package c.g.c.g.j;

import androidx.core.os.EnvironmentCompat;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Set;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DEROutputStream;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.cms.ContentInfo;
import org.spongycastle.asn1.cms.EncryptedContentInfo;
import org.spongycastle.asn1.cms.EnvelopedData;
import org.spongycastle.asn1.cms.IssuerAndSerialNumber;
import org.spongycastle.asn1.cms.KeyTransRecipientInfo;
import org.spongycastle.asn1.cms.OriginatorInfo;
import org.spongycastle.asn1.cms.RecipientIdentifier;
import org.spongycastle.asn1.cms.RecipientInfo;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.TBSCertificateStructure;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSEnvelopedData;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.KeyTransRecipientId;
import org.spongycastle.cms.RecipientId;
import org.spongycastle.cms.RecipientInformation;
import org.spongycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes2.dex */
public final class k extends m {
    private i i = null;

    private void u(StringBuilder sb, KeyTransRecipientId keyTransRecipientId, X509Certificate x509Certificate, X509CertificateHolder x509CertificateHolder) {
        BigInteger serialNumber = keyTransRecipientId.getSerialNumber();
        if (serialNumber != null) {
            BigInteger serialNumber2 = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber2 != null ? serialNumber2.toString(16) : EnvironmentCompat.MEDIA_UNKNOWN;
            sb.append("serial-#: rid ");
            sb.append(serialNumber.toString(16));
            sb.append(" vs. cert ");
            sb.append(bigInteger);
            sb.append(" issuer: rid '");
            sb.append(keyTransRecipientId.getIssuer());
            sb.append("' vs. cert '");
            sb.append(x509CertificateHolder == null ? "null" : x509CertificateHolder.getIssuer());
            sb.append("' ");
        }
    }

    private KeyTransRecipientInfo v(X509Certificate x509Certificate, byte[] bArr) {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(x509Certificate.getTBSCertificate());
        TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(aSN1InputStream.readObject());
        aSN1InputStream.close();
        AlgorithmIdentifier algorithm = tBSCertificateStructure.getSubjectPublicKeyInfo().getAlgorithm();
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(tBSCertificateStructure.getIssuer(), tBSCertificateStructure.getSerialNumber().getValue());
        try {
            Cipher cipher = Cipher.getInstance(algorithm.getAlgorithm().getId());
            cipher.init(1, x509Certificate.getPublicKey());
            return new KeyTransRecipientInfo(new RecipientIdentifier(issuerAndSerialNumber), algorithm, new DEROctetString(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e2);
        } catch (NoSuchPaddingException e3) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e3);
        }
    }

    private byte[][] w(byte[] bArr) {
        byte[][] bArr2 = new byte[this.i.a()];
        Iterator<j> b2 = this.i.b();
        int i = 0;
        while (b2.hasNext()) {
            j next = b2.next();
            X509Certificate b3 = next.b();
            int g2 = next.a().g();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (g2 >>> 24);
            bArr3[21] = (byte) (g2 >>> 16);
            bArr3[22] = (byte) (g2 >>> 8);
            bArr3[23] = (byte) g2;
            ASN1Primitive x = x(bArr3, b3);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream).writeObject(x);
            bArr2[i] = byteArrayOutputStream.toByteArray();
            i++;
        }
        return bArr2;
    }

    private ASN1Primitive x(byte[] bArr, X509Certificate x509Certificate) {
        try {
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance("1.2.840.113549.3.2");
            KeyGenerator keyGenerator = KeyGenerator.getInstance("1.2.840.113549.3.2", BouncyCastleProvider.PROVIDER_NAME);
            Cipher cipher = Cipher.getInstance("1.2.840.113549.3.2", BouncyCastleProvider.PROVIDER_NAME);
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            ASN1InputStream aSN1InputStream = new ASN1InputStream(generateParameters.getEncoded("ASN.1"));
            ASN1Primitive readObject = aSN1InputStream.readObject();
            aSN1InputStream.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            byte[] doFinal = cipher.doFinal(bArr);
            return new ContentInfo(PKCSObjectIdentifiers.envelopedData, new EnvelopedData((OriginatorInfo) null, new DERSet(new RecipientInfo(v(x509Certificate, generateKey.getEncoded()))), new EncryptedContentInfo(PKCSObjectIdentifiers.data, new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.3.2"), readObject), new DEROctetString(doFinal)), (ASN1Set) null)).toASN1Primitive();
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e2);
        } catch (NoSuchPaddingException e3) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e3);
        }
    }

