package com.tom_roush.pdfbox.pdmodel.encryption;

import ii.p;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import oi.i;
import org.bouncycastle.asn1.j1;
import org.bouncycastle.asn1.l;
import org.bouncycastle.asn1.o1;
import org.bouncycastle.asn1.q;
import org.bouncycastle.asn1.t;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import rp.a0;
import rp.r;
import rp.z;
import zo.j;
import zo.s;

/* compiled from: PublicKeySecurityHandler.java */
/* loaded from: classes2.dex */
public final class c extends f {
    public c() {
    }

    public c(oi.f fVar) {
        E(fVar);
        D(fVar.a());
    }

    private void H(StringBuilder sb2, r rVar, X509Certificate x509Certificate, X509CertificateHolder x509CertificateHolder) {
        BigInteger b10 = rVar.b();
        if (b10 != null) {
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber != null ? serialNumber.toString(16) : "unknown";
            sb2.append("serial-#: rid ");
            sb2.append(b10.toString(16));
            sb2.append(" vs. cert ");
            sb2.append(bigInteger);
            sb2.append(" issuer: rid '");
            sb2.append(rVar.a());
            sb2.append("' vs. cert '");
            sb2.append(x509CertificateHolder == null ? "null" : x509CertificateHolder.b());
            sb2.append("' ");
        }
    }

    private j I(X509Certificate x509Certificate, byte[] bArr) {
        l lVar = new l(x509Certificate.getTBSCertificate());
        op.g r10 = op.g.r(lVar.m());
        lVar.close();
        op.a o10 = r10.v().o();
        zo.e eVar = new zo.e(r10.t(), r10.u().J());
        try {
            Cipher cipher = Cipher.getInstance(o10.o().L(), i.a());
            cipher.init(1, x509Certificate.getPublicKey());
            return new j(new zo.r(eVar), o10, new j1(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e10) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    private byte[][] J(byte[] bArr) {
        oi.f fVar = (oi.f) s();
        byte[][] bArr2 = new byte[fVar.c()];
        Iterator<oi.g> d10 = fVar.d();
        int i10 = 0;
        while (d10.hasNext()) {
            oi.g next = d10.next();
            X509Certificate b10 = next.b();
            int g10 = next.a().g();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (g10 >>> 24);
            bArr3[21] = (byte) (g10 >>> 16);
            bArr3[22] = (byte) (g10 >>> 8);
            bArr3[23] = (byte) g10;
            t K = K(bArr3, b10);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            K.v(byteArrayOutputStream, "DER");
            bArr2[i10] = byteArrayOutputStream.toByteArray();
            i10++;
        }
        return bArr2;
    }

