package com.itextpdf.kernel.crypto.securityhandler;

import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
import com.itextpdf.commons.bouncycastle.IBouncyCastleFactory;
import com.itextpdf.commons.bouncycastle.asn1.IASN1InputStream;
import com.itextpdf.commons.bouncycastle.asn1.IASN1Primitive;
import com.itextpdf.commons.bouncycastle.asn1.x509.IAlgorithmIdentifier;
import com.itextpdf.commons.bouncycastle.cert.IX509CertificateHolder;
import com.itextpdf.commons.bouncycastle.cms.IRecipientInformation;
import com.itextpdf.commons.utils.MessageFormatUtil;
import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.kernel.pdf.PdfArray;
import com.itextpdf.kernel.pdf.PdfEncryptor;
import com.itextpdf.kernel.security.IExternalDecryptionProcess;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

/* loaded from: classes3.dex */
final class EncryptionUtils {
    private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.getFactory();
    private static final String ENVELOPE_ENCRYPTION_ALGORITHM_JCA_NAME = "AES/CBC/PKCS5Padding";
    private static final String ENVELOPE_ENCRYPTION_ALGORITHM_OID = "2.16.840.1.101.3.4.1.42";
    private static final int ENVELOPE_ENCRYPTION_KEY_LENGTH = 256;
    private static final Set<String> UNSUPPORTED_ALGORITHMS;

    /* loaded from: classes3.dex */
    static class DERForRecipientParams {
        byte[] abyte0;
        byte[] abyte1;
        IAlgorithmIdentifier algorithmIdentifier;

        DERForRecipientParams() {
        }
    }

    static {
        HashSet hashSet = new HashSet();
        UNSUPPORTED_ALGORITHMS = hashSet;
        hashSet.add("1.2.840.10045.2.1");
    }

    EncryptionUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DERForRecipientParams calculateDERForRecipientParams(byte[] bArr) throws IOException, GeneralSecurityException {
        DERForRecipientParams dERForRecipientParams = new DERForRecipientParams();
        AlgorithmParameters generateParameters = AlgorithmParameterGenerator.getInstance(ENVELOPE_ENCRYPTION_ALGORITHM_OID).generateParameters();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(generateParameters.getEncoded("ASN.1"));
        IBouncyCastleFactory iBouncyCastleFactory = BOUNCY_CASTLE_FACTORY;
        IASN1InputStream createASN1InputStream = iBouncyCastleFactory.createASN1InputStream(byteArrayInputStream);
        try {
            IASN1Primitive readObject = createASN1InputStream.readObject();
            createASN1InputStream.close();
            KeyGenerator keyGenerator = "BC".equals(iBouncyCastleFactory.getProviderName()) ? KeyGenerator.getInstance(ENVELOPE_ENCRYPTION_ALGORITHM_OID) : KeyGenerator.getInstance(ENVELOPE_ENCRYPTION_ALGORITHM_OID, iBouncyCastleFactory.getProvider());
            keyGenerator.init(256, iBouncyCastleFactory.getSecureRandom());
            SecretKey generateKey = keyGenerator.generateKey();
            Cipher cipher = "BC".equals(iBouncyCastleFactory.getProviderName()) ? Cipher.getInstance(ENVELOPE_ENCRYPTION_ALGORITHM_JCA_NAME) : Cipher.getInstance(ENVELOPE_ENCRYPTION_ALGORITHM_JCA_NAME, iBouncyCastleFactory.getProvider());
            cipher.init(1, generateKey, generateParameters);
            dERForRecipientParams.abyte0 = generateKey.getEncoded();
            dERForRecipientParams.abyte1 = cipher.doFinal(bArr);
            dERForRecipientParams.algorithmIdentifier = iBouncyCastleFactory.createAlgorithmIdentifier(iBouncyCastleFactory.createASN1ObjectIdentifier(ENVELOPE_ENCRYPTION_ALGORITHM_OID), readObject);
            return dERForRecipientParams;
        } catch (Throwable th2) {
            try {
                throw th2;
            } catch (Throwable th3) {
                if (createASN1InputStream != null) {
                    try {
                        createASN1InputStream.close();
                    } catch (Throwable th4) {
                        th2.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] cipherBytes(X509Certificate x509Certificate, byte[] bArr, IAlgorithmIdentifier iAlgorithmIdentifier) throws GeneralSecurityException {
        String id2 = iAlgorithmIdentifier.getAlgorithm().getId();
        if (UNSUPPORTED_ALGORITHMS.contains(id2)) {
            throw new PdfException(MessageFormatUtil.format(KernelExceptionMessageConstant.ALGORITHM_IS_NOT_SUPPORTED, id2));
        }
        return BOUNCY_CASTLE_FACTORY.createCipherBytes(x509Certificate, bArr, iAlgorithmIdentifier);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] fetchEnvelopedData(Key key, Certificate certificate, String str, IExternalDecryptionProcess iExternalDecryptionProcess, PdfArray pdfArray) {
        boolean z10;
        try {
            IX509CertificateHolder createX509CertificateHolder = BOUNCY_CASTLE_FACTORY.createX509CertificateHolder(certificate.getEncoded());
            byte[] bArr = null;
            if (iExternalDecryptionProcess == null) {
                z10 = false;
                for (int i10 = 0; i10 < pdfArray.size(); i10++) {
                    try {
                        for (IRecipientInformation iRecipientInformation : BOUNCY_CASTLE_FACTORY.createCMSEnvelopedData(pdfArray.getAsString(i10).getValueBytes()).getRecipientInfos().getRecipients()) {
                            if (iRecipientInformation.getRID().match(createX509CertificateHolder) && !z10) {
                                bArr = PdfEncryptor.getContent(iRecipientInformation, (PrivateKey) key, str);
                                z10 = true;
                            }
                        }
                    } catch (Exception e10) {
                        BouncyCastleFactoryCreator.getFactory().isEncryptionFeatureSupported(0, true);
                        throw new PdfException(KernelExceptionMessageConstant.PDF_DECRYPTION, (Throwable) e10);
                    }
                }
            } else {
                boolean z11 = false;
                for (int i11 = 0; i11 < pdfArray.size(); i11++) {
                    try {
                        IRecipientInformation iRecipientInformation2 = BOUNCY_CASTLE_FACTORY.createCMSEnvelopedData(pdfArray.getAsString(i11).getValueBytes()).getRecipientInfos().get(iExternalDecryptionProcess.getCmsRecipientId());
                        if (iRecipientInformation2 != null) {
                            bArr = iRecipientInformation2.getContent(iExternalDecryptionProcess.getCmsRecipient());
                            z11 = true;
                        }
                    } catch (Exception e11) {
                        throw new PdfException(KernelExceptionMessageConstant.PDF_DECRYPTION, (Throwable) e11);
                    }
                }
                z10 = z11;
            }
            if (!z10 || bArr == null) {
                throw new PdfException(KernelExceptionMessageConstant.BAD_CERTIFICATE_AND_KEY);
            }
            return bArr;
        } catch (Exception e12) {
            throw new PdfException(KernelExceptionMessageConstant.PDF_DECRYPTION, (Throwable) e12);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] generateSeed(int i10) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(192, new SecureRandom());
            byte[] bArr = new byte[i10];
            System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, i10);
            return bArr;
        } catch (NoSuchAlgorithmException unused) {
            return SecureRandom.getSeed(i10);
        }
    }
}
