package com.tom_roush.pdfbox.pdmodel.encryption;

import com.tom_roush.pdfbox.cos.COSArray;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSEnvelopedData;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.KeyTransRecipientId;
import org.spongycastle.cms.RecipientId;
import org.spongycastle.cms.RecipientInformation;
import org.spongycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public final class PublicKeySecurityHandler extends SecurityHandler {
    private PublicKeyProtectionPolicy policy = null;

    private void appendCertInfo(StringBuilder sb, KeyTransRecipientId keyTransRecipientId, X509Certificate x509Certificate, X509CertificateHolder x509CertificateHolder) {
        BigInteger serialNumber = keyTransRecipientId.getSerialNumber();
        if (serialNumber != null) {
            BigInteger serialNumber2 = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber2 != null ? serialNumber2.toString(16) : "unknown";
            sb.append("serial-#: rid ");
            sb.append(serialNumber.toString(16));
            sb.append(" vs. cert ");
            sb.append(bigInteger);
            sb.append(" issuer: rid '");
            sb.append(keyTransRecipientId.getIssuer());
            sb.append("' vs. cert '");
            sb.append(x509CertificateHolder == null ? "null" : x509CertificateHolder.getIssuer());
            sb.append("' ");
        }
    }

    @Override // com.tom_roush.pdfbox.pdmodel.encryption.SecurityHandler
    public void prepareForDecryption(PDEncryption pDEncryption, COSArray cOSArray, DecryptionMaterial decryptionMaterial) throws IOException {
        if (!(decryptionMaterial instanceof PublicKeyDecryptionMaterial)) {
            throw new IOException("Provided decryption material is not compatible with the document");
        }
        setDecryptMetadata(pDEncryption.isEncryptMetaData());
        if (pDEncryption.getLength() != 0) {
            this.keyLength = pDEncryption.getLength();
        }
        PublicKeyDecryptionMaterial publicKeyDecryptionMaterial = (PublicKeyDecryptionMaterial) decryptionMaterial;
        try {
            int recipientsLength = pDEncryption.getRecipientsLength();
            byte[][] bArr = new byte[recipientsLength];
            StringBuilder sb = new StringBuilder();
            int i = 0;
            boolean z = false;
            byte[] bArr2 = null;
            int i2 = 0;
            while (i < pDEncryption.getRecipientsLength()) {
                byte[] bytes = pDEncryption.getRecipientStringAt(i).getBytes();
                Iterator<RecipientInformation> it = new CMSEnvelopedData(bytes).getRecipientInfos().getRecipients().iterator();
                int i3 = 0;
                while (true) {
                    if (it.hasNext()) {
                        RecipientInformation next = it.next();
                        X509Certificate certificate = publicKeyDecryptionMaterial.getCertificate();
                        X509CertificateHolder x509CertificateHolder = certificate != null ? new X509CertificateHolder(certificate.getEncoded()) : null;
                        RecipientId rid = next.getRID();
                        if (rid.match(x509CertificateHolder) && !z) {
                            bArr2 = next.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) publicKeyDecryptionMaterial.getPrivateKey()).setProvider(BouncyCastleProvider.PROVIDER_NAME));
                            z = true;
                            break;
                        }
                        i3++;
                        if (certificate != null) {
                            sb.append('\n');
                            sb.append(i3);
                            sb.append(": ");
                            if (rid instanceof KeyTransRecipientId) {
                                appendCertInfo(sb, (KeyTransRecipientId) rid, certificate, x509CertificateHolder);
                            }
                        }
                    }
                }
                bArr[i] = bytes;
                i2 += bytes.length;
                i++;
            }
            if (!z || bArr2 == null) {
                throw new IOException("The certificate matches none of " + i + " recipient entries" + sb.toString());
            }
            if (bArr2.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            int i4 = 20;
            System.arraycopy(bArr2, 20, bArr3, 0, 4);
            AccessPermission accessPermission = new AccessPermission(bArr3);
            accessPermission.setReadOnly();
            setCurrentAccessPermission(accessPermission);
            byte[] bArr4 = new byte[i2 + 20];
            int i5 = 0;
            System.arraycopy(bArr2, 0, bArr4, 0, 20);
            int i6 = 0;
            while (i6 < recipientsLength) {
                byte[] bArr5 = bArr[i6];
                System.arraycopy(bArr5, i5, bArr4, i4, bArr5.length);
                i4 += bArr5.length;
                i6++;
                i5 = 0;
            }
            byte[] digest = MessageDigests.getSHA1().digest(bArr4);
            int i7 = this.keyLength;
            byte[] bArr6 = new byte[i7 / 8];
            this.encryptionKey = bArr6;
            System.arraycopy(digest, 0, bArr6, 0, i7 / 8);
        } catch (KeyStoreException e) {
            throw new IOException(e);
        } catch (CertificateEncodingException e2) {
            throw new IOException(e2);
        } catch (CMSException e3) {
            throw new IOException(e3);
        }
    }
}
