package com.adobe.internal.pdftoolkit.core.encryption;

import com.adobe.internal.pdftoolkit.core.credentials.Credentials;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFSecurityAuthorizationException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFSecurityConfigurationException;
import com.adobe.internal.pdftoolkit.core.permissionprovider.PermissionProvider;
import com.adobe.internal.pdftoolkit.core.permissionprovider.PermissionProviderStandard;
import com.adobe.internal.pdftoolkit.core.securityframework.DecryptedState;
import com.adobe.internal.pdftoolkit.core.securityframework.EncryptionHandler;
import com.adobe.internal.pdftoolkit.core.securityframework.PKCS7EnvelopedDataHandler;
import com.adobe.internal.pdftoolkit.core.securityframework.SecurityHandler;
import com.adobe.internal.pdftoolkit.core.securityframework.impl.SecurityProvidersImpl;
import com.adobe.internal.pdftoolkit.core.securityframework.pki.Identities;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;

/* loaded from: input_file:com/adobe/internal/pdftoolkit/core/encryption/PKISecurityHandler.class */
public class PKISecurityHandler implements SecurityHandler {
    static final String RECIPIENTS = "Recipients";
    private DecryptedState decryptedState;
    private boolean decryptedUsingState;
    private int encryptDecryptedStatePerms;
    private byte[] mSeed;
    private Exception mFail;
    private Integer mPerms;
    private Credentials mRecipient;
    private Map mEncryptParams;
    private MessageDigest mSHADigest;
    private MessageDigest mMD5Digest;
    private SecurityProvidersImpl mProviders;
    private PKCS7EnvelopedDataHandler mPKCS7Handler;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/adobe/internal/pdftoolkit/core/encryption/PKISecurityHandler$RecipientsIterator.class */
    public static class RecipientsIterator {
        Iterator mIterator;
        byte[] mNext;

        RecipientsIterator(Map map, String str) {
            Map map2;
            this.mIterator = null;
            this.mNext = null;
            Object obj = map.get(PKISecurityHandler.RECIPIENTS);
            Map cFDict = EncryptionKeyImpl.getCFDict(map);
            if (cFDict != null && str != null && (map2 = (Map) cFDict.get(str)) != null && map2.containsKey(PKISecurityHandler.RECIPIENTS)) {
                obj = map2.get(PKISecurityHandler.RECIPIENTS);
            }
            if (obj instanceof ArrayList) {
                this.mIterator = ((ArrayList) obj).iterator();
            } else {
                this.mNext = (byte[]) obj;
            }
        }

        boolean hasNext() {
            return this.mIterator != null ? this.mIterator.hasNext() : this.mNext != null;
        }

        byte[] next() {
            if (this.mIterator != null) {
                return (byte[]) this.mIterator.next();
            }
            byte[] bArr = this.mNext;
            this.mNext = null;
            return bArr;
        }
    }

    public PKISecurityHandler(Credentials credentials, SecurityProvidersImpl securityProvidersImpl) {
        this.encryptDecryptedStatePerms = 3902;
        this.mSeed = null;
        this.mFail = null;
        this.mPerms = null;
        this.mRecipient = null;
        this.mEncryptParams = null;
        this.mSHADigest = null;
        this.mMD5Digest = null;
        this.mProviders = null;
        this.mPKCS7Handler = null;
        this.mRecipient = credentials;
        this.mProviders = securityProvidersImpl;
        setPKCS7Handler();
    }

