package cz;

import androidx.core.os.EnvironmentCompat;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.OriginatorInfo;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.KeyTransRecipientId;
import org.bouncycastle.cms.RecipientId;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public final class j extends m {
    public static final String FILTER = "Adobe.PubSec";

    public j() {
    }

    public j(h hVar) {
        setProtectionPolicy(hVar);
        setKeyLength(hVar.getEncryptionKeyLength());
    }

    public final void k(StringBuilder sb2, KeyTransRecipientId keyTransRecipientId, X509Certificate x509Certificate, X509CertificateHolder x509CertificateHolder) {
        BigInteger serialNumber = keyTransRecipientId.getSerialNumber();
        if (serialNumber != null) {
            BigInteger serialNumber2 = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber2 != null ? serialNumber2.toString(16) : EnvironmentCompat.MEDIA_UNKNOWN;
            sb2.append("serial-#: rid ");
            sb2.append(serialNumber.toString(16));
            sb2.append(" vs. cert ");
            sb2.append(bigInteger);
            sb2.append(" issuer: rid '");
            sb2.append(keyTransRecipientId.getIssuer());
            sb2.append("' vs. cert '");
            sb2.append(x509CertificateHolder == null ? "null" : x509CertificateHolder.getIssuer());
            sb2.append("' ");
        }
    }

    public final KeyTransRecipientInfo l(X509Certificate x509Certificate, byte[] bArr) {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(x509Certificate.getTBSCertificate());
        TBSCertificate tBSCertificate = TBSCertificate.getInstance(aSN1InputStream.readObject());
        aSN1InputStream.close();
        AlgorithmIdentifier algorithm = tBSCertificate.getSubjectPublicKeyInfo().getAlgorithm();
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(tBSCertificate.getIssuer(), tBSCertificate.getSerialNumber().getValue());
        try {
            Cipher cipher = Cipher.getInstance(algorithm.getAlgorithm().getId(), o.getProvider());
            cipher.init(1, x509Certificate.getPublicKey());
            return new KeyTransRecipientInfo(new RecipientIdentifier(issuerAndSerialNumber), algorithm, new DEROctetString(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        } catch (NoSuchPaddingException e12) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e12);
        }
    }

    public final byte[][] m(byte[] bArr) {
        h hVar = (h) getProtectionPolicy();
        byte[][] bArr2 = new byte[hVar.getNumberOfRecipients()];
        Iterator<i> recipientsIterator = hVar.getRecipientsIterator();
        int i11 = 0;
        while (recipientsIterator.hasNext()) {
            i next = recipientsIterator.next();
            X509Certificate x509 = next.getX509();
            int permissionBytesForPublicKey = next.getPermission().getPermissionBytesForPublicKey();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (permissionBytesForPublicKey >>> 24);
            bArr3[21] = (byte) (permissionBytesForPublicKey >>> 16);
            bArr3[22] = (byte) (permissionBytesForPublicKey >>> 8);
            bArr3[23] = (byte) permissionBytesForPublicKey;
            ASN1Primitive n11 = n(bArr3, x509);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            n11.encodeTo(byteArrayOutputStream, "DER");
            bArr2[i11] = byteArrayOutputStream.toByteArray();
            i11++;
        }
        return bArr2;
    }

    public final ASN1Primitive n(byte[] bArr, X509Certificate x509Certificate) {
        String id2 = PKCSObjectIdentifiers.RC2_CBC.getId();
        try {
            Provider provider = o.getProvider();
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(id2, provider);
            KeyGenerator keyGenerator = KeyGenerator.getInstance(id2, provider);
            Cipher cipher = Cipher.getInstance(id2, provider);
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            ASN1InputStream aSN1InputStream = new ASN1InputStream(generateParameters.getEncoded("ASN.1"));
            ASN1Primitive readObject = aSN1InputStream.readObject();
            aSN1InputStream.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            return new ContentInfo(PKCSObjectIdentifiers.envelopedData, new EnvelopedData((OriginatorInfo) null, new DERSet(new RecipientInfo(l(x509Certificate, generateKey.getEncoded()))), new EncryptedContentInfo(PKCSObjectIdentifiers.data, new AlgorithmIdentifier(new ASN1ObjectIdentifier(id2), readObject), new DEROctetString(cipher.doFinal(bArr))), (ASN1Set) null)).toASN1Primitive();
        } catch (NoSuchAlgorithmException e11) {
            throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + id2 + "; possible reason: using an unsigned .jar file", e11);
        } catch (NoSuchPaddingException e12) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e12);
        }
    }

