package com.mixaimaging.pdfbox.pdmodel.encryption;

import com.dropbox.core.oauth.DbxOAuthError;
import f.c.c.b.n;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import k.a.a.b1;
import k.a.a.f2.a;
import k.a.a.h;
import k.a.a.l;
import k.a.a.q;
import k.a.a.v0;
import k.a.a.v1.c;
import k.a.a.v1.d;
import k.a.a.v1.e;
import k.a.a.v1.j;
import k.a.a.v1.r;
import k.a.a.x0;
import k.a.b.b;
import k.a.c.a0;
import k.a.c.f;
import k.a.c.s;
import k.a.c.z;

/* loaded from: classes2.dex */
public final class PublicKeySecurityHandler extends SecurityHandler {
    public static final String FILTER = "Adobe.PubSec";
    private static final String SUBFILTER = "adbe.pkcs7.s4";
    private PublicKeyProtectionPolicy policy;

    public PublicKeySecurityHandler() {
        this.policy = null;
    }

    public PublicKeySecurityHandler(PublicKeyProtectionPolicy publicKeyProtectionPolicy) {
        this.policy = null;
        this.policy = publicKeyProtectionPolicy;
        this.keyLength = publicKeyProtectionPolicy.getEncryptionKeyLength();
    }

    private void appendCertInfo(StringBuilder sb, s sVar, X509Certificate x509Certificate, b bVar) {
        BigInteger b = sVar.b();
        if (b != null) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber != null ? serialNumber.toString(16) : DbxOAuthError.UNKNOWN;
            sb.append("serial-#: rid ");
            sb.append(b.toString(16));
            sb.append(" vs. cert ");
            sb.append(bigInteger);
            sb.append(" issuer: rid '");
            sb.append(sVar.a());
            sb.append("' vs. cert '");
            sb.append(bVar == null ? "null" : bVar.b());
            sb.append("' ");
        }
    }

    private j computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        h hVar = new h(x509Certificate.getTBSCertificate());
        k.a.a.f2.h g2 = k.a.a.f2.h.g(hVar.E());
        hVar.close();
        a g3 = g2.j().g();
        e eVar = new e(g2.h(), g2.i().p());
        try {
            Cipher cipher = Cipher.getInstance(g3.g().r());
            cipher.init(1, x509Certificate.getPublicKey());
            return new j(new r(eVar), g3, new v0(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e2);
        } catch (NoSuchPaddingException e3) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e3);
        }
    }

    private byte[][] computeRecipientsField(byte[] bArr) throws GeneralSecurityException, IOException {
        byte[][] bArr2 = new byte[this.policy.getNumberOfRecipients()];
        Iterator<PublicKeyRecipient> recipientsIterator = this.policy.getRecipientsIterator();
        int i2 = 0;
        while (recipientsIterator.hasNext()) {
            PublicKeyRecipient next = recipientsIterator.next();
            X509Certificate x509 = next.getX509();
            int permissionBytesForPublicKey = next.getPermission().getPermissionBytesForPublicKey();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (permissionBytesForPublicKey >>> 24);
            bArr3[21] = (byte) (permissionBytesForPublicKey >>> 16);
            bArr3[22] = (byte) (permissionBytesForPublicKey >>> 8);
            bArr3[23] = (byte) permissionBytesForPublicKey;
            q createDERForRecipient = createDERForRecipient(bArr3, x509);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new x0(byteArrayOutputStream).j(createDERForRecipient);
            bArr2[i2] = byteArrayOutputStream.toByteArray();
            i2++;
        }
        return bArr2;
    }

    private q createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        try {
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance("1.2.840.113549.3.2");
            KeyGenerator keyGenerator = KeyGenerator.getInstance("1.2.840.113549.3.2");
            Cipher cipher = Cipher.getInstance("1.2.840.113549.3.2");
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            h hVar = new h(generateParameters.getEncoded("ASN.1"));
            q E = hVar.E();
            hVar.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            byte[] doFinal = cipher.doFinal(bArr);
            return new k.a.a.v1.b(k.a.a.c2.a.s, new d(null, new b1(new k.a.a.v1.s(computeRecipientInfo(x509Certificate, generateKey.getEncoded()))), new c(k.a.a.c2.a.q, new a(new l("1.2.840.113549.3.2"), E), new v0(doFinal)), null)).b();
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e2);
        } catch (NoSuchPaddingException e3) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e3);
        }
    }

