package com.adobe.internal.pdftoolkit.core.encryption.impl;

import com.adobe.internal.pdftoolkit.core.credentials.Credentials;
import com.adobe.internal.pdftoolkit.core.credentials.impl.JCECredentials;
import com.adobe.internal.pdftoolkit.core.credentials.impl.RSACredentials;
import com.adobe.internal.pdftoolkit.core.securityframework.CryptoMode;
import com.adobe.internal.pdftoolkit.core.securityframework.PKCS7EnvelopedDataHandler;
import com.rsa.certj.CertJ;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.ProviderManagementException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.pkcs7.ContentInfo;
import com.rsa.certj.pkcs7.Data;
import com.rsa.certj.pkcs7.EnvelopedData;
import com.rsa.certj.pkcs7.RecipientInfo;
import com.rsa.certj.spi.path.CertPathCtx;
import java.util.Date;
import java.util.Map;

/* loaded from: input_file:com/adobe/internal/pdftoolkit/core/encryption/impl/PKCS7EnvelopedDataRSANonFIPSHandler.class */
public class PKCS7EnvelopedDataRSANonFIPSHandler implements PKCS7EnvelopedDataHandler {
    public byte[] buildPKCS7EnvelopedData(Credentials[] credentialsArr, byte[] bArr, Map map) throws Exception {
        Data contentInfo = ContentInfo.getInstance(1, (CertJ) null, (CertPathCtx) null);
        contentInfo.setContent(bArr, 0, bArr.length);
        try {
            RSACredentials[] newInstance = RSACredentials.newInstance(credentialsArr);
            X509Certificate[] x509CertificateArr = new X509Certificate[newInstance.length];
            for (int i = 0; i < newInstance.length; i++) {
                x509CertificateArr[i] = newInstance[i].getRSAX509Cert();
            }
            String[] strArr = null;
            if (newInstance != null && newInstance.length > 0) {
                strArr = newInstance[0].getRSAX509Cert().getSignatureAlgorithm().split("/");
            }
            CertJ createCertJContext = PKCS7Utils.createCertJContext(newInstance, CryptoMode.NON_FIPS_MODE);
            CertPathCtx buildDefaultCertPath = buildDefaultCertPath(createCertJContext, x509CertificateArr);
            if (strArr[1].equalsIgnoreCase("ECDSA")) {
                try {
                    return new CMSEnvelopedDataEncryptor().encryptEnvelopedData(newInstance, x509CertificateArr, bArr, strArr, map);
                } catch (Exception e) {
                    return null;
                }
            }
            EnvelopedData contentInfo2 = ContentInfo.getInstance(3, createCertJContext, buildDefaultCertPath);
            for (int i2 = 0; i2 < credentialsArr.length; i2++) {
                RecipientInfo recipientInfo = new RecipientInfo();
                X500Name issuerName = x509CertificateArr[i2].getIssuerName();
                byte[] serialNumber = x509CertificateArr[i2].getSerialNumber();
                recipientInfo.setIssuerAndSerialNumber(issuerName, serialNumber, 0, serialNumber.length);
                recipientInfo.setEncryptionAlgorithm("RSA");
                contentInfo2.addRecipientInfo(recipientInfo);
            }
            contentInfo2.setEncryptionAlgorithm("3DES_EDE/CBC/PKCS5Padding", 128);
            contentInfo2.setContentInfo(contentInfo);
            byte[] bArr2 = new byte[contentInfo2.getContentInfoDERLen()];
            contentInfo2.writeMessage(bArr2, 0);
            return bArr2;
        } catch (Exception e2) {
            throw new Exception("Unknown or invalid signature algorithm." + e2);
        }
    }

    public byte[] getEnvelopeData(Credentials credentials, byte[] bArr) throws Exception {
        Certificate[] rSAX509CertChain;
        if (credentials == null) {
            return null;
        }
        try {
            CMSEnvelopedDataDecryptor cMSEnvelopedDataDecryptor = new CMSEnvelopedDataDecryptor();
            if (credentials instanceof JCECredentials) {
                credentials = RSACredentials.newInstance(credentials);
            }
            return cMSEnvelopedDataDecryptor.getCMSEnvelopeData(((RSACredentials) credentials).getJSAFEPrivateKey(), bArr);
        } catch (Exception e) {
            CertJ createCertJContext = PKCS7Utils.createCertJContext(RSACredentials.newInstance(new Credentials[]{credentials}), CryptoMode.NON_FIPS_MODE);
            if (credentials instanceof JCECredentials) {
                rSAX509CertChain = RSACredentials.buildRSACertChain(((JCECredentials) credentials).getCertificateChain());
            } else {
                if (!(credentials instanceof RSACredentials)) {
                    throw new RuntimeException("Unsupported Credential Type: " + credentials.getClass());
                }
                rSAX509CertChain = ((RSACredentials) credentials).getRSAX509CertChain();
            }
            EnvelopedData contentInfo = ContentInfo.getInstance(3, createCertJContext, buildDefaultCertPath(createCertJContext, rSAX509CertChain));
            if (contentInfo.readInit(bArr, 0, bArr.length) && !contentInfo.readFinal()) {
                return null;
            }
            Data content = contentInfo.getContent();
            if (content.getContentType() == 1) {
                return content.getData();
            }
            return null;
        }
    }

    private static CertPathCtx buildDefaultCertPath(CertJ certJ, Certificate[] certificateArr) throws InvalidParameterException, ProviderManagementException {
        return new CertPathCtx(4, certificateArr, (byte[][]) null, new Date(), certJ.bindServices(1));
    }
}
