package sh;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.OriginatorInfo;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.KeyTransRecipientId;
import org.bouncycastle.cms.RecipientId;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;

/* compiled from: PublicKeySecurityHandler.java */
/* loaded from: classes4.dex */
public final class l extends o {

    /* renamed from: n, reason: collision with root package name */
    public static final String f84700n = "Adobe.PubSec";

    /* renamed from: o, reason: collision with root package name */
    public static final String f84701o = "adbe.pkcs7.s4";

    /* renamed from: p, reason: collision with root package name */
    public static final String f84702p = "adbe.pkcs7.s5";

    public l() {
    }

    public l(j jVar) {
        this.f84715h = jVar;
        Objects.requireNonNull(jVar);
        this.f84708a = jVar.f84691a;
    }

    public final void I(StringBuilder sb2, KeyTransRecipientId keyTransRecipientId, X509Certificate x509Certificate, X509CertificateHolder x509CertificateHolder) {
        BigInteger serialNumber = keyTransRecipientId.getSerialNumber();
        if (serialNumber != null) {
            BigInteger serialNumber2 = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber2 != null ? serialNumber2.toString(16) : "unknown";
            sb2.append("serial-#: rid ");
            sb2.append(serialNumber.toString(16));
            sb2.append(" vs. cert ");
            sb2.append(bigInteger);
            sb2.append(" issuer: rid '");
            sb2.append(keyTransRecipientId.getIssuer());
            sb2.append("' vs. cert '");
            sb2.append(x509CertificateHolder == null ? "null" : x509CertificateHolder.getIssuer());
            sb2.append("' ");
        }
    }

    public final KeyTransRecipientInfo J(X509Certificate x509Certificate, byte[] bArr) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(x509Certificate.getTBSCertificate());
        TBSCertificate tBSCertificate = TBSCertificate.getInstance(aSN1InputStream.readObject());
        aSN1InputStream.close();
        AlgorithmIdentifier algorithm = tBSCertificate.getSubjectPublicKeyInfo().getAlgorithm();
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(tBSCertificate.getIssuer(), tBSCertificate.getSerialNumber().getValue());
        try {
            Cipher cipher = Cipher.getInstance(algorithm.getAlgorithm().getId(), q.a());
            cipher.init(1, x509Certificate.getPublicKey());
            return new KeyTransRecipientInfo(new RecipientIdentifier(issuerAndSerialNumber), algorithm, new DEROctetString(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e10) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    public final byte[][] K(byte[] bArr) throws GeneralSecurityException, IOException {
        j jVar = (j) this.f84715h;
        byte[][] bArr2 = new byte[jVar.g()];
        Iterator<k> h10 = jVar.h();
        int i10 = 0;
        while (h10.hasNext()) {
            k next = h10.next();
            X509Certificate b10 = next.b();
            int k10 = next.a().k();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (k10 >>> 24);
            bArr3[21] = (byte) (k10 >>> 16);
            bArr3[22] = (byte) (k10 >>> 8);
            bArr3[23] = (byte) k10;
            ASN1Primitive L = L(bArr3, b10);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            L.encodeTo(byteArrayOutputStream, "DER");
            bArr2[i10] = byteArrayOutputStream.toByteArray();
            i10++;
        }
        return bArr2;
    }

