package org.apache.pdfbox.pdmodel.encryption;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.pdfbox.cos.COSArray;
import org.apache.pdfbox.cos.COSString;
import org.apache.pdfbox.exceptions.CryptographyException;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.OriginatorInfo;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: input_file:BOOT-INF/lib/pdfbox-1.8.12.jar:org/apache/pdfbox/pdmodel/encryption/PublicKeySecurityHandler.class */
public class PublicKeySecurityHandler extends SecurityHandler {
    private static final Log LOG = LogFactory.getLog(PublicKeySecurityHandler.class);
    public static final String FILTER = "Adobe.PubSec";
    private static final String SUBFILTER = "adbe.pkcs7.s4";
    private PublicKeyProtectionPolicy policy;

    public PublicKeySecurityHandler() {
        this.policy = null;
    }

    public PublicKeySecurityHandler(PublicKeyProtectionPolicy publicKeyProtectionPolicy) {
        this.policy = null;
        this.policy = publicKeyProtectionPolicy;
        this.keyLength = this.policy.getEncryptionKeyLength();
    }

    @Override // org.apache.pdfbox.pdmodel.encryption.SecurityHandler
    public void decryptDocument(PDDocument pDDocument, DecryptionMaterial decryptionMaterial) throws CryptographyException, IOException {
        this.document = pDDocument;
        prepareForDecryption(pDDocument.getEncryptionDictionary(), pDDocument.getDocument().getDocumentID(), decryptionMaterial);
        proceedDecryption();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareForDecryption(PDEncryptionDictionary pDEncryptionDictionary, COSArray cOSArray, DecryptionMaterial decryptionMaterial) throws CryptographyException, IOException {
        if (!(decryptionMaterial instanceof PublicKeyDecryptionMaterial)) {
            throw new CryptographyException("Provided decryption material is not compatible with the document");
        }
        this.decryptMetadata = pDEncryptionDictionary.isEncryptMetaData();
        if (pDEncryptionDictionary.getLength() != 0) {
            this.keyLength = pDEncryptionDictionary.getLength();
        }
        PublicKeyDecryptionMaterial publicKeyDecryptionMaterial = (PublicKeyDecryptionMaterial) decryptionMaterial;
        try {
            boolean z = false;
            byte[] bArr = null;
            byte[] bArr2 = new byte[pDEncryptionDictionary.getRecipientsLength()];
            int i = 0;
            for (int i2 = 0; i2 < pDEncryptionDictionary.getRecipientsLength(); i2++) {
                byte[] bytes = pDEncryptionDictionary.getRecipientStringAt(i2).getBytes();
                Iterator<RecipientInformation> it = new CMSEnvelopedData(bytes).getRecipientInfos().getRecipients().iterator();
                while (true) {
                    if (it.hasNext()) {
                        RecipientInformation next = it.next();
                        if (next.getRID().match((Certificate) publicKeyDecryptionMaterial.getCertificate()) && !z) {
                            z = true;
                            bArr = next.getContent(publicKeyDecryptionMaterial.getPrivateKey(), BouncyCastleProvider.PROVIDER_NAME);
                            break;
                        }
                    }
                }
                bArr2[i2] = bytes;
                i += bytes.length;
            }
            if (!z || bArr == null) {
                throw new CryptographyException("The certificate matches no recipient entry");
            }
            if (bArr.length != 24) {
                throw new CryptographyException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            System.arraycopy(bArr, 20, bArr3, 0, 4);
            this.currentAccessPermission = new AccessPermission(bArr3);
            this.currentAccessPermission.setReadOnly();
            byte[] bArr4 = new byte[i + 20];
            System.arraycopy(bArr, 0, bArr4, 0, 20);
            int i3 = 20;
            for (int i4 = 0; i4 < bArr2.length; i4++) {
                System.arraycopy(bArr2[i4], 0, bArr4, i3, bArr2[i4].length);
                i3 += bArr2[i4].length;
            }
            byte[] digest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1).digest(bArr4);
            this.encryptionKey = new byte[this.keyLength / 8];
            System.arraycopy(digest, 0, this.encryptionKey, 0, this.keyLength / 8);
        } catch (KeyStoreException e) {
            throw new CryptographyException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CryptographyException(e2);
        } catch (NoSuchProviderException e3) {
            throw new CryptographyException(e3);
        } catch (CMSException e4) {
            throw new CryptographyException(e4);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v15, types: [byte[], byte[][]] */
    @Override // org.apache.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareDocumentForEncryption(PDDocument pDDocument) throws CryptographyException {
        try {
            PDEncryptionDictionary encryptionDictionary = pDDocument.getEncryptionDictionary();
            if (encryptionDictionary == null) {
                encryptionDictionary = new PDEncryptionDictionary();
            }
            encryptionDictionary.setFilter(FILTER);
            encryptionDictionary.setLength(this.keyLength);
            encryptionDictionary.setVersion(2);
            encryptionDictionary.removeV45filters();
            encryptionDictionary.setSubFilter(SUBFILTER);
            ?? r0 = new byte[this.policy.getRecipientsNumber()];
            byte[] bArr = new byte[20];
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(192, new SecureRandom());
            System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
            Iterator recipientsIterator = this.policy.getRecipientsIterator();
            int i = 0;
            while (recipientsIterator.hasNext()) {
                PublicKeyRecipient publicKeyRecipient = (PublicKeyRecipient) recipientsIterator.next();
                X509Certificate x509 = publicKeyRecipient.getX509();
                int permissionBytesForPublicKey = publicKeyRecipient.getPermission().getPermissionBytesForPublicKey();
                byte[] bArr2 = new byte[24];
                byte b = (byte) permissionBytesForPublicKey;
                System.arraycopy(bArr, 0, bArr2, 0, 20);
                bArr2[20] = (byte) (permissionBytesForPublicKey >>> 24);
                bArr2[21] = (byte) (permissionBytesForPublicKey >>> 16);
                bArr2[22] = (byte) (permissionBytesForPublicKey >>> 8);
                bArr2[23] = b;
                DERObject createDERForRecipient = createDERForRecipient(bArr2, x509);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                new DEROutputStream(byteArrayOutputStream).writeObject(createDERForRecipient);
                r0[i] = byteArrayOutputStream.toByteArray();
                i++;
            }
            encryptionDictionary.setRecipients(r0);
            int length = bArr.length;
            for (int i2 = 0; i2 < encryptionDictionary.getRecipientsLength(); i2++) {
                length += encryptionDictionary.getRecipientStringAt(i2).getBytes().length;
            }
            byte[] bArr3 = new byte[length];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            int i3 = 20;
            for (int i4 = 0; i4 < encryptionDictionary.getRecipientsLength(); i4++) {
                COSString recipientStringAt = encryptionDictionary.getRecipientStringAt(i4);
                System.arraycopy(recipientStringAt.getBytes(), 0, bArr3, i3, recipientStringAt.getBytes().length);
                i3 += recipientStringAt.getBytes().length;
            }
            byte[] digest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1).digest(bArr3);
            this.encryptionKey = new byte[this.keyLength / 8];
            System.arraycopy(digest, 0, this.encryptionKey, 0, this.keyLength / 8);
            pDDocument.setEncryptionDictionary(encryptionDictionary);
            pDDocument.getDocument().setEncryptionDictionary(encryptionDictionary.encryptionDictionary);
        } catch (NoSuchAlgorithmException e) {
            throw new CryptographyException(e);
        } catch (NoSuchProviderException e2) {
            throw new CryptographyException(e2);
        } catch (Exception e3) {
            LOG.error(e3, e3);
            throw new CryptographyException(e3);
        }
    }

