package com.itextpdf.kernel.mac;

import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
import com.itextpdf.commons.bouncycastle.IBouncyCastleFactory;
import com.itextpdf.commons.bouncycastle.asn1.IASN1EncodableVector;
import com.itextpdf.commons.bouncycastle.asn1.IDERSequence;
import com.itextpdf.commons.bouncycastle.asn1.IDERSet;
import com.itextpdf.io.source.RASInputStream;
import com.itextpdf.io.source.RandomAccessSourceFactory;
import com.itextpdf.kernel.crypto.DigestAlgorithms;
import com.itextpdf.kernel.crypto.OID;
import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.kernel.mac.MacProperties;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfDocument;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;

/* loaded from: classes5.dex */
public abstract class AbstractMacIntegrityProtector {
    private static final IBouncyCastleFactory BC_FACTORY = BouncyCastleFactoryCreator.getFactory();
    private static final String PDF_MAC = "PDFMAC";
    protected final PdfDocument document;
    protected byte[] fileEncryptionKey;
    protected byte[] kdfSalt;
    private final MacContainerReader macContainerReader;
    protected final MacProperties macProperties;

    /* renamed from: com.itextpdf.kernel.mac.AbstractMacIntegrityProtector$1, reason: invalid class name */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$itextpdf$kernel$mac$MacProperties$KeyWrappingAlgorithm;
        static final /* synthetic */ int[] $SwitchMap$com$itextpdf$kernel$mac$MacProperties$MacAlgorithm;

        static {
            int[] iArr = new int[MacProperties.KeyWrappingAlgorithm.values().length];
            $SwitchMap$com$itextpdf$kernel$mac$MacProperties$KeyWrappingAlgorithm = iArr;
            try {
                iArr[MacProperties.KeyWrappingAlgorithm.AES_256_NO_PADD.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            int[] iArr2 = new int[MacProperties.MacAlgorithm.values().length];
            $SwitchMap$com$itextpdf$kernel$mac$MacProperties$MacAlgorithm = iArr2;
            try {
                iArr2[MacProperties.MacAlgorithm.HMAC_WITH_SHA_256.ordinal()] = 1;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    public AbstractMacIntegrityProtector(PdfDocument pdfDocument, MacProperties macProperties) {
        this.kdfSalt = null;
        this.fileEncryptionKey = new byte[0];
        this.document = pdfDocument;
        this.macContainerReader = null;
        this.macProperties = macProperties;
    }

    public AbstractMacIntegrityProtector(PdfDocument pdfDocument, PdfDictionary pdfDictionary) {
        this.kdfSalt = null;
        this.fileEncryptionKey = new byte[0];
        this.document = pdfDocument;
        MacContainerReader macContainerReader = MacContainerReader.getInstance(pdfDictionary);
        this.macContainerReader = macContainerReader;
        this.macProperties = new MacProperties(getMacDigestAlgorithm(macContainerReader.parseDigestAlgorithm()));
    }

    private IDERSet createAuthAttributes(byte[] bArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        IBouncyCastleFactory iBouncyCastleFactory = BC_FACTORY;
        IASN1EncodableVector createASN1EncodableVector = iBouncyCastleFactory.createASN1EncodableVector();
        createASN1EncodableVector.add(iBouncyCastleFactory.createASN1ObjectIdentifier(OID.CONTENT_TYPE));
        createASN1EncodableVector.add(iBouncyCastleFactory.createDERSet(iBouncyCastleFactory.createASN1ObjectIdentifier(OID.CT_PDF_MAC_INTEGRITY_INFO)));
        IASN1EncodableVector createASN1EncodableVector2 = iBouncyCastleFactory.createASN1EncodableVector();
        createASN1EncodableVector2.add(iBouncyCastleFactory.createDERSequence(iBouncyCastleFactory.createASN1ObjectIdentifier(DigestAlgorithms.getAllowedDigest(MacProperties.macDigestAlgorithmToString(this.macProperties.getMacDigestAlgorithm())))));
        createASN1EncodableVector2.add(iBouncyCastleFactory.createDERTaggedObject(2, iBouncyCastleFactory.createASN1ObjectIdentifier(getMacAlgorithmOid())));
        IASN1EncodableVector createASN1EncodableVector3 = iBouncyCastleFactory.createASN1EncodableVector();
        createASN1EncodableVector3.add(iBouncyCastleFactory.createASN1ObjectIdentifier(OID.CMS_ALGORITHM_PROTECTION));
        createASN1EncodableVector3.add(iBouncyCastleFactory.createDERSet(iBouncyCastleFactory.createDERSequence(createASN1EncodableVector2)));
        IASN1EncodableVector createASN1EncodableVector4 = iBouncyCastleFactory.createASN1EncodableVector();
        createASN1EncodableVector4.add(iBouncyCastleFactory.createDERSequence(createASN1EncodableVector));
        createASN1EncodableVector4.add(iBouncyCastleFactory.createDERSequence(createASN1EncodableVector3));
        createASN1EncodableVector4.add(createMessageDigestSequence(bArr));
        return iBouncyCastleFactory.createDERSet(createASN1EncodableVector4);
    }

