package com.tom_roush.pdfbox.pdmodel.encryption;

import com.alibaba.fastjson.asm.Opcodes;
import com.tom_roush.pdfbox.cos.COSArray;
import com.tom_roush.pdfbox.cos.COSString;
import com.tom_roush.pdfbox.pdmodel.PDDocument;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.d.a.ba;
import org.d.a.bc;
import org.d.a.bg;
import org.d.a.d.b;
import org.d.a.d.c;
import org.d.a.d.e;
import org.d.a.d.j;
import org.d.a.d.r;
import org.d.a.d.s;
import org.d.a.f;
import org.d.a.k;
import org.d.a.o;
import org.d.a.q.a;
import org.d.a.q.h;
import org.d.a.w;
import org.d.b.d;
import org.d.c.ab;
import org.d.c.ac;
import org.d.c.g;
import org.d.c.t;

/* loaded from: classes2.dex */
public final class PublicKeySecurityHandler extends SecurityHandler {
    public static final String FILTER = "Adobe.PubSec";
    private static final String SUBFILTER = "adbe.pkcs7.s4";
    private PublicKeyProtectionPolicy policy;

    public PublicKeySecurityHandler() {
        this.policy = null;
    }

    public PublicKeySecurityHandler(PublicKeyProtectionPolicy publicKeyProtectionPolicy) {
        this.policy = null;
        this.policy = publicKeyProtectionPolicy;
        this.keyLength = this.policy.getEncryptionKeyLength();
    }

    private void appendCertInfo(StringBuilder sb, t tVar, X509Certificate x509Certificate, d dVar) {
        BigInteger b2 = tVar.b();
        if (b2 != null) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber != null ? serialNumber.toString(16) : "unknown";
            sb.append("serial-#: rid ");
            sb.append(b2.toString(16));
            sb.append(" vs. cert ");
            sb.append(bigInteger);
            sb.append(" issuer: rid '");
            sb.append(tVar.a());
            sb.append("' vs. cert '");
            sb.append(dVar == null ? "null" : dVar.getIssuer());
            sb.append("' ");
        }
    }

    private j computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        k kVar = new k(x509Certificate.getTBSCertificate());
        h a2 = h.a(kVar.d());
        kVar.close();
        a a3 = a2.c().a();
        e eVar = new e(a2.b(), a2.a().b());
        try {
            Cipher cipher = Cipher.getInstance(a3.a().b());
            cipher.init(1, x509Certificate.getPublicKey());
            return new j(new r(eVar), a3, new ba(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
        } catch (NoSuchPaddingException e2) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e2);
        }
    }

    private byte[][] computeRecipientsField(byte[] bArr) throws GeneralSecurityException, IOException {
        byte[][] bArr2 = new byte[this.policy.getNumberOfRecipients()];
        Iterator<PublicKeyRecipient> recipientsIterator = this.policy.getRecipientsIterator();
        int i = 0;
        while (recipientsIterator.hasNext()) {
            PublicKeyRecipient next = recipientsIterator.next();
            X509Certificate x509 = next.getX509();
            int permissionBytesForPublicKey = next.getPermission().getPermissionBytesForPublicKey();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (permissionBytesForPublicKey >>> 24);
            bArr3[21] = (byte) (permissionBytesForPublicKey >>> 16);
            bArr3[22] = (byte) (permissionBytesForPublicKey >>> 8);
            bArr3[23] = (byte) permissionBytesForPublicKey;
            org.d.a.t createDERForRecipient = createDERForRecipient(bArr3, x509);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new bc(byteArrayOutputStream).a((f) createDERForRecipient);
            bArr2[i] = byteArrayOutputStream.toByteArray();
            i++;
        }
        return bArr2;
    }

