package com.adobe.livecycle.rightsmanagement.client.impl;

import com.adobe.edc.sdk.SDKException;
import com.adobe.idp.dsc.clientsdk.ServiceClientFactory;
import com.adobe.internal.io.ByteArrayByteWriter;
import com.adobe.internal.io.ByteReader;
import com.adobe.internal.io.InputStreamByteReader;
import com.adobe.internal.pdftoolkit.core.credentials.CredentialFactory;
import com.adobe.internal.pdftoolkit.core.credentials.Credentials;
import com.adobe.internal.pdftoolkit.core.credentials.PrivateKeyHolderFactory;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFInvalidDocumentException;
import com.adobe.internal.pdftoolkit.core.permissionprovider.ObjectOperations;
import com.adobe.internal.pdftoolkit.pdf.digsig.PDFDocMDPPermissions;
import com.adobe.internal.pdftoolkit.pdf.document.PDFDocument;
import com.adobe.internal.pdftoolkit.pdf.document.PDFEncryptionType;
import com.adobe.internal.pdftoolkit.pdf.document.PDFOpenOptions;
import com.adobe.internal.pdftoolkit.pdf.document.PDFSaveFullOptions;
import com.adobe.internal.pdftoolkit.pdf.document.PDFSaveIncrementalOptions;
import com.adobe.internal.pdftoolkit.pdf.document.PDFVersion;
import com.adobe.internal.pdftoolkit.pdf.interactive.forms.PDFInteractiveForm;
import com.adobe.internal.pdftoolkit.services.digsig.SigFieldLock;
import com.adobe.internal.pdftoolkit.services.digsig.SignatureFieldInterface;
import com.adobe.internal.pdftoolkit.services.digsig.SignatureManager;
import com.adobe.internal.pdftoolkit.services.digsig.SignatureOptionsUR;
import com.adobe.internal.pdftoolkit.services.permissions.PermissionsManager;
import com.adobe.internal.pdftoolkit.services.xfa.XFAService;
import com.adobe.livecycle.rightsmanagement.client.RightsManagementReaderExtensionService;
import com.adobe.livecycle.rightsmanagement.re.GetUsageRightsResult;
import com.adobe.livecycle.rightsmanagement.re.PDFUsageRightsHelper;
import com.adobe.livecycle.rightsmanagement.re.UbiquityCertificate;
import com.adobe.livecycle.rightsmanagement.re.UsageRights;
import com.rsa.jsafe.provider.JsafeJCE;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;

/* loaded from: input_file:com/adobe/livecycle/rightsmanagement/client/impl/RightsManagementReaderExtensionServiceImpl.class */
public class RightsManagementReaderExtensionServiceImpl implements RightsManagementReaderExtensionService {
    private RightsManagementServiceHelper rightsManagementServiceHelper;
    private Provider provider;

    public RightsManagementReaderExtensionServiceImpl(ServiceClientFactory serviceClientFactory) {
        this.rightsManagementServiceHelper = null;
        this.provider = null;
        this.provider = new JsafeJCE();
        this.rightsManagementServiceHelper = new RightsManagementServiceHelper(serviceClientFactory, this.provider);
    }

    @Override // com.adobe.livecycle.rightsmanagement.client.RightsManagementReaderExtensionService
    public InputStream applyUsageRights(InputStream inputStream, File file, String str, UsageRights usageRights) throws Exception {
        if (inputStream == null || file == null || str == null || usageRights == null) {
            throw new SDKException("Invalid argument.", SDKException.E_INVALID_ARG);
        }
        PDFDocument pDFDocument = null;
        ByteArrayByteWriter byteArrayByteWriter = null;
        InputStreamByteReader inputStreamByteReader = null;
        try {
            try {
                Credentials CredentialsFromKeyStore = CredentialsFromKeyStore(file, str.toCharArray());
                InputStreamByteReader inputStreamByteReader2 = new InputStreamByteReader(inputStream);
                PDFDocument newInstance = PDFDocument.newInstance(inputStreamByteReader2, PDFOpenOptions.newInstance());
                if (newInstance.isEncrypted()) {
                    if (!newInstance.getEncryptionType().equals(PDFEncryptionType.APS)) {
                        throw new SDKException("PDF is encrypted but its not a drm based encryption", 1);
                    }
                    this.rightsManagementServiceHelper.decryptRMProtectedDoc(newInstance, this.provider);
                }
                checkBasicPermissions(newInstance);
                PDFInteractiveForm interactiveForm = newInstance.requireCatalog().getInteractiveForm();
                if (interactiveForm != null && XFAService.isDynamicXFAShellNoAGMRender(newInstance)) {
                    interactiveForm.setNeedAppearances(false);
                }
                PDFUsageRightsHelper newInstance2 = PDFUsageRightsHelper.newInstance(usageRights);
                ByteArrayByteWriter byteArrayByteWriter2 = new ByteArrayByteWriter();
                SignatureManager newInstance3 = SignatureManager.newInstance(newInstance);
                SignatureOptionsUR newInstance4 = SignatureOptionsUR.newInstance();
                constructSignatureOptions(newInstance, newInstance3, newInstance4);
                newInstance3.applyUsageRights(newInstance2.getDocumentRights(), newInstance2.getAnnotationRights(), newInstance2.getEmbeddedFileRights(), newInstance2.getFormRights(), newInstance2.getSignatureRights(), (String) null, false, newInstance4, CredentialsFromKeyStore, byteArrayByteWriter2);
                byteArrayByteWriter2.flush();
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayByteWriter2.toByteArray());
                if (newInstance != null) {
                    newInstance.close();
                }
                if (byteArrayByteWriter2 != null) {
                    byteArrayByteWriter2.close();
                }
                if (inputStreamByteReader2 != null) {
                    inputStreamByteReader2.close();
                }
                return byteArrayInputStream;
            } catch (Exception e) {
                e.printStackTrace();
                throw new SDKException("Apply Rights Failed", SDKException.E_OPERATION_FAILED);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                pDFDocument.close();
            }
            if (0 != 0) {
                byteArrayByteWriter.close();
            }
            if (0 != 0) {
                inputStreamByteReader.close();
            }
            throw th;
        }
    }