    public final void o(e eVar, oy.i iVar, byte[][] bArr) {
        d dVar = new d();
        dVar.setCryptFilterMethod(iVar);
        dVar.setLength(getKeyLength());
        oy.a aVar = new oy.a();
        for (byte[] bArr2 : bArr) {
            aVar.add((oy.b) new oy.p(bArr2));
        }
        dVar.getCOSObject().setItem(oy.i.RECIPIENTS, (oy.b) aVar);
        aVar.setDirect(true);
        eVar.setDefaultCryptFilterDictionary(dVar);
        oy.i iVar2 = oy.i.DEFAULT_CRYPT_FILTER;
        eVar.setStreamFilterName(iVar2);
        eVar.setStringFilterName(iVar2);
        dVar.getCOSObject().setDirect(true);
        setAES(true);
    }

    @Override // cz.m
    public void prepareDocumentForEncryption(ty.e eVar) throws IOException {
        byte[] digest;
        try {
            e encryption = eVar.getEncryption();
            if (encryption == null) {
                encryption = new e();
            }
            encryption.setFilter(FILTER);
            encryption.setLength(getKeyLength());
            int computeVersionNumber = computeVersionNumber();
            encryption.setVersion(computeVersionNumber);
            encryption.removeV45filters();
            int i11 = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                byte[][] m11 = m(bArr);
                int i12 = 20;
                for (byte[] bArr2 : m11) {
                    i12 += bArr2.length;
                }
                byte[] bArr3 = new byte[i12];
                System.arraycopy(bArr, 0, bArr3, 0, 20);
                for (byte[] bArr4 : m11) {
                    System.arraycopy(bArr4, 0, bArr3, i11, bArr4.length);
                    i11 += bArr4.length;
                }
                if (computeVersionNumber == 4) {
                    encryption.setSubFilter("adbe.pkcs7.s5");
                    digest = c.b().digest(bArr3);
                    o(encryption, oy.i.AESV2, m11);
                } else if (computeVersionNumber != 5) {
                    encryption.setSubFilter("adbe.pkcs7.s4");
                    digest = c.b().digest(bArr3);
                    encryption.setRecipients(m11);
                } else {
                    encryption.setSubFilter("adbe.pkcs7.s5");
                    digest = c.c().digest(bArr3);
                    o(encryption, oy.i.AESV3, m11);
                }
                setEncryptionKey(new byte[getKeyLength() / 8]);
                System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
                eVar.setEncryptionDictionary(encryption);
                eVar.getDocument().setEncryptionDictionary(encryption.getCOSObject());
            } catch (NoSuchAlgorithmException e11) {
                throw new RuntimeException(e11);
            }
        } catch (GeneralSecurityException e12) {
            throw new IOException(e12);
        }
    }