    private t K(byte[] bArr, X509Certificate x509Certificate) {
        String L = ip.a.E.L();
        try {
            Provider a10 = i.a();
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(L, a10);
            KeyGenerator keyGenerator = KeyGenerator.getInstance(L, a10);
            Cipher cipher = Cipher.getInstance(L, a10);
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            l lVar = new l(generateParameters.getEncoded("ASN.1"));
            t m10 = lVar.m();
            lVar.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            return new zo.b(ip.a.U, new zo.d(null, new o1(new s(I(x509Certificate, generateKey.getEncoded()))), new zo.c(ip.a.S, new op.a(new q(L), m10), new j1(cipher.doFinal(bArr))), null)).f();
        } catch (NoSuchAlgorithmException e10) {
            throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + L + "; possible reason: using an unsigned .jar file", e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    private void L(oi.c cVar, ii.i iVar, byte[][] bArr) {
        oi.b bVar = new oi.b();
        bVar.e(iVar);
        bVar.f(r());
        ii.a aVar = new ii.a();
        for (byte[] bArr2 : bArr) {
            aVar.Z(new p(bArr2));
        }
        bVar.a().t2(ii.i.C7, aVar);
        aVar.B(true);
        cVar.u(bVar);
        ii.i iVar2 = ii.i.f21025p2;
        cVar.E(iVar2);
        cVar.F(iVar2);
        bVar.a().B(true);
        z(true);
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.f
    public void x(ni.b bVar) {
        byte[] digest;
        try {
            oi.c d10 = bVar.d();
            if (d10 == null) {
                d10 = new oi.c();
            }
            d10.v("Adobe.PubSec");
            d10.w(r());
            int b10 = b();
            d10.J(b10);
            d10.s();
            int i10 = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                byte[][] J = J(bArr);
                int i11 = 20;
                for (byte[] bArr2 : J) {
                    i11 += bArr2.length;
                }
                byte[] bArr3 = new byte[i11];
                System.arraycopy(bArr, 0, bArr3, 0, 20);
                for (byte[] bArr4 : J) {
                    System.arraycopy(bArr4, 0, bArr3, i10, bArr4.length);
                    i10 += bArr4.length;
                }
                if (b10 == 4) {
                    d10.G("adbe.pkcs7.s5");
                    digest = b.b().digest(bArr3);
                    L(d10, ii.i.Y, J);
                } else if (b10 != 5) {
                    d10.G("adbe.pkcs7.s4");
                    digest = b.b().digest(bArr3);
                    d10.B(J);
                } else {
                    d10.G("adbe.pkcs7.s5");
                    digest = b.c().digest(bArr3);
                    L(d10, ii.i.Z, J);
                }
                C(new byte[r() / 8]);
                System.arraycopy(digest, 0, q(), 0, r() / 8);
                bVar.q(d10);
                bVar.a().l2(d10.a());
            } catch (NoSuchAlgorithmException e10) {
                throw new RuntimeException(e10);
            }
        } catch (GeneralSecurityException e11) {
            throw new IOException(e11);
        }
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.f
    public void y(oi.c cVar, ii.a aVar, oi.a aVar2) {
        byte[] digest;
        boolean z10;
        oi.e eVar;
        if (!(aVar2 instanceof oi.e)) {
            throw new IOException("Provided decryption material is not compatible with the document - did you pass a null keyStore?");
        }
        oi.b c10 = cVar.c();
        if (c10 != null && c10.c() != 0) {
            D(c10.c());
            B(c10.d());
        } else if (cVar.e() != 0) {
            D(cVar.e());
            B(cVar.r());
        }
        oi.e eVar2 = (oi.e) aVar2;
        try {
            X509Certificate a10 = eVar2.a();
            byte[] bArr = null;
            X509CertificateHolder x509CertificateHolder = a10 != null ? new X509CertificateHolder(a10.getEncoded()) : null;
            ii.d a11 = cVar.a();
            ii.i iVar = ii.i.C7;
            ii.a q12 = a11.q1(iVar);
            if (q12 == null && c10 != null) {
                q12 = c10.a().q1(iVar);
            }
            if (q12 == null) {
                throw new IOException("/Recipients entry is missing in encryption dictionary");
            }
            int size = q12.size();
            byte[][] bArr2 = new byte[size];
            StringBuilder sb2 = new StringBuilder();
            int i10 = 0;
            boolean z11 = false;
            int i11 = 0;
            while (i10 < q12.size()) {
                byte[] Z = ((p) q12.B0(i10)).Z();
                Iterator<a0> it = new rp.c(Z).a().b().iterator();
                int i12 = 0;
                while (true) {
                    if (!it.hasNext()) {
                        eVar = eVar2;
                        break;
                    }
                    a0 next = it.next();
                    Iterator<a0> it2 = it;
                    z c11 = next.c();
                    if (!z11 && c11.M1(x509CertificateHolder)) {
                        bArr = next.a(new sp.e((PrivateKey) eVar2.b()));
                        eVar = eVar2;
                        z11 = true;
                        break;
                    }
                    oi.e eVar3 = eVar2;
                    int i13 = i12 + 1;
                    if (a10 != null) {
                        sb2.append('\n');
                        sb2.append(i13);
                        sb2.append(": ");
                        if (c11 instanceof r) {
                            H(sb2, (r) c11, a10, x509CertificateHolder);
                        }
                    }
                    i12 = i13;
                    it = it2;
                    eVar2 = eVar3;
                }
                bArr2[i10] = Z;
                i11 += Z.length;
                i10++;
                eVar2 = eVar;
            }
            if (!z11 || bArr == null) {
                throw new IOException("The certificate matches none of " + q12.size() + " recipient entries" + sb2.toString());
            }
            if (bArr.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            int i14 = 20;
            System.arraycopy(bArr, 20, bArr3, 0, 4);
            a aVar3 = new a(bArr3);
            aVar3.s();
            A(aVar3);
            int i15 = i11 + 20;
            byte[] bArr4 = new byte[i15];
            int i16 = 0;
            System.arraycopy(bArr, 0, bArr4, 0, 20);
            int i17 = 0;
            while (i17 < size) {
                byte[] bArr5 = bArr2[i17];
                System.arraycopy(bArr5, i16, bArr4, i14, bArr5.length);
                i14 += bArr5.length;
                i17++;
                i16 = 0;
            }
            if (cVar.q() != 4 && cVar.q() != 5) {
                digest = b.b().digest(bArr4);
                C(new byte[r() / 8]);
                System.arraycopy(digest, 0, q(), 0, r() / 8);
            }
            if (!v()) {
                bArr4 = ar.a.g(bArr4, i15 + 4);
                System.arraycopy(new byte[]{-1, -1, -1, -1}, 0, bArr4, bArr4.length - 4, 4);
            }
            digest = cVar.q() == 4 ? b.b().digest(bArr4) : b.c().digest(bArr4);
            if (c10 != null) {
                ii.i b10 = c10.b();
                if (!ii.i.Y.equals(b10) && !ii.i.Z.equals(b10)) {
                    z10 = false;
                    z(z10);
                }
                z10 = true;
                z(z10);
            }
            C(new byte[r() / 8]);
            System.arraycopy(digest, 0, q(), 0, r() / 8);
        } catch (KeyStoreException e10) {
            throw new IOException(e10);
        } catch (CertificateEncodingException e11) {
            throw new IOException(e11);
        } catch (CMSException e12) {
            throw new IOException(e12);
        }
    }
}