    private org.d.a.t createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        try {
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance("1.2.840.113549.3.2");
            KeyGenerator keyGenerator = KeyGenerator.getInstance("1.2.840.113549.3.2", org.d.f.a.a.PROVIDER_NAME);
            Cipher cipher = Cipher.getInstance("1.2.840.113549.3.2", org.d.f.a.a.PROVIDER_NAME);
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            k kVar = new k(generateParameters.getEncoded("ASN.1"));
            org.d.a.t d2 = kVar.d();
            kVar.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            byte[] doFinal = cipher.doFinal(bArr);
            return new b(org.d.a.l.a.S, new org.d.a.d.d(null, new bg(new s(computeRecipientInfo(x509Certificate, generateKey.getEncoded()))), new c(org.d.a.l.a.Q, new a(new o("1.2.840.113549.3.2"), d2), new ba(doFinal)), (w) null)).i();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
        } catch (NoSuchPaddingException e2) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e2);
        }
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public boolean hasProtectionPolicy() {
        return this.policy != null;
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareDocumentForEncryption(PDDocument pDDocument) throws IOException {
        int i = 20;
        if (this.keyLength == 256) {
            throw new IOException("256 bit key length is not supported yet for public key security");
        }
        try {
            Security.addProvider(new org.d.f.a.a());
            PDEncryption encryption = pDDocument.getEncryption();
            PDEncryption pDEncryption = encryption == null ? new PDEncryption() : encryption;
            pDEncryption.setFilter(FILTER);
            pDEncryption.setLength(this.keyLength);
            pDEncryption.setVersion(2);
            pDEncryption.removeV45filters();
            pDEncryption.setSubFilter(SUBFILTER);
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(Opcodes.CHECKCAST, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                pDEncryption.setRecipients(computeRecipientsField(bArr));
                int length = bArr.length;
                for (int i2 = 0; i2 < pDEncryption.getRecipientsLength(); i2++) {
                    length += pDEncryption.getRecipientStringAt(i2).getBytes().length;
                }
                byte[] bArr2 = new byte[length];
                System.arraycopy(bArr, 0, bArr2, 0, 20);
                for (int i3 = 0; i3 < pDEncryption.getRecipientsLength(); i3++) {
                    COSString recipientStringAt = pDEncryption.getRecipientStringAt(i3);
                    System.arraycopy(recipientStringAt.getBytes(), 0, bArr2, i, recipientStringAt.getBytes().length);
                    i += recipientStringAt.getBytes().length;
                }
                byte[] digest = MessageDigests.getSHA1().digest(bArr2);
                this.encryptionKey = new byte[this.keyLength / 8];
                System.arraycopy(digest, 0, this.encryptionKey, 0, this.keyLength / 8);
                pDDocument.setEncryptionDictionary(pDEncryption);
                pDDocument.getDocument().setEncryptionDictionary(pDEncryption.getCOSDictionary());
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        } catch (GeneralSecurityException e2) {
            throw new IOException(e2);
        }
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareForDecryption(PDEncryption pDEncryption, COSArray cOSArray, DecryptionMaterial decryptionMaterial) throws IOException {
        byte[] bArr;
        boolean z;
        if (!(decryptionMaterial instanceof PublicKeyDecryptionMaterial)) {
            throw new IOException("Provided decryption material is not compatible with the document");
        }
        setDecryptMetadata(pDEncryption.isEncryptMetaData());
        if (pDEncryption.getLength() != 0) {
            this.keyLength = pDEncryption.getLength();
        }
        PublicKeyDecryptionMaterial publicKeyDecryptionMaterial = (PublicKeyDecryptionMaterial) decryptionMaterial;
        try {
            byte[][] bArr2 = new byte[pDEncryption.getRecipientsLength()];
            StringBuilder sb = new StringBuilder();
            int i = 0;
            int i2 = 0;
            byte[] bArr3 = null;
            boolean z2 = false;
            while (i < pDEncryption.getRecipientsLength()) {
                byte[] bytes = pDEncryption.getRecipientStringAt(i).getBytes();
                Iterator<ac> it = new org.d.c.c(bytes).a().a().iterator();
                int i3 = 0;
                while (true) {
                    if (!it.hasNext()) {
                        bArr = bArr3;
                        z = z2;
                        break;
                    }
                    ac next = it.next();
                    X509Certificate certificate = publicKeyDecryptionMaterial.getCertificate();
                    d dVar = certificate != null ? new d(certificate.getEncoded()) : null;
                    ab b2 = next.b();
                    if (b2.a(dVar) && !z2) {
                        z = true;
                        bArr = next.b(new org.d.c.a.e((PrivateKey) publicKeyDecryptionMaterial.getPrivateKey()).a(org.d.f.a.a.PROVIDER_NAME));
                        break;
                    }
                    i3++;
                    if (certificate != null) {
                        sb.append('\n');
                        sb.append(i3);
                        sb.append(": ");
                        if (b2 instanceof t) {
                            appendCertInfo(sb, (t) b2, certificate, dVar);
                        }
                    }
                }
                bArr2[i] = bytes;
                i++;
                i2 += bytes.length;
                bArr3 = bArr;
                z2 = z;
            }
            if (!z2 || bArr3 == null) {
                throw new IOException("The certificate matches none of " + i + " recipient entries" + sb.toString());
            }
            if (bArr3.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr4 = new byte[4];
            System.arraycopy(bArr3, 20, bArr4, 0, 4);
            AccessPermission accessPermission = new AccessPermission(bArr4);
            accessPermission.setReadOnly();
            setCurrentAccessPermission(accessPermission);
            byte[] bArr5 = new byte[i2 + 20];
            System.arraycopy(bArr3, 0, bArr5, 0, 20);
            int i4 = 20;
            for (byte[] bArr6 : bArr2) {
                System.arraycopy(bArr6, 0, bArr5, i4, bArr6.length);
                i4 += bArr6.length;
            }
            byte[] digest = MessageDigests.getSHA1().digest(bArr5);
            this.encryptionKey = new byte[this.keyLength / 8];
            System.arraycopy(digest, 0, this.encryptionKey, 0, this.keyLength / 8);
        } catch (KeyStoreException e) {
            throw new IOException(e);
        } catch (CertificateEncodingException e2) {
            throw new IOException(e2);
        } catch (g e3) {
            throw new IOException(e3);
        }
    }
}