    private DERObject createDERForRecipient(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        AlgorithmParameters generateParameters = AlgorithmParameterGenerator.getInstance("1.2.840.113549.3.2").generateParameters();
        DERObject readObject = new ASN1InputStream(new ByteArrayInputStream(generateParameters.getEncoded("ASN.1"))).readObject();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("1.2.840.113549.3.2");
        keyGenerator.init(128);
        SecretKey generateKey = keyGenerator.generateKey();
        Cipher cipher = Cipher.getInstance("1.2.840.113549.3.2");
        cipher.init(1, generateKey, generateParameters);
        DEROctetString dEROctetString = new DEROctetString(cipher.doFinal(bArr));
        return new ContentInfo(PKCSObjectIdentifiers.envelopedData, (DEREncodable) new EnvelopedData((OriginatorInfo) null, new DERSet((DEREncodable) new RecipientInfo(computeRecipientInfo(x509Certificate, generateKey.getEncoded()))), new EncryptedContentInfo(PKCSObjectIdentifiers.data, new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.3.2"), (DEREncodable) readObject), (ASN1OctetString) dEROctetString), (ASN1Set) null)).getDERObject();
    }

    private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509Certificate, byte[] bArr) throws GeneralSecurityException, IOException {
        TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(new ASN1InputStream(new ByteArrayInputStream(x509Certificate.getTBSCertificate())).readObject());
        AlgorithmIdentifier algorithmId = tBSCertificateStructure.getSubjectPublicKeyInfo().getAlgorithmId();
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(tBSCertificateStructure.getIssuer(), tBSCertificateStructure.getSerialNumber().getValue());
        Cipher cipher = Cipher.getInstance(algorithmId.getObjectId().getId());
        cipher.init(1, x509Certificate.getPublicKey());
        return new KeyTransRecipientInfo(new RecipientIdentifier(issuerAndSerialNumber), algorithmId, new DEROctetString(cipher.doFinal(bArr)));
    }

    @Override // org.apache.pdfbox.pdmodel.encryption.SecurityHandler
    public boolean hasProtectionPolicy() {
        return this.policy != null;
    }
}
