package com.itextpdf.kernel.crypto.securityhandler;

import com.itextpdf.io.logs.IoLogMessageConstant;
import com.itextpdf.io.util.StreamUtil;
import com.itextpdf.kernel.crypto.AESCipherCBCnoPad;
import com.itextpdf.kernel.crypto.AesDecryptor;
import com.itextpdf.kernel.crypto.IDecryptor;
import com.itextpdf.kernel.crypto.IVGenerator;
import com.itextpdf.kernel.crypto.OutputStreamAesEncryption;
import com.itextpdf.kernel.crypto.OutputStreamEncryption;
import com.itextpdf.kernel.exceptions.BadPasswordException;
import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.kernel.pdf.PdfBoolean;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfLiteral;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.pdf.PdfNumber;
import com.itextpdf.kernel.pdf.PdfVersion;
import java.io.OutputStream;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/kernel-8.0.2.jar:com/itextpdf/kernel/crypto/securityhandler/StandardHandlerUsingAes256.class */
public class StandardHandlerUsingAes256 extends StandardSecurityHandler {
    private static final int VALIDATION_SALT_OFFSET = 32;
    private static final int KEY_SALT_OFFSET = 40;
    private static final int SALT_LENGTH = 8;
    private boolean isPdf2;
    protected boolean encryptMetadata;

    public StandardHandlerUsingAes256(PdfDictionary pdfDictionary, byte[] bArr, byte[] bArr2, int i, boolean z, boolean z2, PdfVersion pdfVersion) {
        this.isPdf2 = pdfVersion != null && pdfVersion.compareTo(PdfVersion.PDF_2_0) >= 0;
        initKeyAndFillDictionary(pdfDictionary, bArr, bArr2, i, z, z2);
    }

    public StandardHandlerUsingAes256(PdfDictionary pdfDictionary, byte[] bArr) {
        initKeyAndReadDictionary(pdfDictionary, bArr);
    }

    public boolean isEncryptMetadata() {
        return this.encryptMetadata;
    }

    @Override // com.itextpdf.kernel.crypto.securityhandler.SecurityHandler
    public void setHashKeyForNextObject(int i, int i2) {
    }

    @Override // com.itextpdf.kernel.crypto.securityhandler.SecurityHandler
    public OutputStreamEncryption getEncryptionStream(OutputStream outputStream) {
        return new OutputStreamAesEncryption(outputStream, this.nextObjectKey, 0, this.nextObjectKeySize);
    }

    @Override // com.itextpdf.kernel.crypto.securityhandler.SecurityHandler
    public IDecryptor getDecryptor() {
        return new AesDecryptor(this.nextObjectKey, 0, this.nextObjectKeySize);
    }

