package mg;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import kp.d1;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.KeyTransRecipientId;
import org.bouncycastle.cms.RecipientId;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import p000do.d0;
import p000do.g0;
import p000do.n0;
import p000do.o0;
import p000do.y;
import yn.n1;
import yn.t;
import yn.u1;
import yn.w;

/* compiled from: PublicKeySecurityHandler.java */
/* loaded from: classes3.dex */
public final class k extends n {

    /* renamed from: n, reason: collision with root package name */
    public static final String f39404n = "Adobe.PubSec";

    /* renamed from: o, reason: collision with root package name */
    public static final String f39405o = "adbe.pkcs7.s4";

    /* renamed from: p, reason: collision with root package name */
    public static final String f39406p = "adbe.pkcs7.s5";

    public k() {
    }

    public k(i iVar) {
        G(iVar);
        F(iVar.a());
    }

    public final void J(StringBuilder sb2, KeyTransRecipientId keyTransRecipientId, X509Certificate x509Certificate, X509CertificateHolder x509CertificateHolder) {
        BigInteger serialNumber = keyTransRecipientId.getSerialNumber();
        if (serialNumber != null) {
            BigInteger serialNumber2 = x509Certificate.getSerialNumber();
            String bigInteger = serialNumber2 != null ? serialNumber2.toString(16) : "unknown";
            sb2.append("serial-#: rid ");
            sb2.append(serialNumber.toString(16));
            sb2.append(" vs. cert ");
            sb2.append(bigInteger);
            sb2.append(" issuer: rid '");
            sb2.append(keyTransRecipientId.getIssuer());
            sb2.append("' vs. cert '");
            sb2.append((Object) (x509CertificateHolder == null ? "null" : x509CertificateHolder.getIssuer()));
            sb2.append("' ");
        }
    }

    public final d0 K(X509Certificate x509Certificate, byte[] bArr) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        yn.l lVar = new yn.l(x509Certificate.getTBSCertificate());
        d1 m10 = d1.m(lVar.m());
        lVar.close();
        kp.b k10 = m10.w().k();
        y yVar = new y(m10.p(), m10.s().w());
        try {
            Cipher cipher = Cipher.getInstance(k10.k().x(), p.a());
            cipher.init(1, x509Certificate.getPublicKey());
            return new d0(new n0(yVar), k10, new n1(cipher.doFinal(bArr)));
        } catch (NoSuchAlgorithmException e10) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    public final byte[][] L(byte[] bArr) throws GeneralSecurityException, IOException {
        i iVar = (i) s();
        byte[][] bArr2 = new byte[iVar.g()];
        Iterator<j> h10 = iVar.h();
        int i10 = 0;
        while (h10.hasNext()) {
            j next = h10.next();
            X509Certificate b10 = next.b();
            int l10 = next.a().l();
            byte[] bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            bArr3[20] = (byte) (l10 >>> 24);
            bArr3[21] = (byte) (l10 >>> 16);
            bArr3[22] = (byte) (l10 >>> 8);
            bArr3[23] = (byte) l10;
            t M = M(bArr3, b10);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            M.encodeTo(byteArrayOutputStream, yn.h.f49693a);
            bArr2[i10] = byteArrayOutputStream.toByteArray();
            i10++;
        }
        return bArr2;
    }

    public final t M(byte[] bArr, X509Certificate x509Certificate) throws IOException, GeneralSecurityException {
        String x10 = ap.s.f1068i0.x();
        try {
            Provider a10 = p.a();
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(x10, a10);
            KeyGenerator keyGenerator = KeyGenerator.getInstance(x10, a10);
            Cipher cipher = Cipher.getInstance(x10, a10);
            AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
            yn.l lVar = new yn.l(generateParameters.getEncoded(gnu.crypto.jce.params.a.f24976b));
            t m10 = lVar.m();
            lVar.close();
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey, generateParameters);
            return new p000do.n(ap.s.f1104w0, new p000do.t((g0) null, new u1(new o0(K(x509Certificate, generateKey.getEncoded()))), new p000do.q(ap.s.f1101u0, new kp.b(new yn.p(x10), m10), new n1(cipher.doFinal(bArr))), (w) null)).e();
        } catch (NoSuchAlgorithmException e10) {
            throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + x10 + "; possible reason: using an unsigned .jar file", e10);
        } catch (NoSuchPaddingException e11) {
            throw new RuntimeException("Could not find a suitable javax.crypto provider", e11);
        }
    }

