package com.tom_roush.pdfbox.pdmodel.encryption;

import dv.o;
import dv.q1;
import dv.u;
import dv.v1;
import dv.y;
import gv.r;
import gv.s;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.bouncycastle.cms.CMSException;
import zv.p;
import zv.w;
import zv.x;

/* loaded from: classes2.dex */
public final class PublicKeySecurityHandler extends SecurityHandler {
    public static final String FILTER = "Adobe.PubSec";
    private static final String SUBFILTER4 = "adbe.pkcs7.s4";
    private static final String SUBFILTER5 = "adbe.pkcs7.s5";

    public PublicKeySecurityHandler() {
    }

    public PublicKeySecurityHandler(h hVar) {
        setProtectionPolicy(hVar);
        throw null;
    }

    private void appendCertInfo(StringBuilder sb2, p pVar, X509Certificate x509Certificate, xv.b bVar) {
        BigInteger b11 = pVar.b();
        if (b11 != null) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber != null ? serialNumber.toString(16) : "unknown";
            sb2.append("serial-#: rid ");
            sb2.append(b11.toString(16));
            sb2.append(" vs. cert ");
            sb2.append(bigInteger);
            sb2.append(" issuer: rid '");
            sb2.append(pVar.a());
            sb2.append("' vs. cert '");
            sb2.append(bVar == null ? "null" : bVar.b());
            sb2.append("' ");
        }
    }

    private gv.j computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        o oVar = new o(x509Certificate.getTBSCertificate());
        vv.g n11 = vv.g.n(oVar.m());
        oVar.close();
        vv.a l11 = n11.s().l();
        gv.e eVar = new gv.e(n11.o(), n11.r().E());
        try {
            Cipher cipher = Cipher.getInstance(l11.l().F(), l.a());
            cipher.init(1, x509Certificate.getPublicKey());
            return new gv.j(new r(eVar), l11, new q1(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        } catch (NoSuchPaddingException e12) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e12);
        }
    }

    private byte[][] computeRecipientsField(byte[] bArr) throws GeneralSecurityException, IOException {
        android.support.v4.media.session.b.a(getProtectionPolicy());
        throw null;
    }

    private y createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        String F = pv.a.E.F();
        try {
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(F, l.a());
            KeyGenerator keyGenerator = KeyGenerator.getInstance(F, l.a());
            Cipher cipher = Cipher.getInstance(F, l.a());
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            o oVar = new o(generateParameters.getEncoded("ASN.1"));
            y m11 = oVar.m();
            oVar.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            return new gv.b(pv.a.U, new gv.d(null, new v1(new s(computeRecipientInfo(x509Certificate, generateKey.getEncoded()))), new gv.c(pv.a.S, new vv.a(new u(F), m11), new q1(cipher.doFinal(bArr))), null)).e();
        } catch (NoSuchAlgorithmException e11) {
            throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + F + "; possible reason: using an unsigned .jar file", e11);
        } catch (NoSuchPaddingException e12) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e12);
        }
    }

