package com.tom_roush.pdfbox.pdmodel.encryption;

import E2.n;
import M5.a;
import M5.g;
import O5.c;
import Q5.j;
import Q5.o;
import Q5.p;
import Q5.q;
import com.tom_roush.pdfbox.cos.COSArray;
import com.tom_roush.pdfbox.cos.COSBase;
import com.tom_roush.pdfbox.cos.COSDictionary;
import com.tom_roush.pdfbox.cos.COSName;
import com.tom_roush.pdfbox.cos.COSString;
import com.tom_roush.pdfbox.pdmodel.PDDocument;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import q5.AbstractC1459q;
import q5.AbstractC1460s;
import q5.AbstractC1466y;
import q5.C1453k;
import q5.C1454l;
import t5.r;

/* loaded from: classes2.dex */
public final class PublicKeySecurityHandler extends SecurityHandler {
    public static final String FILTER = "Adobe.PubSec";
    private static final String SUBFILTER4 = "adbe.pkcs7.s4";
    private static final String SUBFILTER5 = "adbe.pkcs7.s5";

    public PublicKeySecurityHandler() {
    }

    public PublicKeySecurityHandler(PublicKeyProtectionPolicy publicKeyProtectionPolicy) {
        setProtectionPolicy(publicKeyProtectionPolicy);
        setKeyLength(publicKeyProtectionPolicy.getEncryptionKeyLength());
    }

    private void appendCertInfo(StringBuilder sb, j jVar, X509Certificate x509Certificate, c cVar) {
        BigInteger bigInteger = jVar.f5820a.f5339c;
        if (bigInteger != null) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            String bigInteger2 = serialNumber != null ? serialNumber.toString(16) : "unknown";
            sb.append("serial-#: rid ");
            sb.append(bigInteger.toString(16));
            sb.append(" vs. cert ");
            sb.append(bigInteger2);
            sb.append(" issuer: rid '");
            sb.append(jVar.f5820a.f5338b);
            sb.append("' vs. cert '");
            sb.append(cVar == null ? "null" : K5.c.i(cVar.f4991a.f3721b.f3735e));
            sb.append("' ");
        }
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [t5.j, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r3v0, types: [java.lang.Object, t5.e] */
    private t5.j computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) {
        C1453k c1453k = new C1453k(x509Certificate.getTBSCertificate());
        g i = g.i(c1453k.D());
        c1453k.close();
        a aVar = i.f3739s.f3729a;
        BigInteger u7 = i.f3733c.u();
        ?? obj = new Object();
        obj.f16361a = i.f3735e;
        obj.f16362b = new C1454l(u7);
        try {
            Cipher cipher = Cipher.getInstance(aVar.f3718a.f14787a, SecurityProvider.getProvider());
            cipher.init(1, x509Certificate.getPublicKey());
            AbstractC1459q abstractC1459q = new AbstractC1459q(cipher.doFinal(bArr));
            r rVar = new r(obj);
            ?? obj2 = new Object();
            obj2.f16377a = obj.b() instanceof AbstractC1466y ? new C1454l(2L) : new C1454l(0L);
            obj2.f16378b = rVar;
            obj2.f16379c = aVar;
            obj2.f16380d = abstractC1459q;
            return obj2;
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e3);
        } catch (NoSuchPaddingException e7) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e7);
        }
    }

    private byte[][] computeRecipientsField(byte[] bArr) {
        PublicKeyProtectionPolicy publicKeyProtectionPolicy = (PublicKeyProtectionPolicy) getProtectionPolicy();
        byte[][] bArr2 = new byte[publicKeyProtectionPolicy.getNumberOfRecipients()];
        Iterator<PublicKeyRecipient> recipientsIterator = publicKeyProtectionPolicy.getRecipientsIterator();
        int i = 0;
        while (recipientsIterator.hasNext()) {
            PublicKeyRecipient next = recipientsIterator.next();
            X509Certificate x509 = next.getX509();
            int permissionBytesForPublicKey = next.getPermission().getPermissionBytesForPublicKey();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (permissionBytesForPublicKey >>> 24);
            bArr3[21] = (byte) (permissionBytesForPublicKey >>> 16);
            bArr3[22] = (byte) (permissionBytesForPublicKey >>> 8);
            bArr3[23] = (byte) permissionBytesForPublicKey;
            AbstractC1460s createDERForRecipient = createDERForRecipient(bArr3, x509);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            createDERForRecipient.l(byteArrayOutputStream);
            bArr2[i] = byteArrayOutputStream.toByteArray();
            i++;
        }
        return bArr2;
    }