    public PKISecurityHandler(Map map, SecurityProvidersImpl securityProvidersImpl) throws PDFSecurityConfigurationException {
        this.encryptDecryptedStatePerms = 3902;
        this.mSeed = null;
        this.mFail = null;
        this.mPerms = null;
        this.mRecipient = null;
        this.mEncryptParams = null;
        this.mSHADigest = null;
        this.mMD5Digest = null;
        this.mProviders = null;
        this.mPKCS7Handler = null;
        try {
            this.mProviders = securityProvidersImpl;
            SecureRandom randomGenerator = this.mProviders != null ? this.mProviders.getRandomGenerator() : null;
            if (randomGenerator == null) {
                Provider requireSHA1PRNG = this.mProviders != null ? this.mProviders.requireSHA1PRNG() : null;
                randomGenerator = requireSHA1PRNG == null ? SecureRandom.getInstance("SHA1PRNG") : SecureRandom.getInstance("SHA1PRNG", requireSHA1PRNG);
            }
            this.mSeed = randomGenerator.generateSeed(20);
            this.mEncryptParams = map;
            setPKCS7Handler();
        } catch (NoSuchAlgorithmException e) {
            this.mFail = e;
        }
    }

    private void setPKCS7Handler() {
        if (this.mProviders != null) {
            this.mPKCS7Handler = this.mProviders.getPKCS7EnvelopedDataHandler();
        }
        if (this.mPKCS7Handler == null) {
            try {
                this.mPKCS7Handler = (PKCS7EnvelopedDataHandler) Class.forName("com.adobe.internal.pdftoolkit.core.encryption.impl.PKCS7EnvelopedDataRSANonFIPSHandler").newInstance();
            } catch (ClassNotFoundException e) {
                throw new RuntimeException(e);
            } catch (IllegalAccessException e2) {
                throw new RuntimeException(e2);
            } catch (InstantiationException e3) {
                throw new RuntimeException(e3);
            }
        }
    }

    public EncryptionHandler getEncryptionHandler(String str, Map map, byte[] bArr) throws PDFSecurityAuthorizationException, PDFSecurityConfigurationException {
        byte[] encryptKey;
        if (this.mFail != null) {
            throw new PDFSecurityConfigurationException("Failure to initialize Security handler", this.mFail);
        }
        if (str.equals("Identity")) {
            return new IdentityEncryptionHandler();
        }
        int calculateEncryptionKey = EncryptionKeyCalc.calculateEncryptionKey(map, str, 128);
        if (calculateEncryptionKey < 0) {
            throw new PDFSecurityConfigurationException("Encryption with key length greater than 56 is not supported");
        }
        if (calculateEncryptionKey == 0) {
            calculateEncryptionKey = 128;
        }
        int i = calculateEncryptionKey / 8;
        initDigest(i);
        if (this.decryptedUsingState) {
            encryptKey = this.decryptedState.getEncryptKey(str);
        } else {
            byte[] bArr2 = this.mSeed;
            if (bArr2 != null) {
                ArrayList arrayList = null;
                Map cFDict = EncryptionKeyImpl.getCFDict(map);
                if (cFDict != null) {
                    arrayList = getRecipients(cFDict, (String) map.get("EFF"));
                    if (arrayList == null) {
                        arrayList = getRecipients(cFDict, (String) map.get("StmF"));
                    }
                }
                if (arrayList == null) {
                    arrayList = (ArrayList) map.get(RECIPIENTS);
                }
                if (arrayList == null) {
                    throw new PDFSecurityConfigurationException("Failure to find Recipients entry in the encryption parameters map");
                }
            } else {
                if (this.mRecipient == null) {
                    throw new PDFSecurityAuthorizationException("Absent authorization credentials");
                }
                byte[] envelopeData = getEnvelopeData(str, map, this.mRecipient);
                if (envelopeData == null || envelopeData.length < 20) {
                    throw new PDFSecurityConfigurationException("Failure to get enveloped data");
                }
                bArr2 = envelopeData;
            }
            encryptKey = createEncryptionKey(str, map, i, bArr2);
            this.decryptedState.setEncryptKey(str, encryptKey);
            this.decryptedState.setPerms(Integer.valueOf(this.encryptDecryptedStatePerms));
        }
        return EncryptionKeyImpl.getEncryptionHandler(encryptKey, EncryptionKeyImpl.getEncryptionAlgorithm(map, str), this.mMD5Digest, map, this.mProviders);
    }