    public final void N(e eVar, zf.i iVar, byte[][] bArr) {
        d dVar = new d();
        dVar.i(iVar);
        dVar.o(r());
        zf.a aVar = new zf.a();
        for (byte[] bArr2 : bArr) {
            aVar.U(new zf.p(bArr2));
        }
        dVar.x().G2(zf.i.Dh, aVar);
        aVar.B(true);
        eVar.T(dVar);
        zf.i iVar2 = zf.i.f50471qc;
        eVar.e0(iVar2);
        eVar.f0(iVar2);
        dVar.x().B(true);
        A(true);
    }

    @Override // mg.n
    public void y(eg.e eVar) throws IOException {
        byte[] digest;
        try {
            e u10 = eVar.u();
            if (u10 == null) {
                u10 = new e();
            }
            u10.U(f39404n);
            u10.V(r());
            int b10 = b();
            u10.j0(b10);
            u10.R();
            int i10 = 20;
            byte[] bArr = new byte[20];
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(192, new SecureRandom());
                System.arraycopy(keyGenerator.generateKey().getEncoded(), 0, bArr, 0, 20);
                byte[][] L = L(bArr);
                int i11 = 20;
                for (byte[] bArr2 : L) {
                    i11 += bArr2.length;
                }
                byte[] bArr3 = new byte[i11];
                System.arraycopy(bArr, 0, bArr3, 0, 20);
                for (byte[] bArr4 : L) {
                    System.arraycopy(bArr4, 0, bArr3, i10, bArr4.length);
                    i10 += bArr4.length;
                }
                if (b10 == 4) {
                    u10.g0(f39406p);
                    digest = c.b().digest(bArr3);
                    N(u10, zf.i.f50459p, L);
                } else if (b10 != 5) {
                    u10.g0(f39405o);
                    digest = c.b().digest(bArr3);
                    u10.a0(L);
                } else {
                    u10.g0(f39406p);
                    digest = c.c().digest(bArr3);
                    N(u10, zf.i.f50469q, L);
                }
                E(new byte[r() / 8]);
                System.arraycopy(digest, 0, q(), 0, r() / 8);
                eVar.D1(u10);
                eVar.q().v1(u10.x());
            } catch (NoSuchAlgorithmException e10) {
                throw new RuntimeException(e10);
            }
        } catch (GeneralSecurityException e11) {
            throw new IOException(e11);
        }
    }