    /* JADX WARN: Code restructure failed: missing block: B:24:0x00e3, code lost:
    
        r12.f16356a = new q5.C1454l(r5);
        r12.f16357b = null;
        r12.f16358c = r1;
        r12.f16359d = r0;
        r12.f16360e = null;
        r0 = G5.a.f2344u;
        r1 = r12.b();
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x00fa, code lost:
    
        if ((r1 instanceof q5.Y) != false) goto L44;
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x00fe, code lost:
    
        if ((r1 instanceof q5.n0) != false) goto L44;
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x0102, code lost:
    
        if ((r1 instanceof q5.b0) == false) goto L43;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x0105, code lost:
    
        r1 = false;
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x0108, code lost:
    
        r2 = new q5.C1450h(2);
        r2.a(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0110, code lost:
    
        if (r1 == false) goto L49;
     */
    /* JADX WARN: Code restructure failed: missing block: B:33:0x0112, code lost:
    
        r0 = new q5.C1436K(true, 0, r12, 2);
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x0118, code lost:
    
        r2.a(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:35:0x0123, code lost:
    
        if (r1 == false) goto L53;
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x0125, code lost:
    
        r12 = new q5.AbstractC1463v(r2);
        r12.f14782c = -1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:37:0x012c, code lost:
    
        return r12;
     */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x0132, code lost:
    
        return new q5.AbstractC1463v(r2);
     */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x011c, code lost:
    
        r0 = new q5.C1436K(true, 0, r12, 0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x0107, code lost:
    
        r1 = true;
     */
    /* JADX WARN: Type inference failed for: r0v4, types: [t5.c, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r12v4, types: [t5.d, q5.g, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r12v6, types: [q5.v, q5.n0, q5.s] */
    /* JADX WARN: Type inference failed for: r1v4, types: [q5.c0, q5.w] */
    /* JADX WARN: Type inference failed for: r2v3, types: [t5.s, java.lang.Object] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private q5.AbstractC1460s createDERForRecipient(byte[] r12, java.security.cert.X509Certificate r13) {
        /*
            Method dump skipped, instructions count: 333
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.tom_roush.pdfbox.pdmodel.encryption.PublicKeySecurityHandler.createDERForRecipient(byte[], java.security.cert.X509Certificate):q5.s");
    }