    private void initDigest(int i) throws PDFSecurityConfigurationException {
        try {
            if (this.mSHADigest == null) {
                Provider requireSHA1 = this.mProviders != null ? this.mProviders.requireSHA1() : null;
                if (i <= 16) {
                    this.mSHADigest = requireSHA1 == null ? MessageDigest.getInstance("SHA-1") : MessageDigest.getInstance("SHA-1", requireSHA1);
                } else {
                    this.mSHADigest = requireSHA1 == null ? MessageDigest.getInstance("SHA-256") : MessageDigest.getInstance("SHA-256", requireSHA1);
                }
            }
            if (this.mMD5Digest == null) {
                Provider requireMD5 = this.mProviders != null ? this.mProviders.requireMD5() : null;
                this.mMD5Digest = requireMD5 == null ? MessageDigest.getInstance("MD5") : MessageDigest.getInstance("MD5", requireMD5);
            }
        } catch (NoSuchAlgorithmException e) {
            throw new PDFSecurityConfigurationException(e);
        }
    }

    private byte[] createEncryptionKey(String str, Map map, int i, byte[] bArr) {
        this.mSHADigest.update(bArr, 0, 20);
        RecipientsIterator recipientsIterator = new RecipientsIterator(map, str);
        while (recipientsIterator.hasNext()) {
            this.mSHADigest.update(recipientsIterator.next());
        }
        if (!EncryptionKeyImpl.toEncryptMetadata(map, str)) {
            this.mSHADigest.update(EncryptionKeyImpl.defaultMetadataMark);
        }
        byte[] digest = this.mSHADigest.digest();
        if (i > digest.length) {
            i = digest.length;
        }
        byte[] bArr2 = new byte[i];
        System.arraycopy(digest, 0, bArr2, 0, i);
        return bArr2;
    }

    public Map getEncryptParameters() {
        return this.mEncryptParams;
    }

    public boolean authenticate(Map map, byte[] bArr) throws PDFSecurityAuthorizationException, PDFSecurityConfigurationException {
        this.decryptedState = new DecryptedStatePKI();
        EncryptionKeyImpl.verifyEncryptionVersion(map, false);
        this.mEncryptParams = map;
        if (this.mRecipient == null) {
            if (this.mFail != null) {
                throw new PDFSecurityConfigurationException("Failure to initialize Security handler", this.mFail);
            }
            return this.mSeed != null;
        }
        String str = null;
        Map cFDict = EncryptionKeyImpl.getCFDict(map);
        if (cFDict != null) {
            Iterator it = cFDict.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Map.Entry entry = (Map.Entry) it.next();
                if (!((Map) entry.getValue()).containsKey("AuthEvent")) {
                    str = (String) entry.getKey();
                    break;
                }
                if ("DocOpen".equals((String) ((Map) entry.getValue()).get("AuthEvent"))) {
                    str = (String) entry.getKey();
                    break;
                }
            }
        }
        if (str != null) {
            return calculateEncryptionKey(map, str);
        }
        String str2 = (String) (map.containsKey("SubFilter") ? map.get("SubFilter") : null);
        if (str2 != null && str2.compareTo("adbe.pkcs7.s3") != 0 && str2.compareTo("adbe.pkcs7.s4") != 0) {
            str = "DefEmbeddedFile";
        }
        calculateEncryptionKey(map, str);
        return true;
    }