    public final ASN1Primitive L(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        String id2 = PKCSObjectIdentifiers.RC2_CBC.getId();
        try {
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(id2, q.a());
            KeyGenerator keyGenerator = KeyGenerator.getInstance(id2, q.a());
            Cipher cipher = Cipher.getInstance(id2, q.a());
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            ASN1InputStream aSN1InputStream = new ASN1InputStream(generateParameters.getEncoded("ASN.1"));
            ASN1Primitive readObject = aSN1InputStream.readObject();
            aSN1InputStream.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            byte[] doFinal = cipher.doFinal(bArr);
            return new ContentInfo(PKCSObjectIdentifiers.envelopedData, new EnvelopedData((OriginatorInfo) null, new DERSet(new RecipientInfo(J(x509Certificate, generateKey.getEncoded()))), new EncryptedContentInfo(PKCSObjectIdentifiers.data, new AlgorithmIdentifier(new ASN1ObjectIdentifier(id2), readObject), new DEROctetString(doFinal)), (ASN1Set) null)).toASN1Primitive();
        } catch (NoSuchAlgorithmException e10) {
            throw new IOException(android.support.v4.media.g.a("Could not find a suitable javax.crypto provider for algorithm ", id2, "; possible reason: using an unsigned .jar file"), e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    public final void M(f fVar, dh.i iVar, byte[][] bArr) {
        e eVar = new e();
        eVar.g(iVar);
        eVar.i(this.f84708a);
        dh.a aVar = new dh.a();
        for (byte[] bArr2 : bArr) {
            aVar.h1(new dh.p(bArr2));
        }
        eVar.f84679a.q3(dh.i.S8, aVar);
        aVar.f48762a = true;
        fVar.L(eVar);
        dh.i iVar2 = dh.i.F3;
        fVar.W(iVar2);
        fVar.X(iVar2);
        eVar.f84679a.O0(true);
        this.f84714g = true;
    }

    @Override // sh.o
    public void x(jh.f fVar) throws IOException {
        byte[] digest;
        try {
            f u10 = fVar.u();
            if (u10 == null) {
                u10 = new f();
            }
            u10.M(f84700n);
            u10.N(this.f84708a);
            int b10 = b();
            u10.d0(b10);
            u10.J();
            int i10 = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                byte[][] K = K(bArr);
                int i11 = 20;
                for (byte[] bArr2 : K) {
                    i11 += bArr2.length;
                }
                byte[] bArr3 = new byte[i11];
                System.arraycopy(bArr, 0, bArr3, 0, 20);
                for (byte[] bArr4 : K) {
                    System.arraycopy(bArr4, 0, bArr3, i10, bArr4.length);
                    i10 += bArr4.length;
                }
                if (b10 == 4) {
                    u10.Y(f84702p);
                    digest = d.b().digest(bArr3);
                    M(u10, dh.i.f48973q, K);
                } else if (b10 != 5) {
                    u10.Y(f84701o);
                    digest = d.b().digest(bArr3);
                    u10.S(K);
                } else {
                    u10.Y(f84702p);
                    digest = d.c().digest(bArr3);
                    M(u10, dh.i.f48984r, K);
                }
                int i12 = this.f84708a;
                byte[] bArr5 = new byte[i12 / 8];
                this.f84709b = bArr5;
                System.arraycopy(digest, 0, bArr5, 0, i12 / 8);
                fVar.p1(u10);
                fVar.p().j2(u10.c0());
            } catch (NoSuchAlgorithmException e10) {
                throw new RuntimeException(e10);
            }
        } catch (GeneralSecurityException e11) {
            throw new IOException(e11);
        }
    }

