package com.tom_roush.pdfbox.pdmodel.encryption;

import com.tom_roush.pdfbox.cos.COSArray;
import com.tom_roush.pdfbox.cos.COSBase;
import com.tom_roush.pdfbox.cos.COSDictionary;
import com.tom_roush.pdfbox.cos.COSName;
import com.tom_roush.pdfbox.cos.COSStream;
import com.tom_roush.pdfbox.cos.COSString;
import com.tom_roush.pdfbox.io.IOUtils;
import com.tom_roush.pdfbox.pdmodel.PDDocument;
import com.tom_roush.pdfbox.util.Charsets;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.IdentityHashMap;
import java.util.Map;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import q2.a;
import q2.b;

/* loaded from: classes7.dex */
public abstract class SecurityHandler {
    private static final byte[] AES_SALT = {115, 65, 108, 84};
    private static final short DEFAULT_KEY_LENGTH = 40;
    private SecureRandom customSecureRandom;
    private boolean decryptMetadata;
    public byte[] encryptionKey;
    private COSName streamFilterName;
    private COSName stringFilterName;
    private boolean useAES;
    public short keyLength = DEFAULT_KEY_LENGTH;
    private final b rc4 = new b();
    private final Set<COSBase> objects = Collections.newSetFromMap(new IdentityHashMap());
    private ProtectionPolicy protectionPolicy = null;
    private AccessPermission currentAccessPermission = null;

    private byte[] calcFinalKey(long j10, long j11) {
        byte[] bArr = this.encryptionKey;
        int length = bArr.length + 5;
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        bArr2[length - 5] = (byte) (j10 & 255);
        bArr2[length - 4] = (byte) ((j10 >> 8) & 255);
        bArr2[length - 3] = (byte) ((j10 >> 16) & 255);
        bArr2[length - 2] = (byte) (j11 & 255);
        bArr2[length - 1] = (byte) ((j11 >> 8) & 255);
        MessageDigest a10 = a.a();
        a10.update(bArr2);
        if (this.useAES) {
            a10.update(AES_SALT);
        }
        byte[] digest = a10.digest();
        int min = Math.min(length, 16);
        byte[] bArr3 = new byte[min];
        System.arraycopy(digest, 0, bArr3, 0, min);
        return bArr3;
    }

    private Cipher createCipher(byte[] bArr, byte[] bArr2, boolean z10) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(z10 ? 2 : 1, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(bArr2));
        return cipher;
    }

    private void decryptArray(COSArray cOSArray, long j10, long j11) throws IOException {
        for (int i10 = 0; i10 < cOSArray.size(); i10++) {
            decrypt(cOSArray.get(i10), j10, j11);
        }
    }

    private void decryptDictionary(COSDictionary cOSDictionary, long j10, long j11) throws IOException {
        if (cOSDictionary.getItem(COSName.CF) != null) {
            return;
        }
        COSBase dictionaryObject = cOSDictionary.getDictionaryObject(COSName.TYPE);
        boolean z10 = COSName.SIG.equals(dictionaryObject) || COSName.DOC_TIME_STAMP.equals(dictionaryObject) || ((cOSDictionary.getDictionaryObject(COSName.CONTENTS) instanceof COSString) && (cOSDictionary.getDictionaryObject(COSName.BYTERANGE) instanceof COSArray));
        for (Map.Entry<COSName, COSBase> entry : cOSDictionary.entrySet()) {
            if (!z10 || !COSName.CONTENTS.equals(entry.getKey())) {
                COSBase value = entry.getValue();
                if ((value instanceof COSString) || (value instanceof COSArray) || (value instanceof COSDictionary)) {
                    decrypt(value, j10, j11);
                }
            }
        }
    }

    private void decryptString(COSString cOSString, long j10, long j11) {
        if (COSName.IDENTITY.equals(this.stringFilterName)) {
            return;
        }
        InputStream byteArrayInputStream = new ByteArrayInputStream(cOSString.getBytes());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            encryptData(j10, j11, byteArrayInputStream, byteArrayOutputStream, true);
            cOSString.setValue(byteArrayOutputStream.toByteArray());
        } catch (IOException e10) {
            StringBuilder sb = new StringBuilder();
            sb.append("Failed to decrypt COSString of length ");
            sb.append(cOSString.getBytes().length);
            sb.append(" in object ");
            sb.append(j10);
            sb.append(": ");
            sb.append(e10.getMessage());
        }
    }