    private boolean calculateEncryptionKey(Map map, String str) throws PDFSecurityAuthorizationException, PDFSecurityConfigurationException {
        String str2 = (String) map.get(StandardCipherSecurityManager.FILTER);
        if (str == null) {
            str = (String) map.get("StmF");
            if (str == null && map.containsKey("CF")) {
                str = "Identity";
            }
            if (str == null) {
                str = str2;
            }
        }
        byte[] envelopeData = getEnvelopeData(str, map, this.mRecipient);
        if (envelopeData == null) {
            return false;
        }
        if (envelopeData.length == 24) {
            this.mPerms = Integer.valueOf(((envelopeData[20] & 255) << 24) | ((envelopeData[21] & 255) << 16) | ((envelopeData[22] & 255) << 8) | (envelopeData[23] & 255));
        }
        int calculateEncryptionKey = EncryptionKeyCalc.calculateEncryptionKey(map, str, 128);
        if (calculateEncryptionKey < 0) {
            throw new PDFSecurityConfigurationException("Encryption with key length greater than 56 is not supported");
        }
        if (calculateEncryptionKey == 0) {
            calculateEncryptionKey = 128;
        }
        int i = calculateEncryptionKey / 8;
        initDigest(i);
        this.decryptedState.setEncryptKey(str, createEncryptionKey(str, map, i, envelopeData));
        this.decryptedState.setPerms(this.mPerms);
        return true;
    }

    public PermissionProvider getPermissionProvider() {
        return this.mPerms == null ? new PermissionProviderStandard(0) : new PermissionProviderStandard(this.mPerms.intValue());
    }

    MessageDigest getMD5Digest() {
        return this.mMD5Digest;
    }

    MessageDigest getSHA1Digest() {
        return this.mSHADigest;
    }

    private byte[] getEnvelopeData(String str, Map map, Credentials credentials) throws PDFSecurityAuthorizationException, PDFSecurityConfigurationException {
        Exception exc = null;
        if (credentials == null) {
            return null;
        }
        RecipientsIterator recipientsIterator = new RecipientsIterator(map, str == null ? (String) map.get("StmF") : str);
        byte[] bArr = null;
        while (true) {
            if (!recipientsIterator.hasNext()) {
                break;
            }
            try {
                bArr = this.mPKCS7Handler.getEnvelopeData(this.mRecipient, recipientsIterator.next());
            } catch (Exception e) {
                exc = e;
            }
            if (bArr != null) {
                exc = null;
                break;
            }
        }
        if (exc != null) {
            throw new PDFSecurityAuthorizationException(exc);
        }
        if (bArr == null) {
            throw new PDFSecurityAuthorizationException("Recipient is not authorized");
        }
        return bArr;
    }

    public byte[] buildPKCS7(Identities identities, boolean z, Map map) throws Exception {
        byte[] bArr;
        if (z) {
            bArr = new byte[20];
            System.arraycopy(this.mSeed, 0, bArr, 0, 20);
        } else {
            PermissionProviderStandard newInstance = PermissionProviderStandard.newInstance(identities.getPermissions());
            bArr = new byte[24];
            System.arraycopy(this.mSeed, 0, bArr, 0, 20);
            int permissionBits = newInstance.getPermissionBits() | 1;
            for (int i = 0; i < 4; i++) {
                bArr[23 - i] = (byte) (permissionBits & 255);
                permissionBits >>= 8;
            }
        }
        return this.mPKCS7Handler.buildPKCS7EnvelopedData(identities.getCredentials(), bArr, map);
    }

    private ArrayList getRecipients(Map map, String str) {
        Map map2;
        ArrayList arrayList = null;
        if (str != null && (map2 = (Map) map.get(str)) != null) {
            Object obj = map2.get(RECIPIENTS);
            if (obj instanceof ArrayList) {
                arrayList = (ArrayList) obj;
            } else {
                arrayList = new ArrayList();
                arrayList.add(obj);
            }
        }
        return arrayList;
    }

    public boolean authenticate(Map map, byte[] bArr, DecryptedState decryptedState) throws PDFSecurityConfigurationException, PDFSecurityAuthorizationException {
        if (decryptedState == null) {
            return authenticate(map, bArr);
        }
        this.decryptedState = decryptedState;
        this.decryptedUsingState = true;
        EncryptionKeyImpl.verifyEncryptionVersion(map, false);
        this.mEncryptParams = map;
        this.mPerms = decryptedState.getPerms();
        return true;
    }

    public DecryptedState getDecryptedState() {
        return this.decryptedState;
    }
}