    private void initKeyAndFillDictionary(PdfDictionary pdfDictionary, byte[] bArr, byte[] bArr2, int i, boolean z, boolean z2) {
        byte[] generateOwnerPasswordIfNullOrEmpty = generateOwnerPasswordIfNullOrEmpty(bArr2);
        int i2 = (i | (-3904)) & (-4);
        try {
            if (bArr == null) {
                bArr = new byte[0];
            } else if (bArr.length > 127) {
                bArr = Arrays.copyOf(bArr, 127);
            }
            if (generateOwnerPasswordIfNullOrEmpty.length > 127) {
                generateOwnerPasswordIfNullOrEmpty = Arrays.copyOf(generateOwnerPasswordIfNullOrEmpty, 127);
            }
            byte[] iv = IVGenerator.getIV(16);
            byte[] iv2 = IVGenerator.getIV(16);
            this.nextObjectKey = IVGenerator.getIV(32);
            this.nextObjectKeySize = 32;
            byte[] copyOf = Arrays.copyOf(computeHash(bArr, iv, 0, 8), 48);
            System.arraycopy(iv, 0, copyOf, 32, 16);
            byte[] processBlock = new AESCipherCBCnoPad(true, computeHash(bArr, iv, 8, 8)).processBlock(this.nextObjectKey, 0, this.nextObjectKey.length);
            byte[] copyOf2 = Arrays.copyOf(computeHash(generateOwnerPasswordIfNullOrEmpty, iv2, 0, 8, copyOf), 48);
            System.arraycopy(iv2, 0, copyOf2, 32, 16);
            byte[] processBlock2 = new AESCipherCBCnoPad(true, computeHash(generateOwnerPasswordIfNullOrEmpty, iv2, 8, 8, copyOf)).processBlock(this.nextObjectKey, 0, this.nextObjectKey.length);
            byte[] iv3 = IVGenerator.getIV(16);
            iv3[0] = (byte) i2;
            iv3[1] = (byte) (i2 >> 8);
            iv3[2] = (byte) (i2 >> 16);
            iv3[3] = (byte) (i2 >> 24);
            iv3[4] = -1;
            iv3[5] = -1;
            iv3[6] = -1;
            iv3[7] = -1;
            iv3[8] = z ? (byte) 84 : (byte) 70;
            iv3[9] = 97;
            iv3[10] = 100;
            iv3[11] = 98;
            byte[] processBlock3 = new AESCipherCBCnoPad(true, this.nextObjectKey).processBlock(iv3, 0, iv3.length);
            this.permissions = i2;
            this.encryptMetadata = z;
            setStandardHandlerDicEntries(pdfDictionary, copyOf, copyOf2);
            setAES256DicEntries(pdfDictionary, processBlock2, processBlock, processBlock3, z, z2);
        } catch (Exception e) {
            throw new PdfException(KernelExceptionMessageConstant.PDF_ENCRYPTION, (Throwable) e);
        }
    }

    private void setAES256DicEntries(PdfDictionary pdfDictionary, byte[] bArr, byte[] bArr2, byte[] bArr3, boolean z, boolean z2) {
        pdfDictionary.put(PdfName.OE, new PdfLiteral(StreamUtil.createEscapedString(bArr)));
        pdfDictionary.put(PdfName.UE, new PdfLiteral(StreamUtil.createEscapedString(bArr2)));
        pdfDictionary.put(PdfName.Perms, new PdfLiteral(StreamUtil.createEscapedString(bArr3)));
        pdfDictionary.put(PdfName.R, new PdfNumber(this.isPdf2 ? 6 : 5));
        pdfDictionary.put(PdfName.V, new PdfNumber(5));
        PdfDictionary pdfDictionary2 = new PdfDictionary();
        pdfDictionary2.put(PdfName.Length, new PdfNumber(32));
        if (!z) {
            pdfDictionary.put(PdfName.EncryptMetadata, PdfBoolean.FALSE);
        }
        if (z2) {
            pdfDictionary2.put(PdfName.AuthEvent, PdfName.EFOpen);
            pdfDictionary.put(PdfName.EFF, PdfName.StdCF);
            pdfDictionary.put(PdfName.StrF, PdfName.Identity);
            pdfDictionary.put(PdfName.StmF, PdfName.Identity);
        } else {
            pdfDictionary2.put(PdfName.AuthEvent, PdfName.DocOpen);
            pdfDictionary.put(PdfName.StrF, PdfName.StdCF);
            pdfDictionary.put(PdfName.StmF, PdfName.StdCF);
        }
        pdfDictionary2.put(PdfName.CFM, PdfName.AESV3);
        PdfDictionary pdfDictionary3 = new PdfDictionary();
        pdfDictionary3.put(PdfName.StdCF, pdfDictionary2);
        pdfDictionary.put(PdfName.CF, pdfDictionary3);
    }