    @Override // mg.n
    public void z(e eVar, zf.a aVar, b bVar) throws IOException {
        boolean z10;
        byte[] digest;
        boolean z11;
        h hVar;
        if (!(bVar instanceof h)) {
            throw new IOException("Provided decryption material is not compatible with the document - did you pass a null keyStore?");
        }
        d f10 = eVar.f();
        if (f10 != null && f10.f() != 0) {
            F(f10.f());
            D(f10.g());
        } else if (eVar.i() != 0) {
            F(eVar.i());
            D(eVar.Q());
        }
        h hVar2 = (h) bVar;
        try {
            X509Certificate a10 = hVar2.a();
            byte[] bArr = null;
            X509CertificateHolder x509CertificateHolder = a10 != null ? new X509CertificateHolder(a10.getEncoded()) : null;
            zf.d x10 = eVar.x();
            zf.i iVar = zf.i.Dh;
            zf.a J0 = x10.J0(iVar);
            if (J0 == null && f10 != null) {
                J0 = f10.x().J0(iVar);
            }
            if (J0 == null) {
                throw new IOException("/Recipients entry is missing in encryption dictionary");
            }
            int size = J0.size();
            byte[][] bArr2 = new byte[size];
            StringBuilder sb2 = new StringBuilder();
            int i10 = 0;
            boolean z12 = false;
            int i11 = 0;
            while (i10 < J0.size()) {
                byte[] T = ((zf.p) J0.J0(i10)).T();
                Iterator it2 = new CMSEnvelopedData(T).getRecipientInfos().getRecipients().iterator();
                int i12 = 0;
                while (true) {
                    if (!it2.hasNext()) {
                        hVar = hVar2;
                        break;
                    }
                    RecipientInformation recipientInformation = (RecipientInformation) it2.next();
                    Iterator it3 = it2;
                    RecipientId rid = recipientInformation.getRID();
                    if (!z12 && rid.match(x509CertificateHolder)) {
                        bArr = recipientInformation.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) hVar2.c()));
                        hVar = hVar2;
                        z12 = true;
                        break;
                    }
                    h hVar3 = hVar2;
                    int i13 = i12 + 1;
                    if (a10 != null) {
                        sb2.append('\n');
                        sb2.append(i13);
                        sb2.append(": ");
                        if (rid instanceof KeyTransRecipientId) {
                            J(sb2, (KeyTransRecipientId) rid, a10, x509CertificateHolder);
                        }
                    }
                    i12 = i13;
                    it2 = it3;
                    hVar2 = hVar3;
                }
                bArr2[i10] = T;
                i11 += T.length;
                i10++;
                hVar2 = hVar;
            }
            if (!z12 || bArr == null) {
                throw new IOException("The certificate matches none of " + J0.size() + " recipient entries" + sb2.toString());
            }
            if (bArr.length != 24) {
                throw new IOException("The enveloped data does not contain 24 bytes");
            }
            byte[] bArr3 = new byte[4];
            int i14 = 20;
            System.arraycopy(bArr, 20, bArr3, 0, 4);
            a aVar2 = new a(bArr3);
            aVar2.A();
            B(aVar2);
            int i15 = i11 + 20;
            byte[] bArr4 = new byte[i15];
            int i16 = 0;
            System.arraycopy(bArr, 0, bArr4, 0, 20);
            int i17 = 0;
            while (i17 < size) {
                byte[] bArr5 = bArr2[i17];
                System.arraycopy(bArr5, i16, bArr4, i14, bArr5.length);
                i14 += bArr5.length;
                i17++;
                i16 = 0;
            }
            if (eVar.M() != 4 && eVar.M() != 5) {
                digest = c.b().digest(bArr4);
                E(new byte[r() / 8]);
                System.arraycopy(digest, 0, q(), 0, r() / 8);
            }
            if (w()) {
                z10 = true;
            } else {
                bArr4 = org.bouncycastle.util.a.D(bArr4, i15 + 4);
                z10 = true;
                System.arraycopy(new byte[]{-1, -1, -1, -1}, 0, bArr4, bArr4.length - 4, 4);
            }
            digest = eVar.M() == 4 ? c.b().digest(bArr4) : c.c().digest(bArr4);
            if (f10 != null) {
                zf.i e10 = f10.e();
                if (!zf.i.f50459p.equals(e10) && !zf.i.f50469q.equals(e10)) {
                    z11 = false;
                    A(z11);
                }
                z11 = z10;
                A(z11);
            }
            E(new byte[r() / 8]);
            System.arraycopy(digest, 0, q(), 0, r() / 8);
        } catch (CMSException e11) {
            throw new IOException((Throwable) e11);
        } catch (KeyStoreException e12) {
            throw new IOException(e12);
        } catch (CertificateEncodingException e13) {
            throw new IOException(e13);
        }
    }
}
