package org.sejda.sambox.pdmodel.encryption;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.IdentityHashMap;
import java.util.Map;
import java.util.Set;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.engines.AESFastEngine;
import org.bouncycastle.crypto.io.CipherInputStream;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.sejda.commons.FastByteArrayOutputStream;
import org.sejda.commons.util.IOUtils;
import org.sejda.sambox.cos.COSArray;
import org.sejda.sambox.cos.COSBase;
import org.sejda.sambox.cos.COSDictionary;
import org.sejda.sambox.cos.COSName;
import org.sejda.sambox.cos.COSStream;
import org.sejda.sambox.cos.COSString;
import org.sejda.sambox.pdmodel.interactive.annotation.PDAnnotation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sejda/sambox/pdmodel/encryption/SecurityHandler.class */
public abstract class SecurityHandler {
    private static final short DEFAULT_KEY_LENGTH = 40;
    private byte[] encryptionKey;
    private boolean decryptMetadata;
    private boolean useAES;
    private COSName streamFilterName;
    private COSName stringFilterName;
    private static final Logger LOG = LoggerFactory.getLogger(SecurityHandler.class);
    private static final byte[] AES_SALT = {115, 65, 108, 84};
    protected short keyLength = 40;
    private final RC4Cipher rc4 = new RC4Cipher();
    private final Set<COSBase> objects = Collections.newSetFromMap(new IdentityHashMap());
    private AccessPermission currentAccessPermission = null;
    private final Map<Long, Boolean> logOnceCache = new HashMap();

    /* JADX INFO: Access modifiers changed from: protected */
    public void setDecryptMetadata(boolean z) {
        this.decryptMetadata = z;
    }

    public boolean isDecryptMetadata() {
        return this.decryptMetadata;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setStringFilterName(COSName cOSName) {
        this.stringFilterName = cOSName;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setStreamFilterName(COSName cOSName) {
        this.streamFilterName = cOSName;
    }

    public abstract void prepareForDecryption(PDEncryption pDEncryption, COSArray cOSArray, DecryptionMaterial decryptionMaterial) throws IOException;

    private void decryptData(long j, long j2, InputStream inputStream, OutputStream outputStream) throws IOException {
        if (this.useAES && this.encryptionKey.length == 32) {
            decryptDataAES256(inputStream, outputStream);
        } else {
            byte[] calcFinalKey = calcFinalKey(j, j2);
            if (this.useAES) {
                decryptDataAESother(calcFinalKey, inputStream, outputStream);
            } else {
                decryptDataRC4(calcFinalKey, inputStream, outputStream);
            }
        }
        IOUtils.close(outputStream);
    }

    private byte[] calcFinalKey(long j, long j2) {
        byte[] bArr = new byte[this.encryptionKey.length + 5];
        System.arraycopy(this.encryptionKey, 0, bArr, 0, this.encryptionKey.length);
        bArr[bArr.length - 5] = (byte) (j & 255);
        bArr[bArr.length - 4] = (byte) ((j >> 8) & 255);
        bArr[bArr.length - 3] = (byte) ((j >> 16) & 255);
        bArr[bArr.length - 2] = (byte) (j2 & 255);
        bArr[bArr.length - 1] = (byte) ((j2 >> 8) & 255);
        MessageDigest md5 = MessageDigests.getMD5();
        md5.update(bArr);
        if (this.useAES) {
            md5.update(AES_SALT);
        }
        byte[] digest = md5.digest();
        int min = Math.min(bArr.length, 16);
        byte[] bArr2 = new byte[min];
        System.arraycopy(digest, 0, bArr2, 0, min);
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decryptDataRC4(byte[] bArr, InputStream inputStream, OutputStream outputStream) throws IOException {
        this.rc4.setKey(bArr);
        this.rc4.write(inputStream, outputStream);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decryptDataRC4(byte[] bArr, byte[] bArr2, OutputStream outputStream) throws IOException {
        this.rc4.setKey(bArr);
        this.rc4.write(bArr2, outputStream);
    }

    private void decryptDataAESother(byte[] bArr, InputStream inputStream, OutputStream outputStream) throws IOException {
        byte[] bArr2 = new byte[16];
        int read = inputStream.read(bArr2);
        if (read == -1) {
            return;
        }
        if (read != bArr2.length) {
            throw new IOException("AES initialization vector not fully read: only " + read + " bytes read instead of " + bArr2.length);
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(bArr2));
            byte[] bArr3 = new byte[PDAnnotation.FLAG_TOGGLE_NO_VIEW];
            while (true) {
                int read2 = inputStream.read(bArr3);
                if (read2 == -1) {
                    outputStream.write(cipher.doFinal());
                    return;
                } else {
                    byte[] update = cipher.update(bArr3, 0, read2);
                    if (update != null) {
                        outputStream.write(update);
                    }
                }
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new IOException(e);
        }
    }

    private void decryptDataAES256(InputStream inputStream, OutputStream outputStream) throws IOException {
        byte[] bArr = new byte[16];
        int read = inputStream.read(bArr);
        if (read == -1) {
            return;
        }
        if (read != bArr.length) {
            throw new IOException("AES initialization vector not fully read: only " + read + " bytes read instead of " + bArr.length);
        }
        PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESFastEngine()));
        paddedBufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(this.encryptionKey), bArr));
        CipherInputStream cipherInputStream = new CipherInputStream(inputStream, paddedBufferedBlockCipher);
        Throwable th = null;
        try {
            try {
                IOUtils.copy(cipherInputStream, outputStream);
                if (cipherInputStream != null) {
                    if (0 == 0) {
                        cipherInputStream.close();
                        return;
                    }
                    try {
                        cipherInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (cipherInputStream != null) {
                if (th != null) {
                    try {
                        cipherInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    cipherInputStream.close();
                }
            }
            throw th4;
        }
    }