    private void encryptData(long j10, long j11, InputStream inputStream, OutputStream outputStream, boolean z10) throws IOException {
        if (this.useAES && this.encryptionKey.length == 32) {
            encryptDataAES256(inputStream, outputStream, z10);
        } else {
            byte[] calcFinalKey = calcFinalKey(j10, j11);
            if (this.useAES) {
                encryptDataAESother(calcFinalKey, inputStream, outputStream, z10);
            } else {
                encryptDataRC4(calcFinalKey, inputStream, outputStream);
            }
        }
        outputStream.flush();
    }

    private void encryptDataAES256(InputStream inputStream, OutputStream outputStream, boolean z10) throws IOException {
        byte[] bArr = new byte[16];
        if (prepareAESInitializationVector(z10, bArr, inputStream, outputStream)) {
            try {
                CipherInputStream cipherInputStream = new CipherInputStream(inputStream, createCipher(this.encryptionKey, bArr, z10));
                try {
                    try {
                        IOUtils.copy(cipherInputStream, outputStream);
                    } catch (IOException e10) {
                        if (!(e10.getCause() instanceof GeneralSecurityException)) {
                            throw e10;
                        }
                    }
                } finally {
                    cipherInputStream.close();
                }
            } catch (GeneralSecurityException e11) {
                throw new IOException(e11);
            }
        }
    }

    private void encryptDataAESother(byte[] bArr, InputStream inputStream, OutputStream outputStream, boolean z10) throws IOException {
        byte[] bArr2 = new byte[16];
        if (!prepareAESInitializationVector(z10, bArr2, inputStream, outputStream)) {
            return;
        }
        try {
            Cipher createCipher = createCipher(bArr, bArr2, z10);
            byte[] bArr3 = new byte[256];
            while (true) {
                int read = inputStream.read(bArr3);
                if (read == -1) {
                    outputStream.write(createCipher.doFinal());
                    return;
                } else {
                    byte[] update = createCipher.update(bArr3, 0, read);
                    if (update != null) {
                        outputStream.write(update);
                    }
                }
            }
        } catch (GeneralSecurityException e10) {
            throw new IOException(e10);
        }
    }

    private SecureRandom getSecureRandom() {
        SecureRandom secureRandom = this.customSecureRandom;
        return secureRandom != null ? secureRandom : new SecureRandom();
    }

    private boolean prepareAESInitializationVector(boolean z10, byte[] bArr, InputStream inputStream, OutputStream outputStream) throws IOException {
        if (!z10) {
            getSecureRandom().nextBytes(bArr);
            outputStream.write(bArr);
            return true;
        }
        int populateBuffer = (int) IOUtils.populateBuffer(inputStream, bArr);
        if (populateBuffer == 0) {
            return false;
        }
        if (populateBuffer == bArr.length) {
            return true;
        }
        throw new IOException("AES initialization vector not fully read: only " + populateBuffer + " bytes read instead of " + bArr.length);
    }

    public int computeVersionNumber() {
        short s10 = this.keyLength;
        if (s10 == 40) {
            return 1;
        }
        if (s10 == 128 && this.protectionPolicy.isPreferAES()) {
            return 4;
        }
        return this.keyLength == 256 ? 5 : 2;
    }

    public void decrypt(COSBase cOSBase, long j10, long j11) throws IOException {
        if (cOSBase instanceof COSString) {
            if (this.objects.contains(cOSBase)) {
                return;
            }
            this.objects.add(cOSBase);
            decryptString((COSString) cOSBase, j10, j11);
            return;
        }
        if (cOSBase instanceof COSStream) {
            if (this.objects.contains(cOSBase)) {
                return;
            }
            this.objects.add(cOSBase);
            decryptStream((COSStream) cOSBase, j10, j11);
            return;
        }
        if (cOSBase instanceof COSDictionary) {
            decryptDictionary((COSDictionary) cOSBase, j10, j11);
        } else if (cOSBase instanceof COSArray) {
            decryptArray((COSArray) cOSBase, j10, j11);
        }
    }

