package org.apache.pdfbox.pdmodel.encryption;

import com.dropbox.core.DbxPKCEManager;
import com.dropbox.core.oauth.DbxOAuthError;
import com.facebook.imageutils.JfifUtil;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import ld.n;
import ne.j;
import ne.r;
import ne.s;
import org.spongycastle.asn1.k;
import org.spongycastle.asn1.l0;
import org.spongycastle.asn1.n0;
import org.spongycastle.asn1.r0;
import org.spongycastle.cms.CMSException;

/* compiled from: PublicKeySecurityHandler.java */
/* loaded from: classes3.dex */
public final class f extends h {

    /* renamed from: l, reason: collision with root package name */
    private sd.c f21009l = null;

    private void p(StringBuilder sb2, bf.e eVar, X509Certificate x509Certificate, org.spongycastle.cert.a aVar) {
        BigInteger b10 = eVar.b();
        if (b10 != null) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber != null ? serialNumber.toString(16) : DbxOAuthError.UNKNOWN;
            sb2.append("serial-#: rid ");
            sb2.append(b10.toString(16));
            sb2.append(" vs. cert ");
            sb2.append(bigInteger);
            sb2.append(" issuer: rid '");
            sb2.append(eVar.a());
            sb2.append("' vs. cert '");
            sb2.append(aVar == null ? "null" : aVar.b());
            sb2.append("' ");
        }
    }

    private j q(X509Certificate x509Certificate, byte[] bArr) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        org.spongycastle.asn1.d dVar = new org.spongycastle.asn1.d(x509Certificate.getTBSCertificate());
        ye.h g10 = ye.h.g(dVar.r());
        dVar.close();
        ye.a g11 = g10.j().g();
        ne.e eVar = new ne.e(g10.h(), g10.i().p());
        try {
            Cipher cipher = Cipher.getInstance(g11.g().r());
            cipher.init(1, x509Certificate.getPublicKey());
            return new j(new r(eVar), g11, new l0(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e10) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    private byte[][] r(byte[] bArr) throws GeneralSecurityException, IOException {
        byte[][] bArr2 = new byte[this.f21009l.a()];
        Iterator<sd.d> b10 = this.f21009l.b();
        int i10 = 0;
        while (b10.hasNext()) {
            sd.d next = b10.next();
            X509Certificate b11 = next.b();
            int g10 = next.a().g();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (g10 >>> 24);
            bArr3[21] = (byte) (g10 >>> 16);
            bArr3[22] = (byte) (g10 >>> 8);
            bArr3[23] = (byte) g10;
            k s10 = s(bArr3, b11);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new n0(byteArrayOutputStream).j(s10);
            bArr2[i10] = byteArrayOutputStream.toByteArray();
            i10++;
        }
        return bArr2;
    }

    private k s(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        try {
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance("1.2.840.113549.3.2");
            KeyGenerator keyGenerator = KeyGenerator.getInstance("1.2.840.113549.3.2");
            Cipher cipher = Cipher.getInstance("1.2.840.113549.3.2");
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            org.spongycastle.asn1.d dVar = new org.spongycastle.asn1.d(generateParameters.getEncoded("ASN.1"));
            k r10 = dVar.r();
            dVar.close();
            keyGenerator.init(DbxPKCEManager.CODE_VERIFIER_SIZE);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            byte[] doFinal = cipher.doFinal(bArr);
            return new ne.b(ue.a.f24424s, new ne.d(null, new r0(new s(q(x509Certificate, generateKey.getEncoded()))), new ne.c(ue.a.f24422q, new ye.a(new org.spongycastle.asn1.h("1.2.840.113549.3.2"), r10), new l0(doFinal)), null)).b();
        } catch (NoSuchAlgorithmException e10) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    @Override // org.apache.pdfbox.pdmodel.encryption.h
    public void m(org.apache.pdfbox.pdmodel.a aVar) throws IOException {
        if (this.f21015b == 256) {
            throw new IOException("256 bit key length is not supported yet for public key security");
        }
        try {
            Security.addProvider(new gf.a());
            d f10 = aVar.f();
            if (f10 == null) {
                f10 = new d();
            }
            f10.s("Adobe.PubSec");
            f10.t(this.f21015b);
            f10.F(2);
            f10.C("adbe.pkcs7.s4");
            int i10 = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(JfifUtil.MARKER_SOFn, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                f10.x(r(bArr));
                int i11 = 20;
                for (int i12 = 0; i12 < f10.j(); i12++) {
                    i11 += f10.i(i12).a0().length;
                }
                byte[] bArr2 = new byte[i11];
                System.arraycopy(bArr, 0, bArr2, 0, 20);
                for (int i13 = 0; i13 < f10.j(); i13++) {
                    n i14 = f10.i(i13);
                    System.arraycopy(i14.a0(), 0, bArr2, i10, i14.a0().length);
                    i10 += i14.a0().length;
                }
                byte[] digest = b.b().digest(bArr2);
                int i15 = this.f21015b;
                byte[] bArr3 = new byte[i15 / 8];
                this.f21016c = bArr3;
                System.arraycopy(digest, 0, bArr3, 0, i15 / 8);
                aVar.Z(f10);
                aVar.b().H0(f10.a());
            } catch (NoSuchAlgorithmException e10) {
                throw new RuntimeException(e10);
            }
        } catch (GeneralSecurityException e11) {
            throw new IOException(e11);
        }
    }