    public void decrypt(COSBase cOSBase, long j, long j2) throws IOException {
        if (cOSBase instanceof COSString) {
            if (this.objects.contains(cOSBase)) {
                return;
            }
            this.objects.add(cOSBase);
            decryptString((COSString) cOSBase, j, j2);
            return;
        }
        if (cOSBase instanceof COSStream) {
            if (this.objects.contains(cOSBase)) {
                return;
            }
            this.objects.add(cOSBase);
            decryptStream((COSStream) cOSBase, j, j2);
            return;
        }
        if (cOSBase instanceof COSDictionary) {
            decryptDictionary((COSDictionary) cOSBase, j, j2);
        } else if (cOSBase instanceof COSArray) {
            decryptArray((COSArray) cOSBase, j, j2);
        }
    }

    public void decryptStream(COSStream cOSStream, long j, long j2) throws IOException {
        if (COSName.IDENTITY.equals(this.streamFilterName)) {
            return;
        }
        COSName cOSName = cOSStream.getCOSName(COSName.TYPE);
        if ((this.decryptMetadata || !COSName.METADATA.equals(cOSName)) && !COSName.XREF.equals(cOSName)) {
            if (COSName.METADATA.equals(cOSName)) {
                byte[] bArr = new byte[10];
                InputStream unfilteredStream = cOSStream.getUnfilteredStream();
                Throwable th = null;
                try {
                    try {
                        unfilteredStream.read(bArr);
                        if (unfilteredStream != null) {
                            if (0 != 0) {
                                try {
                                    unfilteredStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                unfilteredStream.close();
                            }
                        }
                        if (Arrays.equals(bArr, "<?xpacket ".getBytes(StandardCharsets.ISO_8859_1))) {
                            LOG.warn("Metadata is not encrypted, but was expected to be");
                            LOG.warn("Read PDF specification about EncryptMetadata (default value: true)");
                            return;
                        }
                    } catch (Throwable th3) {
                        th = th3;
                        throw th3;
                    }
                } catch (Throwable th4) {
                    if (unfilteredStream != null) {
                        if (th != null) {
                            try {
                                unfilteredStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            unfilteredStream.close();
                        }
                    }
                    throw th4;
                }
            }
            decryptDictionary(cOSStream, j, j2);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(IOUtils.toByteArray(cOSStream.getFilteredStream()));
            try {
                OutputStream createFilteredStream = cOSStream.createFilteredStream();
                Throwable th6 = null;
                try {
                    decryptData(j, j2, byteArrayInputStream, createFilteredStream);
                    if (createFilteredStream != null) {
                        if (0 != 0) {
                            try {
                                createFilteredStream.close();
                            } catch (Throwable th7) {
                                th6.addSuppressed(th7);
                            }
                        } else {
                            createFilteredStream.close();
                        }
                    }
                } finally {
                }
            } catch (IOException e) {
                logErrorOnce("Failed to decrypt COSStream object " + j + " " + j2 + ": " + e.getMessage(), j);
                throw e;
            }
        }
    }

    private void decryptDictionary(COSDictionary cOSDictionary, long j, long j2) throws IOException {
        if (cOSDictionary.getItem(COSName.CF) != null) {
            return;
        }
        COSBase dictionaryObject = cOSDictionary.getDictionaryObject(COSName.TYPE);
        boolean z = COSName.SIG.equals(dictionaryObject) || COSName.DOC_TIME_STAMP.equals(dictionaryObject) || ((cOSDictionary.getDictionaryObject(COSName.CONTENTS) instanceof COSString) && (cOSDictionary.getDictionaryObject(COSName.BYTERANGE) instanceof COSArray));
        for (Map.Entry<COSName, COSBase> entry : cOSDictionary.entrySet()) {
            if (!z || !COSName.CONTENTS.equals(entry.getKey())) {
                COSBase value = entry.getValue();
                if ((value instanceof COSString) || (value instanceof COSArray) || (value instanceof COSDictionary)) {
                    decrypt(value, j, j2);
                }
            }
        }
    }

    private void decryptString(COSString cOSString, long j, long j2) throws IOException {
        if (COSName.IDENTITY.equals(this.stringFilterName)) {
            return;
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(cOSString.getBytes());
        FastByteArrayOutputStream fastByteArrayOutputStream = new FastByteArrayOutputStream();
        try {
            decryptData(j, j2, byteArrayInputStream, fastByteArrayOutputStream);
            cOSString.setValue(fastByteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            logErrorOnce("Failed to decrypt COSString object " + j + " " + j2 + ": " + e.getMessage(), j);
        }
    }

    private void logErrorOnce(String str, long j) {
        if (this.logOnceCache.containsKey(Long.valueOf(j))) {
            return;
        }
        this.logOnceCache.put(Long.valueOf(j), null);
        LOG.error(str);
    }

    private void decryptArray(COSArray cOSArray, long j, long j2) throws IOException {
        for (int i = 0; i < cOSArray.size(); i++) {
            decrypt(cOSArray.get(i), j, j2);
        }
    }

    public int getKeyLength() {
        return this.keyLength;
    }

    public void setKeyLength(int i) {
        this.keyLength = (short) i;
    }

    public void setCurrentAccessPermission(AccessPermission accessPermission) {
        this.currentAccessPermission = accessPermission;
    }

    public AccessPermission getCurrentAccessPermission() {
        return this.currentAccessPermission;
    }

    public boolean isAES() {
        return this.useAES;
    }

    public void setAES(boolean z) {
        this.useAES = z;
    }

    public byte[] getEncryptionKey() {
        return this.encryptionKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setEncryptionKey(byte[] bArr) {
        this.encryptionKey = bArr;
    }
}