    @Override // com.adobe.livecycle.rightsmanagement.client.RightsManagementReaderExtensionService
    public InputStream removeUsageRights(InputStream inputStream) throws Exception {
        if (inputStream == null) {
            throw new SDKException("Input pdf cannot be null", 1);
        }
        ByteArrayByteWriter byteArrayByteWriter = null;
        PDFDocument pDFDocument = null;
        InputStreamByteReader inputStreamByteReader = null;
        try {
            try {
                InputStreamByteReader inputStreamByteReader2 = new InputStreamByteReader(inputStream);
                PDFDocument newInstance = PDFDocument.newInstance(inputStreamByteReader2, PDFOpenOptions.newInstance());
                ByteArrayByteWriter byteArrayByteWriter2 = new ByteArrayByteWriter();
                SignatureManager newInstance2 = SignatureManager.newInstance(newInstance);
                if (newInstance.isEncrypted()) {
                    if (!newInstance.getEncryptionType().equals(PDFEncryptionType.APS) || !this.rightsManagementServiceHelper.decryptRMProtectedDoc(newInstance, this.provider)) {
                        throw new SDKException("PDF is encrypted but its not a drm based encryption", 1);
                    }
                    if (!newInstance2.hasUsageRights()) {
                        throw new SDKException("PDF is encrypted but doesn't have any RE rights to remove", 1);
                    }
                    newInstance2.removeUsageRights();
                } else {
                    if (!newInstance2.hasUsageRights()) {
                        throw new SDKException("PDF doesn't have any RE rights to remove", 1);
                    }
                    newInstance2.removeUsageRights();
                }
                newInstance.save(byteArrayByteWriter2, PDFSaveIncrementalOptions.newInstance());
                byteArrayByteWriter2.flush();
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayByteWriter2.toByteArray());
                if (newInstance != null) {
                    newInstance.close();
                }
                if (byteArrayByteWriter2 != null) {
                    byteArrayByteWriter2.close();
                }
                if (inputStreamByteReader2 != null) {
                    inputStreamByteReader2.close();
                }
                return byteArrayInputStream;
            } catch (Exception e) {
                e.printStackTrace();
                throw new SDKException("Remove Rights Failed", SDKException.E_OPERATION_FAILED);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                pDFDocument.close();
            }
            if (0 != 0) {
                byteArrayByteWriter.close();
            }
            if (0 != 0) {
                inputStreamByteReader.close();
            }
            throw th;
        }
    }