    @Override // org.apache.pdfbox.pdmodel.encryption.h
    public void n(d dVar, ld.a aVar, sd.a aVar2) throws IOException {
        if (!(aVar2 instanceof e)) {
            throw new IOException("Provided decryption material is not compatible with the document");
        }
        this.f21019f = dVar.q();
        if (dVar.d() != 0) {
            this.f21015b = dVar.d();
        }
        e eVar = (e) aVar2;
        try {
            int j10 = dVar.j();
            byte[][] bArr = new byte[j10];
            StringBuilder sb2 = new StringBuilder();
            int i10 = 0;
            boolean z10 = false;
            byte[] bArr2 = null;
            int i11 = 0;
            while (i10 < dVar.j()) {
                byte[] a02 = dVar.i(i10).a0();
                Iterator it = new org.spongycastle.cms.b(a02).a().a().iterator();
                int i12 = 0;
                while (true) {
                    if (it.hasNext()) {
                        org.spongycastle.cms.s sVar = (org.spongycastle.cms.s) it.next();
                        X509Certificate a10 = eVar.a();
                        org.spongycastle.cert.a aVar3 = a10 != null ? new org.spongycastle.cert.a(a10.getEncoded()) : null;
                        bf.h c10 = sVar.c();
                        if (c10.f0(aVar3) && !z10) {
                            bArr2 = sVar.a(new cf.e((PrivateKey) eVar.b()).i("BC"));
                            z10 = true;
                            break;
                        }
                        i12++;
                        if (a10 != null) {
                            sb2.append('\n');
                            sb2.append(i12);
                            sb2.append(": ");
                            if (c10 instanceof bf.e) {
                                p(sb2, (bf.e) c10, a10, aVar3);
                            }
                        }
                    }
                }
                bArr[i10] = a02;
                i11 += a02.length;
                i10++;
            }
            if (!z10 || bArr2 == null) {
                throw new IOException("The certificate matches none of " + i10 + " recipient entries" + sb2.toString());
            }
            if (bArr2.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            int i13 = 20;
            System.arraycopy(bArr2, 20, bArr3, 0, 4);
            a aVar4 = new a(bArr3);
            this.f21023j = aVar4;
            aVar4.s();
            byte[] bArr4 = new byte[i11 + 20];
            int i14 = 0;
            System.arraycopy(bArr2, 0, bArr4, 0, 20);
            int i15 = 0;
            while (i15 < j10) {
                byte[] bArr5 = bArr[i15];
                System.arraycopy(bArr5, i14, bArr4, i13, bArr5.length);
                i13 += bArr5.length;
                i15++;
                i14 = 0;
            }
            byte[] digest = b.b().digest(bArr4);
            int i16 = this.f21015b;
            byte[] bArr6 = new byte[i16 / 8];
            this.f21016c = bArr6;
            System.arraycopy(digest, 0, bArr6, 0, i16 / 8);
        } catch (KeyStoreException e10) {
            throw new IOException(e10);
        } catch (CertificateEncodingException e11) {
            throw new IOException(e11);
        } catch (CMSException e12) {
            throw new IOException(e12);
        }
    }
}