    private IDERSequence createMessageDigestSequence(byte[] bArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        String macDigestAlgorithmToString = MacProperties.macDigestAlgorithmToString(this.macProperties.getMacDigestAlgorithm());
        IBouncyCastleFactory iBouncyCastleFactory = BC_FACTORY;
        DigestAlgorithms.getMessageDigest(macDigestAlgorithmToString, iBouncyCastleFactory.getProviderName()).update(bArr);
        byte[] digestBytes = digestBytes(bArr);
        IASN1EncodableVector createASN1EncodableVector = iBouncyCastleFactory.createASN1EncodableVector();
        createASN1EncodableVector.add(iBouncyCastleFactory.createASN1ObjectIdentifier(OID.MESSAGE_DIGEST));
        createASN1EncodableVector.add(iBouncyCastleFactory.createDERSet(iBouncyCastleFactory.createDEROctetString(digestBytes)));
        return iBouncyCastleFactory.createDERSequence(createASN1EncodableVector);
    }

    private static byte[] createPdfMacIntegrityInfo(byte[] bArr, byte[] bArr2) throws IOException {
        IBouncyCastleFactory iBouncyCastleFactory = BC_FACTORY;
        IASN1EncodableVector createASN1EncodableVector = iBouncyCastleFactory.createASN1EncodableVector();
        createASN1EncodableVector.add(iBouncyCastleFactory.createASN1Integer(0));
        createASN1EncodableVector.add(iBouncyCastleFactory.createDEROctetString(bArr));
        if (bArr2 != null) {
            createASN1EncodableVector.add(iBouncyCastleFactory.createDERTaggedObject(false, 0, iBouncyCastleFactory.createDEROctetString(bArr2)));
        }
        return iBouncyCastleFactory.createDERSequence(createASN1EncodableVector).getEncoded();
    }

    private byte[] generateDecryptedKey(byte[] bArr) throws GeneralSecurityException {
        IBouncyCastleFactory iBouncyCastleFactory = BC_FACTORY;
        byte[] generateHKDF = iBouncyCastleFactory.generateHKDF(this.fileEncryptionKey, this.kdfSalt, PDF_MAC.getBytes(StandardCharsets.UTF_8));
        if (AnonymousClass1.$SwitchMap$com$itextpdf$kernel$mac$MacProperties$KeyWrappingAlgorithm[this.macProperties.getKeyWrappingAlgorithm().ordinal()] == 1) {
            return iBouncyCastleFactory.generateDecryptedKeyWithAES256NoPad(bArr, generateHKDF);
        }
        throw new PdfException(KernelExceptionMessageConstant.WRAP_ALGORITHM_NOT_SUPPORTED);
    }

    private byte[] generateEncryptedKey(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        if (AnonymousClass1.$SwitchMap$com$itextpdf$kernel$mac$MacProperties$KeyWrappingAlgorithm[this.macProperties.getKeyWrappingAlgorithm().ordinal()] == 1) {
            return BC_FACTORY.generateEncryptedKeyWithAES256NoPad(bArr, bArr2);
        }
        throw new PdfException(KernelExceptionMessageConstant.WRAP_ALGORITHM_NOT_SUPPORTED);
    }

    private byte[] generateMac(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        if (AnonymousClass1.$SwitchMap$com$itextpdf$kernel$mac$MacProperties$MacAlgorithm[this.macProperties.getMacAlgorithm().ordinal()] == 1) {
            return BC_FACTORY.generateHMACSHA256Token(bArr, bArr2);
        }
        throw new PdfException(KernelExceptionMessageConstant.MAC_ALGORITHM_NOT_SUPPORTED);
    }

    public static byte[] generateRandomBytes(int i10) {
        byte[] bArr = new byte[i10];
        BC_FACTORY.getSecureRandom().nextBytes(bArr);
        return bArr;
    }

