber = computeVersionNumber();
            encryption.setVersion(computeVersionNumber);
            encryption.removeV45filters();
            int i3 = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                byte[][] computeRecipientsField = computeRecipientsField(bArr);
                int i6 = 20;
                for (byte[] bArr2 : computeRecipientsField) {
                    i6 += bArr2.length;
                }
                byte[] bArr3 = new byte[i6];
                System.arraycopy(bArr, 0, bArr3, 0, 20);
                for (byte[] bArr4 : computeRecipientsField) {
                    System.arraycopy(bArr4, 0, bArr3, i3, bArr4.length);
                    i3 += bArr4.length;
                }
                if (computeVersionNumber == 4) {
                    encryption.setSubFilter(SUBFILTER5);
                    digest = MessageDigests.getSHA1().digest(bArr3);
                    prepareEncryptionDictAES(encryption, COSName.AESV2, computeRecipientsField);
                } else if (computeVersionNumber != 5) {
                    encryption.setSubFilter(SUBFILTER4);
                    digest = MessageDigests.getSHA1().digest(bArr3);
                    encryption.setRecipients(computeRecipientsField);
                } else {
                    encryption.setSubFilter(SUBFILTER5);
                    digest = MessageDigests.getSHA256().digest(bArr3);
                    prepareEncryptionDictAES(encryption, COSName.AESV3, computeRecipientsField);
                }
                setEncryptionKey(new byte[getKeyLength() / 8]);
                System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
                pDDocument.setEncryptionDictionary(encryption);
                pDDocument.getDocument().setEncryptionDictionary(encryption.getCOSObject());
            } catch (NoSuchAlgorithmException e7) {
                throw new RuntimeException(e7);
            }
        } catch (GeneralSecurityException e10) {
            throw new IOException(e10);
        }
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareForDecryption(PDEncryption pDEncryption, COSArray cOSArray, DecryptionMaterial decryptionMaterial) {
        byte[] digest;
        if (!(decryptionMaterial instanceof PublicKeyDecryptionMaterial)) {
            throw new IOException("Provided decryption material is not compatible with the document - did you pass a null keyStore?");
        }
        PDCryptFilterDictionary defaultCryptFilterDictionary = pDEncryption.getDefaultCryptFilterDictionary();
        if (defaultCryptFilterDictionary != null && defaultCryptFilterDictionary.getLength() != 0) {
            setKeyLength(defaultCryptFilterDictionary.getLength());
            setDecryptMetadata(defaultCryptFilterDictionary.isEncryptMetaData());
        } else if (pDEncryption.getLength() != 0) {
            setKeyLength(pDEncryption.getLength());
            setDecryptMetadata(pDEncryption.isEncryptMetaData());
        }
        PublicKeyDecryptionMaterial publicKeyDecryptionMaterial = (PublicKeyDecryptionMaterial) decryptionMaterial;
        try {
            X509Certificate certificate = publicKeyDecryptionMaterial.getCertificate();
            byte[] bArr = null;
            X509CertificateHolder x509CertificateHolder = certificate != null ? new X509CertificateHolder(certificate.getEncoded()) : null;
            COSDictionary cOSObject = pDEncryption.getCOSObject();
            COSName cOSName = COSName.RECIPIENTS;
            COSArray cOSArray2 = cOSObject.getCOSArray(cOSName);
            if (cOSArray2 == null && defaultCryptFilterDictionary != null) {
                cOSArray2 = defaultCryptFilterDictionary.getCOSObject().getCOSArray(cOSName);
            }
            if (cOSArray2 == null) {
                throw new IOException("/Recipients entry is missing in encryption dictionary");
            }
            int size = cOSArray2.size();
            byte[][] bArr2 = new byte[size];
            StringBuilder sb2 = new StringBuilder();
            boolean z10 = false;
            int i3 = 0;
            for (int i6 = 0; i6 < cOSArray2.size(); i6++) {
                byte[] bytes = ((COSString) cOSArray2.getObject(i6)).getBytes();
                t tVar = (t) new u(bytes).f2397b;
                tVar.getClass();
                Iterator it = new ArrayList((ArrayList) tVar.f4685b).iterator();
                int i10 = 0;
                while (true) {
                    if (it.hasNext()) {
                        s sVar = (s) it.next();
                        Iterator it2 = it;
                        Qa.r rVar = sVar.f4680a;
                        if (!z10 && rVar.k(x509CertificateHolder)) {
                            bArr = sVar.a(new e((PrivateKey) publicKeyDecryptionMaterial.getPrivateKey()));
                            z10 = true;
                            break;
                        }
                        i10++;
                        if (certificate != null) {
                            sb2.append('\n');
                            sb2.append(i10);
                            sb2.append(": ");
                            if (rVar instanceof l) {
                                appendCertInfo(sb2, (l) rVar, certificate, x509CertificateHolder);
                            }
                        }
                        it = it2;
                    }
                }
                bArr2[i6] = bytes;
                i3 += bytes.length;
            }
            if (!z10 || bArr == null) {
                throw new IOException("The certificate matches none of " + cOSArray2.size() + " recipient entries" + sb2.toString());
            }
            if (bArr.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            System.arraycopy(bArr, 20, bArr3, 0, 4);
            AccessPermission accessPermission = new AccessPermission(bArr3);
            accessPermission.setReadOnly();
            setCurrentAccessPermission(accessPermission);
            int i11 = i3 + 20;
            byte[] bArr4 = new byte[i11];
            int i12 = 0;
            System.arraycopy(bArr, 0, bArr4, 0, 20);
            int i13 = 20;
            int i14 = 0;
            while (i14 < size) {
                byte[] bArr5 = bArr2[i14];
                System.arraycopy(bArr5, i12, bArr4, i13, bArr5.length);
                i13 += bArr5.length;
                i14++;
                i12 = 0;
            }
            boolean z11 = true;
            if (pDEncryption.getVersion() != 4 && pDEncryption.getVersion() != 5) {
                digest = MessageDigests.getSHA1().digest(bArr4);
                setEncryptionKey(new byte[getKeyLength() / 8]);
                System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
            }
            if (!isDecryptMetadata()) {
                int i15 = i3 + 24;
                byte[] bArr6 = new byte[i15];
                System.arraycopy(bArr4, 0, bArr6, 0, Math.min(i11, i15));
                System.arraycopy(new byte[]{-1, -1, -1, -1}, 0, bArr6, i11, 4);
                bArr4 = bArr6;
            }
            digest = pDEncryption.getVersion() == 4 ? MessageDigests.getSHA1().digest(bArr4) : MessageDigests.getSHA256().digest(bArr4);
            if (defaultCryptFilterDictionary != null) {
                COSName cryptFilterMethod = defaultCryptFilterDictionary.getCryptFilterMethod();
                if (!COSName.AESV2.equals(cryptFilterMethod) && !COSName.AESV3.equals(cryptFilterMethod)) {
                    z11 = false;
                }
                setAES(z11);
            }
            setEncryptionKey(new byte[getKeyLength() / 8]);
            System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
        } catch (KeyStoreException e7) {
            throw new IOException(e7);
        } catch (CertificateEncodingException e10) {
            throw new IOException(e10);
        } catch (CMSException e11) {
            throw new IOException(e11);
        }
    }
}