    private void prepareEncryptionDictAES(e eVar, ap.i iVar, byte[][] bArr) {
        d dVar = new d();
        dVar.d(iVar);
        dVar.e(getKeyLength());
        ap.a aVar = new ap.a();
        for (byte[] bArr2 : bArr) {
            aVar.W0(new ap.p(bArr2));
        }
        dVar.g0().t2(ap.i.C7, aVar);
        aVar.O0(true);
        eVar.u(dVar);
        ap.i iVar2 = ap.i.f6768t2;
        eVar.G(iVar2);
        eVar.H(iVar2);
        dVar.g0().O0(true);
        setAES(true);
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareDocumentForEncryption(gp.e eVar) throws IOException {
        byte[] digest;
        try {
            e h11 = eVar.h();
            if (h11 == null) {
                h11 = new e();
            }
            h11.v(FILTER);
            h11.x(getKeyLength());
            int computeVersionNumber = computeVersionNumber();
            h11.L(computeVersionNumber);
            h11.s();
            int i11 = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                byte[][] computeRecipientsField = computeRecipientsField(bArr);
                int i12 = 20;
                for (byte[] bArr2 : computeRecipientsField) {
                    i12 += bArr2.length;
                }
                byte[] bArr3 = new byte[i12];
                System.arraycopy(bArr, 0, bArr3, 0, 20);
                for (byte[] bArr4 : computeRecipientsField) {
                    System.arraycopy(bArr4, 0, bArr3, i11, bArr4.length);
                    i11 += bArr4.length;
                }
                if (computeVersionNumber == 4) {
                    h11.I(SUBFILTER5);
                    digest = c.b().digest(bArr3);
                    prepareEncryptionDictAES(h11, ap.i.f6726p, computeRecipientsField);
                } else if (computeVersionNumber != 5) {
                    h11.I(SUBFILTER4);
                    digest = c.b().digest(bArr3);
                    h11.C(computeRecipientsField);
                } else {
                    h11.I(SUBFILTER5);
                    digest = c.c().digest(bArr3);
                    prepareEncryptionDictAES(h11, ap.i.f6736q, computeRecipientsField);
                }
                setEncryptionKey(new byte[getKeyLength() / 8]);
                System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
                eVar.M0(h11);
                eVar.b().P1(h11.g0());
            } catch (NoSuchAlgorithmException e11) {
                throw new RuntimeException(e11);
            }
        } catch (GeneralSecurityException e12) {
            throw new IOException(e12);
        }
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareForDecryption(e eVar, ap.a aVar, b bVar) throws IOException {
        byte[] digest;
        boolean z11;
        g gVar;
        if (!(bVar instanceof g)) {
            throw new IOException("Provided decryption material is not compatible with the document - did you pass a null keyStore?");
        }
        setDecryptMetadata(eVar.r());
        d c11 = eVar.c();
        if (c11 != null && c11.c() != 0) {
            setKeyLength(c11.c());
        } else if (eVar.e() != 0) {
            setKeyLength(eVar.e());
        }
        g gVar2 = (g) bVar;
        try {
            X509Certificate a11 = gVar2.a();
            byte[] bArr = null;
            xv.b bVar2 = a11 != null ? new xv.b(a11.getEncoded()) : null;
            ap.d g02 = eVar.g0();
            ap.i iVar = ap.i.C7;
            ap.a v12 = g02.v1(iVar);
            if (v12 == null && c11 != null) {
                v12 = c11.g0().v1(iVar);
            }
            if (v12 == null) {
                throw new IOException("/Recipients entry is missing in encryption dictionary");
            }
            int size = v12.size();
            byte[][] bArr2 = new byte[size];
            StringBuilder sb2 = new StringBuilder();
            int i11 = 0;
            boolean z12 = false;
            int i12 = 0;
            while (i11 < v12.size()) {
                byte[] S0 = ((ap.p) v12.w1(i11)).S0();
                Iterator it = new zv.c(S0).a().d().iterator();
                int i13 = 0;
                while (true) {
                    if (!it.hasNext()) {
                        gVar = gVar2;
                        break;
                    }
                    x xVar = (x) it.next();
                    Iterator it2 = it;
                    w c12 = xVar.c();
                    if (!z12 && c12.v1(bVar2)) {
                        bArr = xVar.a(new aw.e((PrivateKey) gVar2.b()));
                        gVar = gVar2;
                        z12 = true;
                        break;
                    }
                    g gVar3 = gVar2;
                    int i14 = i13 + 1;
                    if (a11 != null) {
                        sb2.append('\n');
                        sb2.append(i14);
                        sb2.append(": ");
                        if (c12 instanceof p) {
                            appendCertInfo(sb2, (p) c12, a11, bVar2);
                        }
                    }
                    i13 = i14;
                    it = it2;
                    gVar2 = gVar3;
                }
                bArr2[i11] = S0;
                i12 += S0.length;
                i11++;
                gVar2 = gVar;
            }
            if (!z12 || bArr == null) {
                throw new IOException("The certificate matches none of " + v12.size() + " recipient entries" + sb2.toString());
            }
            if (bArr.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            int i15 = 20;
            System.arraycopy(bArr, 20, bArr3, 0, 4);
            a aVar2 = new a(bArr3);
            aVar2.r();
            setCurrentAccessPermission(aVar2);
            byte[] bArr4 = new byte[i12 + 20];
            int i16 = 0;
            System.arraycopy(bArr, 0, bArr4, 0, 20);
            int i17 = 0;
            while (i17 < size) {
                byte[] bArr5 = bArr2[i17];
                System.arraycopy(bArr5, i16, bArr4, i15, bArr5.length);
                i15 += bArr5.length;
                i17++;
                i16 = 0;
            }
            if (eVar.q() != 4 && eVar.q() != 5) {
                digest = c.b().digest(bArr4);
                setEncryptionKey(new byte[getKeyLength() / 8]);
                System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
            }
            digest = eVar.q() == 4 ? c.b().digest(bArr4) : c.c().digest(bArr4);
            if (c11 != null) {
                ap.i b11 = c11.b();
                if (!ap.i.f6726p.equals(b11) && !ap.i.f6736q.equals(b11)) {
                    z11 = false;
                    setAES(z11);
                }
                z11 = true;
                setAES(z11);
            }
            setEncryptionKey(new byte[getKeyLength() / 8]);
            System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
        } catch (KeyStoreException e11) {
            throw new IOException(e11);
        } catch (CertificateEncodingException e12) {
            throw new IOException(e12);
        } catch (CMSException e13) {
            throw new IOException(e13);
        }
    }
}