    @Override // c.g.c.g.j.m
    public boolean o() {
        return this.i != null;
    }

    @Override // c.g.c.g.j.m
    public void p(c.g.c.g.b bVar) {
        if (this.a == 256) {
            throw new IOException("256 bit key length is not supported yet for public key security");
        }
        try {
            Security.addProvider(new BouncyCastleProvider());
            f Z = bVar.Z();
            if (Z == null) {
                Z = new f();
            }
            Z.t("Adobe.PubSec");
            Z.u(this.a);
            Z.G(2);
            Z.r();
            Z.D("adbe.pkcs7.s4");
            int i = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                Z.y(w(bArr));
                int i2 = 20;
                for (int i3 = 0; i3 < Z.j(); i3++) {
                    i2 += Z.i(i3).v().length;
                }
                byte[] bArr2 = new byte[i2];
                System.arraycopy(bArr, 0, bArr2, 0, 20);
                for (int i4 = 0; i4 < Z.j(); i4++) {
                    c.g.c.b.p i5 = Z.i(i4);
                    System.arraycopy(i5.v(), 0, bArr2, i, i5.v().length);
                    i += i5.v().length;
                }
                byte[] digest = d.b().digest(bArr2);
                int i6 = this.a;
                byte[] bArr3 = new byte[i6 / 8];
                this.f3341b = bArr3;
                System.arraycopy(digest, 0, bArr3, 0, i6 / 8);
                bVar.q0(Z);
                bVar.P().l0(Z.a());
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException(e2);
            }
        } catch (GeneralSecurityException e3) {
            throw new IOException(e3);
        }
    }

    @Override // c.g.c.g.j.m
    public void q(f fVar, c.g.c.b.a aVar, b bVar) {
        if (!(bVar instanceof h)) {
            throw new IOException("Provided decryption material is not compatible with the document");
        }
        t(fVar.q());
        if (fVar.d() != 0) {
            this.a = fVar.d();
        }
        h hVar = (h) bVar;
        try {
            int j = fVar.j();
            byte[][] bArr = new byte[j];
            StringBuilder sb = new StringBuilder();
            int i = 0;
            boolean z = false;
            byte[] bArr2 = null;
            int i2 = 0;
            while (i < fVar.j()) {
                byte[] v = fVar.i(i).v();
                Iterator<RecipientInformation> it = new CMSEnvelopedData(v).getRecipientInfos().getRecipients().iterator();
                int i3 = 0;
                while (true) {
                    if (it.hasNext()) {
                        RecipientInformation next = it.next();
                        X509Certificate a = hVar.a();
                        X509CertificateHolder x509CertificateHolder = a != null ? new X509CertificateHolder(a.getEncoded()) : null;
                        RecipientId rid = next.getRID();
                        if (rid.match(x509CertificateHolder) && !z) {
                            bArr2 = next.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) hVar.b()).setProvider(BouncyCastleProvider.PROVIDER_NAME));
                            z = true;
                            break;
                        }
                        i3++;
                        if (a != null) {
                            sb.append('\n');
                            sb.append(i3);
                            sb.append(": ");
                            if (rid instanceof KeyTransRecipientId) {
                                u(sb, (KeyTransRecipientId) rid, a, x509CertificateHolder);
                            }
                        }
                    }
                }
                bArr[i] = v;
                i2 += v.length;
                i++;
            }
            if (!z || bArr2 == null) {
                throw new IOException("The certificate matches none of " + i + " recipient entries" + sb.toString());
            }
            if (bArr2.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            int i4 = 20;
            System.arraycopy(bArr2, 20, bArr3, 0, 4);
            a aVar2 = new a(bArr3);
            aVar2.s();
            s(aVar2);
            byte[] bArr4 = new byte[i2 + 20];
            int i5 = 0;
            System.arraycopy(bArr2, 0, bArr4, 0, 20);
            int i6 = 0;
            while (i6 < j) {
                byte[] bArr5 = bArr[i6];
                System.arraycopy(bArr5, i5, bArr4, i4, bArr5.length);
                i4 += bArr5.length;
                i6++;
                i5 = 0;
            }
            byte[] digest = d.b().digest(bArr4);
            int i7 = this.a;
            byte[] bArr6 = new byte[i7 / 8];
            this.f3341b = bArr6;
            System.arraycopy(digest, 0, bArr6, 0, i7 / 8);
        } catch (KeyStoreException e2) {
            throw new IOException(e2);
        } catch (CertificateEncodingException e3) {
            throw new IOException(e3);
        } catch (CMSException e4) {
            throw new IOException(e4);
        }
    }
}