    public void decryptStream(COSStream cOSStream, long j10, long j11) throws IOException {
        if (COSName.IDENTITY.equals(this.streamFilterName)) {
            return;
        }
        COSName cOSName = cOSStream.getCOSName(COSName.TYPE);
        if ((this.decryptMetadata || !COSName.METADATA.equals(cOSName)) && !COSName.XREF.equals(cOSName)) {
            if (COSName.METADATA.equals(cOSName)) {
                InputStream createRawInputStream = cOSStream.createRawInputStream();
                byte[] bArr = new byte[10];
                IOUtils.populateBuffer(createRawInputStream, bArr);
                createRawInputStream.close();
                if (Arrays.equals(bArr, "<?xpacket ".getBytes(Charsets.ISO_8859_1))) {
                    return;
                }
            }
            decryptDictionary(cOSStream, j10, j11);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(IOUtils.toByteArray(cOSStream.createRawInputStream()));
            OutputStream createRawOutputStream = cOSStream.createRawOutputStream();
            try {
                try {
                    encryptData(j10, j11, byteArrayInputStream, createRawOutputStream, true);
                } catch (IOException e10) {
                    StringBuilder sb = new StringBuilder();
                    sb.append(e10.getClass().getSimpleName());
                    sb.append(" thrown when decrypting object ");
                    sb.append(j10);
                    sb.append(" ");
                    sb.append(j11);
                    sb.append(" obj");
                    throw e10;
                }
            } finally {
                createRawOutputStream.close();
            }
        }
    }

    public void encryptDataRC4(byte[] bArr, InputStream inputStream, OutputStream outputStream) throws IOException {
        this.rc4.b(bArr);
        this.rc4.e(inputStream, outputStream);
    }

    public void encryptDataRC4(byte[] bArr, byte[] bArr2, OutputStream outputStream) throws IOException {
        this.rc4.b(bArr);
        this.rc4.g(bArr2, outputStream);
    }

    public void encryptStream(COSStream cOSStream, long j10, int i10) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(IOUtils.toByteArray(cOSStream.createRawInputStream()));
        OutputStream createRawOutputStream = cOSStream.createRawOutputStream();
        try {
            encryptData(j10, i10, byteArrayInputStream, createRawOutputStream, false);
        } finally {
            createRawOutputStream.close();
        }
    }

    public void encryptString(COSString cOSString, long j10, int i10) throws IOException {
        InputStream byteArrayInputStream = new ByteArrayInputStream(cOSString.getBytes());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        encryptData(j10, i10, byteArrayInputStream, byteArrayOutputStream, false);
        cOSString.setValue(byteArrayOutputStream.toByteArray());
    }

    public AccessPermission getCurrentAccessPermission() {
        return this.currentAccessPermission;
    }

    public byte[] getEncryptionKey() {
        return this.encryptionKey;
    }

    public int getKeyLength() {
        return this.keyLength;
    }

    public ProtectionPolicy getProtectionPolicy() {
        return this.protectionPolicy;
    }

    public boolean hasProtectionPolicy() {
        return this.protectionPolicy != null;
    }

    public boolean isAES() {
        return this.useAES;
    }

    public boolean isDecryptMetadata() {
        return this.decryptMetadata;
    }

    public abstract void prepareDocumentForEncryption(PDDocument pDDocument) throws IOException;

    public abstract void prepareForDecryption(PDEncryption pDEncryption, COSArray cOSArray, DecryptionMaterial decryptionMaterial) throws IOException;

    public void setAES(boolean z10) {
        this.useAES = z10;
    }

    public void setCurrentAccessPermission(AccessPermission accessPermission) {
        this.currentAccessPermission = accessPermission;
    }

    public void setCustomSecureRandom(SecureRandom secureRandom) {
        this.customSecureRandom = secureRandom;
    }

    public void setDecryptMetadata(boolean z10) {
        this.decryptMetadata = z10;
    }

    public void setEncryptionKey(byte[] bArr) {
        this.encryptionKey = bArr;
    }

    public void setKeyLength(int i10) {
        this.keyLength = (short) i10;
    }

    public void setProtectionPolicy(ProtectionPolicy protectionPolicy) {
        this.protectionPolicy = protectionPolicy;
    }

    public void setStreamFilterName(COSName cOSName) {
        this.streamFilterName = cOSName;
    }

    public void setStringFilterName(COSName cOSName) {
        this.stringFilterName = cOSName;
    }
}
