package com.itextpdf.kernel.crypto.securityhandler;

import com.itextpdf.io.util.k;
import com.itextpdf.kernel.PdfException;
import com.itextpdf.kernel.crypto.securityhandler.a;
import com.itextpdf.kernel.pdf.PdfArray;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfLiteral;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.security.IExternalDecryptionProcess;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.asn1.c1;
import org.bouncycastle.asn1.g2.b;
import org.bouncycastle.asn1.g2.c;
import org.bouncycastle.asn1.g2.d;
import org.bouncycastle.asn1.g2.e;
import org.bouncycastle.asn1.g2.j;
import org.bouncycastle.asn1.g2.r;
import org.bouncycastle.asn1.g2.s;
import org.bouncycastle.asn1.u2.h;
import org.bouncycastle.asn1.w0;
import org.bouncycastle.asn1.y0;

/* loaded from: classes2.dex */
public abstract class PubKeySecurityHandler extends SecurityHandler {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final long serialVersionUID = -6093031394871440268L;
    private List<PublicKeyRecipient> recipients;
    private byte[] seed = a.d(20);

    /* JADX INFO: Access modifiers changed from: protected */
    public PubKeySecurityHandler() {
        this.recipients = null;
        this.recipients = new ArrayList();
    }

    private void b(Certificate certificate, int i2) {
        this.recipients.add(new PublicKeyRecipient(certificate, i2));
    }

    private j c(X509Certificate x509Certificate, byte[] bArr) throws GeneralSecurityException, IOException {
        h u = h.u(new org.bouncycastle.asn1.j(new ByteArrayInputStream(x509Certificate.getTBSCertificate())).x());
        org.bouncycastle.asn1.u2.a u2 = u.x().u();
        e eVar = new e(u.v(), u.w().F());
        return new j(new r(eVar), u2, new w0(a.b(x509Certificate, bArr, u2)));
    }

    protected static byte[] computeGlobalKeyOnReading(PdfDictionary pdfDictionary, PrivateKey privateKey, Certificate certificate, String str, IExternalDecryptionProcess iExternalDecryptionProcess, boolean z, String str2) {
        PdfName pdfName = PdfName.Recipients;
        PdfArray asArray = pdfDictionary.getAsArray(pdfName);
        if (asArray == null) {
            asArray = pdfDictionary.getAsDictionary(PdfName.CF).getAsDictionary(PdfName.DefaultCryptFilter).getAsArray(pdfName);
        }
        byte[] c2 = a.c(privateKey, certificate, str, iExternalDecryptionProcess, asArray);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str2);
            messageDigest.update(c2, 0, 20);
            for (int i2 = 0; i2 < asArray.size(); i2++) {
                messageDigest.update(asArray.getAsString(i2).getValueBytes());
            }
            if (!z) {
                messageDigest.update(new byte[]{-1, -1, -1, -1});
            }
            return messageDigest.digest();
        } catch (Exception e2) {
            throw new PdfException(PdfException.PdfDecryption, (Throwable) e2);
        }
    }

    private org.bouncycastle.asn1.r d(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        a.C0272a a = a.a(bArr);
        return new b(org.bouncycastle.asn1.p2.a.O0, new d(null, new c1(new s(c(x509Certificate, a.a))), new c(org.bouncycastle.asn1.p2.a.M0, a.f17730c, new w0(a.f17729b)), null)).g();
    }

    private byte[] e(int i2) throws IOException, GeneralSecurityException {
        PublicKeyRecipient publicKeyRecipient = this.recipients.get(i2);
        byte[] cms = publicKeyRecipient.getCms();
        if (cms != null) {
            return cms;
        }
        Certificate certificate = publicKeyRecipient.getCertificate();
        int permission = ((publicKeyRecipient.getPermission() | (-3904)) & (-4)) + 1;
        byte[] bArr = new byte[24];
        System.arraycopy(this.seed, 0, bArr, 0, 20);
        bArr[20] = (byte) (permission >> 24);
        bArr[21] = (byte) (permission >> 16);
        bArr[22] = (byte) (permission >> 8);
        bArr[23] = (byte) permission;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new y0(byteArrayOutputStream).t(d(bArr, (X509Certificate) certificate));
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        publicKeyRecipient.setCms(byteArray);
        return byteArray;
    }

    private PdfArray f() {
        PdfArray pdfArray = new PdfArray();
        for (int i2 = 0; i2 < this.recipients.size(); i2++) {
            try {
                pdfArray.add(new PdfLiteral(k.c(e(i2))));
            } catch (IOException | GeneralSecurityException unused) {
                return null;
            }
        }
        return pdfArray;
    }

    private int g() {
        return this.recipients.size();
    }

    private byte[] h() {
        byte[] bArr = this.seed;
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    protected void addAllRecipients(Certificate[] certificateArr, int[] iArr) {
        if (certificateArr != null) {
            for (int i2 = 0; i2 < certificateArr.length; i2++) {
                b(certificateArr[i2], iArr[i2]);
            }
        }
    }

    protected byte[] computeGlobalKey(String str, boolean z) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(h());
            for (int i2 = 0; i2 < g(); i2++) {
                messageDigest.update(e(i2));
            }
            if (!z) {
                messageDigest.update(new byte[]{-1, -1, -1, -1});
            }
            return messageDigest.digest();
        } catch (Exception e2) {
            throw new PdfException(PdfException.PdfEncryption, (Throwable) e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PdfArray createRecipientsArray() {
        try {
            return f();
        } catch (Exception e2) {
            throw new PdfException(PdfException.PdfEncryption, (Throwable) e2);
        }
    }

    protected abstract String getDigestAlgorithm();

    protected abstract void initKey(byte[] bArr, int i2);

    /* JADX INFO: Access modifiers changed from: protected */
    public void initKeyAndFillDictionary(PdfDictionary pdfDictionary, Certificate[] certificateArr, int[] iArr, boolean z, boolean z2) {
        addAllRecipients(certificateArr, iArr);
        Integer asInt = pdfDictionary.getAsInt(PdfName.Length);
        initKey(computeGlobalKey(getDigestAlgorithm(), z), asInt != null ? asInt.intValue() : 40);
        setPubSecSpecificHandlerDicEntries(pdfDictionary, z, z2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initKeyAndReadDictionary(PdfDictionary pdfDictionary, Key key, Certificate certificate, String str, IExternalDecryptionProcess iExternalDecryptionProcess, boolean z) {
        byte[] computeGlobalKeyOnReading = computeGlobalKeyOnReading(pdfDictionary, (PrivateKey) key, certificate, str, iExternalDecryptionProcess, z, getDigestAlgorithm());
        Integer asInt = pdfDictionary.getAsInt(PdfName.Length);
        initKey(computeGlobalKeyOnReading, asInt != null ? asInt.intValue() : 40);
    }

    protected abstract void setPubSecSpecificHandlerDicEntries(PdfDictionary pdfDictionary, boolean z, boolean z2);
}