    private void prepareEncryptionDictAES(PDEncryption pDEncryption, COSName cOSName, byte[][] bArr) {
        PDCryptFilterDictionary pDCryptFilterDictionary = new PDCryptFilterDictionary();
        pDCryptFilterDictionary.setCryptFilterMethod(cOSName);
        pDCryptFilterDictionary.setLength(getKeyLength());
        COSArray cOSArray = new COSArray();
        for (byte[] bArr2 : bArr) {
            cOSArray.add((COSBase) new COSString(bArr2));
        }
        pDCryptFilterDictionary.getCOSObject().setItem(COSName.RECIPIENTS, (COSBase) cOSArray);
        cOSArray.setDirect(true);
        pDEncryption.setDefaultCryptFilterDictionary(pDCryptFilterDictionary);
        COSName cOSName2 = COSName.DEFAULT_CRYPT_FILTER;
        pDEncryption.setStreamFilterName(cOSName2);
        pDEncryption.setStringFilterName(cOSName2);
        pDCryptFilterDictionary.getCOSObject().setDirect(true);
        setAES(true);
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareDocumentForEncryption(PDDocument pDDocument) {
        byte[] digest;
        try {
            PDEncryption encryption = pDDocument.getEncryption();
            if (encryption == null) {
                encryption = new PDEncryption();
            }
            encryption.setFilter(FILTER);
            encryption.setLength(getKeyLength());
            int computeVersionNumber = computeVersionNumber();
            encryption.setVersion(computeVersionNumber);
            encryption.removeV45filters();
            int i = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                byte[][] computeRecipientsField = computeRecipientsField(bArr);
                int i7 = 20;
                for (byte[] bArr2 : computeRecipientsField) {
                    i7 += bArr2.length;
                }
                byte[] bArr3 = new byte[i7];
                System.arraycopy(bArr, 0, bArr3, 0, 20);
                for (byte[] bArr4 : computeRecipientsField) {
                    System.arraycopy(bArr4, 0, bArr3, i, bArr4.length);
                    i += bArr4.length;
                }
                if (computeVersionNumber == 4) {
                    encryption.setSubFilter(SUBFILTER5);
                    digest = MessageDigests.getSHA1().digest(bArr3);
                    prepareEncryptionDictAES(encryption, COSName.AESV2, computeRecipientsField);
                } else if (computeVersionNumber != 5) {
                    encryption.setSubFilter(SUBFILTER4);
                    digest = MessageDigests.getSHA1().digest(bArr3);
                    encryption.setRecipients(computeRecipientsField);
                } else {
                    encryption.setSubFilter(SUBFILTER5);
                    digest = MessageDigests.getSHA256().digest(bArr3);
                    prepareEncryptionDictAES(encryption, COSName.AESV3, computeRecipientsField);
                }
                setEncryptionKey(new byte[getKeyLength() / 8]);
                System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
                pDDocument.setEncryptionDictionary(encryption);
                pDDocument.getDocument().setEncryptionDictionary(encryption.getCOSObject());
            } catch (NoSuchAlgorithmException e3) {
                throw new RuntimeException(e3);
            }
        } catch (GeneralSecurityException e7) {
            throw new IOException(e7);
        }
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareForDecryption(PDEncryption pDEncryption, COSArray cOSArray, DecryptionMaterial decryptionMaterial) {
        byte[] digest;
        boolean z7;
        PublicKeyDecryptionMaterial publicKeyDecryptionMaterial;
        int i;
        if (!(decryptionMaterial instanceof PublicKeyDecryptionMaterial)) {
            throw new IOException("Provided decryption material is not compatible with the document - did you pass a null keyStore?");
        }
        PDCryptFilterDictionary defaultCryptFilterDictionary = pDEncryption.getDefaultCryptFilterDictionary();
        if (defaultCryptFilterDictionary != null && defaultCryptFilterDictionary.getLength() != 0) {
            setKeyLength(defaultCryptFilterDictionary.getLength());
            setDecryptMetadata(defaultCryptFilterDictionary.isEncryptMetaData());
        } else if (pDEncryption.getLength() != 0) {
            setKeyLength(pDEncryption.getLength());
            setDecryptMetadata(pDEncryption.isEncryptMetaData());
        }
        PublicKeyDecryptionMaterial publicKeyDecryptionMaterial2 = (PublicKeyDecryptionMaterial) decryptionMaterial;
        try {
            X509Certificate certificate = publicKeyDecryptionMaterial2.getCertificate();
            byte[] bArr = null;
            c cVar = certificate != null ? new c(certificate.getEncoded()) : null;
            COSDictionary cOSObject = pDEncryption.getCOSObject();
            COSName cOSName = COSName.RECIPIENTS;
            COSArray cOSArray2 = cOSObject.getCOSArray(cOSName);
            if (cOSArray2 == null && defaultCryptFilterDictionary != null) {