    private String getKeyWrappingAlgorithmOid() {
        if (AnonymousClass1.$SwitchMap$com$itextpdf$kernel$mac$MacProperties$KeyWrappingAlgorithm[this.macProperties.getKeyWrappingAlgorithm().ordinal()] == 1) {
            return "2.16.840.1.101.3.4.1.45";
        }
        throw new PdfException(KernelExceptionMessageConstant.WRAP_ALGORITHM_NOT_SUPPORTED);
    }

    private String getMacAlgorithmOid() {
        if (AnonymousClass1.$SwitchMap$com$itextpdf$kernel$mac$MacProperties$MacAlgorithm[this.macProperties.getMacAlgorithm().ordinal()] == 1) {
            return "1.2.840.113549.2.9";
        }
        throw new PdfException(KernelExceptionMessageConstant.MAC_ALGORITHM_NOT_SUPPORTED);
    }

    private static MacProperties.MacDigestAlgorithm getMacDigestAlgorithm(String str) {
        str.getClass();
        char c10 = 65535;
        switch (str.hashCode()) {
            case -1225949696:
                if (str.equals(OID.SHA_256)) {
                    c10 = 0;
                    break;
                }
                break;
            case -1225949695:
                if (str.equals(OID.SHA_384)) {
                    c10 = 1;
                    break;
                }
                break;
            case -1225949694:
                if (str.equals(OID.SHA_512)) {
                    c10 = 2;
                    break;
                }
                break;
            case -1225949689:
                if (str.equals(OID.SHA3_256)) {
                    c10 = 3;
                    break;
                }
                break;
            case -1225949688:
                if (str.equals(OID.SHA3_384)) {
                    c10 = 4;
                    break;
                }
                break;
            case 650265136:
                if (str.equals(OID.SHA3_512)) {
                    c10 = 5;
                    break;
                }
                break;
        }
        switch (c10) {
            case 0:
                return MacProperties.MacDigestAlgorithm.SHA_256;
            case 1:
                return MacProperties.MacDigestAlgorithm.SHA_384;
            case 2:
                return MacProperties.MacDigestAlgorithm.SHA_512;
            case 3:
                return MacProperties.MacDigestAlgorithm.SHA3_256;
            case 4:
                return MacProperties.MacDigestAlgorithm.SHA3_384;
            case 5:
                return MacProperties.MacDigestAlgorithm.SHA3_512;
            default:
                throw new PdfException(KernelExceptionMessageConstant.DIGEST_NOT_SUPPORTED);
        }
    }

    public IDERSequence createMacContainer(byte[] bArr, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException, IOException {
        IBouncyCastleFactory iBouncyCastleFactory = BC_FACTORY;
        IASN1EncodableVector createASN1EncodableVector = iBouncyCastleFactory.createASN1EncodableVector();
        createASN1EncodableVector.add(iBouncyCastleFactory.createASN1ObjectIdentifier(OID.AUTHENTICATED_DATA));
        IASN1EncodableVector createASN1EncodableVector2 = iBouncyCastleFactory.createASN1EncodableVector();
        createASN1EncodableVector2.add(iBouncyCastleFactory.createASN1Integer(0));
        createASN1EncodableVector2.add(iBouncyCastleFactory.createDERTaggedObject(0, iBouncyCastleFactory.createASN1ObjectIdentifier(OID.KDF_PDF_MAC_WRAP_KDF)));
        createASN1EncodableVector2.add(iBouncyCastleFactory.createDERSequence(iBouncyCastleFactory.createASN1ObjectIdentifier(getKeyWrappingAlgorithmOid())));
        createASN1EncodableVector2.add(iBouncyCastleFactory.createDEROctetString(generateEncryptedKey(bArr2, iBouncyCastleFactory.generateHKDF(this.fileEncryptionKey, this.kdfSalt, PDF_MAC.getBytes(StandardCharsets.UTF_8)))));
        byte[] createPdfMacIntegrityInfo = createPdfMacIntegrityInfo(bArr, bArr3 == null ? null : digestBytes(bArr3));
        IASN1EncodableVector createASN1EncodableVector3 = iBouncyCastleFactory.createASN1EncodableVector();
        createASN1EncodableVector3.add(iBouncyCastleFactory.createASN1ObjectIdentifier(OID.CT_PDF_MAC_INTEGRITY_INFO));
        createASN1EncodableVector3.add(iBouncyCastleFactory.createDERTaggedObject(0, iBouncyCastleFactory.createDEROctetString(createPdfMacIntegrityInfo)));
        IDERSet createAuthAttributes = createAuthAttributes(createPdfMacIntegrityInfo);
        byte[] generateMac = generateMac(bArr2, createAuthAttributes.getEncoded());
        IASN1EncodableVector createASN1EncodableVector4 = iBouncyCastleFactory.createASN1EncodableVector();
        createASN1EncodableVector4.add(iBouncyCastleFactory.createASN1Integer(0));
        createASN1EncodableVector4.add(iBouncyCastleFactory.createDERSet(iBouncyCastleFactory.createDERTaggedObject(false, 3, iBouncyCastleFactory.createDERSequence(createASN1EncodableVector2))));
        createASN1EncodableVector4.add(iBouncyCastleFactory.createDERSequence(iBouncyCastleFactory.createASN1ObjectIdentifier(getMacAlgorithmOid())));
        createASN1EncodableVector4.add(iBouncyCastleFactory.createDERTaggedObject(false, 1, iBouncyCastleFactory.createDERSequence(iBouncyCastleFactory.createASN1ObjectIdentifier(DigestAlgorithms.getAllowedDigest(MacProperties.macDigestAlgorithmToString(this.macProperties.getMacDigestAlgorithm()))))));
        createASN1EncodableVector4.add(iBouncyCastleFactory.createDERSequence(createASN1EncodableVector3));
        createASN1EncodableVector4.add(iBouncyCastleFactory.createDERTaggedObject(false, 2, createAuthAttributes));
        createASN1EncodableVector4.add(iBouncyCastleFactory.createDEROctetString(generateMac));
        createASN1EncodableVector.add(iBouncyCastleFactory.createDERTaggedObject(0, iBouncyCastleFactory.createDERSequence(createASN1EncodableVector4)));
        return iBouncyCastleFactory.createDERSequence(createASN1EncodableVector);
    }