    @Override // sh.o
    public void y(f fVar, dh.a aVar, b bVar) throws IOException {
        byte[] digest;
        boolean z10;
        i iVar;
        if (!(bVar instanceof i)) {
            throw new IOException("Provided decryption material is not compatible with the document - did you pass a null keyStore?");
        }
        this.f84711d = fVar.I();
        e f10 = fVar.f();
        if (f10 != null && f10.f() != 0) {
            this.f84708a = f10.f();
        } else if (fVar.i() != 0) {
            this.f84708a = fVar.i();
        }
        i iVar2 = (i) bVar;
        try {
            X509Certificate a10 = iVar2.a();
            byte[] bArr = null;
            X509CertificateHolder x509CertificateHolder = a10 != null ? new X509CertificateHolder(a10.getEncoded()) : null;
            dh.d c02 = fVar.c0();
            dh.i iVar3 = dh.i.S8;
            dh.a M1 = c02.M1(iVar3);
            if (M1 == null && f10 != null) {
                M1 = f10.c0().M1(iVar3);
            }
            if (M1 == null) {
                throw new IOException("/Recipients entry is missing in encryption dictionary");
            }
            int size = M1.size();
            byte[][] bArr2 = new byte[size];
            StringBuilder sb2 = new StringBuilder();
            int i10 = 0;
            boolean z11 = false;
            int i11 = 0;
            while (i10 < M1.size()) {
                dh.p pVar = (dh.p) M1.T1(i10);
                Objects.requireNonNull(pVar);
                byte[] bArr3 = pVar.f49096b;
                Iterator<RecipientInformation> it = new CMSEnvelopedData(bArr3).getRecipientInfos().getRecipients().iterator();
                int i12 = 0;
                while (true) {
                    if (!it.hasNext()) {
                        iVar = iVar2;
                        break;
                    }
                    RecipientInformation next = it.next();
                    Iterator<RecipientInformation> it2 = it;
                    RecipientId rid = next.getRID();
                    if (!z11 && rid.match(x509CertificateHolder)) {
                        bArr = next.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) iVar2.c()));
                        iVar = iVar2;
                        z11 = true;
                        break;
                    }
                    i iVar4 = iVar2;
                    int i13 = i12 + 1;
                    if (a10 != null) {
                        sb2.append('\n');
                        sb2.append(i13);
                        sb2.append(": ");
                        if (rid instanceof KeyTransRecipientId) {
                            I(sb2, (KeyTransRecipientId) rid, a10, x509CertificateHolder);
                        }
                    }
                    i12 = i13;
                    it = it2;
                    iVar2 = iVar4;
                }
                bArr2[i10] = bArr3;
                i11 += bArr3.length;
                i10++;
                iVar2 = iVar;
            }
            if (!z11 || bArr == null) {
                throw new IOException("The certificate matches none of " + M1.size() + " recipient entries" + sb2.toString());
            }
            if (bArr.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr4 = new byte[4];
            int i14 = 20;
            System.arraycopy(bArr, 20, bArr4, 0, 4);
            a aVar2 = new a(bArr4);
            aVar2.f84678b = true;
            this.f84716i = aVar2;
            byte[] bArr5 = new byte[i11 + 20];
            int i15 = 0;
            System.arraycopy(bArr, 0, bArr5, 0, 20);
            int i16 = 0;
            while (i16 < size) {
                byte[] bArr6 = bArr2[i16];
                System.arraycopy(bArr6, i15, bArr5, i14, bArr6.length);
                i14 += bArr6.length;
                i16++;
                i15 = 0;
            }
            if (fVar.G() != 4 && fVar.G() != 5) {
                digest = d.b().digest(bArr5);
                int i17 = this.f84708a;
                byte[] bArr7 = new byte[i17 / 8];
                this.f84709b = bArr7;
                System.arraycopy(digest, 0, bArr7, 0, i17 / 8);
            }
            digest = fVar.G() == 4 ? d.b().digest(bArr5) : d.c().digest(bArr5);
            if (f10 != null) {
                dh.i e10 = f10.e();
                if (!dh.i.f48973q.equals(e10) && !dh.i.f48984r.equals(e10)) {
                    z10 = false;
                    this.f84714g = z10;
                }
                z10 = true;
                this.f84714g = z10;
            }
            int i172 = this.f84708a;
            byte[] bArr72 = new byte[i172 / 8];
            this.f84709b = bArr72;
            System.arraycopy(digest, 0, bArr72, 0, i172 / 8);
        } catch (KeyStoreException e11) {
            throw new IOException(e11);
        } catch (CertificateEncodingException e12) {
            throw new IOException(e12);
        } catch (CMSException e13) {
            throw new IOException(e13);
        }
    }
}