                cOSArray2 = defaultCryptFilterDictionary.getCOSObject().getCOSArray(cOSName);
            }
            if (cOSArray2 == null) {
                throw new IOException("/Recipients entry is missing in encryption dictionary");
            }
            int size = cOSArray2.size();
            byte[][] bArr2 = new byte[size];
            StringBuilder sb = new StringBuilder();
            int i7 = 0;
            boolean z8 = false;
            int i8 = 0;
            while (i7 < cOSArray2.size()) {
                byte[] bytes = ((COSString) cOSArray2.getObject(i7)).getBytes();
                q qVar = (q) new E2.c(bytes).f1564b;
                qVar.getClass();
                ArrayList arrayList = new ArrayList(qVar.f5832a);
                int size2 = arrayList.size();
                int i9 = 0;
                int i10 = 0;
                while (true) {
                    if (i9 >= size2) {
                        publicKeyDecryptionMaterial = publicKeyDecryptionMaterial2;
                        break;
                    }
                    Object obj = arrayList.get(i9);
                    int i11 = i9 + 1;
                    publicKeyDecryptionMaterial = publicKeyDecryptionMaterial2;
                    p pVar = (p) obj;
                    int i12 = size2;
                    o oVar = pVar.f5828a;
                    if (!z8 && oVar.h(cVar)) {
                        z8 = true;
                        bArr = pVar.a(new n((PrivateKey) publicKeyDecryptionMaterial.getPrivateKey()));
                        break;
                    }
                    int i13 = i10 + 1;
                    if (certificate != null) {
                        i = i11;
                        sb.append('\n');
                        sb.append(i13);
                        sb.append(": ");
                        if (oVar instanceof j) {
                            appendCertInfo(sb, (j) oVar, certificate, cVar);
                        }
                    } else {
                        i = i11;
                    }
                    i9 = i;
                    size2 = i12;
                    i10 = i13;
                    publicKeyDecryptionMaterial2 = publicKeyDecryptionMaterial;
                }
                bArr2[i7] = bytes;
                i8 += bytes.length;
                i7++;
                publicKeyDecryptionMaterial2 = publicKeyDecryptionMaterial;
            }
            if (!z8 || bArr == null) {
                throw new IOException("The certificate matches none of " + cOSArray2.size() + " recipient entries" + sb.toString());
            }
            if (bArr.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            System.arraycopy(bArr, 20, bArr3, 0, 4);
            AccessPermission accessPermission = new AccessPermission(bArr3);
            accessPermission.setReadOnly();
            setCurrentAccessPermission(accessPermission);
            int i14 = i8 + 20;
            byte[] bArr4 = new byte[i14];
            int i15 = 0;
            System.arraycopy(bArr, 0, bArr4, 0, 20);
            int i16 = 20;
            int i17 = 0;
            while (i17 < size) {
                byte[] bArr5 = bArr2[i17];
                System.arraycopy(bArr5, i15, bArr4, i16, bArr5.length);
                i16 += bArr5.length;
                i17++;
                i15 = 0;
            }
            if (pDEncryption.getVersion() != 4 && pDEncryption.getVersion() != 5) {
                digest = MessageDigests.getSHA1().digest(bArr4);
                setEncryptionKey(new byte[getKeyLength() / 8]);
                System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
            }
            if (!isDecryptMetadata()) {
                int i18 = i8 + 24;
                byte[] bArr6 = new byte[i18];
                System.arraycopy(bArr4, 0, bArr6, 0, Math.min(i14, i18));
                System.arraycopy(new byte[]{-1, -1, -1, -1}, 0, bArr6, i14, 4);
                bArr4 = bArr6;
            }
            digest = pDEncryption.getVersion() == 4 ? MessageDigests.getSHA1().digest(bArr4) : MessageDigests.getSHA256().digest(bArr4);
            if (defaultCryptFilterDictionary != null) {
                COSName cryptFilterMethod = defaultCryptFilterDictionary.getCryptFilterMethod();
                if (!COSName.AESV2.equals(cryptFilterMethod) && !COSName.AESV3.equals(cryptFilterMethod)) {
                    z7 = false;
                    setAES(z7);
                }
                z7 = true;
                setAES(z7);
            }
            setEncryptionKey(new byte[getKeyLength() / 8]);
            System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
        } catch (Q5.c e3) {
            throw new IOException(e3);
        } catch (KeyStoreException e7) {
            throw new IOException(e7);
        } catch (CertificateEncodingException e8) {
            throw new IOException(e8);
        }
    }
}