    private void initKeyAndReadDictionary(PdfDictionary pdfDictionary, byte[] bArr) {
        try {
            if (bArr == null) {
                bArr = new byte[0];
            } else if (bArr.length > 127) {
                bArr = Arrays.copyOf(bArr, 127);
            }
            this.isPdf2 = pdfDictionary.getAsNumber(PdfName.R).getValue() == 6.0d;
            byte[] truncateArray = truncateArray(getIsoBytes(pdfDictionary.getAsString(PdfName.O)));
            byte[] truncateArray2 = truncateArray(getIsoBytes(pdfDictionary.getAsString(PdfName.U)));
            byte[] isoBytes = getIsoBytes(pdfDictionary.getAsString(PdfName.OE));
            byte[] isoBytes2 = getIsoBytes(pdfDictionary.getAsString(PdfName.UE));
            byte[] isoBytes3 = getIsoBytes(pdfDictionary.getAsString(PdfName.Perms));
            this.permissions = ((PdfNumber) pdfDictionary.get(PdfName.P)).longValue();
            this.usedOwnerPassword = compareArray(computeHash(bArr, truncateArray, 32, 8, truncateArray2), truncateArray, 32);
            if (this.usedOwnerPassword) {
                this.nextObjectKey = new AESCipherCBCnoPad(false, computeHash(bArr, truncateArray, 40, 8, truncateArray2)).processBlock(isoBytes, 0, isoBytes.length);
            } else {
                if (!compareArray(computeHash(bArr, truncateArray2, 32, 8), truncateArray2, 32)) {
                    throw new BadPasswordException(KernelExceptionMessageConstant.BAD_USER_PASSWORD);
                }
                this.nextObjectKey = new AESCipherCBCnoPad(false, computeHash(bArr, truncateArray2, 40, 8)).processBlock(isoBytes2, 0, isoBytes2.length);
            }
            this.nextObjectKeySize = 32;
            byte[] processBlock = new AESCipherCBCnoPad(false, this.nextObjectKey).processBlock(isoBytes3, 0, isoBytes3.length);
            if (processBlock[9] != 97 || processBlock[10] != 100 || processBlock[11] != 98) {
                throw new BadPasswordException(KernelExceptionMessageConstant.BAD_USER_PASSWORD);
            }
            int i = (processBlock[0] & 255) | ((processBlock[1] & 255) << 8) | ((processBlock[2] & 255) << 16) | ((processBlock[3] & 255) << 24);
            boolean z = processBlock[8] == 84;
            Boolean asBool = pdfDictionary.getAsBool(PdfName.EncryptMetadata);
            if (i != this.permissions || (asBool != null && z != asBool.booleanValue())) {
                LoggerFactory.getLogger(StandardHandlerUsingAes256.class).error(IoLogMessageConstant.ENCRYPTION_ENTRIES_P_AND_ENCRYPT_METADATA_NOT_CORRESPOND_PERMS_ENTRY);
            }
            this.permissions = i;
            this.encryptMetadata = z;
        } catch (BadPasswordException e) {
            throw e;
        } catch (Exception e2) {
            throw new PdfException(KernelExceptionMessageConstant.PDF_ENCRYPTION, (Throwable) e2);
        }
    }

    private byte[] computeHash(byte[] bArr, byte[] bArr2, int i, int i2) throws NoSuchAlgorithmException {
        return computeHash(bArr, bArr2, i, i2, null);
    }

    /* JADX WARN: Removed duplicated region for block: B:25:0x013d A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:36:0x0056 A[ADDED_TO_REGION, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private byte[] computeHash(byte[] r9, byte[] r10, int r11, int r12, byte[] r13) throws java.security.NoSuchAlgorithmException {
        /*
            Method dump skipped, instructions count: 372
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.itextpdf.kernel.crypto.securityhandler.StandardHandlerUsingAes256.computeHash(byte[], byte[], int, int, byte[]):byte[]");
    }

    private static boolean compareArray(byte[] bArr, byte[] bArr2, int i) {
        for (int i2 = 0; i2 < i; i2++) {
            if (bArr[i2] != bArr2[i2]) {
                return false;
            }
        }
        return true;
    }

    private byte[] truncateArray(byte[] bArr) {
        if (bArr.length == 48) {
            return bArr;
        }
        for (int i = 48; i < bArr.length; i++) {
            if (bArr[i] != 0) {
                throw new PdfException(KernelExceptionMessageConstant.BAD_PASSWORD_HASH);
            }
        }
        byte[] bArr2 = new byte[48];
        System.arraycopy(bArr, 0, bArr2, 0, 48);
        return bArr2;
    }
}