    @Override // cz.m
    public void prepareForDecryption(e eVar, oy.a aVar, b bVar) throws IOException {
        boolean z11;
        byte[] digest;
        boolean z12;
        g gVar;
        if (!(bVar instanceof g)) {
            throw new IOException("Provided decryption material is not compatible with the document - did you pass a null keyStore?");
        }
        d defaultCryptFilterDictionary = eVar.getDefaultCryptFilterDictionary();
        if (defaultCryptFilterDictionary != null && defaultCryptFilterDictionary.getLength() != 0) {
            setKeyLength(defaultCryptFilterDictionary.getLength());
            setDecryptMetadata(defaultCryptFilterDictionary.isEncryptMetaData());
        } else if (eVar.getLength() != 0) {
            setKeyLength(eVar.getLength());
            setDecryptMetadata(eVar.isEncryptMetaData());
        }
        g gVar2 = (g) bVar;
        try {
            X509Certificate certificate = gVar2.getCertificate();
            byte[] bArr = null;
            X509CertificateHolder x509CertificateHolder = certificate != null ? new X509CertificateHolder(certificate.getEncoded()) : null;
            oy.d cOSObject = eVar.getCOSObject();
            oy.i iVar = oy.i.RECIPIENTS;
            oy.a cOSArray = cOSObject.getCOSArray(iVar);
            if (cOSArray == null && defaultCryptFilterDictionary != null) {
                cOSArray = defaultCryptFilterDictionary.getCOSObject().getCOSArray(iVar);
            }
            if (cOSArray == null) {
                throw new IOException("/Recipients entry is missing in encryption dictionary");
            }
            int size = cOSArray.size();
            byte[][] bArr2 = new byte[size];
            StringBuilder sb2 = new StringBuilder();
            int i11 = 0;
            boolean z13 = false;
            int i12 = 0;
            while (i11 < cOSArray.size()) {
                byte[] bytes = ((oy.p) cOSArray.getObject(i11)).getBytes();
                Iterator<RecipientInformation> it = new CMSEnvelopedData(bytes).getRecipientInfos().getRecipients().iterator();
                int i13 = 0;
                while (true) {
                    if (!it.hasNext()) {
                        gVar = gVar2;
                        break;
                    }
                    RecipientInformation next = it.next();
                    Iterator<RecipientInformation> it2 = it;
                    RecipientId rid = next.getRID();
                    if (!z13 && rid.match(x509CertificateHolder)) {
                        bArr = next.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) gVar2.getPrivateKey()));
                        gVar = gVar2;
                        z13 = true;
                        break;
                    }
                    g gVar3 = gVar2;
                    int i14 = i13 + 1;
                    if (certificate != null) {
                        sb2.append('\n');
                        sb2.append(i14);
                        sb2.append(": ");
                        if (rid instanceof KeyTransRecipientId) {
                            k(sb2, (KeyTransRecipientId) rid, certificate, x509CertificateHolder);
                        }
                    }
                    i13 = i14;
                    it = it2;
                    gVar2 = gVar3;
                }
                bArr2[i11] = bytes;
                i12 += bytes.length;
                i11++;
                gVar2 = gVar;
            }
            if (!z13 || bArr == null) {
                throw new IOException("The certificate matches none of " + cOSArray.size() + " recipient entries" + sb2.toString());
            }
            if (bArr.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            int i15 = 20;
            System.arraycopy(bArr, 20, bArr3, 0, 4);
            a aVar2 = new a(bArr3);
            aVar2.setReadOnly();
            setCurrentAccessPermission(aVar2);
            int i16 = i12 + 20;
            byte[] bArr4 = new byte[i16];
            int i17 = 0;
            System.arraycopy(bArr, 0, bArr4, 0, 20);
            int i18 = 0;
            while (i18 < size) {
                byte[] bArr5 = bArr2[i18];
                System.arraycopy(bArr5, i17, bArr4, i15, bArr5.length);
                i15 += bArr5.length;
                i18++;
                i17 = 0;
            }
            if (eVar.getVersion() != 4 && eVar.getVersion() != 5) {
                digest = c.b().digest(bArr4);
                setEncryptionKey(new byte[getKeyLength() / 8]);
                System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
            }
            if (isDecryptMetadata()) {
                z11 = true;
            } else {
                bArr4 = Arrays.copyOf(bArr4, i16 + 4);
                z11 = true;
                System.arraycopy(new byte[]{-1, -1, -1, -1}, 0, bArr4, bArr4.length - 4, 4);
            }
            digest = eVar.getVersion() == 4 ? c.b().digest(bArr4) : c.c().digest(bArr4);
            if (defaultCryptFilterDictionary != null) {
                oy.i cryptFilterMethod = defaultCryptFilterDictionary.getCryptFilterMethod();
                if (!oy.i.AESV2.equals(cryptFilterMethod) && !oy.i.AESV3.equals(cryptFilterMethod)) {
                    z12 = false;
                    setAES(z12);
                }
                z12 = z11;
                setAES(z12);
            }
            setEncryptionKey(new byte[getKeyLength() / 8]);
            System.arraycopy(digest, 0, getEncryptionKey(), 0, getKeyLength() / 8);
        } catch (KeyStoreException e11) {
            throw new IOException(e11);
        } catch (CertificateEncodingException e12) {
            throw new IOException(e12);
        } catch (CMSException e13) {
            throw new IOException(e13);
        }
    }
}
