package com.itextpdf.kernel.crypto.securityhandler;

import com.itextpdf.io.util.StreamUtil;
import com.itextpdf.kernel.PdfException;
import com.itextpdf.kernel.crypto.securityhandler.EncryptionUtils;
import com.itextpdf.kernel.pdf.PdfArray;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfLiteral;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.security.IExternalDecryptionProcess;
import ee.c;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import ld.f0;
import ld.h0;
import ld.k;
import ld.n;
import ld.o;
import ld.r;
import ld.s;
import ld.u0;
import ld.v0;
import ld.y0;
import le.a;
import le.t;
import pd.f;
import pd.g;
import pd.h;
import pd.m;
import pd.u;
import pd.v;

/* loaded from: classes2.dex */
public abstract class PubKeySecurityHandler extends SecurityHandler {
    public static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final int SEED_LENGTH = 20;
    private static final long serialVersionUID = -6093031394871440268L;
    private List<PublicKeyRecipient> recipients;
    private byte[] seed = EncryptionUtils.generateSeed(20);

    public PubKeySecurityHandler() {
        this.recipients = null;
        this.recipients = new ArrayList();
    }

    private void addRecipient(Certificate certificate, int i10) {
        this.recipients.add(new PublicKeyRecipient(certificate, i10));
    }

    public static byte[] computeGlobalKeyOnReading(PdfDictionary pdfDictionary, PrivateKey privateKey, Certificate certificate, String str, IExternalDecryptionProcess iExternalDecryptionProcess, boolean z10, String str2) {
        PdfName pdfName = PdfName.Recipients;
        PdfArray asArray = pdfDictionary.getAsArray(pdfName);
        if (asArray == null) {
            asArray = pdfDictionary.getAsDictionary(PdfName.CF).getAsDictionary(PdfName.DefaultCryptFilter).getAsArray(pdfName);
        }
        byte[] fetchEnvelopedData = EncryptionUtils.fetchEnvelopedData(privateKey, certificate, str, iExternalDecryptionProcess, asArray);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str2);
            messageDigest.update(fetchEnvelopedData, 0, 20);
            for (int i10 = 0; i10 < asArray.size(); i10++) {
                messageDigest.update(asArray.getAsString(i10).getValueBytes());
            }
            if (!z10) {
                messageDigest.update(new byte[]{-1, -1, -1, -1});
            }
            return messageDigest.digest();
        } catch (Exception e10) {
            throw new PdfException(PdfException.PdfDecryption, (Throwable) e10);
        }
    }

    private m computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) {
        n l10 = new k(new ByteArrayInputStream(x509Certificate.getTBSCertificate())).l();
        t tVar = l10 instanceof t ? (t) l10 : l10 != null ? new t(s.x(l10)) : null;
        a aVar = tVar.f34860d.f34843a;
        return new m(new u(new h(tVar.f34859c, tVar.f34858b.z())), aVar, new u0(EncryptionUtils.cipherBytes(x509Certificate, bArr, aVar)));
    }

    private r createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) {
        EncryptionUtils.DERForRecipientParams calculateDERForRecipientParams = EncryptionUtils.calculateDERForRecipientParams(bArr);
        g gVar = new g(null, new y0(new v(computeRecipientInfo(x509Certificate, calculateDERForRecipientParams.abyte0))), new f(c.f15067y0, calculateDERForRecipientParams.algorithmIdentifier, new u0(calculateDERForRecipientParams.abyte1)), null);
        o oVar = c.A0;
        ld.f fVar = new ld.f(2);
        fVar.a(oVar);
        fVar.a(new h0(0, gVar));
        return new f0(fVar);
    }

    private byte[] getEncodedRecipient(int i10) {
        PublicKeyRecipient publicKeyRecipient = this.recipients.get(i10);
        byte[] cms = publicKeyRecipient.getCms();
        if (cms != null) {
            return cms;
        }
        Certificate certificate = publicKeyRecipient.getCertificate();
        int permission = ((publicKeyRecipient.getPermission() | StandardSecurityHandler.PERMS_MASK_1_FOR_REVISION_3_OR_GREATER) & (-4)) + 1;
        byte[] bArr = new byte[24];
        System.arraycopy(this.seed, 0, bArr, 0, 20);
        bArr[20] = (byte) (permission >> 24);
        bArr[21] = (byte) (permission >> 16);
        bArr[22] = (byte) (permission >> 8);
        bArr[23] = (byte) permission;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new v0(byteArrayOutputStream).o(createDERForRecipient(bArr, (X509Certificate) certificate));
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        publicKeyRecipient.setCms(byteArray);
        return byteArray;
    }

    private PdfArray getEncodedRecipients() {
        PdfArray pdfArray = new PdfArray();
        for (int i10 = 0; i10 < this.recipients.size(); i10++) {
            try {
                pdfArray.add(new PdfLiteral(StreamUtil.createEscapedString(getEncodedRecipient(i10))));
            } catch (IOException | GeneralSecurityException unused) {
                return null;
            }
        }
        return pdfArray;
    }

    private int getRecipientsSize() {
        return this.recipients.size();
    }

    private byte[] getSeed() {
        byte[] bArr = this.seed;
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    public void addAllRecipients(Certificate[] certificateArr, int[] iArr) {
        if (certificateArr != null) {
            for (int i10 = 0; i10 < certificateArr.length; i10++) {
                addRecipient(certificateArr[i10], iArr[i10]);
            }
        }
    }

    public byte[] computeGlobalKey(String str, boolean z10) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(getSeed());
            for (int i10 = 0; i10 < getRecipientsSize(); i10++) {
                messageDigest.update(getEncodedRecipient(i10));
            }
            if (!z10) {
                messageDigest.update(new byte[]{-1, -1, -1, -1});
            }
            return messageDigest.digest();
        } catch (Exception e10) {
            throw new PdfException(PdfException.PdfEncryption, (Throwable) e10);
        }
    }

    public PdfArray createRecipientsArray() {
        try {
            return getEncodedRecipients();
        } catch (Exception e10) {
            throw new PdfException(PdfException.PdfEncryption, (Throwable) e10);
        }
    }

    public abstract String getDigestAlgorithm();

    public abstract void initKey(byte[] bArr, int i10);

    public void initKeyAndFillDictionary(PdfDictionary pdfDictionary, Certificate[] certificateArr, int[] iArr, boolean z10, boolean z11) {
        addAllRecipients(certificateArr, iArr);
        Integer asInt = pdfDictionary.getAsInt(PdfName.Length);
        initKey(computeGlobalKey(getDigestAlgorithm(), z10), asInt != null ? asInt.intValue() : 40);
        setPubSecSpecificHandlerDicEntries(pdfDictionary, z10, z11);
    }

    public void initKeyAndReadDictionary(PdfDictionary pdfDictionary, Key key, Certificate certificate, String str, IExternalDecryptionProcess iExternalDecryptionProcess, boolean z10) {
        byte[] computeGlobalKeyOnReading = computeGlobalKeyOnReading(pdfDictionary, (PrivateKey) key, certificate, str, iExternalDecryptionProcess, z10, getDigestAlgorithm());
        Integer asInt = pdfDictionary.getAsInt(PdfName.Length);
        initKey(computeGlobalKeyOnReading, asInt != null ? asInt.intValue() : 40);
    }

    public abstract void setPubSecSpecificHandlerDicEntries(PdfDictionary pdfDictionary, boolean z10, boolean z11);
}