    @Override // com.adobe.livecycle.rightsmanagement.client.RightsManagementReaderExtensionService
    public GetUsageRightsResult getDocumentUsageRights(InputStream inputStream) throws Exception {
        if (inputStream == null) {
            throw new SDKException("Input pdf cannot be null", 1);
        }
        ByteReader byteReader = null;
        PDFDocument pDFDocument = null;
        try {
            try {
                InputStreamByteReader inputStreamByteReader = new InputStreamByteReader(inputStream);
                PDFDocument newInstance = PDFDocument.newInstance(inputStreamByteReader, PDFOpenOptions.newInstance());
                if (newInstance.isEncrypted()) {
                    if (!newInstance.getEncryptionType().equals(PDFEncryptionType.APS)) {
                        throw new SDKException("PDF is encrypted but its not a drm based encryption", 1);
                    }
                    this.rightsManagementServiceHelper.decryptRMProtectedDoc(newInstance, this.provider);
                }
                GetUsageRightsResult usageRightsResult = UbiquityCertificate.getUsageRightsResult(newInstance);
                if (inputStreamByteReader != null) {
                    inputStreamByteReader.close();
                }
                if (newInstance != null) {
                    newInstance.close();
                }
                return usageRightsResult;
            } catch (Exception e) {
                e.printStackTrace();
                throw new SDKException("Getting Document Rights Failed", SDKException.E_OPERATION_FAILED);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                byteReader.close();
            }
            if (0 != 0) {
                pDFDocument.close();
            }
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r0v30, types: [byte[], byte[][]] */
    private Credentials CredentialsFromKeyStore(File file, char[] cArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                keyStore.load(fileInputStream, cArr);
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                Enumeration<String> aliases = keyStore.aliases();
                if (!aliases.hasMoreElements()) {
                    return null;
                }
                String nextElement = aliases.nextElement();
                if (!keyStore.isKeyEntry(nextElement)) {
                    throw new RuntimeException("Unknown entry in jks KeyStore.");
                }
                Key key = keyStore.getKey(nextElement, cArr);
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                ?? r0 = new byte[certificateChain.length];
                for (int i = 0; i < certificateChain.length; i++) {
                    r0[i] = certificateChain[i].getEncoded();
                }
                Certificate certificate = keyStore.getCertificate(nextElement);
                checkExpiration(certificate);
                return CredentialFactory.newInstance().createCredentials(PrivateKeyHolderFactory.newInstance().createPrivateKey(key.getEncoded(), "RSA"), certificate.getEncoded(), (byte[][]) r0);
            } catch (Exception e) {
                e.printStackTrace();
                throw new SDKException("Error processing specified jks file", SDKException.E_OPERATION_FAILED);
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private void checkExpiration(Certificate certificate) throws Exception {
        if (new Date().after(((X509Certificate) certificate).getNotAfter())) {
            throw new SDKException("Expired Credential", SDKException.E_OPERATION_FAILED);
        }
    }

    private void checkBasicPermissions(PDFDocument pDFDocument) throws Exception {
        try {
            PermissionsManager newInstance = PermissionsManager.newInstance(pDFDocument);
            newInstance.disablePermissionProvider("UR");
            newInstance.disablePermissionProvider("XFA");
            newInstance.disablePermissionProvider("Security");
            for (ObjectOperations objectOperations : new ObjectOperations[]{ObjectOperations.FORM_FILLIN, ObjectOperations.FORM_IMPORT, ObjectOperations.FORM_MODIFY, ObjectOperations.FORM_SPAWN_TEMPLATE, ObjectOperations.SIGNATURE_FILLIN}) {
                if (!newInstance.isPermitted(objectOperations)) {
                    throw new Exception("Permission Conflict");
                }
            }
            if (isDocumentSigned(pDFDocument)) {
                Iterator pDFSignatureFieldIterator = SignatureManager.newInstance(pDFDocument).getPDFSignatureFieldIterator();
                while (pDFSignatureFieldIterator.hasNext()) {
                    SignatureFieldInterface signatureFieldInterface = (SignatureFieldInterface) pDFSignatureFieldIterator.next();
                    SigFieldLock fieldLock = signatureFieldInterface.getFieldLock();
                    if (signatureFieldInterface.isSigned() && fieldLock != null && fieldLock.getFieldPermission() == PDFDocMDPPermissions.NoChanges) {
                        throw new Exception("Permission Conflict");
                    }
                }
            }
        } catch (PDFException e) {
            throw new Exception("Access Permissions Failed", e);
        }
    }

    private static void constructSignatureOptions(PDFDocument pDFDocument, SignatureManager signatureManager, SignatureOptionsUR signatureOptionsUR) throws Exception {
        try {
            PDFSaveFullOptions newInstance = (signatureManager.isDocCertified() || isDocumentSigned(pDFDocument)) ? PDFSaveIncrementalOptions.newInstance() : PDFSaveFullOptions.newInstance();
            if (pDFDocument.procureToSaveVersion().lessThan(PDFVersion.v1_6)) {
                newInstance.setVersion(PDFVersion.v1_6);
                signatureOptionsUR.setSaveOptions(newInstance);
            }
        } catch (PDFException e) {
            e.printStackTrace();
            throw new SDKException(SDKException.E_OPERATION_FAILED);
        } catch (PDFInvalidDocumentException e2) {
            e2.printStackTrace();
            throw new SDKException("Invalid Document", SDKException.E_OPERATION_FAILED);
        }
    }

    private static boolean isDocumentSigned(PDFDocument pDFDocument) {
        try {
            PDFInteractiveForm interactiveForm = pDFDocument.getInteractiveForm();
            if (interactiveForm != null) {
                return (interactiveForm.getSigFlags() & 2) > 0;
            }
            return false;
        } catch (PDFException e) {
            e.printStackTrace();
            return false;
        }
    }
}