    @Override // com.mixaimaging.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareDocumentForEncryption(f.c.c.g.b bVar) throws IOException {
        if (this.keyLength == 256) {
            throw new IOException("256 bit key length is not supported yet for public key security");
        }
        try {
            Security.addProvider(new k.a.e.a.a());
            PDEncryption m = bVar.m();
            if (m == null) {
                m = new PDEncryption();
            }
            m.setFilter(FILTER);
            m.setLength(this.keyLength);
            m.setVersion(2);
            m.setSubFilter(SUBFILTER);
            int i2 = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                m.setRecipients(computeRecipientsField(bArr));
                int i3 = 20;
                for (int i4 = 0; i4 < m.getRecipientsLength(); i4++) {
                    i3 += m.getRecipientStringAt(i4).K().length;
                }
                byte[] bArr2 = new byte[i3];
                System.arraycopy(bArr, 0, bArr2, 0, 20);
                for (int i5 = 0; i5 < m.getRecipientsLength(); i5++) {
                    n recipientStringAt = m.getRecipientStringAt(i5);
                    System.arraycopy(recipientStringAt.K(), 0, bArr2, i2, recipientStringAt.K().length);
                    i2 += recipientStringAt.K().length;
                }
                byte[] digest = MessageDigests.getSHA1().digest(bArr2);
                int i6 = this.keyLength;
                byte[] bArr3 = new byte[i6 / 8];
                this.encryptionKey = bArr3;
                System.arraycopy(digest, 0, bArr3, 0, i6 / 8);
                bVar.T(m);
                bVar.b().q0(m.getCOSDictionary());
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException(e2);
            }
        } catch (GeneralSecurityException e3) {
            throw new IOException(e3);
        }
    }

    @Override // com.mixaimaging.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareForDecryption(PDEncryption pDEncryption, f.c.c.b.a aVar, DecryptionMaterial decryptionMaterial) throws IOException {
        if (!(decryptionMaterial instanceof PublicKeyDecryptionMaterial)) {
            throw new IOException("Provided decryption material is not compatible with the document");
        }
        this.decryptMetadata = pDEncryption.isEncryptMetaData();
        if (pDEncryption.getLength() != 0) {
            this.keyLength = pDEncryption.getLength();
        }
        PublicKeyDecryptionMaterial publicKeyDecryptionMaterial = (PublicKeyDecryptionMaterial) decryptionMaterial;
        try {
            int recipientsLength = pDEncryption.getRecipientsLength();
            byte[][] bArr = new byte[recipientsLength];
            StringBuilder sb = new StringBuilder();
            int i2 = 0;
            boolean z = false;
            byte[] bArr2 = null;
            int i3 = 0;
            while (i2 < pDEncryption.getRecipientsLength()) {
                byte[] K = pDEncryption.getRecipientStringAt(i2).K();
                Iterator it = new k.a.c.c(K).a().a().iterator();
                int i4 = 0;
                while (true) {
                    if (it.hasNext()) {
                        a0 a0Var = (a0) it.next();
                        X509Certificate certificate = publicKeyDecryptionMaterial.getCertificate();
                        b bVar = certificate != null ? new b(certificate.getEncoded()) : null;
                        z c = a0Var.c();
                        if (c.a0(bVar) && !z) {
                            k.a.c.d0.e eVar = new k.a.c.d0.e((PrivateKey) publicKeyDecryptionMaterial.getPrivateKey());
                            eVar.i("BC");
                            bArr2 = a0Var.a(eVar);
                            z = true;
                            break;
                        }
                        i4++;
                        if (certificate != null) {
                            sb.append('\n');
                            sb.append(i4);
                            sb.append(": ");
                            if (c instanceof s) {
                                appendCertInfo(sb, (s) c, certificate, bVar);
                            }
                        }
                    }
                }
                bArr[i2] = K;
                i3 += K.length;
                i2++;
            }
            if (!z || bArr2 == null) {
                throw new IOException("The certificate matches none of " + i2 + " recipient entries" + sb.toString());
            }
            if (bArr2.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            int i5 = 20;
            System.arraycopy(bArr2, 20, bArr3, 0, 4);
            AccessPermission accessPermission = new AccessPermission(bArr3);
            this.currentAccessPermission = accessPermission;
            accessPermission.setReadOnly();
            byte[] bArr4 = new byte[i3 + 20];
            int i6 = 0;
            System.arraycopy(bArr2, 0, bArr4, 0, 20);
            int i7 = 0;
            while (i7 < recipientsLength) {
                byte[] bArr5 = bArr[i7];
                System.arraycopy(bArr5, i6, bArr4, i5, bArr5.length);
                i5 += bArr5.length;
                i7++;
                i6 = 0;
            }
            byte[] digest = MessageDigests.getSHA1().digest(bArr4);
            int i8 = this.keyLength;
            byte[] bArr6 = new byte[i8 / 8];
            this.encryptionKey = bArr6;
            System.arraycopy(digest, 0, bArr6, 0, i8 / 8);
        } catch (KeyStoreException e2) {
            throw new IOException(e2);
        } catch (CertificateEncodingException e3) {
            throw new IOException(e3);
        } catch (f e4) {
            throw new IOException(e4);
        }
    }
}
