package com.itextpdf.kernel.crypto.securityhandler;

import I5.a;
import K5.b;
import O5.s;
import O5.t;
import b1.k;
import com.itextpdf.io.util.StreamUtil;
import com.itextpdf.kernel.crypto.CryptoUtil;
import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.kernel.pdf.PdfArray;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfEncryptor;
import com.itextpdf.kernel.pdf.PdfLiteral;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.security.IExternalDecryptionProcess;
import g5.AbstractC1001q;
import g5.AbstractC1003t;
import g5.AbstractC1006w;
import g5.AbstractC1008y;
import g5.C0992h;
import g5.C0995k;
import g5.C1002s;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import k5.f;
import k5.g;
import k5.h;
import k5.m;
import k5.u;
import k5.v;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;

/* loaded from: classes4.dex */
public abstract class PubKeySecurityHandler extends SecurityHandler {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final int SEED_LENGTH = 20;
    private List<PublicKeyRecipient> recipients;
    private byte[] seed;

    public PubKeySecurityHandler() {
        byte[] seed;
        this.recipients = null;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(192, new SecureRandom());
            seed = new byte[20];
            System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, seed, 0, 20);
        } catch (NoSuchAlgorithmException unused) {
            seed = SecureRandom.getSeed(20);
        }
        this.seed = seed;
        this.recipients = new ArrayList();
    }

    private void addRecipient(Certificate certificate, int i7) {
        this.recipients.add(new PublicKeyRecipient(certificate, i7));
    }

    public static byte[] computeGlobalKeyOnReading(PdfDictionary pdfDictionary, PrivateKey privateKey, Certificate certificate, String str, IExternalDecryptionProcess iExternalDecryptionProcess, boolean z7, String str2) {
        boolean z8;
        PdfName pdfName = PdfName.Recipients;
        PdfArray asArray = pdfDictionary.getAsArray(pdfName);
        if (asArray == null) {
            asArray = pdfDictionary.getAsDictionary(PdfName.CF).getAsDictionary(PdfName.DefaultCryptFilter).getAsArray(pdfName);
        }
        try {
            b bVar = new b(certificate.getEncoded());
            byte[] bArr = null;
            if (iExternalDecryptionProcess == null) {
                z8 = false;
                for (int i7 = 0; i7 < asArray.size(); i7++) {
                    try {
                        t tVar = (t) new k(asArray.getAsString(i7).getValueBytes()).f8000b;
                        tVar.getClass();
                        Iterator it = new ArrayList(tVar.f2955b).iterator();
                        while (it.hasNext()) {
                            s sVar = (s) it.next();
                            if (sVar.f2950a.c(bVar) && !z8) {
                                bArr = PdfEncryptor.getContent(sVar, privateKey, str);
                                z8 = true;
                            }
                        }
                    } catch (Exception e2) {
                        throw new PdfException(KernelExceptionMessageConstant.PDF_DECRYPTION, (Throwable) e2);
                    }
                }
            } else {
                byte[] bArr2 = null;
                z8 = false;
                for (int i8 = 0; i8 < asArray.size(); i8++) {
                    try {
                        ArrayList a6 = ((t) new k(asArray.getAsString(i8).getValueBytes()).f8000b).a(iExternalDecryptionProcess.getCmsRecipientId());
                        s sVar2 = a6.size() == 0 ? null : (s) a6.iterator().next();
                        if (sVar2 != null) {
                            bArr2 = sVar2.a(iExternalDecryptionProcess.getCmsRecipient());
                            z8 = true;
                        }
                    } catch (Exception e7) {
                        throw new PdfException(KernelExceptionMessageConstant.PDF_DECRYPTION, (Throwable) e7);
                    }
                }
                bArr = bArr2;
            }
            if (!z8 || bArr == null) {
                throw new PdfException(KernelExceptionMessageConstant.BAD_CERTIFICATE_AND_KEY);
            }
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(str2);
                messageDigest.update(bArr, 0, 20);
                for (int i9 = 0; i9 < asArray.size(); i9++) {
                    messageDigest.update(asArray.getAsString(i9).getValueBytes());
                }
                if (!z7) {
                    messageDigest.update(new byte[]{-1, -1, -1, -1});
                }
                return messageDigest.digest();
            } catch (Exception e8) {
                throw new PdfException(KernelExceptionMessageConstant.PDF_DECRYPTION, (Throwable) e8);
            }
        } catch (Exception e9) {
            throw new PdfException(KernelExceptionMessageConstant.PDF_DECRYPTION, (Throwable) e9);
        }
    }