    public byte[] digestBytes(InputStream inputStream) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (inputStream == null) {
            return null;
        }
        MessageDigest messageDigest = DigestAlgorithms.getMessageDigest(MacProperties.macDigestAlgorithmToString(this.macProperties.getMacDigestAlgorithm()), BC_FACTORY.getProviderName());
        byte[] bArr = new byte[8192];
        while (true) {
            int read = inputStream.read(bArr, 0, 8192);
            if (read <= 0) {
                return messageDigest.digest();
            }
            messageDigest.update(bArr, 0, read);
        }
    }

    public byte[] digestBytes(byte[] bArr) throws NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (bArr == null) {
            return null;
        }
        return digestBytes(new ByteArrayInputStream(bArr));
    }

    public byte[] getKdfSalt() {
        if (this.kdfSalt == null) {
            this.kdfSalt = generateRandomBytes(32);
        }
        byte[] bArr = this.kdfSalt;
        return Arrays.copyOf(bArr, bArr.length);
    }

    public void setFileEncryptionKey(byte[] bArr) {
        this.fileEncryptionKey = bArr;
    }

    public void setKdfSalt(byte[] bArr) {
        this.kdfSalt = Arrays.copyOf(bArr, bArr.length);
    }

    public void validateMacToken() {
        if (this.kdfSalt == null) {
            throw new MacValidationException(KernelExceptionMessageConstant.MAC_VALIDATION_NO_SALT);
        }
        try {
            byte[] generateDecryptedKey = generateDecryptedKey(this.macContainerReader.parseMacKey());
            long[] byteRange = this.macContainerReader.getByteRange();
            RASInputStream rASInputStream = new RASInputStream(new RandomAccessSourceFactory().createRanged(this.document.getReader().getSafeFile().createSourceView(), byteRange));
            try {
                byte[] digestBytes = digestBytes(rASInputStream);
                rASInputStream.close();
                byte[] generateMac = generateMac(generateDecryptedKey, this.macContainerReader.parseAuthAttributes().getEncoded());
                byte[] encoded = createMessageDigestSequence(createPdfMacIntegrityInfo(digestBytes, digestBytes(this.macContainerReader.getSignature()))).getEncoded();
                byte[] encoded2 = this.macContainerReader.parseMessageDigest().getEncoded();
                if (!Arrays.equals(generateMac, this.macContainerReader.parseMac()) || !Arrays.equals(encoded, encoded2)) {
                    throw new MacValidationException(KernelExceptionMessageConstant.MAC_VALIDATION_FAILED);
                }
            } catch (Throwable th) {
                try {
                    throw th;
                } catch (Throwable th2) {
                    try {
                        rASInputStream.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                    throw th2;
                }
            }
        } catch (PdfException e10) {
            throw e10;
        } catch (Exception e11) {
            throw new MacValidationException(KernelExceptionMessageConstant.MAC_VALIDATION_EXCEPTION, e11);
        }
    }
}
