package com.tom_roush.pdfbox.pdmodel.encryption;

import com.yandex.metrica.push.common.CoreConstants;
import ek.r;
import ek.s;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import oe.o;
import org.bouncycastle.asn1.l1;
import org.bouncycastle.asn1.q1;
import org.bouncycastle.asn1.u;
import org.bouncycastle.asn1.v;
import org.bouncycastle.cms.CMSException;

/* loaded from: classes2.dex */
public final class PublicKeySecurityHandler extends SecurityHandler {
    public static final String FILTER = "Adobe.PubSec";
    private static final String SUBFILTER = "adbe.pkcs7.s4";
    private h policy;

    public PublicKeySecurityHandler() {
        this.policy = null;
    }

    public PublicKeySecurityHandler(h hVar) {
        this.policy = null;
        this.policy = hVar;
        this.keyLength = hVar.a();
    }

    private void appendCertInfo(StringBuilder sb2, wk.e eVar, X509Certificate x509Certificate, org.bouncycastle.cert.b bVar) {
        BigInteger b10 = eVar.b();
        if (b10 != null) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber != null ? serialNumber.toString(16) : CoreConstants.Transport.UNKNOWN;
            sb2.append("serial-#: rid ");
            sb2.append(b10.toString(16));
            sb2.append(" vs. cert ");
            sb2.append(bigInteger);
            sb2.append(" issuer: rid '");
            sb2.append(eVar.a());
            sb2.append("' vs. cert '");
            sb2.append(bVar == null ? "null" : bVar.b());
            sb2.append("' ");
        }
    }

    private ek.j computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        org.bouncycastle.asn1.m mVar = new org.bouncycastle.asn1.m(x509Certificate.getTBSCertificate());
        tk.e k10 = tk.e.k(mVar.r());
        mVar.close();
        tk.a j10 = k10.o().j();
        ek.e eVar = new ek.e(k10.l(), k10.m().y());
        try {
            Cipher cipher = Cipher.getInstance(j10.j().z(), l.a());
            cipher.init(1, x509Certificate.getPublicKey());
            return new ek.j(new r(eVar), j10, new l1(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e10) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    private byte[][] computeRecipientsField(byte[] bArr) throws GeneralSecurityException, IOException {
        byte[][] bArr2 = new byte[this.policy.c()];
        Iterator<i> d10 = this.policy.d();
        int i10 = 0;
        while (d10.hasNext()) {
            i next = d10.next();
            X509Certificate b10 = next.b();
            int g10 = next.a().g();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (g10 >>> 24);
            bArr3[21] = (byte) (g10 >>> 16);
            bArr3[22] = (byte) (g10 >>> 8);
            bArr3[23] = (byte) g10;
            v createDERForRecipient = createDERForRecipient(bArr3, b10);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            u.b(byteArrayOutputStream, "DER").u(createDERForRecipient);
            bArr2[i10] = byteArrayOutputStream.toByteArray();
            i10++;
        }
        return bArr2;
    }