    /* JADX WARN: Type inference failed for: r6v1, types: [g5.Y, g5.q] */
    private m computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) throws GeneralSecurityException, IOException {
        I5.s i7 = I5.s.i(new C0995k(new ByteArrayInputStream(x509Certificate.getTBSCertificate())).g());
        a aVar = i7.f1187d.f1171a;
        h hVar = new h(i7.f1186c, i7.f1185b.s());
        Cipher cipher = Cipher.getInstance(aVar.f1121a.f16530a);
        try {
            cipher.init(1, x509Certificate);
        } catch (InvalidKeyException unused) {
            cipher.init(1, x509Certificate.getPublicKey());
        }
        return new m(new u(hVar), aVar, new AbstractC1001q(cipher.doFinal(bArr)));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [g5.Y, g5.q] */
    /* JADX WARN: Type inference failed for: r7v2, types: [g5.w, g5.c0] */
    private AbstractC1003t createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        AlgorithmParameters generateParameters = AlgorithmParameterGenerator.getInstance("1.2.840.113549.3.2").generateParameters();
        AbstractC1003t g7 = new C0995k(new ByteArrayInputStream(generateParameters.getEncoded("ASN.1"))).g();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("1.2.840.113549.3.2");
        keyGenerator.init(128);
        SecretKey generateKey = keyGenerator.generateKey();
        Cipher cipher = Cipher.getInstance("1.2.840.113549.3.2");
        cipher.init(1, generateKey, generateParameters);
        byte[] encoded = generateKey.getEncoded();
        byte[] doFinal = cipher.doFinal(bArr);
        a aVar = new a(new ASN1ObjectIdentifier("1.2.840.113549.3.2"), g7);
        m computeRecipientInfo = computeRecipientInfo(x509Certificate, encoded);
        ?? abstractC1001q = new AbstractC1001q(doFinal);
        ?? abstractC1006w = new AbstractC1006w(new v(computeRecipientInfo));
        abstractC1006w.f15209d = -1;
        g gVar = new g(abstractC1006w, new f(A5.b.m8, aVar, abstractC1001q));
        ASN1ObjectIdentifier aSN1ObjectIdentifier = A5.b.o8;
        C0992h c0992h = new C0992h(2);
        c0992h.a(aSN1ObjectIdentifier);
        c0992h.a(new AbstractC1008y(true, 0, gVar));
        return new ASN1Sequence(c0992h);
    }

    private byte[] getEncodedRecipient(int i7) throws IOException, GeneralSecurityException {
        PublicKeyRecipient publicKeyRecipient = this.recipients.get(i7);
        byte[] cms = publicKeyRecipient.getCms();
        if (cms != null) {
            return cms;
        }
        Certificate certificate = publicKeyRecipient.getCertificate();
        int permission = ((publicKeyRecipient.getPermission() | (-3904)) & (-4)) + 1;
        byte[] bArr = new byte[24];
        System.arraycopy(this.seed, 0, bArr, 0, 20);
        bArr[20] = (byte) (permission >> 24);
        bArr[21] = (byte) (permission >> 16);
        bArr[22] = (byte) (permission >> 8);
        bArr[23] = (byte) permission;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        C1002s createAsn1OutputStream = CryptoUtil.createAsn1OutputStream(byteArrayOutputStream, "DER");
        AbstractC1003t createDERForRecipient = createDERForRecipient(bArr, (X509Certificate) certificate);
        if (createDERForRecipient == null) {
            createAsn1OutputStream.getClass();
            throw new IOException("null object detected");
        }
        createAsn1OutputStream.o(createDERForRecipient);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        publicKeyRecipient.setCms(byteArray);
        return byteArray;
    }

    private PdfArray getEncodedRecipients() {
        PdfArray pdfArray = new PdfArray();
        for (int i7 = 0; i7 < this.recipients.size(); i7++) {
            try {
                pdfArray.add(new PdfLiteral(StreamUtil.createEscapedString(getEncodedRecipient(i7))));
            } catch (IOException | GeneralSecurityException unused) {
                return null;
            }
        }
        return pdfArray;
    }

    private int getRecipientsSize() {
        return this.recipients.size();
    }

    private byte[] getSeed() {
        byte[] bArr = this.seed;
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    public void addAllRecipients(Certificate[] certificateArr, int[] iArr) {
        if (certificateArr != null) {
            for (int i7 = 0; i7 < certificateArr.length; i7++) {
                addRecipient(certificateArr[i7], iArr[i7]);
            }
        }
    }

    public byte[] computeGlobalKey(String str, boolean z7) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(getSeed());
            for (int i7 = 0; i7 < getRecipientsSize(); i7++) {
                messageDigest.update(getEncodedRecipient(i7));
            }
            if (!z7) {
                messageDigest.update(new byte[]{-1, -1, -1, -1});
            }
            return messageDigest.digest();
        } catch (Exception e2) {
            throw new PdfException(KernelExceptionMessageConstant.PDF_ENCRYPTION, (Throwable) e2);
        }
    }

    public PdfArray createRecipientsArray() {
        try {
            return getEncodedRecipients();
        } catch (Exception e2) {
            throw new PdfException(KernelExceptionMessageConstant.PDF_ENCRYPTION, (Throwable) e2);
        }
    }

    public abstract String getDigestAlgorithm();

    public abstract void initKey(byte[] bArr, int i7);

    public void initKeyAndFillDictionary(PdfDictionary pdfDictionary, Certificate[] certificateArr, int[] iArr, boolean z7, boolean z8) {
        addAllRecipients(certificateArr, iArr);
        Integer asInt = pdfDictionary.getAsInt(PdfName.Length);
        initKey(computeGlobalKey(getDigestAlgorithm(), z7), asInt != null ? asInt.intValue() : 40);
        setPubSecSpecificHandlerDicEntries(pdfDictionary, z7, z8);
    }

    public void initKeyAndReadDictionary(PdfDictionary pdfDictionary, Key key, Certificate certificate, String str, IExternalDecryptionProcess iExternalDecryptionProcess, boolean z7) {
        byte[] computeGlobalKeyOnReading = computeGlobalKeyOnReading(pdfDictionary, (PrivateKey) key, certificate, str, iExternalDecryptionProcess, z7, getDigestAlgorithm());
        Integer asInt = pdfDictionary.getAsInt(PdfName.Length);
        initKey(computeGlobalKeyOnReading, asInt != null ? asInt.intValue() : 40);
    }

    public abstract void setPubSecSpecificHandlerDicEntries(PdfDictionary pdfDictionary, boolean z7, boolean z8);
}
