package org.sejda.sambox.pdmodel.encryption;

import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.KeyTransRecipientId;
import org.bouncycastle.cms.RecipientId;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.sejda.sambox.cos.COSArray;
import org.sejda.sambox.cos.COSName;
import org.sejda.sambox.cos.COSString;

/* loaded from: input_file:org/sejda/sambox/pdmodel/encryption/PublicKeySecurityHandler.class */
public final class PublicKeySecurityHandler extends SecurityHandler {
    public static final String FILTER = "Adobe.PubSec";
    private PublicKeyProtectionPolicy policy;

    public PublicKeySecurityHandler() {
        this.policy = null;
    }

    public PublicKeySecurityHandler(PublicKeyProtectionPolicy publicKeyProtectionPolicy) {
        this.policy = null;
        this.policy = publicKeyProtectionPolicy;
        this.keyLength = this.policy.getEncryptionKeyLength();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.sejda.sambox.pdmodel.encryption.SecurityHandler
    public void prepareForDecryption(PDEncryption pDEncryption, COSArray cOSArray, DecryptionMaterial decryptionMaterial) throws IOException {
        byte[] digest;
        if (!(decryptionMaterial instanceof PublicKeyDecryptionMaterial)) {
            throw new IOException("Provided decryption material is not compatible with the document");
        }
        setDecryptMetadata(pDEncryption.isEncryptMetaData());
        if (pDEncryption.getLength() != 0) {
            this.keyLength = pDEncryption.getLength();
        }
        PublicKeyDecryptionMaterial publicKeyDecryptionMaterial = (PublicKeyDecryptionMaterial) decryptionMaterial;
        try {
            boolean z = false;
            X509Certificate certificate = publicKeyDecryptionMaterial.getCertificate();
            X509CertificateHolder x509CertificateHolder = certificate != null ? new X509CertificateHolder(certificate.getEncoded()) : null;
            byte[] bArr = null;
            COSArray cOSArray2 = (COSArray) pDEncryption.getCOSDictionary().getItem(COSName.RECIPIENTS);
            if (cOSArray2 == null) {
                cOSArray2 = (COSArray) pDEncryption.getDefaultCryptFilterDictionary().getCOSDictionary().getItem(COSName.RECIPIENTS);
            }
            byte[] bArr2 = new byte[cOSArray2.size()];
            int i = 0;
            StringBuilder sb = new StringBuilder();
            for (int i2 = 0; i2 < cOSArray2.size(); i2++) {
                byte[] bytes = ((COSString) cOSArray2.getObject(i2)).getBytes();
                int i3 = 0;
                Iterator it = new CMSEnvelopedData(bytes).getRecipientInfos().getRecipients().iterator();
                while (true) {
                    if (it.hasNext()) {
                        RecipientInformation recipientInformation = (RecipientInformation) it.next();
                        RecipientId rid = recipientInformation.getRID();
                        if (!z && rid.match(x509CertificateHolder)) {
                            z = true;
                            bArr = recipientInformation.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) publicKeyDecryptionMaterial.getPrivateKey()));
                            break;
                        }
                        i3++;
                        if (certificate != null) {
                            sb.append('\n');
                            sb.append(i3);
                            sb.append(": ");
                            if (rid instanceof KeyTransRecipientId) {
                                appendCertInfo(sb, (KeyTransRecipientId) rid, certificate, x509CertificateHolder);
                            }
                        }
                    }
                }
                bArr2[i2] = bytes;
                i += bytes.length;
            }
            if (!z || bArr == null) {
                throw new IOException("The certificate matches none of " + cOSArray2.size() + " recipient entries" + sb.toString());
            }
            if (bArr.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            System.arraycopy(bArr, 20, bArr3, 0, 4);
            AccessPermission accessPermission = new AccessPermission(bArr3);
            accessPermission.setReadOnly();
            setCurrentAccessPermission(accessPermission);
            byte[] bArr4 = new byte[i + 20];
            System.arraycopy(bArr, 0, bArr4, 0, 20);
            int i4 = 20;
            for (Object[] objArr : bArr2) {
                System.arraycopy(objArr, 0, bArr4, i4, objArr.length);
                i4 += objArr.length;
            }
            if (pDEncryption.getVersion() == 4 || pDEncryption.getVersion() == 5) {
                digest = MessageDigests.getSHA256().digest(bArr4);
                PDCryptFilterDictionary defaultCryptFilterDictionary = pDEncryption.getDefaultCryptFilterDictionary();
                if (defaultCryptFilterDictionary != null) {
                    COSName cryptFilterMethod = defaultCryptFilterDictionary.getCryptFilterMethod();
                    setAES(COSName.AESV2.equals(cryptFilterMethod) || COSName.AESV3.equals(cryptFilterMethod));
                }
            } else {
                digest = MessageDigests.getSHA1().digest(bArr4);
            }
            setEncryptionKey(new byte[this.keyLength / 8]);
            System.arraycopy(digest, 0, getEncryptionKey(), 0, this.keyLength / 8);
        } catch (KeyStoreException e) {
            throw new IOException(e);
        } catch (CertificateEncodingException e2) {
            throw new IOException(e2);
        } catch (CMSException e3) {
            throw new IOException((Throwable) e3);
        }
    }

    private void appendCertInfo(StringBuilder sb, KeyTransRecipientId keyTransRecipientId, X509Certificate x509Certificate, X509CertificateHolder x509CertificateHolder) {
        BigInteger serialNumber = keyTransRecipientId.getSerialNumber();
        if (serialNumber != null) {
            BigInteger serialNumber2 = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber2 != null ? serialNumber2.toString(16) : "unknown";
            sb.append("serial-#: rid ");
            sb.append(serialNumber.toString(16));
            sb.append(" vs. cert ");
            sb.append(bigInteger);
            sb.append(" issuer: rid '");
            sb.append(keyTransRecipientId.getIssuer());
            sb.append("' vs. cert '");
            sb.append((Object) (x509CertificateHolder == null ? "null" : x509CertificateHolder.getIssuer()));
            sb.append("' ");
        }
    }

    @Override // org.sejda.sambox.pdmodel.encryption.SecurityHandler
    public boolean hasProtectionPolicy() {
        return this.policy != null;
    }
}