    private v createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        try {
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance("1.2.840.113549.3.2", l.a());
            KeyGenerator keyGenerator = KeyGenerator.getInstance("1.2.840.113549.3.2", l.a());
            Cipher cipher = Cipher.getInstance("1.2.840.113549.3.2", l.a());
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            org.bouncycastle.asn1.m mVar = new org.bouncycastle.asn1.m(generateParameters.getEncoded("ASN.1"));
            v r10 = mVar.r();
            mVar.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            return new ek.b(nk.a.f41230y, new ek.d(null, new q1(new s(computeRecipientInfo(x509Certificate, generateKey.getEncoded()))), new ek.c(nk.a.f41228w, new tk.a(new org.bouncycastle.asn1.s("1.2.840.113549.3.2"), r10), new l1(cipher.doFinal(bArr))), null)).c();
        } catch (NoSuchAlgorithmException e10) {
            throw new IOException("Could not find a suitable javax.crypto provider for algorithm 1.2.840.113549.3.2; possible reason: using an unsigned .jar file", e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public boolean hasProtectionPolicy() {
        return this.policy != null;
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareDocumentForEncryption(com.tom_roush.pdfbox.pdmodel.a aVar) throws IOException {
        if (this.keyLength == 256) {
            throw new IOException("256 bit key length is not supported yet for public key security");
        }
        try {
            e n10 = aVar.n();
            if (n10 == null) {
                n10 = new e();
            }
            n10.t(FILTER);
            n10.u(this.keyLength);
            n10.I(2);
            n10.r();
            n10.F(SUBFILTER);
            int i10 = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                n10.z(computeRecipientsField(bArr));
                int i11 = 20;
                for (int i12 = 0; i12 < n10.j(); i12++) {
                    i11 += n10.i(i12).T().length;
                }
                byte[] bArr2 = new byte[i11];
                System.arraycopy(bArr, 0, bArr2, 0, 20);
                for (int i13 = 0; i13 < n10.j(); i13++) {
                    o i14 = n10.i(i13);
                    System.arraycopy(i14.T(), 0, bArr2, i10, i14.T().length);
                    i10 += i14.T().length;
                }
                byte[] digest = c.b().digest(bArr2);
                int i15 = this.keyLength;
                byte[] bArr3 = new byte[i15 / 8];
                this.encryptionKey = bArr3;
                System.arraycopy(digest, 0, bArr3, 0, i15 / 8);
                aVar.K(n10);
                aVar.d().v1(n10.a());
            } catch (NoSuchAlgorithmException e10) {
                throw new RuntimeException(e10);
            }
        } catch (GeneralSecurityException e11) {
            throw new IOException(e11);
        }
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareForDecryption(e eVar, oe.a aVar, b bVar) throws IOException {
        if (!(bVar instanceof g)) {
            throw new IOException("Provided decryption material is not compatible with the document");
        }
        setDecryptMetadata(eVar.q());
        if (eVar.d() != 0) {
            this.keyLength = eVar.d();
        }
        g gVar = (g) bVar;
        try {
            X509Certificate a10 = gVar.a();
            byte[] bArr = null;
            org.bouncycastle.cert.b bVar2 = a10 != null ? new org.bouncycastle.cert.b(a10.getEncoded()) : null;
            int j10 = eVar.j();
            byte[][] bArr2 = new byte[j10];
            StringBuilder sb2 = new StringBuilder();
            int i10 = 0;
            boolean z10 = false;
            int i11 = 0;
            while (i10 < eVar.j()) {
                byte[] T = eVar.i(i10).T();
                Iterator<org.bouncycastle.cms.s> it = new org.bouncycastle.cms.b(T).a().b().iterator();
                int i12 = 0;
                while (true) {
                    if (it.hasNext()) {
                        org.bouncycastle.cms.s next = it.next();
                        wk.h c10 = next.c();
                        if (!z10 && c10.E1(bVar2)) {
                            bArr = next.a(new xk.e((PrivateKey) gVar.b()));
                            z10 = true;
                            break;
                        }
                        i12++;
                        if (a10 != null) {
                            sb2.append('\n');
                            sb2.append(i12);
                            sb2.append(": ");
                            if (c10 instanceof wk.e) {
                                appendCertInfo(sb2, (wk.e) c10, a10, bVar2);
                            }
                        }
                    }
                }
                bArr2[i10] = T;
                i11 += T.length;
                i10++;
            }
            if (!z10 || bArr == null) {
                throw new IOException("The certificate matches none of " + i10 + " recipient entries" + sb2.toString());
            }
            if (bArr.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            int i13 = 20;
            System.arraycopy(bArr, 20, bArr3, 0, 4);
            a aVar2 = new a(bArr3);
            aVar2.s();
            setCurrentAccessPermission(aVar2);
            byte[] bArr4 = new byte[i11 + 20];
            int i14 = 0;
            System.arraycopy(bArr, 0, bArr4, 0, 20);
            int i15 = 0;
            while (i15 < j10) {
                byte[] bArr5 = bArr2[i15];
                System.arraycopy(bArr5, i14, bArr4, i13, bArr5.length);
                i13 += bArr5.length;
                i15++;
                i14 = 0;
            }
            byte[] digest = c.b().digest(bArr4);
            int i16 = this.keyLength;
            byte[] bArr6 = new byte[i16 / 8];
            this.encryptionKey = bArr6;
            System.arraycopy(digest, 0, bArr6, 0, i16 / 8);
        } catch (KeyStoreException e10) {
            throw new IOException(e10);
        } catch (CertificateEncodingException e11) {
            throw new IOException(e11);
        } catch (CMSException e12) {
            throw new IOException(e12);
        }
    }
}
